Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Rules Sending Too Many Emails Is "Hacking"

Posted by samzenpus on from the if-you-send-it-more-than-twice-your-hacking-it dept.

An anonymous reader writes "An appeals court has ruled that having people send a company a lot of emails (in this case, a union protesting a company's business practices) qualifies as hacking under the Computer Fraud & Abuse Act. We're not even talking about a true DDoS action here, but just a bunch of protest emails. Part of the problem is that the company apparently set up their email to only hold a small number of emails in their inbox, and the court seems to think the union should take the blame for stuffing those inboxes."

14 of 317 comments (clear)

  1. Got it wrong in one by arth1 · · Score: 4, Insightful

    The "problem" is that hacking and disrupting services is governed by the same laws, without much distinction. And it is disrupting services if the sender knew about or had reason to know about the limitation of the recipient.

    1. Re:Got it wrong in one by LateArthurDent · · Score: 5, Insightful

      The "problem" is that hacking and disrupting services is governed by the same laws, without much distinction. And it is disrupting services if the sender knew about or had reason to know about the limitation of the recipient.

      No, no it's not. If the limitation of the recipient is an unreasonable limitation, you can't blame the union. If they were using a bot to mass-spam them with the intention of crashing their systems, I'd agree with you. Manual protest e-mails are a valid form of a communication with the company. If we allow considering this "disruption of services", companies will start having crappy e-mail systems on purpose just so they have the option open to sue people.

    2. Re:Got it wrong in one by h4rr4r · · Score: 3, Insightful

      Every time you send an email you are checking if they can receive them. Did the mail server sent back 421 or 422 or did it accept the mail?

    3. Re:Got it wrong in one by sjames · · Score: 3, Interesting

      No, *I* wouldn't send them thousands, because that's simply a harassment. However, if I disagree with a company's actions, I might well decide to be one of thousands of people to send them AN email to let them know what I think. It's perfectly valid to ask individuals to let someone (or something in the case of a corporation) know you don't approve of them.

      The intent is to communicate and email is for communication, so there is no abuse happening.

      Here's a good thought experiment, I post in a /. story that everyone should email their congressman and let them know what they think. Did I just "hack" Congress? Am I assaulting the U.S. government? Or am I exercising my 1st amendment rights, participating in a demopcratic government, and urging others to do the same?

      Beyond that, if their email system is such a creaking rust bucket that it can't handle a thousand emails, it was hardly a "sound" system.

    4. Re:Got it wrong in one by postbigbang · · Score: 4, Interesting

      Then what of the slashdot effect? What really is *normal*? If we post this, then crater their website, are we guilty, too? I think not. If they can't do the normal thing and empty their mailboxes in a reasonable manner, then the onus is on the company. The judge will have his ruling overturned.

      --
      ---- Teach Peace. It's Cheaper Than War.
    5. Re:Got it wrong in one by Anonymous Coward · · Score: 3, Informative

      The union used an automated mailing system to send thousands of emails to a few email addresses... It wasn't only a bunch of people sending their own emails. Many emails were "threats and obscenities". The company told the union to stop because it was disrupting their service. The union intentionally continued knowing that it would cause the business problems. It wasn't a protest, it was revenge for firing employees.

      Their intent was clear. To disrupt business by hammering the mail servers. That is very similar to a DDOS attack and how it affects a business, (i.e. making resources unavailable).

      If the union had no idea that it would kill the mail server then I would agree. But the Union knew and was first asked to stop before litigation.

    6. Re:Got it wrong in one by todrules · · Score: 3, Informative
      To quote from TFA: "Damage alone, however, is not enough for a transmission claim. A defendant must also cause that damage with the requisite intent."

      The brief goes on to explain, in detail, how it comes to the conclusion that LIUNA had the intent to cause damage:

      "The following allegations illustrate LIUNA’s objective to cause damage: (1) LIUNA instructed its members to send thousands of e-mails to three specific Pulte executives; (2) many of these e-mails came from LIUNA’s server; (3) LIUNA encouraged its members to “fight back” after Pulte terminated several employees; (4) LIUNA used an auto-dialing service to generate a high volume of calls; and (5) some of the messages included threats and obscenity. And although Pulte appears to use an idiosyncratic e-mail system, it is plausible LIUNA understood the likely effects of its actions—that sending transmissions at such an incredible volume would slow down Pulte’s computer operations. LIUNA’s rhetoric of “fighting back,” in particular, suggests that such a slow-down was at least one of its objectives. The complaint thus sufficiently alleges that LIUNA—motivated by its anger about Pulte’s labor practices—intended to hurt Pulte’s business by damaging its computer systems.

      LIUNA attempts—but fails—to justify its conduct. Though it maintains that the calls and e-mails are “fully consistent with an ongoing, lawful, organizing campaign” through which it “is attempting [only] to organize Pulte employees,” LIUNA offers no explanation of how targeting Pulte’s executives and sales offices—rather than employees eligible for recruitment—advances its campaign. And an equally, if not more, plausible explanation is that LIUNA intended to disrupt Pulte’s business by bogging down its computer systems."

  2. Does it work the other way 'round? by mcmonkey · · Score: 3, Interesting

    What about a company sending a lot of emails to a person?

    1. Re:Does it work the other way 'round? by BitHive · · Score: 5, Insightful

      A company's actions, as long as they serve its profit motive, are beyond reproach. This article is about a union, which is a whole other story!

  3. My Mailbox at Home is Full by rotide · · Score: 5, Funny

    My physical mailbox at home is kind of small and when I go on vacation it can get full to the point of no longer being able to put more mail in. Do I get to go after Capital One or any/all of the other habitual mail spammers now? If not, why? Because this Act only covers electrons flowing through wires and not physical items physically limiting my mailbox?

  4. The union may have shit for lawyers. by blair1q · · Score: 3

    If the company can't handle the consequences of its actions, it shouldn't act.

  5. Actually, the union didn't lose. by Animats · · Score: 5, Informative

    Here's the actual decision. First, the company's request for an injunction to stop the mail campaign, denied by the district court, is still denied. The claim under the Computer Fraud and Abuse act goes back to the district court, and can proceed there, but the appellate court makes no comment on the merits of that claim. The appellate court was only dealing with the issue of whether the Norris-LaGuardia act, which gives jurisdiction to the National Labor Relations Board when the behavior involved arises out of a labor dispute, preempted the Computer Fraud and Abuse Act . The appeals court decided that this isn't an NLRB matter, and goes back to the district court.

  6. Nowhere does the ruling say "hacking" by NiteShaed · · Score: 4, Informative

    The law in question is called the Computer Fraud and Abuse act, and I'd say they're going with the angle of abuse. In this case, LIUNA seems to have been going for what amounts to a DDoS attack against the contractors phones and emails.

    To generate a high volume of calls, LIUNA both hired an auto-dialing service and requested its members to call Pulte. It also encouraged its members, through postings on its website, to “fight back” by using LIUNA’s server to send e-mails to specific Pulte executives. Most of the calls and e-mails concerned Pulte’s purported unfair labor practices, though some communications included threats and obscene language.

    Now, right or wrong, I can at least see the reasoning of the ruling, and this isn't just a clueless judge saying "Oh noes, they hax0r3d the company interwebs". LIUNA seems to have decided that they were going to use their membership and outside companies to shut down Pulte's communications. That they used individual members instead of a botnet to go after the email server seems irrelevant, the intent was clearly to beat the company into submission, not just to voice dissatisfaction. Had they not hired the guys with the autodialer it would have been much easier to believe they were just trying to make themselves heard.

    --
    Some bring out the best in others, some the worst. Some bring out far more.
  7. Think "physical mail". by khasim · · Score: 3, Insightful

    Would the same amount of physical mail result in any legal actions against the union?

    No? Then the judge is an idiot.