Breaking News | Forum | UK News | USA News | World News | Political News | Sci-Tech News | War & Terrorism News | Sports News | Multimedia | Set Homepage

Translate:

Thursday, July 19th, 2007

By Declan McCullagh and Anne Broache

A recent federal court decision raises the question of whether antivirus companies may intentionally overlook spyware that is secretly placed on computers by police.

In the case decided earlier this month by the 9th U.S. Circuit Court of Appeals, federal agents used spyware with a keystroke logger–call it fedware–to record the typing of a suspected Ecstasy manufacturer who used encryption to thwart the police.

A CNET News.com survey of 13 leading antispyware vendors found that not one company acknowledged cooperating unofficially with government agencies. Some, however, indicated that they would not alert customers to the presence of fedware if they were ordered by a court to remain quiet.

Most of the companies surveyed, which covered the range from tiny firms to Symantec and IBM, said they never had received such a court order. The full list of companies surveyed: AVG/Grisoft, Computer Associates, Check Point, eEye, IBM, Kaspersky Lab, McAfee, Microsoft, Sana Security, Sophos, Symantec, Trend Micro and Websense. Only McAfee and Microsoft flatly declined to answer that question. (Click here for the verbatim responses to the survey.)

Because only two known criminal prosecutions in the United States involve police use of key loggers, important legal rules remain unsettled. But key logger makers say that police and investigative agencies are frequent customers, in part because recording keystrokes can bypass the increasingly common use of encryption to scramble communications and hard drives. Microsoft’s Windows Vista and Apple’s OS X include built-in encryption.

Some companies that responded to the survey were vehemently pro-privacy. “Our customers are paying us for a service, to protect them from all forms of malicious code,” said Marc Maiffret, eEye Digital Security’s co-founder and chief technology officer. “It is not up to us to do law enforcement’s job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools.” eEye sells Blink Personal for $25, which includes antivirus and antispyware features.

Others were more conciliatory. Check Point, which makes the popular ZoneAlarm utility, said it would offer federal police the “same courtesy” that it extends to legitimate third-party vendors that request to be whitelisted. A Check Point representative said, though, that the company had “never been” in that situation.

This isn’t exactly a new question. After the last high-profile case in which federal agents turned to a key logger, some security companies allegedly volunteered to ignore fedware. The Associated Press reported in 2001 that “McAfee Corp. contacted the FBI… to ensure its software wouldn’t inadvertently detect the bureau’s snooping software.” McAfee subsequently said the report was inaccurate.

Later that year, the FBI confirmed that it was creating spy software called “Magic Lantern” that would allow agents to inject keystroke loggers remotely through a virus without having physical access to the computer. (In both the recent Ecstasy case and the earlier key logging case involving an alleged mobster, federal agents obtained court orders authorizing them to break into buildings to install key loggers.)

Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA’s predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds.

More recently, after the BBC reported last year on supposed talks between the British government and Microsoft, the software maker pledged not to build backdoors into Windows Vista’s encryption functions.

Have Your Say: Will security firms detect police spyware?
Please read our posting guidelines before posting.
Alternatively you can discuss this report here.

RSS TrackBack URL

Name (required)

Mail (will not be published) (required)

Website

Related News

• Federal Agents Using Spyware
• Government-sponsored cyberattacks on the rise
• FBI’s Secret Spyware Tracks Down Teen Who Made Bomb Threats
• Police Report: Face Recognition CCTV Unreliable
• DMCA Does Not Apply to U.S. Government

This entry was posted on Thursday, July 19th, 2007 at 8:07 pm and is filed under Science & Technology News, Surveillance, Civil Liberties & Human Rights News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Loading ...

ADVERTISEMENTS

SITE MAPS

7/7 Afghanistan Alternative-Energy Art Barack Obama BBC Big-Brother Bilderberg Biometrics Bush CCTV Censorship CIA Climate-Change Cover-Up Cults Culture Database-State David-Hicks David-Ray-Griffin Debt Democrats Demos Drugs Education Entertainment Environmental News EU False-Flag FBI Fraud Free-Speech Freemasons G8 Globalization Guantanamo Health-News History ID-Cards Internet Iran Iraq Israel John McCain Law Marches Media News MI5 MI6 Microsoft Military MoD Money Music NASA Neocons New World Order NSA Oil Pakistan Podcast Police-State Propaganda Reviews RFID RINF Rumsfeld Science Science & Technology News Secrecy Security Slavery Space Sports Spy Spying Stephen-Lendman Technology Terrorism Tony-Blair Torture TV UK-News UN USA- USA-News Video Voting war War & Terrorism News Warfare White-House Wolfowitz World-News Yahoo
2003 - 2005 Archives | 2005 - 2007 Archives | 2007 - 2008 Archives | Current Archives | Past Version