Under the US Computer Fraud and Abuse Act it is illegal to "knowingly cause the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause damage without authorization, to a protected computer".
The US Court of Appeals said that an employment union, the Labourers' International Union of North America (LIUNA), had intentionally caused damage to Pulte by carrying out a concerted campaign to clog up the firms' phone and email systems, but that the activity was not illegal because it was not unauthorised.
Because members of the public were allowed to phone or email Pulte the union had not broken the law despite damaging the systems, the court said. Its use of public telecoms networks meant that the use was not unauthorised, it said.
"We conclude that a transmission that weakens a sound computer system—or, similarly, one that diminishes a plaintiff’s ability to use data or a system—causes damage," the US Court of Appeals said in its ruling (16-page / 48KB PDF).
"LIUNA’s barrage of calls and e-mails allegedly did just that. At a minimum ... the transmissions diminished Pulte’s ability to use its systems and data because they prevented Pulte from receiving at least some calls and accessing or sending at least some e-mails," the ruling said.
The union carried out its communications bombardment against Pulte after the firm dismissed one of its members, the ruling said. LIUNA filed an "unfair-labour-practice charge" against Pulte over the dismissal alleging that its member had been sacked for wearing a LIUNA T-shirt to work and that Pulte had "terminated seven other crew members in retaliation for their supporting the union".
LIUNA instructed its members to bombard Pulte sales offices and three executives with phone calls, the Court said. In order to help "generate a high volume of calls" LIUNA also hired an auto-dialling service, it said.
LIUNA also encouraged its members, via postings on its website, to use its servers to send emails to "specific Pulte executives", the ruling said.
The actions caused unlawful damage to Pulte's business, the Court said.
"The calls clogged access to Pulte’s voicemail system, prevented its customers from reaching its sales offices and representatives, and even forced one Pulte employee to turn off her business cell phone,"
"The e-mails wreaked more havoc: they overloaded Pulte’s system, which limits the number of e-mails in an inbox; and this, in turn, stalled normal business operations because Pulte’s employees could not access business-related e-mails or send e-mails to customers and vendors," the Court said in its ruling.
LIUNA's damaging actions were intentional because the union told its members to send thousands of emails to 3 Pulte executives, with many of the emails coming from LIUNA's own server, the Court said.
Telling members to "fight back" against Pulte, using an auto-dialling service and the fact some messages "included threats and obscenity" also showed LIUNA's intent to cause Pulte damage, the Court said..
"Although Pulte appears to use an idiosyncratic e-mail system, it is plausible LIUNA understood the likely effects of its actions – that sending transmissions at such an incredible volume would slow down Pulte’s computer operations," the ruling said.
"LIUNA’s rhetoric of 'fighting back,' in particular, suggests that such a slow-down was at least one of its objectives. The complaint thus sufficiently alleges that LIUNA – motivated by its anger about Pulte’s labour practices—intended to hurt Pulte’s business by damaging its computer systems," the ruling said.
However, the Court said that because LIUNA used "public communications systems" to bombard Pulte its actions were not unauthorised.
"Pulte allows all members of the public to contact its offices and executives: it does not allege, for example, that LIUNA, or anyone else, needs a password or code to call or e-mail its business," the Court ruling said.
"Because Pulte does not allege that LIUNA possessed no right to contact Pulte’s offices and its executives, it fails to satisfy one of the elements—access 'without authorization' — of its claim," it said.