Keylogger Software Company Not Liable for Eavesdropping by Ex-spouse — Hayes v. SpectorSoft
[Posted by Venkat]
In what probably belongs in the “software doesn’t surreptitiously record conversations, people do” file, a federal court in Tennessee rejected Electronic Communications Privacy Act and product liability claims brought by someone whose ex-spouse used software to log internet activity and communications. (Access a copy of the order here [scribd].)
The case presented a now-familiar fact pattern of the use of monitoring (in this case keylogger) software by a spouse to keep track of the online activities of the soon-to-be ex-spouse. The plaintiff (Thomas Hayes) sued SpectorSoft, which produced two pieces of software used by his ex-spouse and someone else to monitor his instant message, email, and browsing activities. Hayes alleged violations of the Electronic Communications Privacy Act and also asserted negligence and product liability claims. The court granted SpectorSoft’s motion for summary judgment and dismissed the case.
Plaintiff also made a creative argument that the SpectorSoft software was “unreasonably dangerous.” The court expressed doubt as to whether software qualified as a product at all, and in any event concluded that plaintiff failed to demonstrate that the software was unreasonably dangerous by putting forth evidence that SpectorSoft could have taken alternative measures that would have prevented the inadvertent disclosure.
The court’s decision is not surprising, given that (1) SpectorSoft did not conduct the eavesdropping but only provided the tools to facilitate it and (2) the software could be used to conduct multiple lawful activities (monitoring children, employees, archiving messages). The decision was also not surprising given that the installation and use of the software could have been avoided if the user had taken adequate security precautions. (Sidenote: I wonder if it’s farfetched to argue that one spouse has the right to access the email and other accounts of another spouse based on some community property-like theory?)
I guess at the extreme end of the spectrum a court may be willing to hold a software company liable for developing software where the only possible use is to conduct unlawful surveillance, but this fact pattern wasn’t even close. Holding the software company in that instance would also raise potential First Amendment/crime-facilitating speech issues (?).
Related: In late 2008, a federal court halted sales of keylogger/do it yourself spyware software. (See coverage at Wired and JOLT Digest.) Also, this type of a claim has a higher likelihood of success when brought against the ex-spouse, rather than the software company, as noted by Tom O’Toole here.