

Court Says Sending Too Many Emails To Someone Is Computer Hacking - d0ne
http://www.techdirt.com/articles/20110809/03492415447/court-says-sending-too-many-emails-to-someone-is-computer-hacking.shtml

======
tptacek
Here Techdirt hasn't bothered to read the opinion they pasted to the end of
their own article, in which it is pointed out that the holding in this case
comports with several prior cases, including one specifically involving
degrading an email server.

The article also leaves out the detail that LIUNA instructed their members to
send _thousands_ of email messages to the target server, to "fight back"
against Pulte.

And finally, the article falsely claims that the Computer Fraud and Abuse Act
criminalizes "hacking", which is not what it does; it criminalizes computer
_abuse_ , specifically, the intentional inflicting of damages on someone
else's computing systems.

LIUNA orchestrated a campaign to bombard Pulte with email messages --- not
individual messages, but thousands of messages, to executives, per member ---
and in doing so flooded Pulte's server off the net. LIUNA also hired an
autodialer firm to do the same to Pulte's phone systems. LIUNA is culpable for
the resulting chaos.

Want to not have the same thing happen to you? Don't use your computer to fuck
with other people. You'll be fine.

------
saulrh
This is exactly like a DDoS attack. I don't take this to mean that email spam
is hacking, though - I take it to mean that a DDoS is _not_. Snail mail
campaigns can't get you prosecuted. Telephone complaint campaigns can't get
you prosecuted. Even physical protests don't get you prosecuted. Email
campaigns and SYN campaigns should fall under the same rules.

~~~
binarymax
I agree a DDoS is not hacking, and I quickly looked and didn't see the terms
hack or hacking in any of the articles(I could be wrong though as I only
looked for a minute).

In any case I think this probably boils down to intent. If the intent was to
take down the server, it's CFAA, if the intent is a non destructive protest
then it's not.

~~~
PatrickTulskie
More to the point, the company everyone was emailing had a limit on the number
of emails in a given inbox. The IT department for the company could have
temporarily raised that limit or done other things to prevent disruption in
service.

So basically, if you send emails to a company that is incapable of managing
their email servers, you will be found guilty of hacking.

------
jrockway
Nice, so now when I unsubscribe to an email list and still get messages for a
few days, my mail server is being hacked? Excellent. I see a lot of jail time
for email marketers in the near future.

------
binarymax
It's the equivalent of a DDOS to an email server. And yes it's abuse.

~~~
jrockway
What happened in this case is something like the EFF's form for emailing your
representatives when there's some important bill that's up for voting. The EFF
makes their members aware of that fact and then the individual members send
email to their Congress-critters. That's not a DoS, though, that's "a lot of
people with the same thing to say".

In this case, it seems like a bunch of employees were all upset about the same
issue, and they all emailed the same person about it. The court ruled this a
computer crime.

~~~
binarymax
Yes, See my response above to saulrh about intent. If they were encouraged to
each send one message to petition, it should be legal. If they were encouraged
to bombard with more than one message it's probably abuse.

------
sehugg
_[We] conclude that a transmission that weakens a sound computer system—or,
similarly, one that diminishes a plaintiff’s ability to use data or a
system—causes damage._

This sounds pretty broad to me. How the hell am I supposed to know how many
messages or what size attachments your crappy -- I mean "sound" -- mail system
can handle?

------
TuxPirate
This is the kind of strategy activists use, for instance Greenpeace uses this
extensively:

 _To keep up the pressure we urgently ask you to send an email to the Danish
minister for foreign affairs, Per Stig Møller._
\--<http://oceans.greenpeace.org/en/take-action/denmark>

~~~
Joakal
There's no malice in this unless Greenpeace tells their followers to spam
and/or clog them which this Union explicitly did. "When the Union ignored his
request, the company filed suit for, among other things, a violation of the
CFAA for “knowingly caus[ing] the transmission of a program, information,
code, or command, and as a result of such conduct, intentionally caus[ing]
damage without authorization, to a protected computer.” 18 U.S.C. §
1030(a)(5)(A). "

Your statement of Greenpeace is disingenuous and bordering on slant.

------
CoryMathews
This would be the same as a DDOS attack in that you take down a persons phone
line and email, instead of a website.

