There is a doctrine known as "copyright misuse" which permits a court to refuse to enforce a copyright interest when that interest is being used (or enforcement of the right is sought) for an improper purpose. Copyright actions, for the most part, lie in equity and as such the court may apply equitable principles to deny relief when granting it would be unreasonable. I suspect that it would not be a hard sell to convince a court that enforcing a malicious software author's copyright interests in such software would be unreasonable and would amount to copyright misuse. Note also that in order to prosecute copyright infringement on a virus, the author would have to file a registration for that virus with the Copyright Office, which would then be admissible as evidence in a criminal prosecution against that author for computer tampering. In addition, the civil complaint that the author would have to file to initiate a copyright enforcement action would be admissible, as would the sworn affidavits which would necessarily be annexed to that complaint as exhibits. So, from a pratical standpoint, even if virus authors have a copyright interest in their viruses, they would be utter idiots to seek to enforce them. This would also apply to efforts to use the DMCA, as that also requires a sworn affidavit attesting to ownership of the intellectual property in question. The only caveat here would be a virus author who wrote a virus but never released it or who published it for "academic review" without a license to use (e.g. exploit code developed by testing labs). In this case, if you discovered her virus on your system, she would probably be willing to work with you in a joint prosecution against the virus releaser, as that individual has both infringed the virus author's copyright and committed computer tampering against your system, especially when you point out to her that if she fails to cooperate, you will name her as a joint defendant in conspiracy with the releasing individual on the charge of computer tampering. So, I wouldn't worry about copyright interests in viruses. It's questionable (in my mind) whether such interests are legally enforceable, and quite clear to me that they are not practically enforceable even if they are legally. The foregoing is not legal advice. For legal advice, consult a licensed attorney. Kelly > -----Original Message----- > From: Aaron Silver [SMTP:asilverat_private] > Sent: Tuesday, July 24, 2001 4:22 PM > To: bugtraqat_private > Subject: Re: telnetd exploit code > > There's a question begging to be asked here... > > First of all let me say that I don't know Sebastian or his motivations, so > I am not infering anything here, simply that this brought up a point that > is now itching my head a lot. > > If a hacker copyright's his code, and then releases it into the wild, what > does that do for his rights under the copyright? > > To turn it upside down, I have a machine that has had some hacker code > placed on it. I didn't authorize it to be placed on there... Am I to be > denied investigating this code (and sharing it with others to help me > investigate) because someone placed a copyright notice on the code. > > Normally the rights of the individual to swing his arms ends at the tip of > another individual's nose. > > This issue can get a lot muddier, but I figured I'd start with a simple > case. =) > > Aaron Silver > > aleph1at_private wrote: > > > * Sebastian (scutat_private-berlin.de) [010724 09:38]: > > > I do not know who let this posting through, but I think something went > > > seriously wrong here. > > > > > > What do the mailing list administrators do here, letting a > confidential > > > source code with full copyright and confidentiality header intact > through a > > > public mailing list. The Bugtraq mailing list was especially noted as > > > example even in the header, which should not be allowed to disclose > this. > > > > > > Although a lot of Bugtraq readers might not agree with me here, I > think > > > there is a right under which I can deny the disclosure of this source > code. > > > Call it privacy, call it copyright, I do not care about its name. > > > > Sebastian is correct. It was an error to approve the message given he > > clearly stated in the comments he did not wish it distributed. For > > that I apologize. > > > > That being said, it been quite obvious that for a while now that this > > exploit is being shared in the underground and has been used actively > > to break into systems. Better control of exploits one does not wish > > to see distributed may be called for. > > > > > Oh, and another odd thing, there is no X-Approved-By: this time in the > > > post, I wonder why. Do you know ? > > > > The X-Approved-By header was inserted by LISTSERV. We been using ezmlm, > > which does not insert the header, for a while now. > > > > > ciao, > > > -scut > > > > -- > > Elias Levy > > SecurityFocus.com > > http://www.securityfocus.com/ > > Si vis pacem, para bellum
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 15:16:18 PDT