Surveillance

Law Enforcement Keeps Defending ComputerCOP Spyware, Will Distribute Until Someone Gets Hurt

|

Last week I highlighted an impressive, in-depth report by the Electronic Frontier Foundation (EFF) on a piece of software called "ComputerCOP." The product, distributed by 245 law enforcement agencies in 35 states, ismarketed as "Internet safety software" for parents to keep watch over their kids. The problem is, it comes from a company that's given itself a bunch of fake endorsements, the software is glitchy at best, and it actually puts people at greater risk of cyberstalking and identity theft by fundamentally operating like spyware.

I also reported last week that one sheriff shot back by saying that the EFF, which has long been defending digital rights and fighting surveillance, has no credibility on technology issues and that they're just a bunch of "ultra-liberals" trying to protect pedophiles and mass murderers.

Unfortunately, that sheriff has doubled down on his pedophile-murderer claims, and now more law enforcement officials are coming to the defense of ComputerCOP with equally bogus arguments, instead of apologizing for their negligence.

In Arizona, the Maricopa County District Attorney's Office has quietly removed information about the software from its website, but it publicly stands by the product. The office issued a bizarre, baseless statement accusing the EFF of tarnishing ComputerCOP's reputation in order to sell competing software, and made this claim:

Unlike what most experts would term "spyware," ComputerCOP does not surreptitiously send information to third parties. The hysterical claim that ComputerCOP sends notifications emails without encryption… is utterly fatuous and disingenuous. The software uses a user's existing e-mail service to send notifications. A ComputerCOP notification has no greater potential for being compromised than any other e-mail a user sends.

"That suggests a level of technical ignorance that is, well, kinda scary," writes TechDirt's Mike Masnick. As he and the EFF have repeatedly stated, ComputerCOP collects information a user types (e.g. passwords) and makes it vulnerable by sending it "to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against."

rust-bucket-Foter-CC-BY-ND

In Contra Costa, California, one district attorney senior official tells The Contra Costa Times, "I believe the EFF is overstating the risk and, the fact that this program has been handed out by hundreds of law enforcement agencies over a period of 10 years and there's been no reported incidents of identity theft as a result of the use of the software is indicative of that."

That's dubious. The EFF tested major spyware scanners, and none of them recognized ComputerCOP. That people would install this software, experience identity theft, scan their computer and pick up nothing, and be dumbfounded about the source of their woes is well within the realm of possibility.

The Contra Costa District Attorney himself, Dan Cabral, says he has no plans to recall the product and that he's going to send more out. "If it turns up later that there's some sort of breach we will [recall it], but right now we feel it serves its purpose and it assists parents in what it's supposed to do."

So, basically, only after people been proven victims of ComputerCOP will Cabral reconsider his campaign of distributing hundreds of copies of it.

Advertisement

NEXT: Schools Ban Swings Because Everything Is Dangerous

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Why would they investigate claims when they already feel the facts of the case?

  2. Unlike what most experts would term “spyware,” ComputerCOP does not surreptitiously send information to third parties

    Technically true – it openly sends information to third parties.

    1. Technically true is the best kind of true.

  3. Maricopa County

    ‘Nuff said.

  4. I also reported last week that one sheriff shot back by saying that the EFF, which has long been defending digital rights and fighting surveillance, has no credibility on technology issues and that they’re just a bunch of “ultra-liberals” trying to protect pedophiles and mass murderers.

    I don’t get it… why would the company use fake endorsements when they’ve got perfectly good real ones right here?

  5. The Contra Costa District Attorney himself, Dan Cabral, says … “If it turns up later that there’s some sort of breach we will [recall it].”

    You know, Dan, with that kind of attitude *you* might get recalled.

  6. The hysterical claim that ComputerCOP sends notifications emails without encryption…

    That word hysterical, I don’t think it means what they think it means.

    1. They’re using it in the classic misogynist form.

      1. from Latin hystericus “of the womb,”

        I’ve noticed that this word gets used when someone calmly and methodically destroys an argument. So not only is it misogynist, but almost invariably used incorrectly to avoid addressing a real issue.

  7. “…the fact that this program has been handed out by hundreds of law enforcement agencies over a period of 10 years and there’s been no reported incidents of identity theft as a result of the use of the software is indicative of that.”

    It likely proves that most people are tossing the drek in the garbage which is exactly where it belongs, dummy.

  8. Unencrypted passwords, heh? The EFF should just hire some grey hat to fuck shit up. Way more efficient than making public complaints.

Please to post comments

Comments are closed.