Should It Be Illegal To Sell A Keylogger? Or Just To Use It?

from the might-be-pushing-the-boundaries dept

Wed, Nov 19th 2008 3:46pm — Mike Masnick

A court has issued an injunction temporarily banning the sale of a keylogger product called RemoteSpy. The ruling probably makes sense under the current FTC law, but it does raise some questions about whether it really makes sense to ban the sale of such a program, versus just the use of one. I can certainly understand why you might want to ban the sale of such programs, because if they're sold, they're perhaps more likely to be used. However, it still seems wrong to make it illegal to sell some software because that software can be used for illegal activities. Shouldn't the liability belong to those who actually use the software for illegal purposes?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: keylogger, legality, liability

36 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Cygnus, 19 Nov 2008 @ 4:11pm

Without having read anything linked from this blurb, I'd imagine that the court's justification is that it goes well beyond that the software "can be used for illegal activities" but, rather, that the primary purpose of the software is illegal.

Your final question is like asking if it shouldn't be the crack user only, and not the crack dealer, that is punishable in the buy/sell transaction.
[ link to this | view in thread ]
mslade, 19 Nov 2008 @ 4:13pm

Programs don't spy on people...
People do. No, really, this is no different from the on-going TIRED debate about firearms.

IMO everything should be illegal, and we should all be put in prison.
[ link to this | view in thread ]
mslade, 19 Nov 2008 @ 4:17pm

Re:
Cygnus, your logic is flawed. Crack is a controlled substance, and ingesting crack is against the law.

Key logging software is not currently legal, nor should it be. And while I'm not a lawyer, I would be very, very surprised to find out that key logging, the primary purpose of the software, is illegal. If it were, that would be a vicious slippery slope since just about everything you do on a computer is logged somewhere for perfectly valid reasons.

Think about it this way: if they rebranded their product from "RemoteSpy" to "Nanny 2008" and called it a programming for monitoring what your children are doing, this would probably be a very different story.
[ link to this | view in thread ]
mslade, 19 Nov 2008 @ 4:18pm

Re: Re:
Aargh. Correction:

>> Key logging software is not currently *illegal*.

Sorry, I'm done with the comment spam.
[ link to this | view in thread ]
Cygnus, 19 Nov 2008 @ 4:20pm

Re: Re:
How about addressing the first paragraph, then.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 4:25pm

To my knowledge, keyloggers are commonly used on corporate/school computers to monitor the actions of the employees/students online.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 4:25pm

If it were illegal, where would law enforcement get their copy ?
[ link to this | view in thread ]
mslade, 19 Nov 2008 @ 4:28pm

Re: Re: Re:
Your first paragraph culminated with "the primary purpose of the software is illegal", which is untrue. There's plenty of other physical-world analogies to the situation where product A has a legitimate purpose, but is frequently used for illegal activities. That doesn't mean we should ban its sale.

- lockpicks
- guns
- Sudafed... oh wait, we did ban OTC sales of Sudafed because junkies were cooking it up.

It's a line we have to walk, when is something worth banning because of its potential for abuse. I think banning keyloggers is bad idea, since (as I exemplified) this would probably encompass very useful and legitimate software with friendlier names.
[ link to this | view in thread ]
PRMan, 19 Nov 2008 @ 4:29pm

In his sensationalism...
Mike forgot to point out that this particular keylogger is designed to be installed remotely without the owner's knowledge, which would ALWAYS be illegal.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 4:30pm

Re: Re: Re:
How about addressing the first paragraph, then.
You mean where you admit that you didn't even bother to read the story before commenting? I don't know about mslade, but I can't think of a nice way to respond to that.
[ link to this | view in thread ]
mslade, 19 Nov 2008 @ 4:31pm

Re: In his sensationalism...
Heh, I just clicked the link and saw that. I concede, this should be illegal. Boo @ sensationalism for making me engage in a bogus debate.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 4:33pm

Re: In his sensationalism...
Mike forgot to point out that this particular keylogger is designed to be installed remotely without the owner's knowledge, which would ALWAYS be illegal.

Really? I seem to recall reading about the FBI doing that.
[ link to this | view in thread ]
Hmmm, 19 Nov 2008 @ 4:37pm

Should be illegal
Drug paraphernalia, for example is illegal to sell. Bongs for example. (and before I get a bunch of responses saying that they are legal .. what is legal is a "water pipe" where they explicitly say "for tobacco use only"). If its primary and only use is to perform an illegal activity then the equipment should be illegal itself. The keylogger falls into this category.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 4:42pm

Re:
the primary purpose would be to monitor children's public access or work computers to ensure they are not doing something against company policy. this is no different than the monitoring software that lets you see everything someone on another computer is doing (which is installed in most school computer labs).
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 4:45pm

Re: Re: In his sensationalism...
rootkit.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 5:02pm

i don't see why key loggers are illegal, in one of previous jobs we had continuous problems with malware and viruses on certain PCs of course no one admitted using them, looking at the browsers history told us what sites were accessed and what times but that still didn't tell us who, we had to install key loggers on all affected machines in order to find out who was the culprit.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 5:03pm

Re: Should be illegal
what is legal is a "water pipe" where they explicitly say "for tobacco use only").
OK, so all they need to do is say somewhere, like in the EULA, that the product may not be used for illegal purposes and then they're good? I bet they had something like that.
[ link to this | view in thread ]
Trerro, 19 Nov 2008 @ 5:07pm

Possible legal use
You could have a program that's crashing horribly, and use a keylogger to figure out exactly why, by seeing what command was typed in or what shortcut was used right before it crashed. This is especially useful if it's crashing badly enough that it can't log anything first - as long as it doesn't take the whole system down, the keylogger should be able to capture the last input. Particularly, if it's a rare bug being encountered, a few testers with keyloggers running can get the problem fixed much faster than without them.

If you play computer games at the worldwide tournament level, a keylogger could be useful to learn someone's favored build order in a stategy game (with their permission, of course.)

Etc.

Yes, the overwhelming majority of times a keylogger is employed, it's to do something unethical, and usually illegal as well, but they DO have legitimate uses.

That being said, a program called "RemoteSpy" clearly isn't targeting itself at legit uses.
[ link to this | view in thread ]
Mark Regan, 19 Nov 2008 @ 5:21pm

Ban Cars Too
I'm pulling out my crayon and paper and writing block letters to my congressman asking him, while he's about the task for banning software that might be used illegally someday, to also BAN CARS WHICH MIGHT BE USED BY SPEEDERS OR BANK ROBBERS OR DRUG SMUGGLERS AFTER THEY ARE SOLD.

Sir: PLEASE PROTECT US.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 5:28pm

It only works on Microsoft products, probably gets in via javascript or activeX.
[ link to this | view in thread ]
Alexander, 19 Nov 2008 @ 5:38pm

The basic difference between this and dealing drugs or selling guns is that drugs and guns are physical. If I have one gun, I can only sell it to one person. However, keyloggers could just be shared peer-to-peer. Banning their distribution is just as enforceable as banning illegal music downloads.
[ link to this | view in thread ]
Rose M. Welch, 19 Nov 2008 @ 6:06pm

Re: In his sensationalism...
Why do you assume that the person sitting at the machine is the owner? It would make perfect sense for a large corporation with many officers or centers to use a product that is specifically designed to be installed from afar, rather than trying to remotely log into each computer and install it, or paying techs in several cities to do so, and hoping that they each do it correctly.
[ link to this | view in thread ]
Rose M. Welch, 19 Nov 2008 @ 6:07pm

Re: Re: In his sensationalism...
...with many officers or centers... should be 'with many offices or center'. Pardon me. :)
[ link to this | view in thread ]
another AC, 19 Nov 2008 @ 6:11pm

Uhh
What if i own the computer that i would like to install to remotely, Without the other users knowledge?
[ link to this | view in thread ]
ploglammel, 19 Nov 2008 @ 6:19pm

Ban More
They are going to ban Visual Basic as well, since the program used to write illegal software!
[ link to this | view in thread ]
mslade, 19 Nov 2008 @ 6:43pm

Re: Should be illegal
The primary use of a keylogger is to keylog. Keylogging is not illegal. Keyloggers should not be illegal.
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 7:04pm

while all of you are debating legalities i downloaded remote spy via bit torrent
[ link to this | view in thread ]
Anonymous Coward, 19 Nov 2008 @ 7:12pm

Re: Ban More
"They are going to ban Visual Basic as well, since the program used to write illegal software!"

Whoa - visual basic ?
You've got to be kidding
[ link to this | view in thread ]
Mart, 20 Nov 2008 @ 5:00am

..jesus.
Ban thinking. If you couldn't think of doing illegal things, you wouldn't be able to do them. I hate this sh1t.
[ link to this | view in thread ]
Anonymous Coward, 20 Nov 2008 @ 5:22am

Re:
Laws don't apply to cops. Duh.
[ link to this | view in thread ]
Anonymous Coward, 20 Nov 2008 @ 5:46am

It's stupid to ban the sale. Let's use the child porn theme (which seems to be popular)and see what else sould be banned.

Backup Tools - They can be used to backup child porn.
Cleanup Tools - They can be used to cleanup traces of child porn.
DVD Software - They can be used to play child porn.
E-Mail Clients - They can be used to email child porn.
Graphics Viewers - They can be used to view child porn.
HTML Editors - They can be used to make websites that contain child porn.
IRC Clients - They can be used to talk about child porn.
Text Editors - They can be used to write stories about child porn.
Video Capture Software - They can be used to capture child porn.
Video Converters - They can be used to to convert child porn.
Video Editing Software - They can be used to edit child porn.
Video Players - They can be used to play child porn.
[ link to this | view in thread ]
Blah Blah Blah, 20 Nov 2008 @ 8:07am

Re: Re: In his sensationalism...
Rose M. Welch says: Why do you assume that the person sitting at the machine is the owner? It would make perfect sense for a large corporation...

Are you arguing that the software being sold is legal or illegal?

Meanwhile, read the complaint, people. Don't just jump on the bandwagon because someone's beating a drum.

Either an owner or an authorized user can install a keylogger legally without notifying anyone else. The FTC has no problem with that. Corporate America does it all the time (the company owns the machine). NetNanny and the like are perfectly legal (as long as an owner or the owner of a userid on the machine installs the software knowingly).

According to the FTC complaint, RemoteSpy provides tools and instructions to trick people into running the install without realizing what they're doing. The company advertises the fact that RemoteSpy is designed to stealth install, conceal its presence and take steps to complicate removal when finally detected. (The FTC complaint includes quotes from company advertisements supporting these points.)

There is no compelling legal use for the stealth install, cloaking or complicated removal features of the software. If the company wants to sell RemoteSpy, all they need to do is remove those features. They should probably ditch the "how to trick people into installing" wizard too, but arguably a non-stealth install would mitigate that issue if people are smart enough to read the warnings.

Also note that the FTC is filing this complaint in response to a complaint to them in March from the Electronic Privacy Information Center (free speech rights, privacy rights, anti-FISA, keep the government far from my computer, etc.). EPIC claimed that RemoteSpy is illegal. The FTC is acting on their complaint.

Sometimes the Feds do the right thing, people.
[ link to this | view in thread ]
Greevar, 20 Nov 2008 @ 9:58am

You can't blame the tool for the person who abused it. I can imagine there are useful implementations for such a tool. Security would be one. If you suspect that one of your employees is leaking secrets, it would be useful in gaining intel that could condemn or exonerate them.
[ link to this | view in thread ]
Anonymous Coward, 20 Nov 2008 @ 11:28am

Re: Re: Re: In his sensationalism...
Either an owner or an authorized user can install a keylogger legally without notifying anyone else. The FTC has no problem with that. Corporate America does it all the time (the company owns the machine). NetNanny and the like are perfectly legal (as long as an owner or the owner of a userid on the machine installs the software knowingly).
OK, RemoteSpy can be used in the same manner. So by your argument, RemoteSpy is, to use your words, "perfectly legal".
[ link to this | view in thread ]
Anonymous Coward, 21 Nov 2008 @ 5:07am

Oog am strong. Oog ban fire. Now Oog tribe no burn houses no more.

Oog find hard rump meat a real PITA.

Oog cold.
[ link to this | view in thread ]
Sean, 28 May 2013 @ 7:18am

Terms of Use
Requires that you only install its software on computers that you own or have permission to monitor and that you inform all users of those computers that they are being monitored. Failure to do so may result in breaking of Federal and State laws. Awareness Technologies will cooperate with authorities in investigation of any allegations of misuse. Consult legal counsel if you have any questions regarding your specific circumstances.
[ link to this | view in thread ]