A US software developer has admitted to selling and supporting spyware after originally claiming his remote access tool was legitimate admin software. Colton Grubbs agreed to plead guilty to three felony charges – two counts of conspiracy, and one count of removal of property to prevent seizure – in a US federal district court …
Sure, there's a long list of rather illicit stuff being apparently advertised as features. Not much to defend there. I could see the need to show the software has substantial legitimate uses. But specifically, being aware that your software is also getting used nefariously - what the hell, since when is that supposed to make any difference? Will we also remove then the clause of zero liability of software sellers even if they are known to be aware that their code murders kittens continuously, which has accompanied every single piece of software being sold for at least a decade now...? Yeah, right...
...to creating sports cars which can easily outrun police and cargo vehicles to carry..uhm, stuff.
They all admit to knowing these high speed vehicles are perfect for criminal activities such as smuggling and trafficking as well as getting away as quickly as possible.
They also admitted to knowing these products have been used in terrorist attacks as well as kidnappings; yet still...they provide customer support as well as spare parts to those in need.
I don't condone this guys product, but let's get real. Those who need to be arrested and focused on (with laws) are those who use the product illegally. With a few simple changes to his words, he could've marketed this as a security tool in many locations (including the US) and been fine.
In a lot of criminal law, intent matters. It can be the difference between a terrible accident and a murder, obviously, but that principle is all over the place in other aspects of law - in fact, "strict liability" laws (you have done X, there is no mitigating excuse for doing X) are really rare, usually relating to child abuse.
So, that's the trick - to convict someone of fraud (for example), you have to prove not just that they took the money, but that they did so by deceit and did not intend to return it. Here, though, in order to convict this guy of selling malware, they had to prove he sold it specifically to facilitate crime-doing.
You sell payment processing software, you're okay. You market it as "Local Mob Invented One Weird Trick To Dodge The Law(the Police hate It!)", and suddenly you're guilty of intentionally marketing crime-enabling devices.
"Grubbs faces up 20 years in prison (but will likely get far less) when he is sentenced in October."
Good job, El Reg. Way too many places report the maximum possible sentence as what's going to happen, even though it almost never comes close with federal rules.
How much was this a plea deal?
What kind of EULA would you have if you were the author of such a product?
What kind of enforcement of that EULA would I have to be able to prove if they came knocking at my door?
Is this going to become an implied kind of regulation of remote access products, or will there come to be explicit regulation?
Are the big companies that make stuff that allows desktop sharing going to be as vulnerable to legal action as the little guys?
What keeps the crims from using the stuff made by the big guys, perhaps some kind of logging--and is that logging that violates privacy policies?
The slippery slopes are are getting steeper, and rabbit holes are getting deeper.
Biting the hand that feeds IT © 1998–2021