Former Employee’s ‘Email Barrage’ Does Not Support CAN-SPAM or Computer Fraud and Abuse Act Claims — Nyack Hosp. v. Moran

[Post by Venkat]

Nyack Hosp. v. Moran, 08 Civ. 11112 (SCR)(PED) (S.D.N.Y.; Oct. 20, 2010)

Moran was employed by Nyack Hospital. When the employment relationship ended he:

sent [an unspecified number of] e-mails, including a 17-page attachment, to over “100 . . . senior managers and employees [at the Hospital]” and others and misrepresented the source of the e-mails as David Freed, the president of the Hospital. The e-mails, as characterized by [the Hospital] “leaked certain aspects of an internal confidential employee survey, defamed the Hospital’s reputation and the reputations of several Hospital employees . . . and urged the . . . recipients to report the alleged wrongdoings to the Hospital’s Board of Trustees and the Rockland Journal News.”

The Hospital sued Moran under CAN-SPAM and the Computer Fraud and Abuse Act. Moran, acting pro se, defeated the claims.

CAN-SPAM claims: The Hospital alleged that Moran violated the subject line and header information prongs of CAN-SPAM. The court concludes that because the emails were not “commercial electronic mail messages,” there could be no subject line violation. With respect to the header information prong, there could be no violation unless the messages are found to be “commercial email messages” or “transactional or relationship messages.” Having already concluded that the messages were not commercial in nature, the court analyzes whether the messages were “transactional or relationship messages.” The Hospital made the flimsy argument that the messages were transactional or relationship messages because the messages “provide[d] information directly related to an employment relationship.” The court rejects this argument, noting that the “transactional or relationship messages” were intended by the statute to be a sub-category of commercial email messages (with respect to which CAN-SPAM relaxes certain requirements). Of course, even assuming that the messages were commercial in nature, the Hospital would have had a tough time showing that it suffered any “adverse effects,” a point which the court alludes to in a footnote (citing Virtumundo).

Computer Fraud and Abuse Act Claim: The Hospital alleged that Moran violated the CFAA by “transmitting information” to a protected computer and as a result of such transmission intentionally causing damage. While pre-CAN SPAM cases (e.g., AOL v. National Health Care Discount, Inc.) grappled with the issue of whether the CFAA was ever intended to cover spam, the court easily rejects the Hospital’s claim on the basis that the Hospital did not allege Moran’s emails caused any damage to the Hospital’s computer system. In the process, the court cites to Czech v. Wall Street on Demand, a case which rejected CFAA claims based on unsolicited text messages.


The Hospital here took Moran’s acts and tried to shoehorn them into CAN-SPAM and the Computer Fraud and Abuse Act. In the process, it made some arguments that were pretty far out in left field.

Claims around advocacy through email bombardment haven’t fared well, absent some showing that the emails caused damage on the receiving end. Intel v. Hamidi was an email bombardment case involving a former employee where the court rejected trespass claims for failure to show damage. Intel brought common law claims, and this case is a good indicator of how CAN-SPAM and CFAA claims would have fared had Intel brought them. I recently blogged about Pulte Homes, Inc. v. LiUNA, where the court held that a union’s email campaign on behalf of former employees did not violate the Computer Fraud and Abuse Act. (“Web-based Email Bombardment Campaign Does Not Amount to a Violation of the Computer Fraud and Abuse Act.”) Also, as mentioned in the post about Pulte Homes, the Seventh Circuit recently vacated the district court’s contempt order based on emails sent by supporters of Kevin Trudeau. (“Seventh Circuit Vacates Contempt for E-Mail Barrage.”)

I didn’t think the issue of whether the emails were commercial in nature was a close question. The emails were not reproduced by the court in its order, but the emails were cloaked in whistleblower language (I wondered whether an anti-SLAPP motion was a possibility). For a loosely related case on this issue (that looks at whether a [ghostwritten] attorney newsletter is an ad) see Holtzman v. Turza (“Ghostwritten Attorney Newsletter is an “Ad” for TCPA Junk Fax Law Purposes“).

At the end of the day, this seemed like a garden variety employment dispute that didn’t really implicate laws which cover spam or hacking. Maybe the Hospital brought the CAN-SPAM and CFAA claims in an attempt to preempt any claims which Moran had threatened to raise? It’s possible that the Hospital succeeded in achieving its ultimate purpose, although it suffered a smackdown in the process.