No, Sending Spam Text Messages Is Not The Same As Hacking Someone's Phone

from the misusing-computer-fraud-law dept

Wed, Dec 16th 2009 1:20am — Mike Masnick

There's just something about the Computer Fraud and Abuse Act -- the "anti-hacking" law in the US -- that seems to leave it open for abuse in lawsuits. This is the law that was used to convict Lori Drew. Even though the judge eventually tossed the ruling, it showed how the broadly-worded law could be applied in dangerous ways. Still, at least some attempts at twisting the law aren't getting very far. For example, a woman in Minnesota tried to use the law against a company that sent her spam text messages she never requested, and discovered that in order to bring a case under a law, you have to actually show that the law was broken:

Plaintiff brings three possible claims: (1) a claim for obtaining information from her phone; (2) a claim for transmitting information or code through her phone; and (3) a claim for "accessing" her phone.

Information Claim: The court rejects the information-based claim because there's no information that WSOD allegedly obtained through accessing the plaintiff's phone. Plaintiff analogizes to websites and argues that any time someone sends a message to a mobile phone, information is "obtained" in the same way that information is obtained any time someone accesses a website. The court rejects this analogy, finding that "there is a fundamental difference between viewing websites and communicating with wireless devices such as cell phones by sending text messages." Even if the transmission of an unwanted text message somehow resulted in the "obtaining of information," the court concludes that there's no loss as a result of defendant having obtained the information.

Transmission Claim: The transmission claim requires plaintiff to allege that WSOD caused the transmission of code or information and as a result "intentionally caused damage without authorization" to plaintiff's device. The complaint fails on both counts. There wasn't a credible allegation of damage (there was no allegation of impairment to the machine) or of WSOD's intent to cause the damage.

Access Claim: The court rejects the access claim since plaintiff does not adequately allege that the unauthorized access was intentional.

So, nice try, but no dice. Someone sending unsolicited text messages to your mobile phone may be annoying (and potentially illegal under other laws), but it's not hacking under the Computer Fraud and Abuse Act.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computer fraud and abuse act, hacking, spam

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 16 Dec 2009 @ 5:17am

" ... in order to bring a case under a law, you have to actually show that the law was broken"

Some people do not understand this.
[ link to this | view in chronology ]
aguywhoneedstenbucks (profile), 16 Dec 2009 @ 6:03am

SPAM
What about the CAN-SPAM act? Wouldn't that fit better?
[ link to this | view in chronology ]
- Mike Masnick (profile), 16 Dec 2009 @ 8:06am
  
  Re: SPAM
  What about the CAN-SPAM act? Wouldn't that fit better?
  
  Individuals cannot bring a lawsuit under CAN SPAM. Only ISPs.
  [ link to this | view in chronology ]
  - aguywhoneedstenbucks (profile), 16 Dec 2009 @ 8:53am
    
    Re: Re: SPAM
    Yep, forgot about that. Carry on!
    [ link to this | view in chronology ]
Ryan, 16 Dec 2009 @ 7:22am

Good
I used to run a text message site (that I sold recently) where users could text somebody from the web.

It's still the most popular one out there, but I used to get these types of lawsuit threats all the time. I'd always advise the person that it wasn't me sending the message and to have a lawyer explain section 230 to them.

Thankfully I never had to go to court.

That's one hell of an effort over a text message. Delete it and move on. If you keep getting them, block the number and move on. Why would this have to go to court?
[ link to this | view in chronology ]
- Money Mike (profile), 16 Dec 2009 @ 8:10am
  
  Re: Good
  While I don't disagree with your take on the situation, I should point out that it's probably not possible to simply "block the number."
  
  I have Verizon and asked about that a few years ago but I was told it wasn't possible. I had a someone who was calling my phone repeatedly and leaving voicemails, but wouldn't take the hint when I never called back. Since I couldn't block their number, my eventual solution was to answer the phone and then immediately end the call so there was no way for them to leave a voicemail. Eventually, they did get the hint.
  [ link to this | view in chronology ]
  - TheStupidOne, 16 Dec 2009 @ 8:26am
    
    Re: Re: Good
    Actually with Verizon you can block the number. Log into your account online, visit the "My Services" section. Then under "Verizon Safeguards" select "Spam Controls"
    [ link to this | view in chronology ]
Blake Reid, 16 Dec 2009 @ 7:32am

No damage?
Mike, I hate to say it, but I'm pretty surprised that the transmission claim (§ 1030(a)(5)(A)) failed. Damage is defined as "impairment to the . . . availability of . . . a system" under § 1030(e)(8), and courts have interpreted that VERY broadly in the past (though I can't find the case, I seem to remember it being extended to spam e-mail). I wouldn't be at all surprised to see the decision overturned on appeal, or a similar case turning out differently in a different lower court.

(Normatively, I agree that these kinds of cases stretch CFAA far beyond its intended purpose, and guilty verdicts/plaintiff judgments render the statute void for vagueness, as the Lori Drew judge pointed out.)
[ link to this | view in chronology ]
tracker1 (profile), 16 Dec 2009 @ 8:01am

@Ryan, some phone services won't allow you to selectively block incoming text messages, and some plans charge per message, inbound as well as outbound. Essentially, if you are causing damages (in costs) incurred to an individual or company they can sue. Probably not under certain conditions, but just the same. As to safe harbors, you could be at least sued to obtain customer information, and for not properly identifying customers and usage for information that gets transmitted over the airwaves, which could mean FCC involvement.
[ link to this | view in chronology ]
ntlgnce, 16 Dec 2009 @ 8:22am

Just getting the unwanted spam, in theory should be the same as hacking or changing data, or non data in this case. should constitute the data protection under the hacking law. See if the data on the device was blank, and someone sent a unwanted file that changed the data in an unwanted manor, then sure it can fall under the law. If you fight for the story as it sits, there will be Billions and Billions of unwanted spam text messages. The spam was unwanted therefore should be a punishable offence to the offender.
[ link to this | view in chronology ]
ntlgnce, 16 Dec 2009 @ 8:22am

Just getting the unwanted spam, in theory should be the same as hacking or changing data, or non data in this case. should constitute the data protection under the hacking law. See if the data on the device was blank, and someone sent a unwanted file that changed the data in an unwanted manor, then sure it can fall under the law. If you fight for the story as it sits, there will be Billions and Billions of unwanted spam text messages. The spam was unwanted therefore should be a punishable offence to the offender.
[ link to this | view in chronology ]
Matt, 16 Dec 2009 @ 11:43am

The TCPA protects against this,
http://www.fcc.gov/cgb/consumerfacts/tcpa.html

If you read the part about "Automatic Telephone Dialing Systems" It states that it covers Text messages to wireless phones. so unless WSOD was manually entering the data for everyone they were spamming this is illegal. the woman needs some new legal council.
[ link to this | view in chronology ]
- another mike (profile), 16 Dec 2009 @ 12:23pm
  
  Re:
  This. Getting spammed may have legal remedies, you just need to know which law to use.
  
  TCPA also covers mobile customers that still pay per message received or get charged airtime to download a message.
  [ link to this | view in chronology ]
Damien Rice, 28 Jun 2012 @ 5:26pm

Yes, I think so too. Sending spam messages is not the same as hacking someone's phone unless the spam message contains link to a hacking software or website. Anyway, I think this topic is perfect for my next research paper for school. With that, maybe I would not need to consult topessayservices.com for further help. Sounds like a plan
[ link to this | view in chronology ]