HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Here's an interesting court case that is sure to cause a debate. What do you think? Should the company be allowed to sue or is this outside the scope of what the CFAA was intended for?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Sued Under the Computer Fraud and Abuse Act for Spamming?
- Thread starter HardOCP News
- Start date
DarkStar_WNY
2[H]4U
- Joined
- Dec 27, 2006
- Messages
- 2,363
Not sure if it falls under the CFAA, although they it could, but I would think criminal, as well as civil charges should be able to be filed for the activity described in the story.
WBurchnall
2[H]4U
- Joined
- Oct 10, 2009
- Messages
- 2,622
Yes, this should definately be sue-able. Basically what they did was an email equivilent of a Denial of Service Attack. It's really no different than mass-pinging a website to make it go offline. They sent so many spam emials over such a short time, it prevented new legitimate business traffic from going through. It's not that different from sending so many pings it prevents legitimate customers from viewing a website.
fattypants
2[H]4U
- Joined
- Mar 3, 2010
- Messages
- 3,284
I think we should have genuine anti-spam laws created.
It's always a bad thing when people try to shoehorn one crime to fit the actions of someone doing something they don't like.
I really really hate spam, but I think it's a bad thing to have overly broad criminal laws (or for people to make them overly broad).
But when it comes to civil suits, they have every right to sue the crap out of 'em!
It's always a bad thing when people try to shoehorn one crime to fit the actions of someone doing something they don't like.
I really really hate spam, but I think it's a bad thing to have overly broad criminal laws (or for people to make them overly broad).
But when it comes to civil suits, they have every right to sue the crap out of 'em!
piscian18
[H]F Junkie
- Joined
- Jul 26, 2005
- Messages
- 11,021
I suspect that most people here rally to the companies side of things are just anti-union and don't really have a legitimate argument to make against the action itself.
I agree this is a slightly broad interpretation of of the act however I suspect there's a leg to stand on. It wasn't just that they staged what could be considered a protest. They hired a robo-dialer. That's automated calling and no a real person being vocal. I suspect they did the same with email though it's not clearly stated in the article.
Throw the union aspect of it out for a minute. You go to bestbuy, get F'd in the A. If you go home and send them a complaint via email or phone that's reasonable, but if you auto spam thats not reasonably posing a complaint. That's harassment. I don't really think this fits the CFAA well. They should just be cleanly sued for harassment, but lets face it. Money talks. We all know where this is going. You pay a lawyer well enough and he'll get rape filed under "improper blocking of a fire escape"
I agree this is a slightly broad interpretation of of the act however I suspect there's a leg to stand on. It wasn't just that they staged what could be considered a protest. They hired a robo-dialer. That's automated calling and no a real person being vocal. I suspect they did the same with email though it's not clearly stated in the article.
Throw the union aspect of it out for a minute. You go to bestbuy, get F'd in the A. If you go home and send them a complaint via email or phone that's reasonable, but if you auto spam thats not reasonably posing a complaint. That's harassment. I don't really think this fits the CFAA well. They should just be cleanly sued for harassment, but lets face it. Money talks. We all know where this is going. You pay a lawyer well enough and he'll get rape filed under "improper blocking of a fire escape"
It's not about being anti union, it's about understanding what a DOS attack really is.
Heck, if they got a bunch of volunteers around the country to repeatedly download the websites graphics using custom software...would that be any less a Distributed Denial of Service attack then using a fleet of bots to ping flood the place?
What they did (assuming they are guilty) was initiate a DOS attack using a novel attack vector...so yeah, the statue fits like a glove.
As the Vice President of my union I'm not sure if I agree with this tactic. There safe better ways to deal with disputes but SA much as big business and the government are killing us union employees and limiting the ways that we can deal with companies that break agreements I guess we need to find new ways to protect our employees and our jobs. Hell, we are not even allowed to go on strike legally anymore. Thanks president Reagan.
piscian18
[H]F Junkie
- Joined
- Jul 26, 2005
- Messages
- 11,021
having a bunch of people manually reload a website is a right. If it weren't slickdeals.net would be sued into the ground by now.
"Your right to throw a punch ends at the tip of my nose"
-Oliver Wendell Holmes
If manually reloading a website is done with malicious intent (such as a distributed denial of service attack using a novel attack vector), then it's no longer a right, it's a crime.
Just like yelling 'fire' for fun in a crowded theatre is a crime, even though you have the right to freedom of speech.
Dunno here. Intent matters, IMHO.
In some ways you could spin this as a speech issue. Not saying that's a valid case. But limiting the ways people can protest in a free society is a dangerous path to go down.
Regular folks are pretty limited today in how they can mobilize against well funded corporate or political interests. With the advent of the "citizens united" ruling it's even more-so in the political arena.
This just reeks of keeping the little people in their place.
In some ways you could spin this as a speech issue. Not saying that's a valid case. But limiting the ways people can protest in a free society is a dangerous path to go down.
Regular folks are pretty limited today in how they can mobilize against well funded corporate or political interests. With the advent of the "citizens united" ruling it's even more-so in the political arena.
This just reeks of keeping the little people in their place.
piscian18
[H]F Junkie
- Joined
- Jul 26, 2005
- Messages
- 11,021
mm I disagree. You keep saying reloading a webpage is crime. I no matter how many people do it. If they are legitimately clicking F5 over and over you can't prosecute for that there's no way. You want it to be a crime but it's not
Using a server platform to issue a spam attack could iffy maybe be used. I'm certain now that's why their pushing the CFAA angle. without it they have no legs to stand on.
Yelling fire into a crowd is a whole separate animal. That's gonna go under death threat intent to disrupt public peace terrorism etc. Different bag of worms.
Now one point they made was the dirty threatening emails. They've got something there. Still Harassment though.
I'm wagering CFAA isn't gonna pass mustard under further inspection. My money says Harassment and probably some domestic disturbance or some such is what this'll get bumped down to.
Pieter3dnow
Supreme [H]ardness
- Joined
- Jul 29, 2009
- Messages
- 6,784
a denial of service attack is where you get an enormous amount of computers bombing one IP address.
This is something where people voiced their concerns about certain decisions made by management, What is wrong with contacting people?
The email thing is boggling me , it takes one person less then 15 minutes to make a spam filter if the origin is the same from day one, this somehow doesn't seem to difficult even for beginners.
This is weird because i could swear that sending emails has nothing todo with how full your mailbox is
.This is weird because i could swear that sending emails has nothing todo with how full your mailbox is
I've seen more than one company that had the e-mail system set up so you couldn't send e-mails once your mailbox was over its limit. Without it, people just ignore the 'mailbox full' warnings and advise people to email a coworker instead.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
The union certainly does deserve this lawsuit. They are harming an already troubled company through electronic means. This is equal to a loan shark breaking someone's legs to get him to pay, just as pointless and stupid. It seems they're trying to break the company and put themselves out of work.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
This is a result of cheap executives who didn't spend enough on their IT infrastructure. They put mechanism like this in so they don't have to spend so much on storage. They reap what they sow. Granted, this did cause the company damage, but it was far worse than it had to be just because of stupid executives.
Given the condition of the company, and what the union is accusing them of, the bad decisions were obviously far beyond just the bad IT choices. These are executives who should not even be working in business. They should be working the deep fryer at McDonald's. They concentrated too much on getting sales and not enough on managing their money and resources correctly.
The email thing is boggling me , it takes one person less then 15 minutes to make a spam filter if the origin is the same from day one, this somehow doesn't seem to difficult even for beginners.
This is weird because i could swear that sending emails has nothing todo with how full your mailbox is
Maybe one of the people they fired was their IT guy who knew how to do mail filters?
Yes, they had a very very odd setup, an email system that won't let you send outgoing mail if your inbox is full is unusual. It actually tries to blame the union for that though:
'And although Pulte appears to use an idiosyncratic e-mail system, it is plausible . . . [the union] understood the likely effects of its actions"
It's like if I, for whatever reason, decided to make it so calling my public phone number would cause my computer to shut down. Now, if you started calling that repeatedly apparently under the Computer Fraud and Abuse Act I would have a right to sue you because you're interfering with the operation of my computer system. It doesn't matter if most people don't set their system up like that, it doesn't matter matter if it's something I could easily prevent, this court ruling says that if you cause my computer system to malfunction you're liable for that.
You have never used an Exchange server have you?
You have a few limits. You get a couple warnings. Then you can't sent. Then you cant receive once you hit the hard limit until you clear crap out of your account.
here's what im going to do. I'm going to setup my own email server, limit myself to 1 email maximum, and then have my [H] forum settings email me. when my email gets full, im suing [H] for hacking under the CFAA.
sound ridiculous?
too bad, thats what everyone in this thread who supports this ruling is saying is fine and should be allowable.
just because a company has a terrible email service doesnt mean it should be considered hacking when they get a flood of emails from actual people who actually took the time to write the emails themselves. imagine if your senator had the same setup and you emailed them to complain about some ridiculous law you are against. oops, now youre an accomplice to "hacking" their system and whatever site you read the story on that alerted you to the dumb law is getting sued too.
sound ridiculous?
too bad, thats what everyone in this thread who supports this ruling is saying is fine and should be allowable.
just because a company has a terrible email service doesnt mean it should be considered hacking when they get a flood of emails from actual people who actually took the time to write the emails themselves. imagine if your senator had the same setup and you emailed them to complain about some ridiculous law you are against. oops, now youre an accomplice to "hacking" their system and whatever site you read the story on that alerted you to the dumb law is getting sued too.
You are NOT SURE you agree with the breaking the law or not? Unions have no place in the 21st century, you are a relic, and humanity will be better off once we kill the idea of unions. Unions are nothing more then a racket to pool power, which should be illegal. NO matter how many fools you have in your pool, you should still be subject to the same laws and restrictions as non union workers. Leave your job without permission? fired. end of story.
it seems to me this case would also fall under the act and coul dopen up a big can of worms. go back to dial up days - using the phone to get to the Internet. on the same phone line you have call waiting enabled - you know, you get a beep when you get a second call while on the line and you do not disable it when you go on line. a SINGLE phone call to that line would mess up the dial up connection and prevent you from accessing data - couldn't the caller be subject to this law much the same way that union is - because you set up the system poorly?
But in CA and some other states you are allowed to siphon money off (ie garnish wages) of non union employees without their consent...so I would consider it a wash at worst.