Policy

Law Enforcement Keeps Defending ComputerCOP Spyware, Will Distribute Until Someone Gets Hurt

|

Last week I highlighted an impressive, in-depth report by the Electronic Frontier Foundation (EFF) on a piece of software called "ComputerCOP." The product, distributed by 245 law enforcement agencies in 35 states, ismarketed as "Internet safety software" for parents to keep watch over their kids. The problem is, it comes from a company that's given itself a bunch of fake endorsements, the software is glitchy at best, and it actually puts people at greater risk of cyberstalking and identity theft by fundamentally operating like spyware.

I also reported last week that one sheriff shot back by saying that the EFF, which has long been defending digital rights and fighting surveillance, has no credibility on technology issues and that they're just a bunch of "ultra-liberals" trying to protect pedophiles and mass murderers.

Unfortunately, that sheriff has doubled down on his pedophile-murderer claims, and now more law enforcement officials are coming to the defense of ComputerCOP with equally bogus arguments, instead of apologizing for their negligence.

In Arizona, the Maricopa County District Attorney's Office has quietly removed information about the software from its website, but it publicly stands by the product. The office issued a bizarre, baseless statement accusing the EFF of tarnishing ComputerCOP's reputation in order to sell competing software, and made this claim:

Unlike what most experts would term "spyware," ComputerCOP does not surreptitiously send information to third parties. The hysterical claim that ComputerCOP sends notifications emails without encryption… is utterly fatuous and disingenuous. The software uses a user's existing e-mail service to send notifications. A ComputerCOP notification has no greater potential for being compromised than any other e-mail a user sends.

"That suggests a level of technical ignorance that is, well, kinda scary," writes TechDirt's Mike Masnick. As he and the EFF have repeatedly stated, ComputerCOP collects information a user types (e.g. passwords) and makes it vulnerable by sending it "to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against."

rust-bucket-Foter-CC-BY-ND

In Contra Costa, California, one district attorney senior official tells The Contra Costa Times, "I believe the EFF is overstating the risk and, the fact that this program has been handed out by hundreds of law enforcement agencies over a period of 10 years and there's been no reported incidents of identity theft as a result of the use of the software is indicative of that."

That's dubious. The EFF tested major spyware scanners, and none of them recognized ComputerCOP. That people would install this software, experience identity theft, scan their computer and pick up nothing, and be dumbfounded about the source of their woes is well within the realm of possibility.

The Contra Costa District Attorney himself, Dan Cabral, says he has no plans to recall the product and that he's going to send more out. "If it turns up later that there's some sort of breach we will [recall it], but right now we feel it serves its purpose and it assists parents in what it's supposed to do."

So, basically, only after people been proven victims of ComputerCOP will Cabral reconsider his campaign of distributing hundreds of copies of it.