Treasury Department Report Shows ComputerCOP Used Bogus Endorsement Letter To Get Police To Distribute Keylogger

from the bad-news dept

A little over three years ago, we wrote about a detailed investigation by Dave Maass at EFF to reveal that an app called ComputerCOP, that was given out by hundreds of police departments to parents supposedly for protecting their kids, was actually dangerous spyware that transmitted information typed by users (including kids) over the internet without encryption. Even worse, tax dollars were being used by police departments to "purchase" this software for distribution to unsuspecting parents. The details were ugly, and it even included ComputerCOP using a bogus "endorsement letter" from the Treasury Dept. -- leading the Treasury Department to put out a fraud alert about the software, stating:

Neither the Treasury nor the Treasury Executive Office for Asset Forfeiture endorses this or any other particular product and the use of equitable sharing funds does not in any way imply such an endorsement. A letter purporting to be from the Treasury Executive Office for Asset Forfeiture [link] is not genuine.

Incredibly, even after all of this was revealed, we noted that many police departments continued to stand behind the software and even claimed that EFF was "not credible" (and, bizarrely, said that the software would have "stopped Columbine").

Three years have gone by and Maass and EFF are back, noting that the original report spurred an investigation by the Treasury Department into the software which confirmed the EFF's reporting, even noting that the company had doctored a letter to claim that the software was endorsed by the Treasury Dept. From the report:

The investigation determined that the allegation is substantiated. Specifically, no less than three law enforcement agencies solicited by ComputerCOP reported the TEOAF memorandum in the solicitation influenced the law enforcement agency's decision in purchasing ComputerCOP's software. After discussions with TOIG, DOJ/U.S. Marshal Service, and Treasury Office Counsel, ComputerCOP agreed to post a disclaimer on their website to dissociate the Treasury Department from their products. Additionally, ComputerCOP agreed to immediately cease use of the altered letter from the Treasury Department.

However, as Maass also notes, ComputerCOP evaded prosecution because the three-year statute of limitations had run out. Of course, I'm curious how that's true, given the claim that the company had continued to use the letter until all of this was revealed.

New FOIA documents show that, after a multi-year investigation, the Inspector General concluded that ComputerCOP had indeed “altered the 2001 letter from TEOAF and made it appear to be blanket permission for all law enforcement agencies to use equitable sharing funds to purchase the software.” Indeed, ComputerCOP made this claim on the rate card it provided to agencies. 

As part of its investigation into the letter, Treasury investigators sent questionnaires to 240 agencies that had purchased ComputerCOP. Of the few dozen that responded, three law enforcement agencies—the Peabody Police Department in Massachusetts, the Alaska Department of Public Safety, and the Greene County Sheriff's Office in Missouri—told Treasury that the fraudulent letter had directly influenced their decision to purchase the product. 

The closed investigative report indicates the Treasury Inspector General was unable to send the case for prosecution “due to the fact that the three year statute of limitations on the offense had lapsed.” Instead, after discussions with the Justice Department and the U.S. Marshal Service, Treasury concluded it was enough for ComputerCOP to cease using the altered letter and to post a disclaimer on their website.

And Maass also notes that while ComputerCOP promised to post a disclaimer on its website, that disclaimer appears to have gone away -- and is still pushing misleading (at best) claims about the software.

Unfortunately, it may be time for the Treasury Department to re-open the case. While ComputerCOP did once advertise the disclaimer, EFF could no longer find that language anywhere on its website.  

Making matters worse, the company’s website now claims that the keylogging feature “is not intrusive in any way.” This is an outrageous claim considering that this type of technology is more commonly deployed by stalkers and malicious hackers, and, in certain circumstances, its use could violate wiretapping laws.

And, yes, incredibly, there are still police departments out there purchasing the software and handing it out to unsuspecting parents -- including just this summer when McGruff the Crime Dog was handing out the software on Long Island.

There are enough problems with police these days and how they interact with the public. They shouldn't be contributing to making computer security worse by handing out dangerous software.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 27 Nov 2017 @ 10:47am

    So we can assume somebody is going to jail for that? No?

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 27 Nov 2017 @ 11:21am

    You really need more to stop?

    New FOIA documents show that, after a multi-year investigation, the Inspector General concluded that ComputerCOP had indeed “altered the 2001 letter from TEOAF and made it appear to be blanket permission for all law enforcement agencies to use equitable sharing funds to purchase the software.” Indeed, ComputerCOP made this claim on the rate card it provided to agencies.

    The fact that they presented a fraudulent letter in order to convince police to pick it up should have been enough to undermine any trust given to the company. If a company feels that they need to lie in order to convince you to buy from them then it's a safe assumption that you should avoid whatever they're pushing like the plague. And yet...

    And, yes, incredibly, there are still police departments out there purchasing the software and handing it out to unsuspecting parents -- including just this summer when McGruff the Crime Dog was handing out the software on Long Island.

    ... Rather than admit they were conned there are still departments pushing spyware from liars. That's not just foolish, it is grossly irresponsible.

    reply to this | link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 27 Nov 2017 @ 12:10pm

      Re: You really need more to stop?

      No they were told the technology would do all sorts of amazing things for them. No one explains the downsides & no one wants to look because its a great PR event for them.

      reply to this | link to this | view in chronology ]

    • identicon
      I.T. Guy, 27 Nov 2017 @ 12:11pm

      Re: You really need more to stop?

      "pushing spyware from liars"
      Long Island PD.
      Nuff said.

      reply to this | link to this | view in chronology ]

    • icon
      Toom1275 (profile), 27 Nov 2017 @ 12:40pm

      Re: You really need more to stop?

      You're talking about police departments - that continue to purchase woefully inaccurate $2 drug test kits. I don't think using shady products on citizens concerns them all that much.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Nov 2017 @ 12:44pm

      Re: You really need more to stop?

      McGruff the Crime Dog was handing out the software on Long Island. ... Rather than admit they were conned there are still departments pushing spyware from liars.

      Well, he's a crime dog, not an anti-crime dog, so it fits.

      reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 27 Nov 2017 @ 12:15pm

    "You can meet McGruff the Crime Dog!"

    This was also DA Roy Moore's most successful shopping mall pickup line.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 12:22pm

    "said that the software would have "stopped Columbine""

    Interesting that their software did not stop any of the subsequent shootings either, I imagine that according to them, that is because not enough parents installed the spyware upon their computers - LOL, yeah, sure - that's the ticket.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 12:42pm

    soo...

    Corruption in our police departments will remain and all we are going to do is breath heavily about it.

    Remember this the next time you vote folks... that is how it changes. But we already know you are just going to vote that party ticket anyways... so why bother.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 27 Nov 2017 @ 12:50pm

      Re: soo...

      So who are you going to vote for, and/or what are you doing to address the problem?

      Come now, shall your wisdom with the poor unenlightened around you, show people what they should be doing and lead by example.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Nov 2017 @ 1:35pm

        Re: Re: soo...

        pearls before swine friend...

        All that will get anyone is trampled... why do you think many wise men speak so little and why you hear so little of it?

        Were I any wiser I would not even bother posting to this place for folks like you to troll. But I am a glutton for punishment. I tend to think that if you at least try to impart some wisdom 1 person out of 100 might pick it up... so I take the risk.

        The problem is more the voting of those that have proven they are corrupt back into power and voting for anyone associating with a political party. It's all above your head, but George Washington did a pretty good essay on it in his farewell address. Go and read it... you might become enlightened, but based on your response... I don't think you are mature enough to receive enlightenment yet.

        reply to this | link to this | view in chronology ]

        • icon
          Roger Strong (profile), 27 Nov 2017 @ 1:50pm

          Re: Re: Re: soo...

          You did not answer the question.

          reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 27 Nov 2017 @ 2:01pm

          Re: Re: Re: soo...

          'I could tell you, but I'd just be wasting my time so I won't bother.'

          Ah the classic and totally not obvious dodge, mixed in with your usual arrogance and insults. Otherwise known as an admission that you've got nothing, and as such can be dismissed out of hand.

          reply to this | link to this | view in chronology ]

          • icon
            orbitalinsertion (profile), 27 Nov 2017 @ 2:33pm

            Re: Re: Re: Re: soo...

            You mean you don't know which maaaagical fairy to vote for that fixes everything?

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 27 Nov 2017 @ 5:39pm

            Re: Re: Re: Re: soo...

            Not really. What we have here is a situation where you're damned if you do and you're damned if you don't.

            I have participated in various online conversations where I have given full details and it hasn't made any difference because they won't read the material presented. Those same people complain if you don't give them the details and if you give enough hints for them to follow up, they also couldn't be bothered.

            So you really cannot colour it as saying that he/she is making an admission that they've got nothing. Your contribution could be enhanced by showing by detailed information that they are wrong, but you haven't and hence all could assume that you are admitting that you yourself have nothing and can be dismissed out of hand as well. The comment goes both ways.

            I somehow think that both sides aren't trying hard enough to engage in a robust debate/discussion/whatever else you might want to call it. This just leaves us with the common scenario of:

            Your are.

            No I'm not, you are.

            Not true, your are.

            No, you are.

            No, you are.

            Ad infinitum.

            reply to this | link to this | view in chronology ]

            • icon
              The Wanderer (profile), 29 Nov 2017 @ 9:10am

              Re: Re: Re: Re: Re: soo...

              Wait. You've given full details about who you're going to vote for, in past online conversations?

              Where did those conversations take place? I don't remember seeing any of them here.

              reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 1:21pm

    Fraudulent letter

    How did none of the receiving police organizations verify that the letter was genuine? I can understand not checking the letter if you decide not to purchase, but if you decide to purchase, and especially if the letter was influential in that decision, it absolutely should have been verified.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Nov 2017 @ 5:43pm

      Re: Fraudulent letter

      This is police organisations that are being talked about. To verify would required getting up from their chairs and stop eating donuts. Too much hard work.

      reply to this | link to this | view in chronology ]

    • icon
      Coyne Tibbets (profile), 27 Nov 2017 @ 8:02pm

      Re: Fraudulent letter

      There is a good chance that some of the agencies knew the letter was not genuine, but ignored that detail because they wanted to deploy the software.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 1:26pm

    It is because of those vulnerabilities that make it so attractive to police departments. Encryption is evil.

    reply to this | link to this | view in chronology ]

  • icon
    JoeCool (profile), 27 Nov 2017 @ 3:40pm

    What I learned...

    First, you can totally commit fraud on the police and get away with it. Only a three year statute of limitation? Why even bother investigating...

    Second, police don't have to respond to the treasury dept investigators.

    As part of its investigation into the letter, Treasury investigators sent questionnaires to 240 agencies that had purchased ComputerCOP. Of the few dozen that responded,

    See? Maybe a sixth of the agencies contacted bothered to reply.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2017 @ 7:50pm

    Wix.com?

    I looked at the website. Nothing shouts "professional" louder than randomly capitalizing words and spelling the head of a police force as "cheif." To cap it off, clicking on their Twitter, Facebook and Google+ icons takes you to those feeds for Wix.com. They couldn't even figure out how to customize the free template they used...

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.