Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt
from the say-what-now? dept
It appears that the police and other law enforcement folks who spent department money on the awful ComputerCOP spyware simply can't admit that they were handing out software that made kids less safe. Instead, they're sticking by their decision to do so. Given that the company personalized the software in the name of local law enforcement, and pitched it as the "perfect election and fundraising tool," you can understand their reticence to actually admit that they've been making kids a hell of a lot less safe. We already discussed San Diego District Attorney Bonnie Dumanis defending the software, even while issuing an "alert" telling parents how to disable the keylogging feature. Even more bizarre was the response of Limestone County, Alabama, Sheriff Mike Blakely, who simply questioned EFF's credibility in revealing the dangerous nature of the software.Blakely appears to be doubling down on that argument. In an interview with Ars Technica, he again bizarrely claims that the EFF wants to protect pedophiles and predators, and then also endorses spying on kids:
With respect to the EFF he said, “I'm not against their criticism but I just think they're probably more interested in protecting predators and pedophiles than in protecting our children.”That ignores, of course, that the keylogging sends information unencrypted, thus putting children much more at risk. When Ars did ask him about that, Blakely said that they'd have to talk to his "IT people."
“As sheriff, I went down [to schools] and met with kids and I taught them about bicycle safety and not to talk to strangers,” Blakely said, adding that handing out ComputerCOP was just another branch of the department's efforts to keep kids from being solicited online.
“If you and I were married and had a 14-year-old daughter, then yeah I could check on who you're talking to online and you could check who I'm talking to,” he said. “But if [ComputerCOP is] used properly, it's something we whole-heartedly endorse. Now if you're of the persuasion of the people of the EFF who would rather not do anything, then that's something that I can't help.”
It appears that other police departments and district attorneys are similarly trying to defend the fact that they've been distributing dangerous keylogging software that can pass unencrypted cleartext of any information typed by kids. Some law enforcement folks are not just standing by their decision to hand out the spyware, but are continuing to do so. Contra Costa District Attorney Dan Cabral, astoundingly, admits that he intends to continue distributing the software until after someone's been hurt.
Contra Costa Assistant District Attorney Dan Cabral said Friday that the office has no plans to recall the software it distributed.Steve Moawad, the Senior Deputy District Attorney working for Cabral, ridiculously argues the fact that so many other law enforcement folks got duped is somehow proof that the software must be okay.
"If it turns up later that there's some sort of breach we will do so, but right now we feel it serves its purpose and it assists parents in what its supposed to do," Cabral said Friday.
"I am aware of several law enforcement agencies that have looked at the product before and after this report," Moawad said. "I believe the EFF is overstating the risk and, the fact that this program has been handed out by hundreds of law enforcement agencies over a period of 10 years and there's been no reported incidents of identity theft as a result of the use of the software is indicative of that (fact)."There are many, many problems with this. Just because a specific breach can't be traced back directly to this software doesn't mean breaches haven't happened (and happened regularly). Based on how the software itself works (sending cleartext over the internet), there's really not going to be any indication that when a breach happens it's because of the software. Parents and kids just won't know how the leak of information happened.
Meanwhile, over in Loudon County, Virginia, the Sheriff's Office not only stood by the use of the software but announced plans to hand out more copies next year:
In a statement issued by the Loudoun County Sheriff's Office today, the agency said “ComputerCOP is very similar to other parental monitoring systems available on the market. The program does not operate without the CD inserted in the computer disk drive and does not allow access from any outside parties, including the Loudoun County Sheriff’s Office or ComputerCOP. The disks are not distributed without explanation from Loudoun County Sheriff’s Office personnel during our Internet Safety: What Parents Need to Know presentations. Parents are made aware at these presentations of the programs limitations and how it is intended to be used. Parents with questions about ComputerCOP are encouraged to attend one of our upcoming Internet Safety courses that will begin in early 2015 at area schools.”First of all, the claim is misleading to the point of being disingenuous. While the software, by itself, does not "allow access from any outside parties," by sending cleartext copies of keylogging output over the internet, it's revealing that content to many, many potential outside parties. It appears the Loudon County Sheriff's office doesn't even understand the problem -- and yet they claim that they've properly explained the software to parents? That seems difficult to believe.
I'd be curious if the presentation includes an explanation of keylogging, encryption and the dangers of sending cleartext over the internet. Again, it seems doubtful. Hopefully, some parents in Loudon County who do understand this will head on over to the next set of Internet Safety classes, not to be educated, but to educate the police there.
Next up, there are the folks at the Maricopa County, Arizona, Attorney's Office. They, too, are not at all happy with the EFF, while remaining pleased as punch with ComputerCOP's software, despite it putting kids in danger. In an email to CNET's Seth Rosenblatt, the Maricopa County Attorney's Office says it's "ridiculous" to call the software spyware, and also (huh?) claims that EFF is only doing this because it offers "a competing product." Wait, what?
In short, this is a story filled with inaccurate information and numerous misrepresentations from an organization that just so happens to be offering a competing product. That fact alone warrants skepticism about its conclusions. Unfortunately however, several news outlets (and I am not including CNET here) have accepted and regurgitated the EFF report without making any effort to verify the information it contains or talk to someone who’s actually used the product, let alone checked it out first hand.First off, I had no idea that EFF offered its own spyware product. Second, whether or not the product is "fundamentally no different" kind of misses the point. If all such software have serious security problems, that should be an issue.
To call ComputerCOP "spyware" is ridiculous. This product is fundamentally no different than the parental controls that are available on countless digital devices and so ware used by kids today. In fact, most parents believe they have the right and responsibility to know what their children are doing online, and this product is a simple tool that allows them to do that.
Unlike what most experts would term "spyware," ComputerCOP does not surreptitiously send information to third parties. The hysterical claim that ComputerCOP sends notifications emails without encryption... is utterly fatuous and disingenuous. The software uses a user's existing e-mail service to send notifications. A ComputerCOP notification has no greater potential for being compromised than any other e-mail a user sends.That suggests a level of technical ignorance that is, well, kinda scary. The fact that ComputerCOP sends keylogger info without encryption is entirely accurate. It is neither fatuous nor disingenuous. In response to this bizarre claim from Maricopa County, the EFF's Dave Maass (who wrote the original report) asked Maricopa to hire an independent security team to evaluate the software. Also, despite its claims, Maass notes that over the weekend, Maricopa County appears to have removed their own website promoting ComptuerCOP. Perhaps the Maricopa County's Attorneys Office isn't quite as confident in the software as they claimed.
Meanwhile, one of the security researchers who the EFF used in its original report, Jeremy Gillula, went a step further. On Twitter, he issued a challenge to anyone defending ComputerCOP:
Challenge to all defending ComputerCOP as secure: you install it, connect to open wifi and login to your bank while I run wireshark. Any money I transfer out using your username and password from the packet logs gets donated to EFF. If I can't get any money, I retract all statements about ComputerCOP's keylogger being insecure. Sound like a deal?Let's see if anyone takes him up on it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: computercop, contra costa, encryption, keylogger, law enforcement, limestone county, loudon county, maricopa county, mike blakely, spyware
Companies: computercop, eff
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
'My money is more important than your safety.'
Not. A. Chance.
They'll put the personal information of others, including the very children they claim to be protecting, at risk, no problem, but their own?
I'm betting every last one of them will be too cowardly to take the bet, to put their money(literally) where their mouth is.
Mind, I would love to be proven wrong on this, any cop who actually accepted the challenge to prove how 'secure' the software is would instantly regain my respect, because it would show that they honestly do think the software is secure, that it really will protect, rather than harm, people, and they are willing to put their own bank account at risk to prove it.
[ link to this | view in chronology ]
Re: 'My money is more important than your safety.'
There's a word for that cop, who inevitably will accept - we used to call them a "patsy."
[ link to this | view in chronology ]
Proving himself a fool
[ link to this | view in chronology ]
That would be Joe "Fishy" Bob, his Uncle Dad.
[ link to this | view in chronology ]
Do Not Question My Authority
[ link to this | view in chronology ]
You're not allowed to challenge the ruling class for the ruling class knows best.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I mean that really has to tell you something.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Of course if the data is stolen, they're going to blame the thieves, not the terribly flawed software they've been warned about.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"Challenge Accepted" -Hackers
[ link to this | view in chronology ]
Response to: Anonymous Coward on Oct 6th, 2014 @ 1:30pm
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Oct 6th, 2014 @ 1:30pm
You know I was thinking about it, and you really don't have to take any information at all. All you would have to do leave a hint that the program has been compromised. (Pffttt... I'm not even a hacker. I'm not even really sure if it would be possible to "fake" a hacking without accessing the data.)
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Oct 6th, 2014 @ 1:30pm
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Question for EFF/anyone who's checked the s/w
For that matter, what steps does it take to prevent someone from just fabricating it outright?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This sounds somewhat familiar.
I often feel humiliated for politicians, but that discussion, and this is just proud ignorance that takes the cake. It was so embarrassing to watch people who run a country, act like a bunch of 12 year old kids.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Hypocrite
[ link to this | view in chronology ]
Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt
[ link to this | view in chronology ]
Re: Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt
[ link to this | view in chronology ]
Re: Re: Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt
'ComputerCOP doesn't appear in any of the major malware/spyware registries, so you'll need to do a little digging yourself.'
It's one redeeming feature is that it's apparently relatively easy to remove if you know to look for it.
Source:
https://www.eff.org/deeplinks/2014/09/computercop-howto
[ link to this | view in chronology ]
This is the old infallibility of the pope thing.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Seriously?
[ link to this | view in chronology ]
plain text...
*innocent*
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If true, it would be easier to circumvent than holding down the shift button while inserting a music CD. If false, they are lying about the CD requirement and it's running all the time.
[ link to this | view in chronology ]
[ link to this | view in chronology ]