Treasury Department Report Shows ComputerCOP Used Bogus Endorsement Letter To Get Police To Distribute Keylogger
from the bad-news dept
A little over three years ago, we wrote about a detailed investigation by Dave Maass at EFF to reveal that an app called ComputerCOP, that was given out by hundreds of police departments to parents supposedly for protecting their kids, was actually dangerous spyware that transmitted information typed by users (including kids) over the internet without encryption. Even worse, tax dollars were being used by police departments to “purchase” this software for distribution to unsuspecting parents. The details were ugly, and it even included ComputerCOP using a bogus “endorsement letter” from the Treasury Dept. — leading the Treasury Department to put out a fraud alert about the software, stating:
Neither the Treasury nor the Treasury Executive Office for Asset Forfeiture endorses this or any other particular product and the use of equitable sharing funds does not in any way imply such an endorsement. A letter purporting to be from the Treasury Executive Office for Asset Forfeiture [link] is not genuine.
Incredibly, even after all of this was revealed, we noted that many police departments continued to stand behind the software and even claimed that EFF was “not credible” (and, bizarrely, said that the software would have “stopped Columbine”).
Three years have gone by and Maass and EFF are back, noting that the original report spurred an investigation by the Treasury Department into the software which confirmed the EFF’s reporting, even noting that the company had doctored a letter to claim that the software was endorsed by the Treasury Dept. From the report:
The investigation determined that the allegation is substantiated. Specifically, no less than three law enforcement agencies solicited by ComputerCOP reported the TEOAF memorandum in the solicitation influenced the law enforcement agency’s decision in purchasing ComputerCOP’s software. After discussions with TOIG, DOJ/U.S. Marshal Service, and Treasury Office Counsel, ComputerCOP agreed to post a disclaimer on their website to dissociate the Treasury Department from their products. Additionally, ComputerCOP agreed to immediately cease use of the altered letter from the Treasury Department.
However, as Maass also notes, ComputerCOP evaded prosecution because the three-year statute of limitations had run out. Of course, I’m curious how that’s true, given the claim that the company had continued to use the letter until all of this was revealed.
New FOIA documents show that, after a multi-year investigation, the Inspector General concluded that ComputerCOP had indeed ?altered the 2001 letter from TEOAF and made it appear to be blanket permission for all law enforcement agencies to use equitable sharing funds to purchase the software.? Indeed, ComputerCOP made this claim on the rate card it provided to agencies.
As part of its investigation into the letter, Treasury investigators sent questionnaires to 240 agencies that had purchased ComputerCOP. Of the few dozen that responded, three law enforcement agencies?the Peabody Police Department in Massachusetts, the Alaska Department of Public Safety, and the Greene County Sheriff’s Office in Missouri?told Treasury that the fraudulent letter had directly influenced their decision to purchase the product.
The closed investigative report indicates the Treasury Inspector General was unable to send the case for prosecution ?due to the fact that the three year statute of limitations on the offense had lapsed.? Instead, after discussions with the Justice Department and the U.S. Marshal Service, Treasury concluded it was enough for ComputerCOP to cease using the altered letter and to post a disclaimer on their website.
And Maass also notes that while ComputerCOP promised to post a disclaimer on its website, that disclaimer appears to have gone away — and is still pushing misleading (at best) claims about the software.
Unfortunately, it may be time for the Treasury Department to re-open the case. While ComputerCOP did once advertise the disclaimer, EFF could no longer find that language anywhere on its website.
Making matters worse, the company?s website now claims that the keylogging feature ?is not intrusive in any way.? This is an outrageous claim considering that this type of technology is more commonly deployed by stalkers and malicious hackers, and, in certain circumstances, its use could violate wiretapping laws.
And, yes, incredibly, there are still police departments out there purchasing the software and handing it out to unsuspecting parents — including just this summer when McGruff the Crime Dog was handing out the software on Long Island.
There are enough problems with police these days and how they interact with the public. They shouldn’t be contributing to making computer security worse by handing out dangerous software.