One very interesting thing is that the exploits, rootkits, etc are all unclassified and the CIA has no copyright on them either. The logic is supposedly that an agent putting a classified rootkit/trojan/whatever on a machine is mishandling classified information and thus it would be illegal.
Indeed, that's what the doc implies. They say they reckon the CIA has no recourse. Probably sue-able for breaking their employment contract where they presumably agree to never disclose anything, regardless of classification level. But doubtful that'd be a federal crime.
