Ask anyone: I get grumpy and argumentative whenever Southern Cal beats Notre Dame. Lost yet *another* Thanskgiving bet with my cousin this year and he'll gloat all winter.
Rootboy, that Wikipedia article was an interesting read.
Aabeck asserted that "To a lawyer & the courts it's legally called a "Time Bomb"". I disagreed, stating that the phrase "Time Bomb" is not a legal definition for the software function we are discussing.
"Logic Bomb" is a very good general definition of a similar software function, and a Wikipedia article with multiple citations from case law gives that definition weight.
But it's still not a
legal definition. You won't find it any State or Federal Code, nor will you find it in Black's Law Dictionary or similar references. Wikipedia is not a legal reference or even considered a reliable source in most courts.
And I assert that even that general definition does not describe code that causes a production halt on an industrial control system with no intent to cause damage or losses.
Of the eighteen references in that Wikipedia article, four of them use the phrase 'Logic Bomb', and two of those put it in quotes.
Each of those cases (Makwana, Lin, Duchak) was a criminal charge under various parts of US Code Title 18, Section 1030. This is generally called the
Computer Fraud and Abuse Act and it describes a handful of criminal acts involving computers, computer systems, and networks. The phrases "logic bomb" or "time bomb" occur nowhere in that Federal law.
What rootboy described in his personal experience is an ordinary civil contract dispute with an ordinary court-ordered remedy (the Sheriff's lien).
What Aabeck described in his personal experience is an ordinary product liability case, with arguments about contributory negligence on both sides.
Neither of those anecdotes appear to describe a 'logic bomb' or involve personal liability or criminal proceedings.
Circling back to the OP's original question, we come to a middle-ground problem. Oldnerd followed up saying that he thinks that installing production-disabling logic is "unethical especially when the customer has not been informed up front. " I agree strongly with him.
Oldnerd's customer and his employer would have competing claims for breach of contract, and there's a chance that Oldnerd's employer would try to dodge responsibility by claiming that Oldnerd acted without authorization. This would probably be hashed out in civil court in the jurisdiction of the customer site.
But it would definitely not rise to the level of a Federal criminal charge.