Legal risk in online calls for e-mail protests

Those looking to use social media or other online channels to rally e-mail protests must beware "crossing the line" as legal action can be taken against them, warn lawyers.

Individuals who take to social networks such as Facebook to galvanize friends to launch e-mail protests against entities, or respond to such calls, should rethink their intention as such actions may end up on the wrong side of the law, cautioned legal experts.

In a phone interview with ZDNet Asia, Rajesh Sreenivasan, partner and head of technology media and telecoms at Rajah and Tann, explained that encouraging others to pursue matters, for instance, by e-mailing their respective Member of Parliament or local political representative, is fairly common and the "right" approach to take, as this would mean the messages are directed to multiple accounts.

However, rallying people to e-mail a specific individual or organization's e-mail account--even without providing an actual e-mail address--can result in a criminal offense being meted out against the initiator, Sreenivasan warned.

If a person issues such calls via an online forum with visitors numbering in the thousands, even if only a portion heeds the call and e-mails at the same time, the mail server can potentially crash from the influx of requests, the lawyer pointed out. "It will be very hard for the individual to turn around and say, 'but I never thought this would happen'," he said. "You send [a message] out to thousands of people asking them to send an e-mail to a single person, what do you think the result would be?"

He pointed to a similar case several years ago in Singapore, where a man was found guilty of breaching the Computer Misuse Act as he had repeatedly sent e-mail messages to the Housing and Development Board (HDB) over the Christmas holiday period. That had led to a deterioration of HDB's mail server, noted Singapore-based Sreenivasan.

Over in the United States, an appeals court early this month overturned a district court ruling and deemed a company had grounds to allege a labor union had violated the country's Computer Fraud and Abuse Act because the union had asked its members to repeatedly send e-mail messages to specific employees of the company. The rally, sparked by what the labor union saw was an unfair dismissal of an employee, resulted in a high volume of e-mail messages which impacted the company's business operations due to an overloading of its e-mail servers.

That said, it does not mean Internet users are prohibited to casually suggest to their network of friends to register their concern or displeasure via e-mail to specific individuals or organizations.

Pointing to a recent case where Netizens in Singapore were unhappy with the outcome of a dispute between an Indian household and a native Chinese family over the smell of curry being cooked, Sreenivasan noted that individuals who, for example, commented on Facebook that people should e-mail the Community Mediation Centre (CMC), were not necessarily in "a situation that would to lead to an offense".

The CMC had helped the two feuding parties to reach a resolution some six years ago, where the Indian family agreed to cook curry only when their Chinese neighbors were not home.

However, if there were cases of "aggravated circumstances", such as the activists indicating a specific time to send protest e-mail or urging others to send messages repeatedly, the call could be interpreted as a coordinated or distributed denial-of-service (DDoS) attack.

Sreenivasan explained: "It has to be more than simply [to tell others] to 'send an e-mail to these people'...The message has to be, 'send an e-mail at this time, simultaneously'. That would show an intention to not just bring a message to the relevant person, but also to cause harm to the IT system of the individual or company."

Bryan Tan, director of Keystone Law, agreed that Net users might face legal action if they encouraged mass sending of e-mail messages to specific accounts, but pointed out that the volume of e-mail would have "to be pretty significant" before it obstructed the person's use of the computer.

This would be especially relevant now that a typical inbox capacity was no longer limited to 10 MB (megabytes) but 10 GB (gigabytes), Tan pointed out in an e-mail reply.

"Asking people to send in their opinions is unlikely to amount to a DDoS [attack]--it takes time to craft an e-mail and it would take a vast amount of e-mail within a short period to [qualify as one] these days," he said. "Asking individuals to send multiples of senseless e-mail [messages] may cross the line if the volume is sufficient enough but, short of that, providing views and opinions are pretty much legitimate activity."

Net users careful
Netizens ZDNet Asia contacted said they were cautious when supporting such calls to action, and would advise their friends to do the same.

David Chong, 34, who declined to reveal his occupation, said he "would be very careful in responding" to similar calls, particularly those targeting individuals or organizations.

"The extensive reach of social [media] platforms like Facebook is simply mind-boggling," Chong said. "It can go beyond geographical boundaries and, more scarily, involve even irrelevant parties--that is, anyone not privy to the background of the issues can be allowed to give their comments. And as casual readers browse through comments by others, they are easily swept by waves of emotions and colored views."

"Given the sheer size of casual readers, even if 5 percent of them decide to support the cause, the call would quickly gain critical mass," he added.

While Chong lamented that anyone now can post a comment on Facebook, hence, greatly diluting its usefulness in ensuring genuine causes are addressed, he said "a proper call of action can and should be formulated" for worthy causes for which existing systems cannot provide redress.

"My advice to friends would therefore be to first consider if there are any better channels to [air] their concerns before resorting to online social media," he noted. "And should they decide this is the best way to conduct their battle, they should reason out their arguments instead of appealing to raw emotions. Then they should aim for the moral high ground, instead of mudslinging their targets."

Chong added: "Finally, they must be prepared to take responsibility for everything they say and write, and be accountable to those who support their cause online."

Chua Boon Kien, a Malaysia-born IT professional working in New Zealand, said he has not come across appeals from friends and acquaintances to e-mail individuals or organizations, although he supported an online petition by registering his name and e-mail address at a Web site.

In an e-mail, the 41-year-old shared that he would consider such calls to action based on their "individual merits", and not merely as a demonstration of support for friends or contacts.

Chua said: "Pick your battles carefully, and be well-informed of the cause and potential repercussion. Don't let peer-pressure push you into things, even if it means you're going to lose friends.

"You also need to consider how your support will be handled and the integrity of the caller. There is [the] risk [of] someone using your support for the wrong cause--different from the one that you originally intended."

Most Netizens, Chua pointed out, are unaware of the legal framework and the potential legal risk and breach they are exposed to.

"They hide and shield themselves behind the anonymity of the Net, which in itself may not be that anonymous anyway," he said, adding that the online community should "stay informed of the legality of your actions".

Google+ a potential hazard
According to Sreenivasan, online users must word their call to action with care, making sure there is "no malice behind that request" or intent to go beyond voicing out concerns.

The lawyer advised the Internet population to consider the evolution of social media as "risks will become much more stark" once users start tapping Google+ to drive such rallies.

"On Facebook, it tends to be just your friends primarily and those you know, who would be able to access your messages. Google+ has a different model in which basically anyone can choose to follow you, so you essentially have no say. You can block them off if you want to, but by and large, a lot of people will basically have a lot more followers than they are aware of," he noted.

"And a lot of content [posted] will be searchable on the Internet, so be very responsible in terms of where you choose to share your information," cautioned Sreenivasan.