There has been a lot of buzz this past week about protesters indicating they plan to protest President-Elect Trump’s inauguration by launching a DDoS attack on the White House website. This plan has received some high-profile publicity by articles in magazines such as Forbes and PC World.
I initially learned of this discussion when I started receiving a large number of ping-backs on a post I wrote a few years ago titled Yes, Case Law Says it Really is a CFAA Violation to DDoS a Website.
This post looked at the Sixth Circuit Court of Appeals case of Pulte Homes, Inc. v. Laborers’ Intern. Union of North America, 648 F.3d 295 (6th Cir. 2011), a case that did not deal directly with a DDoS attack but did deal with a labor union’s concerted email and telephone “attack” on a company of such a volume that it disrupted the company’s ability to do business. The Pulte Court held that such activity violated the Computer Fraud and Abuse Act (CFAA). Read more about the Pulte Court’s analysis here.
Applying the Pulte Court’s principle that a transmission that weakens a sound computer system–-or, by analogy, that diminishes the ability to use data or a system–-causes damage, the Pulte opinion and the cases it cites do support the proposition that it is a violation of the Computer Fraud and Abuse Act to DDoS a website.
So, if you try to DDoS the White House’s website in protest of Donald Trump becoming President of the United States, you will violate the federal Computer Fraud and Abuse Act and there is a decent chance that President Trump’s Department of Justice will then be coming after you. Now you know.
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.