Deterring the Spread of Viruses Online: Can Tort Law Tighten the 'Net'?

Article excerpt

"The chance that a law will achieve its intended purpose improves when it is grounded in an accurate understanding of the phenomena it will regulate. "1 Introduction Damages caused by malicious software code will likely result in increasing civil tort litigation, considering the phenomenal growth of the electronic business paradigm and communications over the Internet.2 The potential for personal injuries increases as more computer software controls systems with which people come into contact.3 Successfully managing this growth portends a balance of legal and cooperative regulation beyond the industry's current selfgovernance.4

Virus infections can potentially cause widespread, non-uniform damages similar to those personal injuries suffered in other mass torts; thus, in theory, the class action device might provide an attractive means to adjudicate these disputes and could serve to deter further outbreaks. However, litigating this type of Internet dispute presents unique challenges for determining the locus of the tort and personal jurisdiction. Further, classic tort and property analysis used to address copying, theft, or alteration of computer information within existing law has proved inconsistent and ineffective in resolving damages and liability issues. Courts' unsuccessful struggles to apply suitable property definitions to computer data and resources appear to erode the viability of a tort action, and courts tend to rely instead on contract law.5 This reliance on contract law, rather than tort law, limits realistic redress for virus attacks to criminal actions.6 Courts and legislatures have not yet clarified standards of care or security guidelines for the software and networking community.7 Because individuals who release viruses may be judgment proof, software distributors and on-line service providers present more lucrative targets and must adapt their business strategies to offset this increased risk of liability.8

This Note describes the Internet environment and the current legal framework in place available to address the problem of computer viruses, provides critical tort analysis of key issues, and examines these issues within current mass tort jurisprudence. II. Computer Viruses and the Current Internet Infrastructure Imagine surfing the Internet, doing research, or buying airline tickets online. Your computer might be susceptible to virus attacks while you transfer data. While you research, you might download virus-laden data from a bulletin board posted by someone else, which you unwittingly share with others. Sophisticated code might even be able to infect your machine as a consequence of simply visiting A. Malevolent Software and Its Impact Computer viruses and their brethren (hereinafter "viruses") are generally programs intended to inflict some type of harm. Modern malevolent software is programmed to avoid detection-to extract itself if detected, to hide itself by various decryption methods or attachment of code which evades anti-viral software, or to embed itself in system boot software.10 However, all rogue programs are not per se malicious. For example, some computer worms are programmed to search for resources, to execute tasks requiring inordinate amounts of computer time, or to coordinate operations between networks. " There are generally four types of malevolent software programs: viruses, worms, time and logic bombs, and trojan horses. Viruses replicate and are usually intended to alter, harm, or destroy data. They attack disk boot sectors, operating systems, data, and applications. Even if not intended to be destructive, viruses can cause harm by consuming both human and computer resources.12 Some viruses are merely intended to facilitate unauthorized access as a means of "electronic voyeurism."'3 "Worms" generally harm by altering data as they move through systems that they can access and erase themselves to avoid discovery.l4 "Time and logic bombs" are set to temporarily injure systems, or to attack specific users, types of code, or execute when certain conditions are met. …