Only if you define harm very broadly. Lots of things can be considered harm by someone. Me telling you that some restaurant stores their meat in the closet instead of the fridge harms that company, even if it's absolutely true. Just because it inconveniences the company doesn't mean that their employees shouldn't be allowed to send their complaints via email. Any halfway competent admin could have handled this volume easily.

It was employees complaining loudly and repeatedly about the actions of the company. It's free speech, and not their fault that the company's email servers were crappy and/or misconfigured. This was nothing like a real DDoS or spam attack. This was individuals clicking the buttons individually to send messages with their complaints, not millions of emails per hour being generated by a computer. Spam volumes are orders of magnitude greater. Something close to 300 billion spam emails are sent every day. Had they gone with the spam approach, they could have easily pumped out vastly more emails. From what I've read of this case, any halfway competent email server should have been able to handle it.

While the Republicans make a lot of noise about illegal immigration, they never seem to have the balls to really go after the consumption side of the equation and start prosecuting every company they can find that hires illegals. They're so gung-ho about it in the drug war, why not immigration as well? It's also kind of interesting that Obama is actually deporting more illegals per year than GWB did.

No, because DDOS and spam originate from an individual and are completely automated. These were many individuals sending many emails containing their complaints against the company through their union's server. They wouldn't be able to generate anything even remotely approaching spam or DDOS levels of traffic. It's only due to the lousy quality and configuration of Pulte's email servers that they were able to cause such interruption. I certainly wouldn't have expected that to happen from mere thousands of emails being sent.

I saw no hard numbers as to how many emails were sent, or how many members participated. Either way, it is trivial to block email from a given server, and filter out form messages. I don't see that they have any legitimate right to prevent individuals from sending as many messages as they like to their publicly accessible email server. As long as they aren't automating the process such that they are sent without human interaction in each message. Shoehorning this law into this situation is going to end badly.

It's not a solicitation under the law, because calls "to any person with whom the caller has an established business relationship" are expressly excepted by the law. I assume that's why they tried to use the CFAA instead.

Because use of the phone system is authorized implicitly for phone calls, subject to restrictions under laws such as the one I mentioned. Using the description of "a program, information, code, or command" to describe a phone call with an audio message is a stretch, and was not intended to be covered by that law. It only technically falls under it because practically anything can be classified as "information". The definition of "damage" is also ridiculously broad, to the point where it would plainly cover even minor inconvenience. Charge them under the law that was intended to cover this sort of behavior, don't make insanely broad interpretations of a law that was intended for this. That will not set a good precedent. Seems like we don't even need robocall laws anymore if this law is going to be interpreted in such an insanely broad way and applied to situations it was not intended to cover. The law of unintended consequences will certainly apply here.

Given the apparently lousy email servers and poor configuration, it doesn't sound like it would take much at all to flood them anyway. A few hundred pissed off employees sending multiple emails would probably be more than sufficient. I wouldn't speculate about any other tactics since none were even alleged by the company.

There are laws to cover that. Using the computer crime law seems inappropriate since there are already state and federal laws that are specifically targeted at robocalls. Such calls are legal if they comply with those laws.

From the article, it sounds like they were allowing people to send the emails from their server, the emails were not being automatically generated.

As long as they did it in compliance with federal and state laws, then I don't see a problem with it. If they didn't, then that's the law that they should be pursuing them under, not some computer crime law. If they were in compliance, then I don't think they really have a case.

I still haven't seen real evidence that the intent was to cause harm. The intent seems to have been to communicate the level of outrage by the employees by letting them send as many emails as they wanted to. As near as I can tell from the articles, each of those emails was sent by an individual, even though each individual was likely sending multiple emails. They were not just being cranked out by the millions like a spam server does. Seems like a legitimate use of a publicly accessible email system. I'm still rather amazed that their system was impared by this. I think they need to hire a sys admin that knows how to configure their email servers.

That should have read "The district court ruled this way as well." Not referring to the CoA ruling.

If it's a coordinated campaign by millions of people to send their complaint by postcard, what law would it violate, exactly? I don't know of one, and the court in this case apparently didn't know of one that they were violating by sending the emails either. I don't think there is such a law.

You put your server on the public internet to receive email. You get email pertinent to your business, namely complaints from employees or former employees, or customers. Under the law that you're imagining, I could sue people simply for sending me email that I didn't like. Maybe The Consumerist tells people about some crappy product I'm selling and posts an email for my company so that my customers can contact me to complain. I can sue them? I'm seriously glad we don't (yet) live in a world where the law and the courts agree with you.

Whether it's published or not, it's a publicly-accessible email address. There's simply no law such as you're describing. It doesn't exist. The court ruled this way as well. They made authorized use of the system.

They are two separate systems, and whether one or the other might be considered as an attack, the effects would have to be considered on a system by system basis. I can understand their phone system being tied up, as that happens all the time, simply due to the nature of the phone system. Robocalls, while regulated in some places, are generally not illegal uses of the phone system. Both email and phone methods were making authorized uses of the systems, so the court correctly found that they were not violating the law.

The calls aren't what supposedly violated the law here though, so that's not relevant. The instructions to send thousands of emails sounds perfectly legitimate, as this is the same thing that countless organizations do all the time. It's how they show that lots of people are mad and care about whatever the issue is. I surely wouldn't expect mere thousands of emails to cause havoc with a company's mail system. That's actually rather ridiculous. In this case it only did so because they apparently had it configured in a way that would be highly likely to suffer service problems from receiving mere thousands of emails.

I still don't see anything more than assumptions and conjecture to support your claim of intentional overloading of their mail system. I'm not saying that they definitely didn't have that intention. I'm just saying that you haven't provided any real evidence that they did. Presumed innocent and all that.