Computer Cop is a piece of software that the maker sells to police departments for them to give out to the community. Departments buy thousands of copies, it appears for around $6 a copy ,and hands them out, hoping for donations. In some cases, they bought the software with seized drug money.
There is only one problem. The EFF says the software is dangerous and the U.S. Department of the Treasury says that Computer Cop altered documents in a way that influenced police departments to buy the software.
First the dangerous part.
The software, which more than 240 law enforcement agencies bought thousands of copies of to hand out is supposedly designed to protect the family’s computer when kids put in questionable keyword terms.
There is a slight problem however.
What the software does is log every single keystroke typed on the computer by any user – parents or kids – and stores those keystrokes, unencrypted, locally on the computer. Userids. Passwords, Credit cards. Everything. That would be bad enough, but there is more.
If someone types a word that triggers the software to create an alert, the software takes the entire keystroke log file, including all of that sensitive data and transmits it unencrypted to Computer Cops server, where it is stored. Then it emails that same file to the parents, again unencrypted.
So, basically, your entire computer history, complete with passwords and credit cards, is stored locally unencrypted, transmitted to Computer Cops unencrypted, stored at Computer Cops, likely unencrypted, transmitted to the parents unencrypted and stored in the parent’s email unencrypted.
What could possibly go wrong? I seem to say that a lot laterly.
On to the second part.
In order to boost sales, one assumes, Computer Cops forged a letter purporting to be from the Treasury Department giving agencies blanket permission to use seized drug money (from asset forfeitures) to buy the software to give it away. Only problem is that Treasury didn’t say that.
EFF also found that Computer Cop falsely claimed that the ACLU and the Center for Missing and Exploited Children endorsed their software. Which they did not.
The San Diego County District Attorney, which had distributed the software, issued a warning to families that got the software after the EFF’s initial investigation three years ago.
The best part is since the Treasury Department is so efficient, it took them three years to investigate and by the time they decided that ComputerCop broke the law, they had passed the statute of limitations, so they got off scott free.
The message for families is – before you install so called security software, check it out. Sometimes you get more than you pay for and that may not be so good.
Oh yeah, by the way, the software could violate wiretap laws in certain cases. Nice.
Information for this post came from the EFF web site.