February 10, 2015

The ideas, views, and opinions contained in this article belong solely to the author and are not representative of the views of any organization the author is associated with.
Reports have emerged from sites like Reddit about e-cigarettes infecting computers with malware. Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. With the advent of anti-virus and anti-malware software, the likelihood of getting one of these through your email is greatly reduced. Therefore, malware producers are trying to find other ways to get it into your computer. With the recent proliferation of malware from non-software devices (such as e-cigarettes and digital photo frames), it has become increasingly dangerous to charge your USB from your computer.
This past year saw a sharp increase in browser-related exploits, such as luring an individual to a trusted website that has been infected with malicious code.  Additionally, the rise of “bring your own device” policies in the corporate world have led to security challenges for organizations.  Many large organizations reported that security breaches were caused by their own staff, most commonly through ignorance of security practices. For example, in the case of the malware laden e-cigarette, the e-cigarette was not approved to be plugged in to the computer.
Malware can result in your email contacts being pilfered by a third party, or your personal identification for later identity theft. These can both be incredibly harmful. In Smith v. Jack Eckerd Corp., the North Carolina Court of Appeals defined the tort of intrusion upon seclusion as follows: “[o]ne who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” 101 N.C. App. 566 (1991).   Malware creators seem like they should be liable for a violation of this tort. However, many of the malware creators are safely overseas, outside of the jurisdiction of U.S. Courts.
The other ways that victims of malware have sought remedies include suing the content providers who host malware, and suing the companies selling malware-laden devices. But these options have been recently foreclosed.
47 U.S.C. § 230 approved 13 January 2014 prevents the civil liability for digital third-party content providers. (“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”). As such, a website hosting a link to malware is not liable for the harm it causes.

A website hosting a link to malware is not liable for the harm it causes.

Similarly, in Opperman v. Path, a 2014 malware lawsuit against Apple, the plaintiff’s claimed that Apple sold them devices that made it possible for third parties to access the Plaintiff’s information, essentially malware. The complaint was dismissed for “lack of harm” with the court finding that “overpaying for a device” laden with privacy infringing material was not sufficient harm, and instead looked to the “harm” caused to the plaintiff’s information, which was negligible.
Since the malware creators are outside of the jurisdiction of U.S. Courts, laws have absolved the hosts of the malware content, and courts are denying plaintiff’s “harm,” there is no remedy in sight for stopping the spread of malware. If you still decide to plug your e-cigarette in to your computer, just know: you do so at your own risk.
DISCLAIMER: There are a number of sites claiming that the malware laden e-cigarette is a hoax that has since been perpetuated by the media. Regardless of the veracity of the malware laden e-cigarette, I am using this example because it is more fun and catchy than the idea of plugging in a digital picture frame to your computer.