The McEliece public-key cryptosystem fails to protect any message which is sent to a recipient more than once using different random error vectors. In general, it fails to protect any messages sent to a recipient which have a known linear relation to one another. Under these conditions, which are easily detectable, the cryptosystem is subject to a devastating attack which reveals plaintext with a work factor which is 1015 times better than the best general attack.