Court Rules Sending Too Many Emails Is "Hacking"

An anonymous reader writes "An appeals court has ruled that having people send a company a lot of emails (in this case, a union protesting a company's business practices) qualifies as hacking under the Computer Fraud & Abuse Act. We're not even talking about a true DDoS action here, but just a bunch of protest emails. Part of the problem is that the company apparently set up their email to only hold a small number of emails in their inbox, and the court seems to think the union should take the blame for stuffing those inboxes."

Got it wrong in one

[arth1]

The "problem" is that hacking and disrupting services is governed by the same laws, without much distinction. And it is disrupting services if the sender knew about or had reason to know about the limitation of the recipient.

Re:Got it wrong in one

[LateArthurDent]

The "problem" is that hacking and disrupting services is governed by the same laws, without much distinction. And it is disrupting services if the sender knew about or had reason to know about the limitation of the recipient.

No, no it's not. If the limitation of the recipient is an unreasonable limitation, you can't blame the union. If they were using a bot to mass-spam them with the intention of crashing their systems, I'd agree with you. Manual protest e-mails are a valid form of a communication with the company. If we allow considering this "disruption of services", companies will start having crappy e-mail systems on purpose just so they have the option open to sue people.

Re:Got it wrong in one

[postbigbang]

Then what of the slashdot effect? What really is *normal*? If we post this, then crater their website, are we guilty, too? I think not. If they can't do the normal thing and empty their mailboxes in a reasonable manner, then the onus is on the company. The judge will have his ruling overturned.

My Mailbox at Home is Full

[rotide]

My physical mailbox at home is kind of small and when I go on vacation it can get full to the point of no longer being able to put more mail in. Do I get to go after Capital One or any/all of the other habitual mail spammers now? If not, why? Because this Act only covers electrons flowing through wires and not physical items physically limiting my mailbox?

Re:Does it work the other way 'round?

[BitHive]

A company's actions, as long as they serve its profit motive, are beyond reproach. This article is about a union, which is a whole other story!

Actually, the union didn't lose.

[Animats]

Here's the actual decision. First, the company's request for an injunction to stop the mail campaign, denied by the district court, is still denied. The claim under the Computer Fraud and Abuse act goes back to the district court, and can proceed there, but the appellate court makes no comment on the merits of that claim. The appellate court was only dealing with the issue of whether the Norris-LaGuardia act, which gives jurisdiction to the National Labor Relations Board when the behavior involved arises out of a labor dispute, preempted the Computer Fraud and Abuse Act . The appeals court decided that this isn't an NLRB matter, and goes back to the district court.

Nowhere does the ruling say "hacking"

[NiteShaed]

The law in question is called the Computer Fraud and Abuse act, and I'd say they're going with the angle of abuse. In this case, LIUNA seems to have been going for what amounts to a DDoS attack against the contractors phones and emails.

To generate a high volume of calls, LIUNA both hired an auto-dialing service and requested its members to call Pulte. It also encouraged its members, through postings on its website, to “fight back” by using LIUNA’s server to send e-mails to specific Pulte executives. Most of the calls and e-mails concerned Pulte’s purported unfair labor practices, though some communications included threats and obscene language.

Now, right or wrong, I can at least see the reasoning of the ruling, and this isn't just a clueless judge saying "Oh noes, they hax0r3d the company interwebs". LIUNA seems to have decided that they were going to use their membership and outside companies to shut down Pulte's communications. That they used individual members instead of a botnet to go after the email server seems irrelevant, the intent was clearly to beat the company into submission, not just to voice dissatisfaction. Had they not hired the guys with the autodialer it would have been much easier to believe they were just trying to make themselves heard.