Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt

from the say-what-now? dept

It appears that the police and other law enforcement folks who spent department money on the awful ComputerCOP spyware simply can’t admit that they were handing out software that made kids less safe. Instead, they’re sticking by their decision to do so. Given that the company personalized the software in the name of local law enforcement, and pitched it as the “perfect election and fundraising tool,” you can understand their reticence to actually admit that they’ve been making kids a hell of a lot less safe. We already discussed San Diego District Attorney Bonnie Dumanis defending the software, even while issuing an “alert” telling parents how to disable the keylogging feature. Even more bizarre was the response of Limestone County, Alabama, Sheriff Mike Blakely, who simply questioned EFF’s credibility in revealing the dangerous nature of the software.

Blakely appears to be doubling down on that argument. In an interview with Ars Technica, he again bizarrely claims that the EFF wants to protect pedophiles and predators, and then also endorses spying on kids:

With respect to the EFF he said, ?I’m not against their criticism but I just think they’re probably more interested in protecting predators and pedophiles than in protecting our children.?

?As sheriff, I went down [to schools] and met with kids and I taught them about bicycle safety and not to talk to strangers,? Blakely said, adding that handing out ComputerCOP was just another branch of the department’s efforts to keep kids from being solicited online.

?If you and I were married and had a 14-year-old daughter, then yeah I could check on who you’re talking to online and you could check who I’m talking to,? he said. ?But if [ComputerCOP is] used properly, it’s something we whole-heartedly endorse. Now if you’re of the persuasion of the people of the EFF who would rather not do anything, then that’s something that I can’t help.?

That ignores, of course, that the keylogging sends information unencrypted, thus putting children much more at risk. When Ars did ask him about that, Blakely said that they’d have to talk to his “IT people.”

It appears that other police departments and district attorneys are similarly trying to defend the fact that they’ve been distributing dangerous keylogging software that can pass unencrypted cleartext of any information typed by kids. Some law enforcement folks are not just standing by their decision to hand out the spyware, but are continuing to do so. Contra Costa District Attorney Dan Cabral, astoundingly, admits that he intends to continue distributing the software until after someone’s been hurt.

Contra Costa Assistant District Attorney Dan Cabral said Friday that the office has no plans to recall the software it distributed.

“If it turns up later that there’s some sort of breach we will do so, but right now we feel it serves its purpose and it assists parents in what its supposed to do,” Cabral said Friday.

Steve Moawad, the Senior Deputy District Attorney working for Cabral, ridiculously argues the fact that so many other law enforcement folks got duped is somehow proof that the software must be okay.

“I am aware of several law enforcement agencies that have looked at the product before and after this report,” Moawad said. “I believe the EFF is overstating the risk and, the fact that this program has been handed out by hundreds of law enforcement agencies over a period of 10 years and there’s been no reported incidents of identity theft as a result of the use of the software is indicative of that (fact).”

There are many, many problems with this. Just because a specific breach can’t be traced back directly to this software doesn’t mean breaches haven’t happened (and happened regularly). Based on how the software itself works (sending cleartext over the internet), there’s really not going to be any indication that when a breach happens it’s because of the software. Parents and kids just won’t know how the leak of information happened.

Meanwhile, over in Loudon County, Virginia, the Sheriff’s Office not only stood by the use of the software but announced plans to hand out more copies next year:

In a statement issued by the Loudoun County Sheriff’s Office today, the agency said ?ComputerCOP is very similar to other parental monitoring systems available on the market. The program does not operate without the CD inserted in the computer disk drive and does not allow access from any outside parties, including the Loudoun County Sheriff?s Office or ComputerCOP. The disks are not distributed without explanation from Loudoun County Sheriff?s Office personnel during our Internet Safety: What Parents Need to Know presentations. Parents are made aware at these presentations of the programs limitations and how it is intended to be used. Parents with questions about ComputerCOP are encouraged to attend one of our upcoming Internet Safety courses that will begin in early 2015 at area schools.?

First of all, the claim is misleading to the point of being disingenuous. While the software, by itself, does not “allow access from any outside parties,” by sending cleartext copies of keylogging output over the internet, it’s revealing that content to many, many potential outside parties. It appears the Loudon County Sheriff’s office doesn’t even understand the problem — and yet they claim that they’ve properly explained the software to parents? That seems difficult to believe.

I’d be curious if the presentation includes an explanation of keylogging, encryption and the dangers of sending cleartext over the internet. Again, it seems doubtful. Hopefully, some parents in Loudon County who do understand this will head on over to the next set of Internet Safety classes, not to be educated, but to educate the police there.

Next up, there are the folks at the Maricopa County, Arizona, Attorney’s Office. They, too, are not at all happy with the EFF, while remaining pleased as punch with ComputerCOP’s software, despite it putting kids in danger. In an email to CNET’s Seth Rosenblatt, the Maricopa County Attorney’s Office says it’s “ridiculous” to call the software spyware, and also (huh?) claims that EFF is only doing this because it offers “a competing product.” Wait, what?

In short, this is a story ?lled with inaccurate information and numerous misrepresentations from an organization that just so happens to be o?ering a competing product. That fact alone warrants skepticism about its conclusions. Unfortunately however, several news outlets (and I am not including CNET here) have accepted and regurgitated the EFF report without making any e?ort to verify the information it contains or talk to someone who?s actually used the product, let alone checked it out ?rst hand.

To call ComputerCOP “spyware” is ridiculous. This product is fundamentally no di?erent than the parental controls that are available on countless digital devices and so ware used by kids today. In fact, most parents believe they have the right and responsibility to know what their children are doing online, and this product is a simple tool that allows them to do that.

First off, I had no idea that EFF offered its own spyware product. Second, whether or not the product is “fundamentally no different” kind of misses the point. If all such software have serious security problems, that should be an issue.

Unlike what most experts would term “spyware,” ComputerCOP does not surreptitiously send information to third parties. The hysterical claim that ComputerCOP sends notifications emails without encryption… is utterly fatuous and disingenuous. The software uses a user’s existing e-mail service to send notifications. A ComputerCOP notification has no greater potential for being compromised than any other e-mail a user sends.

That suggests a level of technical ignorance that is, well, kinda scary. The fact that ComputerCOP sends keylogger info without encryption is entirely accurate. It is neither fatuous nor disingenuous. In response to this bizarre claim from Maricopa County, the EFF’s Dave Maass (who wrote the original report) asked Maricopa to hire an independent security team to evaluate the software. Also, despite its claims, Maass notes that over the weekend, Maricopa County appears to have removed their own website promoting ComptuerCOP. Perhaps the Maricopa County’s Attorneys Office isn’t quite as confident in the software as they claimed.

Meanwhile, one of the security researchers who the EFF used in its original report, Jeremy Gillula, went a step further. On Twitter, he issued a challenge to anyone defending ComputerCOP:

Challenge to all defending ComputerCOP as secure: you install it, connect to open wifi and login to your bank while I run wireshark. Any money I transfer out using your username and password from the packet logs gets donated to EFF. If I can’t get any money, I retract all statements about ComputerCOP’s keylogger being insecure. Sound like a deal?

Let’s see if anyone takes him up on it.

Filed Under: , , , , , , , , ,
Companies: computercop, eff

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt”

Subscribe: RSS Leave a comment
43 Comments
That One Guy (profile) says:

'My money is more important than your safety.'

Let’s see if anyone takes him up on it.

Not. A. Chance.

They’ll put the personal information of others, including the very children they claim to be protecting, at risk, no problem, but their own?
I’m betting every last one of them will be too cowardly to take the bet, to put their money(literally) where their mouth is.

Mind, I would love to be proven wrong on this, any cop who actually accepted the challenge to prove how ‘secure’ the software is would instantly regain my respect, because it would show that they honestly do think the software is secure, that it really will protect, rather than harm, people, and they are willing to put their own bank account at risk to prove it.

Anonymous Coward says:

Re: 'My money is more important than your safety.'

…any cop who actually accepted the challenge to prove how ‘secure’ the software is would instantly regain my respect, because it would show that they honestly do think the software is secure, that it really will protect, rather than harm, people, and they are willing to put their own bank account at risk to prove it.

There’s a word for that cop, who inevitably will accept – we used to call them a “patsy.”

Anonymous Coward says:

In the land where we have massive breaches of secure servers through heartbleed and shellshock exploits and the NSA filling sucking data out of every hole in the internet, these idiots think their unencrypted, third-party data transferring spyware is ‘safe’.

I mean that really has to tell you something.

Anonymous Coward says:

Re: Re: Response to: Anonymous Coward on Oct 6th, 2014 @ 1:30pm

Awwwww…

You know I was thinking about it, and you really don’t have to take any information at all. All you would have to do leave a hint that the program has been compromised. (Pffttt… I’m not even a hacker. I’m not even really sure if it would be possible to “fake” a hacking without accessing the data.)

Anonymous Coward says:

This sounds somewhat familiar.

It reminds me of the SOPA discussion by Congress which basically went like this: “I don’t understand any of this… BRING IN THE NEEEEEERDS”.
I often feel humiliated for politicians, but that discussion, and this is just proud ignorance that takes the cake. It was so embarrassing to watch people who run a country, act like a bunch of 12 year old kids.

That One Guy (profile) says:

Re: Re: Law Enforcement Still Defending ComputerCOP: Says They'll Keep Distributing It Until After Someone's Been Hurt

Unfortunately, currently most of them do know about it, they just give it a pass, likely because it’s being handed out by the police, despite the fact that in function it’s no better than your average spyware/malware, and is in fact worse, because people are trusting it to keep them safe while it’s instead doing the exact opposite.

‘ComputerCOP doesn’t appear in any of the major malware/spyware registries, so you’ll need to do a little digging yourself.’

It’s one redeeming feature is that it’s apparently relatively easy to remove if you know to look for it.

Source:
https://www.eff.org/deeplinks/2014/09/computercop-howto

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...