0

Is it legal to create and send someone a computer virus if it doesn’t damage their computer? For example if a computer virus just spies on a persons screen, is that illegal? I red on a Quora question that computer viruses aren’t illegal because it’s too subjective to say "a program that messes up a computer is considered a virus". I imagine the surrounding activities, like stealing credit card information when they type it into a website, are the illegal part.

I heard of some viruses that only mess up other viruses, so does a virus have to damage a computer?

Improve this question
3
  • Possible duplicate: A computer “virus” that only spreads (no payloads) - Is it illegal?. As for "just spies of a persons screen", this may break privacy laws, but you would have to get into details (did you get the user's permission, what data were you collecting, etc.). Many programs record the screen on purpose; that is not spying because presumably the program has permission. However if I install such a program unknowingly on someone's computer, I am doing wrong, not the software.
    – Brandin
    Commented Oct 4, 2017 at 8:30
  • @Brandin I was more wondering what is considered spying, for example many Microsoft products report back telemetry to a server, but I guess the this isn't considered spying/malicious as the user knows this is happening from the Terms of Service. So for example, if Microsoft tried to keep it secret and didn't have it included in the ToS that their app reports back information, would this be illegal or classified as a virus?
    – boxtheboxer
    Commented Oct 4, 2017 at 9:00
  • To answer this you need more details in your question; what information is being collected, did the user agree to have that collected (e.g. EULA, dialog box prompt "Send Information to Microsoft?", etc.), is the information anonymized or not, etc. Informally, many believe Microsoft products are viruses, spyware, etc. But these terms have no legal meaning.
    – Brandin
    Commented Oct 4, 2017 at 9:22

1 Answer 1

Reset to default
4

Laws against such actions are not stated in terms of popular and fluid concepts like "computer virus", they are stated in terms of clear concepts like "unauthorized access". There are federal and state laws against this. This web site lists and links to all of the state laws on the matter. There is also a federal law: a detailed legal analysis by DOJ is given here. There are some limits to federal jurisdiction, for example "protected computers" include "computers used in or affecting interstate or foreign commerce or communication". The term "affecting interstate or foreign commerce or communication" is widely used in federal law, and can be used to prohibit growing feed for your own animals. Anything that you "send" clearly affects interstate commerce (the internet is internationally connected). 18 USC 1030(a) says

Whoever ... (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains...(C) information from any protected computer

Essentially, a computer connected to the outside world is protected.

The key here is "without authorization". If you authorize MS to report back stuff about your computer, that is not unauthorized. It may not be possible to use their product without giving such authorization, in which case you can use a different product that doesn't require that you grant authorization. There is also the possibility that some software producer has technically violates the law because they think that it's okay for them to access the computer as long as they do no harm. Typically, people are not aware that they have granted software publishers access to their computer.

The concept of "harm" is pretty much irrelevant to computer-crime criminal law. It would be relevant, though, if a plaintiff were to sue someone for sniffing around their computer: then you'd have to show that you were damaged.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .