21

Ages ago, when dinosaurs roamed the earth and I was in college, I went to a recruiting event for a company that collected and sold statistical data. They explained that they got the information by installing programs on people's computer 'in exchange for' providing free products like screen savers. When someone pointed out that sounded like spyware they assured us it was entirely legal since their terms and conditions document disclosed that downloading their free product would result in installing their data collection software.

I'd still consider that malware, regardless of whether it was legal, which made me wonder what the legal implications of such would be. What would happen if I wrote a virus scan and I listed this program as malware and recommended its deletion? This could lead to the program being deleted from many computers and thus a reduction of the program's data collection, which could translate to a loss of profits. Can the makers of this program sue me for loss of profits? Would I risk getting into some legal debate as to whether their 'legal' product constituted malware?

phoog
  • 42,299
  • 5
  • 91
  • 143
dsollen
  • 10,179
  • 7
  • 59
  • 116

1 Answers1

25

There is a risk of getting sued, similar to Enigma Software v. Malwarebytes, where Malwarebytes characterized plaintiffs product with the words malicious, threats potentially unwanted programs. Enigma files a claim under Section 43(a) of the Lanham Act for false advertising, and tortious interference of business. Malwarebyte's argument was that their statements were non-actionable statements of opinion. The 9th Circuit panel found that when a computer security firm claims something is "malicious", that is to be interpreted as an objective statement of fact, not opinion. This conclusion did not include the claim that the product was "potentially unwanted", which is too non-specific to be actionable, but the claim to being malware or a threat is sufficiently specific that it is a verifiable claim.

However, you personally might not be suable (you can provide more professional context as you like), because you are not a well-known computer security company. The determination that the statement is "false, misleading, and deceptive information" under the Lanham Act depends on the reputation of the maker of the statement. If you were just to say in a conversation between fellow truck drivers "I think that operating system is malware", the statement would not be reasonably interpreted as a false statement of fact. But when you hold yourself out as an expert at identifying malware and label something as malware but it plainly isn't malware, then you are in the neighborhood of getting sued.

user6726
  • 217,973
  • 11
  • 354
  • 589