Security

Warning: Police spyware detected!


SpywareIn a recent case that was decided earlier this month, federal agents used a keystroke logger to record the typing of a suspected ecstasy manufacturer who has been using encryption to thwart the police.

In the wake of that, CNET's News.com did a survey of 13 leading anti-spyware vendors and found none have cooperated (or acknowledge doing that) unofficially with government agencies. Still, some of them did indicate that if so ordered by a court to keep quiet, they would obey and not alert customers to the presence of government-planted spyware.

Spyware chartThe entire question of whether police spyware should be allowed is becoming more urgent given that the use of keyloggers, especially, are becoming increasingly necessary, and as a result, they are frequently used. This is due in large part to the prevalence of encryption used both in hard disk and network communications. Microsoft’s Windows Vista and Apple’s OS X, for example, both include built-in encryption features.

According to the article Will security firms detect police spyware:

Because there has only been two known criminal prosecutions n the United States involve police use of key loggers, important legal rules remain unsettled. But key logger makers say that police and investigative agencies are frequent customers…

Unfortunately, it remains unclear if police have the legal authority to do so under current law.

Kevin Bankston, an attorney with the Electronic Frontier Foundation who has litigated wiretapping cases says:

The government would be pushing the boundaries of the law if it attempted to obtainsuch an order. There’s simply no precedent for this sort of thing.

You can read more at CNET News.com: Security firms on police spyware, in their own words

What is your opinion on this matter? What measures do you take to ensure that your security and privacy is not compromised?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

218 comments
tylervancehome
tylervancehome

Not actually all the keyloggers are spyware... Keyloggers, that do not have a remote installation capability called monitoring products. They were created to monitor kids online activity or employees. So keylogger is not always evil, it is like a gun - you can use it fro killing people or for protecting them. As an example can recommend you to visit this site, dedicated EXACTLY to monitoring products. Here is a link: www.anti-keylogger.org

deepsand
deepsand

Not only do we have Big Brother & Big Crime to contend with, now it's Big Advertising & Big Entertainment as well. 1) Big Advertising now has a box that ISPs can use to both moniter our surfing [u]and[/u] [b]insert ads[/b] into our incoming data stream. See http://www.networkworld.com/columnists/2007/070209bradner.html 2) Big Entertainment wants ISPs to be required to moniter our access to & storage of copywritten materials, and take steps to police our use of such. At least one [u]ISP[/u] is already [b]doing daily purges of user data[/b]. See http://www.networkworld.com/columnists/2007/062807backspin.html and http://www.networkworld.com/columnists/2007/070907backspin.html

Altotus
Altotus

WOW what a deal! Hide your slime ware by making it look like police ware and the war to keep hackers out is over, forever. NEVER NEVER again have a secure system! The age of personal info is over the security of all corporations are over all the anti anything are done! Court orders be damed the reality is it works with or without as a universal back door for everyone to be Never taken away and shrouded is secrecy forever by court order! This effects all users and not just the one or two poor sods typing away. This is so disruptive as to put an end to the Internet. A real threat not just an annoyance so long as security threats can be managed the system works-to think the most disruptive thing to ever happen to the net is brought forth by court order in secrecy! This is not detected so if it is misused who is to know! Any one who is aware of security wont trust that your data is not being misused by people who have a tool to use like a script kiddy. Who is to monitor misuse of a tool of such power? The possibility of misuse is unlimited.

Digicruiser
Digicruiser

Well the list should be available continually so we know which ones that won't get a mention in my books. I am not surprised with Microsoft, they have been theiving private information since at least Windows 95 when you registered and sent a huge file to Microsoft with all your software titles etc. You don't have to be a criminal to demand privacy. Some may ask "what have you got to hide?" well um if you don't have anything to hide, invite me over and see if you like me going thru all your things in your drawers etc and making them public - hehe. Oh I'm sure most have secrets, embarrassing things you want to keep private??? So that stupid question out the way, there will always be a wish for balance of privacy and the needy information to see if you are a terrorist but I think with all the innnocents that get picked on, they should be given huge compensation if proved beyond doubt that they have no connection in the criminal stakes - that will make the government and the authorities be more careful instead of the "Gun-ho" attitudes that persist today. Telling people which anti-virus is co-operating with the authorities will affect their sales of course and they are scared of telling - but Microsoft is typical in doing information gathering against the people. If you don't mind the Police (in this case) snooping on ya and possibly reacting wrongly to a piece of information, then use that product 8-). But remember to count how many times someone has taken something out of context and spread something in a maliscous form - What Police won't do that? Not at least the honest good ones.

hlhowell
hlhowell

If this stuff can be deployed without a court order, and is therefore not within the review of courts and therefore others in the heirachy of our form of government, what prevents these key loggers from being installed on the computer of someone involved in national security, Finance, sensitive industries, or other such sensitive areas? Where is the data checked, how is the process monitored and what risks to not just individuals, but our country?

apotheon
apotheon

Corporatism has so thoroughly subverted the market economy in the US that the dividing line between Big Business (in the corporate sense of the term) and Big Brother has all but vanished.

Tinker
Tinker

It would seem that now a days the police can do any thing they want in the name of security and cause is not an issue because the courts are going to believe the police before the person involved. (guilty until proven inocent). Their was another person in history that believed in freedom of police over anyone elsein the name of security, Hitler

NightLife6
NightLife6

Our Fed/St/Local Police will use any tool available to accomplish their objective and the most common logic used is that their action(s) were dictated by the necessity to prevent the T(bad guys) from being able to harm us. (What a joke) Most of us that have worked within the Executive Branch are quite familiar with the term, its a shame that our Legislative Branch failed to take this into consideration when they passed the Patriot Act giving so much power to the HLD that we have effective created a police state and now there is no turning back?. Remember Dick?s words a few weeks ago about his office being a separate governmental entity exempt from the laws applicable to the rest of the Executive Branch?.

DanLM
DanLM

Probable cause means they have some evidence already against you. Why do people have an issue with this? Dan

deepsand
deepsand

even the pretense of being subject to checks & balances. And, as it controls that which most find necessary, to an extent far exceeding that of Big Brother, most will give that which is demanded of them in exchange for the goods & services that they desire.

deepsand
deepsand

with which to practice his nefarious ways.

NightLife6
NightLife6

Definition of meaning for ref term in org post.

deepsand
deepsand

probable cause and a warrant! Look over your shoulder, to the recent past, and witness GWB's secret & illegal surveillance of domestic phone calls. What's not clear to [b]you[/b]?

sparky52
sparky52

Someone better look it up in a legal dictionary....in Pennsylvania any officer can stop you for nothing ! That means that he had PROBABLE CAUSE to stop you.... it is just a legal way to give the officer a tool for any entrapment that he may choose....there are good officers out there... but there are also ones that use the law for there own advancement and glory.

Altotus
Altotus

Just because a vernerability exists it will be used. What part of this requires a court order? Missused without a court order the info cant be used in court of course it can be used in any other way any one wants without any fear of detiction of the missuse or abuse.

AcesKaraoke
AcesKaraoke

Full time internship with Unisource Energy for the last year, 3 nights running karaoke, 3 nights of classes at ITT, and my kids on the weekends... surprised I'm not REALLY a ghost by now... just another year and a half and then I'll be good. :-)

apotheon
apotheon

I had wondered what happened to you.

AcesKaraoke
AcesKaraoke

It is as compelling a reason to use open source as any other. It is good to see that you are active here as ever, apotheon. Sorry I've been such a ghost. We can at least be thankful that those who gather power are of a mind to perpetuate the illusion of freedom for the masses. Of course, public revolution and uprising isn't in their best interests. If we win, they'll likely be the recipients of a good ye olde fashioned beheading. If they win, we'd mostly be killed and what will there be left to govern and drain dry? More rays of sunshine from a bent mind... ;-)

apotheon
apotheon

I haven't found fault with a single thing you said in that post. You're absolutely right -- and being paranoid doesn't mean they aren't out to get you. Of course, the sort of built-in problems that may exist in proprietary software is one of the reasons I tend to prefer open source software.

AcesKaraoke
AcesKaraoke

The basic problem is that there is often a vast difference between what 'seems to be' and what is. Somehow we believe that there are actually lines separating government, big business, religion, and various other centers of mass control and manipulation. None of these entities are necessarily separate one from another (or work together as if they were one unit or in complimentary/reciprocal/symbiotic ways). How often do these 'loops' just happen to somehow feed each other? Government and religion, government regulation and Big Business, Law enforcement and Drug Cartels. Members often belong to many facets of this disturbing gem at the same time or vacilate from one to another professing that they've seen the 'error of their ways' belonging to an 'evil' overly controlling group rather than a 'good' overly controlling group. By the way, back to the original post... why would the government or law enforcement need spyware? They would more likely pressure the source... say the powers that be of Microsoft to allow them to take advantage of the likely thousands of lines of code in OS's that already address invading user privacy in ways that aren't detectable by third-party software. *sigh* Sleep well... wish I could. I at least console myself that I am a small enough threat that they are too busy to bother crushing me... ...am I paranoid or overly aware?

TonytheTiger
TonytheTiger

Business passes their cost of all of this influencing to the consumer, and government passes theirs along to the taxpayer. That's what I call a "double whammy"!

Absolutely
Absolutely

Forget about the other part of your comment. In what way is it accurate to describe the government/big business feedback as a (downward, unless you're some kind of a statist) spiral rather a simple loop? To the extent that the feedback is purely "positive", which in this case is the sense of a "positive" diagnosis of cancer. If a "negative" or negating mechanism were introduced to the same dynamic, it could at least be brought to the level of a "loop". What small government people need to do is develop a simple, accurate statistical model, which does not claim disaster with every minute increase in the budget of a regulatory agency, but which does show generally negative consequences, over time, and correlate those to the expanding scope of government. What could we measure...? Hmm, what about median income, in "real" terms? What about statistical distribution of wealth? That should clue people in, if repeated, say, 25% as frequently as the general hue and cry for more government protection from the various bogeymen.

apotheon
apotheon

It's depressing, but appears to be accurate.

Absolutely
Absolutely

It's a spiral, a downward spiral. Observe the correlation of tax rates on personal income while government regulation of "Big Business" has grown since WWII.

apotheon
apotheon

There's definitely a feedback loop going on there, where the governmental interference leads to corporate influence leads to governmental interference leads to corporate influence, et cetera. It can all basically be traced back to governmental interference in the first place, though. Without corporate law, that type of business influence wouldn't be possible.

deepsand
deepsand

the interference in government by business itself?

apotheon
apotheon

Government [b]is[/b] the check on big business! At least, that's the common perception. The truth, as we know, is that governmental interference in market forces [b]creates[/b] the massive, market-dominating corporations to which you refer.

deepsand
deepsand

The genie is out of the bottle; Pandora's Box is opened. There's no return to the past for us.

TonytheTiger
TonytheTiger

but do you really think the program will stop? Ever?

Deadly Ernest
Deadly Ernest

referring to the use of Interpol as a way of getting the data. A large amount of the communications intercepts that Australia and Canada handle are USA in origin or destination, since these intercepts happen outside the USA, the general USA laws have no bearing. The good point about the communications intercept system is the sheer amount of intercepts it deals with. All the communications are put through several computer programs and examined for key words or phrases or names. If any pop up, they're then put through a more intensive computer program. Any single communication would be run through several computer programs, by automatic computer controlled systems, before the system even sends it to a live person to look at, then most are noted, recorded, and filed without any further action. Only if more from that particular source rise up through the filters, are the earlier ones then closely examined, unless the reason for the first filter alert was a major alert. The majority are scanned and dumped without even finishing the initial filter system. And most people don't say anything that would trigger a filter alert anyway. The filters are set for code words that relate to terrorism, bomb attacks, illicit drugs, etc - discussion on people's day to day lives don't even get past the first scans.

normhaga
normhaga

the point that data intercepted outside of American jurisdiction and then shared provides an end run of the laws of this country. Viewed in this light, Deadly, your point about Echalon becomes even more poignant.

deepsand
deepsand

keep themselves informed of all of their "own" cases, let alone those of others. And, considering how little coverage, be it print, radio or television, is given to news of lasting import, it's surprising that any of us know much at all of international affairs.

Deadly Ernest
Deadly Ernest

interesting rules about the sharing of information, and what is shared - many countries don't really trust all the data available through Interpol. However, the Echelon group does include Canada, USA, United Kingdom, Australia, New Zealand, and a few other countries. And the terms of that agreement includes the full sharing of all information gathered through the Echelon network, that includes the raw data as well as the analysed data.

Deadly Ernest
Deadly Ernest

screaming about having their satellite calls being intercepted, but then, I don't always keep up to date with ALL the USA court cases.

normhaga
normhaga

That Canada and the United States are part of Interpol. Interpol shares data with members.

deepsand
deepsand

This case deals with the interception of domestic calls, along with the collusion of several telco carriers, [u]without[/u] the required warrants as stipulated by FISA; i.e., it was and end-run around the FISA court, which had been established for the express purpose of reining in the illegal practices that began in earnest during the Vietnam War.

Deadly Ernest
Deadly Ernest

because the calls were being routed through Canada or satellites and being intercepted. A lot of people don't know how much actual communications interception goes on. For decades, since the Echelon program was started just after the start of the Cold War, the USA government has been intercepting and assessing all the communications signals it can catch outside the USA, and everything that crosses the USA borders. They didn't intercept wholly domestic communications due to legal issues with USA laws, they needed individual court orders for those. Thus a call from within the USA to a destination within the USA, and the entire link is within the USA, isn't caught by Echelon. However, the moment the communications chain crosses the border, they become international communications and a legal intercept. So a call that gets routed through a Canadian link or a satellite (those are in international space outside the atmosphere, and thus outside the USA) is a legal intercept. Many VoIP calls get routed out of the USA and back again, becoming legal fodder as well. On top of that, many USA calls are intercepted by Canadian intelligence services and thus not under the restrictions of the USA laws, as they're a foreign power.

DanLM
DanLM

And that is all she wrote. Dan

deepsand
deepsand

does [b]not[/b] set aside Court rulings re. the legality of said program. GWB belatedly agreed to abide by FISA because he feared further legal setbacks in the Courts.

DanLM
DanLM

And it has not been shot down by the courts. The procedurals of how it is performed have changed, but nothing else. To say it is illegal is not a true statement. [i]In a 2-1 decision, the Sixth Circuit Court of Appeals last week dismissed a legal challenge to the warrantless surveillance program brought by the American Civil Liberties Union (ACLU).[/i] Published Monday 9th July 2007 14:47 GMT http://www.theregister.co.uk/2007/07/09/warrantless_wiretap_court_latest/ Dan

apotheon
apotheon

The existence of checks and balances doesn't make case law allowing violations of privacy and property rights "okay". The existence of checks and balances only provides a means for a clearly offensive bit of case law like this to be eliminated. The idea is not that three branches of government can make up for any ridiculous bit of legislation or case law in all its violations, but that they can keep such legislation and case law from becoming an entrenched part of the legal landscape.

deepsand
deepsand

And, when they do work, it is not unusual for such to occur very, very long after the fact, and then only because of great effort on the part of 3rd parties. As an example, the matter that I earlier mentioned re. massive corruption involving all parties occurred very nearly 30 yrs. ago, during which time several persons have been wrongfully imprisoned under life sentences. When the Sovereign conspires, the People are screwed.

DanLM
DanLM

And you seem to be assuming that I don't care about the minority of authorities that abuse their power. My position is that there are checks in balances in place. You have missed that point of my argument. And that any new law that is written that provides new powers such as these should put in place the same types of checks and balances. If you disagree, that's fine. I can live with that one. But I watch these posts where I talk about checks and balances as built into the constitution. I see the same people that quote this constituion and the people that wrote it saying it is not working. The courts job is to insure the laws are followed. A seperate branch of the goverment. What I see is everyone saying the court is irrelevant, corrupt, not doing their job. I see this position put forth in this and many other posts here. Its always a theme, the courts will do nothing. They are the pawns of the politicians that put them there. That has been the case since day one of this nation, they have always been appointed by elected officials who want the courts of the same thought process as themselves. If you don't like the way the court system is, the people that uphold the law, then vote differently in the next election. If you don't think it will make a difference, then you are saying the constitution doesn't work. This is a general statement, and not directed specifically at you. But, the common theme is to throw everything out and start over. That is an observation not an assumption. That what we have isn't working. My point is, the abuses that you talk about today have always been with us. They are not new, they are not unique, and they will always be abuses of one form or another. If you can think of a better way to insure there isn't, then please tell. If you love the constitution as I believe many of you do. Then vote the politicians out of office who make these laws you disagree with(which occurs all the time, that seems to work). If you don't think nothing you do matters, then don't talk to me at all. Your a waste of space. Dan

apotheon
apotheon

I didn't say any of the things you attribute to me. In fact, I very specifically pointed out that a minority of bad people can wreak a whole lot of havoc, despite the majority, when [b]all of them[/b] have too much power. My point was not to paint all law enforcement officers with the brush of "beasts", as you put it, but to say that to protect us from a minority who do not respect or protect our rights we must not grant power to them without thinking about the potential negative consequences. As deepsand appears to agree, I believe your tendency to simply assume that powers granted will only be used as intended is strikingly naive.

DanLM
DanLM

And you categorize a whole profession by a minority. You show no respect for what the profession is all about. Protecting you and your liberties. The way all of you talk, there is no point in having law enforcement. They are evil, they are the beast. You would rather have anarchy then law and order. You all have gone to the extreme in pointing out what that profession does wrong, the bad examples of it. You take no time to show the respect for what they are all about and what they have done right. Maybe you are the one that is naive. I acknowledge there are bad cops. But you don't even give the credit to the good ones. Your as bad as the people you claim to not trust. Dan

apotheon
apotheon

I'm sorry you have not been around enough people in general to realize that being a police officer does not make one honest. It doesn't take many people in positions of power with no scruples to make granting too much power with too little oversight into a losing proposition.

DanLM
DanLM

I'm sorry you have not been around enough honest men and seen them win against "the evil ones". I have, I still am, and I am very happy for it. Dan

deepsand
deepsand

In the past 40 yrs. I've witnessed the dark, dank belly of the Beasts too often to ever again expect that the actions of honest men can suffice to thwart those of the evil ones for but a fleeting moment.

DanLM
DanLM

I can't think of any law that allows the authorities to search can't be abused as you suggest. Do we take them away? Not all authorities are out to abuse their power. Just as the majority in my profession, IT are professional. You still will have lazy ones that will not perform their tasks in the manner they should be. Backup didn't run, oh well. Chit happens. Whats your password, here I'll fix it. They take the easy way out. That should not be a reflection on the full industry. What you are suggesting toward authorities is the same thing. Your right, you will have authorities that will use these key loggers for what ever they want because they are unwilling(too lazy) to do the right thing or go the correct route. But do you use a broad brush stroke to categorize the whole legal profession that way? If that is the case, then all their powers need to be removed. And there is no point in having law officials at all. They will have no tools, no powers, and no means of investigation. dan