In Pulte Homes International Union of North America, 648 F.3d 295 (6th Cir. 2011), the Sixth Circuit addressed the Computer Fraud and Abuse Act (CFAA) in a case where a national labor union launched a barrage of harassing telephone calls and e-mails against a Michigan home builder that fired a union member.
The plaintiff home sued the union under the CFAA after orchestrated a nation-wide torrent of phone calls and e-mails to plaintiff and its key executives. The volume of calls – many coming via an auto-dialer – and e-mails basically overburdened and shut down plaintiff’s phone system and computer server.
The 6th Circuit reversed the District Court’s 12(b)(6) dismissal of plaintiff’s CFAA “transmission” claim and reinstated it.
The “Transmission” Claims
A CFAA transmission claim requires a plaintiff to show a defendant’s knowing and unauthorized transmission of a program, code, or command that intentionally causes damage to a protected computer. 18 U.S.C. § 1030(a).
An example of a transmission claim is a hacker or rogue employee who infects a computer system with a virus. The Pulte Court held that plaintiff’s phone and email systems were “protected computers” under the CFAA and the defendants’ thousands of e-mail and phone blasts constituted “transmissions.”
Under the CFAA, any device that’s not a typewriter or calculator will qualify for protected computer status.
CFAA damage denotes “any impairment to the integrity or availability of data, a program, a system or information.” 18 U.S.C. §1030(e)(8). The Court noted that the Oxford English Dictionary defined “impairment” as a “deterioration” or “injurious lessening or weakening.”
The Court held that the Union’s alleged conduct fit squarely into this damage definition. The Court noted that the volume of calls and e-mails sent by the union prevented plaintiff’s customers from contacting it and so overwhelmed plaintiff’s computer system that it severely stunted plaintiff’s normal business operations.
On the CFAA intent element, the Court cited plaintiff’s wide-ranging allegations that the union’s conscious objective was to overwhelm and damage plaintiff’s business systems. The cumulative effect of the allegations against the Union signalled the Union’s intentional conduct. Since the plaintiff’s allegations demonstrated damage to its computer systems and the Union’s intent, the Court held that the plaintiff successfully pled a CFAA transmission claim. Id.
The “Access” Claim
A CFAA access claim requires a plaintiff to allege a defendant “intentionally accessed a protected computer without authorization”. 18 U.S.C. § 1030(a)(5)(B), (C).
Here, the plaintiff failed to demonstrate the Union accessed plaintiff’s phone and computer systems without authorization under the CFAA since plaintiff allowed all members of the public to call its offices, visit its company web page, and send e-mails to it.
Take-aways: Pulte provides a good summary of CFAA transmission and access claims and gives content to the CFAA’s damage requirement. The case also shows how difficult it can be for an employer who has a freely available website, e-mail and phone system (basically, every single company in the U.S.), to meet the without authorization prong of a CFAA access claim.