Treasury Department Report Shows ComputerCOP Used Bogus Endorsement Letter To Get Police To Distribute Keylogger

from the bad-news dept

A little over three years ago, we wrote about a detailed investigation by Dave Maass at EFF to reveal that an app called ComputerCOP, that was given out by hundreds of police departments to parents supposedly for protecting their kids, was actually dangerous spyware that transmitted information typed by users (including kids) over the internet without encryption. Even worse, tax dollars were being used by police departments to "purchase" this software for distribution to unsuspecting parents. The details were ugly, and it even included ComputerCOP using a bogus "endorsement letter" from the Treasury Dept. -- leading the Treasury Department to put out a fraud alert about the software, stating:

Neither the Treasury nor the Treasury Executive Office for Asset Forfeiture endorses this or any other particular product and the use of equitable sharing funds does not in any way imply such an endorsement. A letter purporting to be from the Treasury Executive Office for Asset Forfeiture [link] is not genuine.

Incredibly, even after all of this was revealed, we noted that many police departments continued to stand behind the software and even claimed that EFF was "not credible" (and, bizarrely, said that the software would have "stopped Columbine").

Three years have gone by and Maass and EFF are back, noting that the original report spurred an investigation by the Treasury Department into the software which confirmed the EFF's reporting, even noting that the company had doctored a letter to claim that the software was endorsed by the Treasury Dept. From the report:

The investigation determined that the allegation is substantiated. Specifically, no less than three law enforcement agencies solicited by ComputerCOP reported the TEOAF memorandum in the solicitation influenced the law enforcement agency's decision in purchasing ComputerCOP's software. After discussions with TOIG, DOJ/U.S. Marshal Service, and Treasury Office Counsel, ComputerCOP agreed to post a disclaimer on their website to dissociate the Treasury Department from their products. Additionally, ComputerCOP agreed to immediately cease use of the altered letter from the Treasury Department.

However, as Maass also notes, ComputerCOP evaded prosecution because the three-year statute of limitations had run out. Of course, I'm curious how that's true, given the claim that the company had continued to use the letter until all of this was revealed.

New FOIA documents show that, after a multi-year investigation, the Inspector General concluded that ComputerCOP had indeed “altered the 2001 letter from TEOAF and made it appear to be blanket permission for all law enforcement agencies to use equitable sharing funds to purchase the software.” Indeed, ComputerCOP made this claim on the rate card it provided to agencies. 

As part of its investigation into the letter, Treasury investigators sent questionnaires to 240 agencies that had purchased ComputerCOP. Of the few dozen that responded, three law enforcement agencies—the Peabody Police Department in Massachusetts, the Alaska Department of Public Safety, and the Greene County Sheriff's Office in Missouri—told Treasury that the fraudulent letter had directly influenced their decision to purchase the product. 

The closed investigative report indicates the Treasury Inspector General was unable to send the case for prosecution “due to the fact that the three year statute of limitations on the offense had lapsed.” Instead, after discussions with the Justice Department and the U.S. Marshal Service, Treasury concluded it was enough for ComputerCOP to cease using the altered letter and to post a disclaimer on their website.

And Maass also notes that while ComputerCOP promised to post a disclaimer on its website, that disclaimer appears to have gone away -- and is still pushing misleading (at best) claims about the software.

Unfortunately, it may be time for the Treasury Department to re-open the case. While ComputerCOP did once advertise the disclaimer, EFF could no longer find that language anywhere on its website.  

Making matters worse, the company’s website now claims that the keylogging feature “is not intrusive in any way.” This is an outrageous claim considering that this type of technology is more commonly deployed by stalkers and malicious hackers, and, in certain circumstances, its use could violate wiretapping laws.

And, yes, incredibly, there are still police departments out there purchasing the software and handing it out to unsuspecting parents -- including just this summer when McGruff the Crime Dog was handing out the software on Long Island.

There are enough problems with police these days and how they interact with the public. They shouldn't be contributing to making computer security worse by handing out dangerous software.

Filed Under: computercop, forged letter, keylogger, treasury department
Companies: computercop

Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt

from the say-what-now? dept

It appears that the police and other law enforcement folks who spent department money on the awful ComputerCOP spyware simply can't admit that they were handing out software that made kids less safe. Instead, they're sticking by their decision to do so. Given that the company personalized the software in the name of local law enforcement, and pitched it as the "perfect election and fundraising tool," you can understand their reticence to actually admit that they've been making kids a hell of a lot less safe. We already discussed San Diego District Attorney Bonnie Dumanis defending the software, even while issuing an "alert" telling parents how to disable the keylogging feature. Even more bizarre was the response of Limestone County, Alabama, Sheriff Mike Blakely, who simply questioned EFF's credibility in revealing the dangerous nature of the software.

Blakely appears to be doubling down on that argument. In an interview with Ars Technica, he again bizarrely claims that the EFF wants to protect pedophiles and predators, and then also endorses spying on kids:

With respect to the EFF he said, “I'm not against their criticism but I just think they're probably more interested in protecting predators and pedophiles than in protecting our children.”

“As sheriff, I went down [to schools] and met with kids and I taught them about bicycle safety and not to talk to strangers,” Blakely said, adding that handing out ComputerCOP was just another branch of the department's efforts to keep kids from being solicited online.

“If you and I were married and had a 14-year-old daughter, then yeah I could check on who you're talking to online and you could check who I'm talking to,” he said. “But if [ComputerCOP is] used properly, it's something we whole-heartedly endorse. Now if you're of the persuasion of the people of the EFF who would rather not do anything, then that's something that I can't help.”

That ignores, of course, that the keylogging sends information unencrypted, thus putting children much more at risk. When Ars did ask him about that, Blakely said that they'd have to talk to his "IT people."

It appears that other police departments and district attorneys are similarly trying to defend the fact that they've been distributing dangerous keylogging software that can pass unencrypted cleartext of any information typed by kids. Some law enforcement folks are not just standing by their decision to hand out the spyware, but are continuing to do so. Contra Costa District Attorney Dan Cabral, astoundingly, admits that he intends to continue distributing the software until after someone's been hurt.

Contra Costa Assistant District Attorney Dan Cabral said Friday that the office has no plans to recall the software it distributed.

"If it turns up later that there's some sort of breach we will do so, but right now we feel it serves its purpose and it assists parents in what its supposed to do," Cabral said Friday.

Steve Moawad, the Senior Deputy District Attorney working for Cabral, ridiculously argues the fact that so many other law enforcement folks got duped is somehow proof that the software must be okay.

"I am aware of several law enforcement agencies that have looked at the product before and after this report," Moawad said. "I believe the EFF is overstating the risk and, the fact that this program has been handed out by hundreds of law enforcement agencies over a period of 10 years and there's been no reported incidents of identity theft as a result of the use of the software is indicative of that (fact)."

There are many, many problems with this. Just because a specific breach can't be traced back directly to this software doesn't mean breaches haven't happened (and happened regularly). Based on how the software itself works (sending cleartext over the internet), there's really not going to be any indication that when a breach happens it's because of the software. Parents and kids just won't know how the leak of information happened.

Meanwhile, over in Loudon County, Virginia, the Sheriff's Office not only stood by the use of the software but announced plans to hand out more copies next year:

In a statement issued by the Loudoun County Sheriff's Office today, the agency said “ComputerCOP is very similar to other parental monitoring systems available on the market. The program does not operate without the CD inserted in the computer disk drive and does not allow access from any outside parties, including the Loudoun County Sheriff’s Office or ComputerCOP. The disks are not distributed without explanation from Loudoun County Sheriff’s Office personnel during our Internet Safety: What Parents Need to Know presentations. Parents are made aware at these presentations of the programs limitations and how it is intended to be used. Parents with questions about ComputerCOP are encouraged to attend one of our upcoming Internet Safety courses that will begin in early 2015 at area schools.”

First of all, the claim is misleading to the point of being disingenuous. While the software, by itself, does not "allow access from any outside parties," by sending cleartext copies of keylogging output over the internet, it's revealing that content to many, many potential outside parties. It appears the Loudon County Sheriff's office doesn't even understand the problem -- and yet they claim that they've properly explained the software to parents? That seems difficult to believe.

I'd be curious if the presentation includes an explanation of keylogging, encryption and the dangers of sending cleartext over the internet. Again, it seems doubtful. Hopefully, some parents in Loudon County who do understand this will head on over to the next set of Internet Safety classes, not to be educated, but to educate the police there.

Next up, there are the folks at the Maricopa County, Arizona, Attorney's Office. They, too, are not at all happy with the EFF, while remaining pleased as punch with ComputerCOP's software, despite it putting kids in danger. In an email to CNET's Seth Rosenblatt, the Maricopa County Attorney's Office says it's "ridiculous" to call the software spyware, and also (huh?) claims that EFF is only doing this because it offers "a competing product." Wait, what?

In short, this is a story filled with inaccurate information and numerous misrepresentations from an organization that just so happens to be offering a competing product. That fact alone warrants skepticism about its conclusions. Unfortunately however, several news outlets (and I am not including CNET here) have accepted and regurgitated the EFF report without making any effort to verify the information it contains or talk to someone who’s actually used the product, let alone checked it out first hand.

To call ComputerCOP "spyware" is ridiculous. This product is fundamentally no different than the parental controls that are available on countless digital devices and so ware used by kids today. In fact, most parents believe they have the right and responsibility to know what their children are doing online, and this product is a simple tool that allows them to do that.

First off, I had no idea that EFF offered its own spyware product. Second, whether or not the product is "fundamentally no different" kind of misses the point. If all such software have serious security problems, that should be an issue.

Unlike what most experts would term "spyware," ComputerCOP does not surreptitiously send information to third parties. The hysterical claim that ComputerCOP sends notifications emails without encryption... is utterly fatuous and disingenuous. The software uses a user's existing e-mail service to send notifications. A ComputerCOP notification has no greater potential for being compromised than any other e-mail a user sends.

That suggests a level of technical ignorance that is, well, kinda scary. The fact that ComputerCOP sends keylogger info without encryption is entirely accurate. It is neither fatuous nor disingenuous. In response to this bizarre claim from Maricopa County, the EFF's Dave Maass (who wrote the original report) asked Maricopa to hire an independent security team to evaluate the software. Also, despite its claims, Maass notes that over the weekend, Maricopa County appears to have removed their own website promoting ComptuerCOP. Perhaps the Maricopa County's Attorneys Office isn't quite as confident in the software as they claimed.

Meanwhile, one of the security researchers who the EFF used in its original report, Jeremy Gillula, went a step further. On Twitter, he issued a challenge to anyone defending ComputerCOP:

Challenge to all defending ComputerCOP as secure: you install it, connect to open wifi and login to your bank while I run wireshark. Any money I transfer out using your username and password from the packet logs gets donated to EFF. If I can't get any money, I retract all statements about ComputerCOP's keylogger being insecure. Sound like a deal?

Let's see if anyone takes him up on it.

Filed Under: computercop, contra costa, encryption, keylogger, law enforcement, limestone county, loudon county, maricopa county, mike blakely, spyware
Companies: computercop, eff

Spy(ware) Vs. Spy(ware): Indictments For One Creator, Law Enforcement Plaudits For The Other

from the it's-like-they-don't-even-hear-the-words-coming-out-of-their-mouths dept

Compare and contrast:

Product A

Alerts for terms used in Chat or Texting.
Access to videos as well as web, camera and cell phone images loaded on device.
Review & delete images.
Email, Print or Save results.
View Internet History Log.
Keystroke logging.

Product B

View sent/received text messages.
Access chatlogs.
Look at photos, videos, music stored on device.
View visited sites and bookmarks.
Alerts for suspicious words.

One of these products is handed out by law enforcement agencies. One just had its creator arrested after an FBI investigation.

Product A is ComputerCOP, a deeply-flawed set of tools that allows parents to spy on their children's computer activities, provided they don't mind getting hundreds of false positives returned during searches or having passwords stored as plaintext by the built-in keylogger.

Product B is StealthGenie, a piece of software aimed at giving the inherently suspicious (or routinely cuckolded) person surreptitious access to everything on their significant other's phone. The full set of features included are astounding, including location info, email access, eavesdropping via the built-in mic and the perverse ability to lock or wipe someone else's phone.

It's not that the FBI was wrong to shut down the sale of this software, even if it does sound like the sort of thing the agency wishes it could deploy rather than terminate. It's that the law enforcement-approved tool set overlaps so heavily with something aimed at tearing the digital roof off someone else's life.

ComputerCOP -- unlike the more (necessarily) targeted StealthGenie -- doesn't ultimately care who's using the device it's installed on. You may just want to track your kids' internet activity, but anyone who uses it while it's activated will have their web history -- along with any keystrokes entered -- automatically logged. If anything, ComputerCOP is a cheap, legal alternative to StealthGenie, even if it's strictly limited to personal computers.

But one of these is being handed out by law enforcement agencies without any oversight (and with loads of misinformation). The other was the subject of a federal investigation. There's a certain amount of disconnection here, similar to law enforcement's use of encryption to protect themselves from criminals but wanting to deny the public the same option.

Just replace "StealthGenie" with "ComputerCOP" in these statements from the FBI's press release and see if it ultimately makes any difference. [h/t to Techdirt reader Will Klein]

"Selling spyware is not just reprehensible, it's a crime," said Assistant U.S. Attorney General Leslie R. Caldwell. "Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim's personal life -- all without the victim's knowledge."

“StealthGenie has little use beyond invading a victim’s privacy” said U.S. Attorney Boente. “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners.”

“This application allegedly equips potential stalkers and criminals with a means to invade an individual’s confidential communications,” said FBI Assistant Director in Charge McCabe. “They do this not by breaking into their homes or offices, but by physically installing spyware on unwitting victims’ phones and illegally tracking an individual’s every move. As technology continues to evolve, the FBI will investigate and bring to justice those who use illegal means to monitor and track individuals without their knowledge.”

Spyware is spyware, whether it's sporting a uniform and a badge or an orange jumpsuit and handcuffs.

Filed Under: computercop, doj, fbi, key logger, law enforcement, legality, privacy, spyware, stealthgenie
Companies: computercop, stealthgenie

Sheriff Slams EFF As 'Not Credible,' Insists ComputerCOP Isn't Malware & Would Have Stopped Columbine

from the say-what? dept

Okay, so we thought the response from San Diego's District Attorney Bonnie Dumanis was pretty bad to the revelations about ComputerCOP. After all, she was responding to the news that she had purchased and distributed dangerous spyware masquerading as software to "protect the children" -- and the best she could come up with was that her "security" people still thought it would protect kids? But apparently Damanis has nothing on Sheriff Mike Blakely of Limestone County, Alabama.

Blakely, in a bit of unfortunate timing, just announced that his department had purchased 5,000 copies of the spyware earlier this week, so perhaps it's understandable that this "perfect election and fundraising tool" might actually turn into something of a liability. But Blakely's not going down without a fight. When presented with the news that he's proudly handing out tools that are making the children he's supposed to be protecting less safe, Blakely went with an ad hom the messenger approach, attacking EFF's credibility, and calling them "liberals."

Blakely referred to the EFF criticism politics as an "Ultra-liberal organization that is not in any way credible on this. They're more interested in protecting predators and pedophiles than in protecting our children."

Anyone even remotely familiar with EFF recognizes that basically every word in that statement is ridiculous, but what are you going to do? The idea that EFF isn't credible on security issues is laugh out loud funny (and, indeed, despite attending a conference and being in a room full of people, I literally laughed out loud upon reading it). However, Blakely insists his IT people are sure the software's fine:

"We have had the key logger checked out with our IT people. They have run it on our computer system." He said. "There is no malware."

Reread that a few times. "We had the key logger checked out... there is no malware." Dude. A keylogger is malware. That's what it does. From the description here, it sounds like his "IT people" ran some anti-malware software on the computer they installed ComputerCOP on, and because it didn't flag it, they insist it's not malware. But a keylogger is malware by definition. And the fact that this malware happens to pass unencrypted text, including passwords and credit card numbers, over the internet makes it really, really bad.

But don't tell that to Sheriff Blakely. He insists that ComputerCOP might have stopped Columbine. I'm not joking.

On the phone Wednesday he added "There are some parents out in Columbine Colorado, if they had this kind of software, things would have turned out differently."

That comment is so off it defies a coherent response.

Meanwhile, I'm sure that Sheriff Blakely's "IT People" are trustworthy, given that his website looks like it was designed in 1997 and hasn't been touched since. It even has a visitor counter and a "this site best viewed in Internet Explorer" badge. I'm not joking. And a scroll. The only thing it's missing is an under construction gif and the blink tag: And, uh, note that text there:

You are not permitted to copy, broadcast, download, store (in any medium), transmit, show or play in public, adapt or change in any way, the content of these web pages for any other purpose whatsoever without the prior written permission of the site webmaster.

And there's a copyright notice below it. Of course, anyone who views the website has copied, downloaded, stored and transmitted the webpage in some manner -- so, I'm not quite sure what to do other than to say, that most of those demands are completely bogus and not based on any actual law. As for the copyright -- well, while technically only federal government works are exempt from copyright, and state and local governments can get a copyright in some fashion, it's generally not considered the appropriate role of government officials to be copyrighting official government works. Furthermore, in such cases, there would likely be a very strong presumption of fair use for a whole host of reasons.

Oh, but it gets worse. Not only are you not supposed to copy any of the text on Sheriff Blakely's website, the terms of service on his website say he might put you in jail if you do:

The unauthorized use, copy, or reproduction of any content of this site inclusive, may be punishable by both fine and imprisonment.

Under what legal theory is that happening? As a sheriff, aren't you supposed to, you know, actually know what the law is? Maybe work on that before slamming the good folks at EFF while distributing dangerous spyware that makes kids less safe. And find someone who's built a website in the last decade.

Filed Under: computercop, keylogger, limestone county, malware, mike blakely
Companies: computercop, eff

San Diego District Attorney Issues Warning About Dangerous Spyware She Purchased & Distributed; But Still Stands By It

from the not-the-right-response dept

Yesterday, we wrote about the EFF's investigation into Computer Cop, the dangerous spyware/keylogger that is sold to police departments and other law enforcement folks as a "perfect election and fundraising tool" because the software gets branded with local law enforcement/politicians and they get to hand it out as a tool to "protect your children" by spying on how they use their computers. The software appears to be a very crappy search system and keylogger. Any keylogger is already a dangerous tool, but this one is especially dangerous in that it transmits the log of keystrokes entirely unencrypted to a server, meaning that all sorts of information, including passwords, credit cards, etc. are transmitted across the internet in the clear. The Computer Cop website looks like it was designed a decade ago and then left to rot (as does its software): The site is so bad that the company's own address in the footer of the website spells the city wrong. The company is based in Bohemia, NY, yet the site's own website spells it Bhomeia. Yes, that's more than one letter out of place: All of this should give you a sense of what's going on here. Rather than actually "protecting children," this is a cynical money-grab by a guy who is convincing politicians to use government money to make children less safe while pretending to "protect the children."

Given the powerful expose by the EFF, you'd think that some of the folks who bought into the bogus software and distributed this dangerous spyware to unsuspecting parents might be regretting their decision. Instead, they're... still playing politics. The San Diego District Attorney, Bonnie Dumanis, didn't apologize. She did release an alert warning about the very software she purchased and promoted and distributed to parents, but then still says the software is generally good and will continue to distribute it.

In a statement, Dumanis spokesman Steve Walker said the program was still a useful tool for parents.

“Our online security experts at the Computer and Technology Crime High-Tech Response Team continue to believe the benefits of this software in protecting children from predators and bullies online and providing parents with an effective oversight tool outweigh the limited security concerns about the product, which can be fixed,” Walker said.

Walker said that the District Attorney’s Office still has a few copies of the program left and will give them to families who request it.

There don't appear to be any actual redeeming qualities to the software. It doesn't protect anyone, but rather makes them less safe while giving parents a false sense of security. San Diego (and elsewhere) deserve much better, but apparently they're not going to get it.

The "warning" that was sent out just suggests disabling the keylogger part -- and doesn't appear to take any responsibility for purchasing and promoting the software in the past. As for how much money was spent? Apparently San Diego spent $25,000 on the software:

Dumanis spent $25,000 from asset forfeiture funds — money and property seized during drug and other prosecutions — on 5,000 copies of the program for public dissemination.

Ah, so rather than being directly taxpayer money, it's just money stolen via questionable forfeiture procedures. It's hard to see how that's any better.

Filed Under: bonnie dumanis, computercop, for the children, keylogger, protect the children, san diego, spyware
Companies: computercop, eff

ComputerCOP: Keylogging Spyware, Distributed By Police And Federal Agents With Your Tax Dollars

from the expose dept

The EFF has put together a rather astounding bit of investigative reporting, digging into a program called "ComputerCOP" that is apparently handed out (in locally branded versions) by various law enforcement agencies -- generally local police, but also the US Marshals -- claiming to be software to "protect your children" on the computer. What the EFF investigation actually found is that the software is little more than spyware with weak to non-existent security that likely makes kids and your computer a lot less safe. Aren't you glad your tax dollars are being spent on it?

The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.

Furthermore, by providing a free keylogging program—especially one that operates without even the most basic security safeguards—law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers.

The software is ancient -- dating back about 15 years -- and it doesn't look like it's improved much over the years. Even the interface looks outdated. And it doesn't appear much actual thought has been put into the product and whether or not it does anything to actually keep people safe. Instead, from all appearances, it sounds like the organization behind it is just looking to figure out ways to get taxpayer money from law enforcement, promising "cybersecurity" when it's actually making things worse. The more innocuous, but still pointless part of the tool is the "search" feature:

The tool allows the user to review recent images and videos downloaded to the computer, but it will also scan the hard drive looking for documents containing phrases in ComputerCOP’s dictionary of thousand of keywords related to drugs, sex, gangs, and hate groups. While that feature may sound impressive, in practice the software is unreliable. On some computer systems, it produces a giant haystack of false positives, including flagging items as innocuous as raw computer code. On other systems, it will only produce a handful of results while typing keywords such as "drugs" into Finder or File Explorer will turn up a far larger number of hits. While the marketing materials claim that this software will allow you to view what web pages your child visits, that's only true if the child is using Internet Explorer or Safari. The image search will potentially turn up tens of thousands of hits because it can't distinguish between images children have downloaded and the huge collection of icons and images that are typically part of the software on your computer.

Sophisticated software, this is not.

Then there's the keylogger/spyware bit.

ComputerCOP’s KeyAlert keylogging program does require installation and, if the user isn’t careful, it will collect keystrokes from all users of the computer, not just children. When running on a Windows machine, the software stores full key logs unencrypted on the user’s hard drive. When running on a Mac, the software encrypts these key logs on the user's hard drive, but these can be decrypted with the underlying software's default password. On both Windows and Mac computers, parents can also set ComputerCOP up to email them whenever chosen keywords are typed. When that happens, the software transmits the key logs, unencrypted, to a third-party server, which then sends the email. KeyAlert is in included in the "deluxe," "premium," and "presentation" versions of the software.

The lack of encryption is somewhat astounding in this day and age:

Security experts universally agree that a user should never store passwords and banking details or other sensitive details unprotected on one’s hard drive, but that’s exactly what ComputerCOP does by placing everything someone types in a folder. The email alert system further weakens protections by logging into a third-party commercial server. When a child with ComputerCOP installed on their laptop connects to public Wi-Fi, any sexual predator, identity thief, or bully with freely available packet-sniffing software can grab those key logs right out of the air.

Incredibly, when EFF approached the maker of ComputerCOP, the guy behind it, Stephen DelGiorno tried to deny any problems:

“ComputerCOP software doesn’t give sexual predator [sic] or identity thieves more access to children’s computers, as our .key logger [sic] works with the existing email and Internet access services that computer user has already engaged,” he wrote via email.

He further said that ComputerCOP would update the software's licensing agreement to say "that no personal information is obtained nor stored by ComputerCOP."

As the EFF notes, this is both unacceptable and "fairly nonsensical." EFF tested the software and found, of course, that it's quite easy to snatch passwords via the software.

The company appears to have some other difficulties with the truth as well:

In February, DelGiorno told EFF the keystroke-logging feature was a recent addition to the software and that most of the units he’s sold did not include the feature. That doesn’t seem to jibe with ComputerCOP’s online footprint. Archive.org’s WayBack Machine shows that keystroke capture was advertised on ComputerCOP.com as far back as 2001. Although some versions of ComputerCOP do not have the keylogger function, scores of press releases and regional news articles from across the country discuss the software’s ability to capture a child’s conversations.

Also, this:

In investigating ComputerCOP, we also discovered misleading marketing material, including a letter of endorsement purportedly from the U.S. Department of Treasury, which has now issued a fraud alert over the document. ComputerCOP further claims an apparently nonexistent endorsement by the American Civil Liberties Union and an expired endorsement from the National Center for Missing and Exploited Children.

You can see the Treasury Department fraud alert here, in which it states: "A falsified letter from the Treasury Executive Office for Asset Forfeiture is being circulated indicating that the Treasury approves or endorses this product: it does not." It also includes a link to a sample letter, which uses multiple fonts (which is common among faked letters). In fact, EFF got DelGiorno to admit to changing an original letter, saying he "recreated the letterhead to make it more presentable" and highlighted certain text. He claims that there was an original letter from 2001 (the date on the letter getting passed around has the date removed), but the Treasury Department has issued the fraud report and says it's unable to find the original document that ComputerCOP claims was sent.

There are some other dubious issues related to the software and getting police departments to buy it (often with federal grants). Here's one example from the county where I grew up:

Since 2007, Suffolk County Sheriff Vincent DeMarco’s office in New York, where ComputerCOP is based, has bought 43,000 copies of the software—a fact trumpeted in DeMarco’s reelection campaign materials. ComputerCOP’s parent company directly donated to DeMarco’s campaign at least nine times over the same period.

As EFF notes, ComputerCOP specifically promotes the tool as an "election and fundraising tool" telling politicians and law enforcement folks that handing it out will make them look good and even sending out camera crews "to record an introduction video with the head of the department."

The whole thing is incredibly sketchy. It's fairly ridiculous that at the same time that law enforcement folks are ridiculously claiming that encryption "harms" children, so many are actively out there spending taxpayer money on, and then distributing, an app that actively puts children (and everyone else) at risk while pretending to be done in the name of safety.

If you happen to have a computer where ComputerCOP was installed, the EFF has handy details on removing it.

Filed Under: computercop, keylogging, police, spyware, stephen delgiorno
Companies: computercop