You didn't explain what this has to do with copyright? CFAA[0] (or even [1]) seems like a better avenue to explore, but still likely a dead-end. Copyright seems like a misnomer.
Software is covered by copyright; if I write some program and compile it, and they copy it off my machine behind my back to run somewhere, it is copyright violation, is it not?
Copyright infringement. It is unlikely to apply. Particularly as the infringement has no "effect [...] upon the potential market for or value of the copyrighted work." Meaning Microsoft hasn't hurt anyone else's bottom line.
There's several fair usage arguments you can make. At least three strong arguments. But to be honest this would need to be tested in the courts one way or the other.
I don't really think copyright conceptually is a very fruitful argument here. CFAA is likely stronger.
Fair. I wonder how a combo of CFAA, HIPAA and GDPR could fare here. I couldn't find whether Windows Defender automatically uploads all executables it sees, but apparently[0] non-executables deemed "suspicious" can be uploaded too.
Worth noting Fair Use in Copyright is a USA thing.
In UK there have been some changes to Fair Dealing in the last couple of years that I'm not up to date on, but I don't know of anything that would make this allowed except having an explicit license from the copyright holder.
HIPAA would end up falling on your neck, not theirs. The users of windows are required to turn that setting off if you're in HIPAA land, among probably a hundred other things.
The License you agreed to by using Windows probably covers this explicitly, even if they didn't get covered under the explicit exception for reverse-engineering and automated analysis.
Pretty sure by you having this malware submission feature enabled you have given a limited license for them to execute the binary. You're barking up the wrong tree.
I don't think a virus is relevant here. I'm not a lawyer, but the idea of a "terms of service" for an unwanted and maliciously installed executable seems nonsensical. Virus authors can include whatever TOS they want, but the "user" hasn't agreed to the TOS practically by definition.
Perhaps. It seems that this option is enabled by default, though. I imagine something about this is buried in the pile of agreements you have to click through when installing Windows. What's the status of current legal understanding of the reality that EULAs are bullshit and nobody ever reads them? Maybe I could win something from Europe via GDPR complaint if I compiled an executable containing my PII only for it to be exfilled by Microsoft?