San Diego District Attorney Issues Warning About Dangerous Spyware She Purchased & Distributed; But Still Stands By It

from the not-the-right-response dept

Thu, Oct 2nd 2014 8:12am — Mike Masnick

Yesterday, we wrote about the EFF's investigation into Computer Cop, the dangerous spyware/keylogger that is sold to police departments and other law enforcement folks as a "perfect election and fundraising tool" because the software gets branded with local law enforcement/politicians and they get to hand it out as a tool to "protect your children" by spying on how they use their computers. The software appears to be a very crappy search system and keylogger. Any keylogger is already a dangerous tool, but this one is especially dangerous in that it transmits the log of keystrokes entirely unencrypted to a server, meaning that all sorts of information, including passwords, credit cards, etc. are transmitted across the internet in the clear. The Computer Cop website looks like it was designed a decade ago and then left to rot (as does its software):

The site is so bad that the company's own address in the footer of the website spells the city wrong. The company is based in Bohemia, NY, yet the site's own website spells it Bhomeia. Yes, that's more than one letter out of place:

All of this should give you a sense of what's going on here. Rather than actually "protecting children," this is a cynical money-grab by a guy who is convincing politicians to use government money to make children less safe while pretending to "protect the children."

Given the powerful expose by the EFF, you'd think that some of the folks who bought into the bogus software and distributed this dangerous spyware to unsuspecting parents might be regretting their decision. Instead, they're... still playing politics. The San Diego District Attorney, Bonnie Dumanis, didn't apologize. She did release an alert warning about the very software she purchased and promoted and distributed to parents, but then still says the software is generally good and will continue to distribute it.

In a statement, Dumanis spokesman Steve Walker said the program was still a useful tool for parents.

“Our online security experts at the Computer and Technology Crime High-Tech Response Team continue to believe the benefits of this software in protecting children from predators and bullies online and providing parents with an effective oversight tool outweigh the limited security concerns about the product, which can be fixed,” Walker said.

Walker said that the District Attorney’s Office still has a few copies of the program left and will give them to families who request it.

There don't appear to be any actual redeeming qualities to the software. It doesn't protect anyone, but rather makes them less safe while giving parents a false sense of security. San Diego (and elsewhere) deserve much better, but apparently they're not going to get it.

The "warning" that was sent out just suggests disabling the keylogger part -- and doesn't appear to take any responsibility for purchasing and promoting the software in the past. As for how much money was spent? Apparently San Diego spent $25,000 on the software:

Dumanis spent $25,000 from asset forfeiture funds — money and property seized during drug and other prosecutions — on 5,000 copies of the program for public dissemination.

Ah, so rather than being directly taxpayer money, it's just money stolen via questionable forfeiture procedures. It's hard to see how that's any better.

San Diego Computer Cop Alert 10 1 14 (PDF)San Diego Computer Cop Alert 10 1 14 (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bonnie dumanis, computercop, for the children, keylogger, protect the children, san diego, spyware
Companies: computercop, eff

29 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 2 Oct 2014 @ 8:14am

“Our online security experts at the Computer and Technology Crime High-Tech Response Team continue to believe the benefits of this software in protecting children from predators and bullies online and providing parents with an effective oversight tool outweigh the limited security concerns about the product, which can be fixed,” Walker said.

Again, good godamn parenting should be far enough to protect the kids. This is not about protecting anyone, it's about rotten human beings putting others at risk for their own financial benefit. This includes the one behind Computer Cop itself.
[ link to this | view in chronology ]
- Chris-Mouse (profile), 2 Oct 2014 @ 8:52am
  
  Re:
  The best sort of Internet filter I've ever seen is putting the computer in the living room with the screen placed so anyone in the room can see it.
  [ link to this | view in chronology ]
- Mason Wheeler (profile), 2 Oct 2014 @ 10:43am
  
  Re:
  Again, good godamn parenting should be far enough to protect the kids.
  
  Yeah, it really should, but often it's not, especially when one of the parents is actively being part of the problem.
  
  When my (underage) brother was being *ahem* "groomed" by his father's boyfriend (long story) with the full knowledge of his father, our family suspected something was going on, but it wasn't until I found and installed software similar to this that we were able to get evidence on the guy and get some court-ordered protection in time to avert some serious tragedies.
  
  Even if this particular program is poorly designed, it's a horrible overreaction to say they're all no good. A properly-configured, properly-deployed keylogger really can help protect children, and the focus should be on making sure the software is up to standards, not on blanket condemnations of useful tools. I'm very disappointed in Techdirt's hasty generalizations on this topic.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 2 Oct 2014 @ 11:34am
    
    Re: Re:
    "Even if this particular program is poorly designed, it's a horrible overreaction to say they're all no good."
    
    I didn't hear anybody claim that they're all no good, but perhaps I missed something. This particular program counts as "more harm than good" precisely because of the combination of being unfit for purpose and having law enforcement agencies giving it out and claiming that it's fine.
    [ link to this | view in chronology ]
    - Mason Wheeler (profile), 2 Oct 2014 @ 1:15pm
      
      Re: Re: Re:
      From the article: "Any keylogger is already a dangerous tool."
      
      Well so is a power saw, but only if you don't know how to use it safely. The same could be said of automobiles, of ladders, matches, or antibiotics. Just about any useful tool has the potential to be dangerous if used badly, but it's highly irresponsible to go around insinuating that the whole class of tool is a bad thing when one particular model is found to have a safety defect.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 2 Oct 2014 @ 2:05pm
        
        Re: Re: Re: Re:
        Acknowledging that a tool is dangerous is not the same as saying the tool is a bad thing.
        [ link to this | view in chronology ]
      - Ninja (profile), 3 Oct 2014 @ 3:56am
        
        Re: Re: Re: Re:
        Keyloggers are dangerous. But really, as Chris-Mouse wisely said, just put the computer where everyone can see and most of the problem is gone. If there's some suspicion such software can be used yes. But if you don't know what you are doing ask for assistance from a specialist. Even if my knowledge is above average regarding computers I'd still read a lot and look for specialists before using such tools.
        [ link to this | view in chronology ]
Always write guy, 2 Oct 2014 @ 8:21am

Accountability
Seriously people need to start admitting they where wrong, if it doesn't start soon the whole of western civilization is going to go so far off the rails we will all die.
[ link to this | view in chronology ]
- That One Guy (profile), 2 Oct 2014 @ 9:09am
  
  Re: Accountability
  I'm pretty sure one of the top requirements to run for public office is a complete and utter inability to admit to having been wrong, on any topic, no matter how important or insignificant the matter is.
  [ link to this | view in chronology ]
  - ltlw0lf (profile), 2 Oct 2014 @ 12:12pm
    
    Re: Re: Accountability
    I'm pretty sure one of the top requirements to run for public office is a complete and utter inability to admit to having been wrong, on any topic, no matter how important or insignificant the matter is.
    
    I know this is a shot in the dark, but you really don't know how spot on you are with this comment (or maybe you do.) This is the same San Diego District Attorney who *allegedly* (though the actual letter signed by her and with her letterhead has been published) wrote a recommendation for the son of a foreigner who is now under investigation for illegally contributing campaign contributions to local politicians (which may have included her, indirectly, through a SuperPAC) in exchange for favors.
    [ link to this | view in chronology ]
Vidiot (profile), 2 Oct 2014 @ 8:26am

Like the loaves and fishes
"... the District Attorney’s Office still has a few copies of the program left..."

That's the nice thing about software -- you've ALWAYS "got a few copies left". Ditto e-books, MP3's, movies...
[ link to this | view in chronology ]
Rich Kulawiec, 2 Oct 2014 @ 8:57am

Correction
"“Our online security experts at the Computer and Technology Crime High-Tech Response Team [...]"

are not security experts.
[ link to this | view in chronology ]
- That One Guy (profile), 2 Oct 2014 @ 9:05am
  
  Re: Correction
  Yeah, any 'expert' that supports pushing a keylogger/spyware program that sends the results unencrypted is one I wouldn't trust anywhere near anything remotely electronic.
  [ link to this | view in chronology ]
- Anonymous Coward, 2 Oct 2014 @ 9:52am
  
  Re: Correction
  I'm now very concerned that those experts are likely the same people who work on computer crime casescene for the prosecution.
  [ link to this | view in chronology ]
  - Rich Kulawiec, 2 Oct 2014 @ 10:20am
    
    Re: Re: Correction
    As you should be. Recall the negligence, incompetence, stupidity and fabrication that characterized the Julie Amero case.
    [ link to this | view in chronology ]
- Trails (profile), 2 Oct 2014 @ 10:34am
  
  Re: Correction
  That's just the given name of her campaign advisor.
  [ link to this | view in chronology ]
- orbitalinsertion (profile), 2 Oct 2014 @ 12:03pm
  
  Re: Correction
  Yep.
  
  Our online security experts at the Computer and Technology Crime High-Tech Response Team suck mud.
  [ link to this | view in chronology ]
Anonymous Coward, 2 Oct 2014 @ 8:59am

The individuals spending money and handing out this insecure spyware program, are unqualified to be making such decisions. I just hope these children don't fall victim to identity theft or worse.
[ link to this | view in chronology ]
Anonymous Coward, 2 Oct 2014 @ 9:13am

So you spend 5$ pr license on a program that is designed to keep people safe? I realize that 5000 licenses can get you quite a discount, but come on; I paid more for my lunch today.
Programs can be cheap or free, but you have to make damn sure you don't get what you pay for in those cases. Especially in security cases.
It seems to me they found a great promotional stunt and found the cheapest company without checking up on anything and got the cat in the bag... or rather the people, now using this program, got a dead cat without the bit more useful bag.
All of those involved should receive some sort of punishment for spreading malware and then after a few thousand times of this kind of screw-up they might actually learn.
[ link to this | view in chronology ]
Anonymous Coward, 2 Oct 2014 @ 9:13am

This earns her my nomination for the Techdirt Dictionary (no TM), under the entry "cognitive dissonance".
[ link to this | view in chronology ]
Anonymous Coward, 2 Oct 2014 @ 9:17am

" The San Diego District Attorney, Bonnie Dumbanus"
There fixed that for ya.
[ link to this | view in chronology ]
- Anonymous Coward, 2 Oct 2014 @ 10:59am
  
  Re:
  Yea, really....
  
  Trusting anything a Dumanis says would make you a Dumb Anus.
  [ link to this | view in chronology ]
Anonymous Coward, 2 Oct 2014 @ 9:42am

site's own website?
[ link to this | view in chronology ]
mcherm (profile), 2 Oct 2014 @ 9:42am

How to spin this
Perhaps we should follow the example of those who promote such software, and start to refer to Computer Cop as follows:

This pedophile spyware app, which the San Diego District Attorney was duped into distributing to loving parents for installation on their children's computers, masquerades as a tool to protect children from predators. In actuality, it transmits keystrokes (including sensitive social media accounts and passwords) in the clear where they could be intercepted by a computer savvy predator and used to gather information or even to "groom" a potential victim.

Of course, such a statement would be blatant fear-mongering. It is absolutely true that a pedophile could intercept the communications, but why should that, of all possible threats, be the one emphasized? One might very well ask the San Diego District Attorney the same question.
[ link to this | view in chronology ]
Anonymous Coward, 2 Oct 2014 @ 11:07am

"My Little Pwnie" software
This "Computer Cop" software seems to be yet another attempt to teach our kids that spying on one another is natural and fun.

Didn't Hitler Youth and the Stasi get kids to spy on their parents?
[ link to this | view in chronology ]
Kronomex, 2 Oct 2014 @ 4:17pm

Smells like someone is getting brown envelopes and kickbacks to me.
[ link to this | view in chronology ]
Incompetent pukes, 2 Oct 2014 @ 5:11pm

Dumanis buh bye
Bonnie Dumanis must be an expert in computer security. Her background, including her first job as a Junior Clerk Typist, prepared her for protecting the children that voters entrusted her to protect. Anytime a public official puts out a statement such as the above, we should be alarmed. Alarmed that in the face of direct evidence, people like Bonnie Dumanis choose saving face over admitting they might have made a mistake.
[ link to this | view in chronology ]
Anonymous Coward, 3 Oct 2014 @ 4:51am

Are ISPs doing this too?
Many ISPs offer, and insist on their customers using, a "security package" with their services, to "secure their systems" and "improve protection". I'm beginning to think maybe this is more spyware. Does anyone have any data on this?
[ link to this | view in chronology ]
Steve, 3 Oct 2014 @ 1:41pm

IRS Scandal update: IRS Scandal - Obama Admin Lied - Judicial Watch IRS attorney admits Lois Lerner E-mails Are backed up

http://commoncts.blogspot.com/2014/10/irs-scandal-update-irs-scandal-obama.html
[ link to this | view in chronology ]