A U.S. Appeals court has ruled that protesters may clog a company’s email system with spam and not run a foul of anti-spamming law. Under the U.S. Fraud and Abuse Act, companies are protected from hacking, phishing, and related malicious activities but the court ruling says people are not legally prevented from using public communication device such as phones and email to protest a company’s action, even if that protest results in disruptions to that company.
The ruling came about after a union called LIUNA (Laborers’ International Union of North America) launched a protest against a Michigan-based company called Pulte Homes. The protest involved flooding the company with emails, so much so that their network just couldn’t handle the traffic and choked, resulting in their ability to do business being sharply curtailed. In short the spam flood acted like a DDoS attack. Pulte sued and won, but the Appeals court overturned the victory.
By the court’s account, the union’s actions did not constitute a malicious, illegal DoS-style hack, because the protesters weren’t, for example, surreptitiously and illegally attacking protected back-end infrastructure recognized as off limits to the outside world. Also, the emails didn’t constitute spam, either. Spam, under CAN-SPAM, constitutes unsolicited commercial messages and exempts “transactional or relationship messages.” By that definition, it’s legitimate for a person to send letters and make phone calls to a company to, say, complain about its business practices.
This is an interesting and potentially troubling ruling. What’s to keep a malicious group or individual from using it to intentionally harm a company? It may force companies to invest more deeply in their network and email systems – something that many may not be prepared to do in these tough economic times. We want to know what you think about this. Leave a comment with your thoughts!