–Virus Kits Readily Available on the Internet are Protected by Right to Free Speech
Note: The following is a summary of an article that appeared in the Wall Street Journal on March 31, 2005. The Wall Street Journal site requires
paid registration.
CDs containing virus source code, virus writing tools and descriptions of how various viruses work are available for sale on the Internet.
Some sites even offer this information at no charge. The administrator of a site that advertises a hacking guide to “hard drive killers” and keystroke loggers maintains that the merchandise” is intended for people who want to test the security of their systems.
The proliferation of do-it-yourself malware kits available on the Internet has raised security concerns, but law enforcement officials have no legal recourse against the purveyors; publishing code than can be used to create malware is not illegal. What is illegal, according to the Computer Fraud and Abuse Act, is releasing malware with the knowledge that it will cause harm.
Web sites are not investigated unless a virus released on the Internet has been traced back to it; even then, those who posted the code cannot
be prosecuted for simply making the information public. Prosecutors could conceivably have a case if the site on which the malware code is posted urges destructive activity.
Criminalizing these tools is problematic because some of them have “very legitimate uses in the security profession,” so the focus has been on
criminalizing the activity of spreading malware rather than on the malware itself.
