It's well known that organizations with nefarious and often criminal
goals support and distribute malware and spyware that allows them to
snoop on and/or manipulate people's computers. However, what is less
well-known is that some of the people behind spyware are ostensibly the
“good guys”—law enforcement officers who install the software on
suspects' computers to assist them with their investigations.
The existence of “policeware” is not well-known, but the US government
has used this sort of software before. In 2001, federal agents obtained
permission from a judge to enter a suspect's home and install keylogging software
on his computer. The rationale for this unusual mode of investigation
was to get around encryption software such as PGP and the web e-mail
service, Hushmail, that the suspect was using. More recently, FBI
agents used a virus to bust a bomb threat hoaxer.
So, given the fact that federal investigators and possibly other law
enforcement personnel are using spyware to monitor suspect's computers,
what happens when said suspects run antispyware programs?
A fascinating CNET survey of top antispyware vendors found that of 13 software companies, all of them stated that it is currently their
policy to detect police spyware. When asked if they had ever received a
court order to stop detecting police spyware, nine of the companies
denied having received such a request. Computer Associates said they
were not sure, and both Microsoft and McAfee declined to comment on the
question.
Sounds good, right? Notably, a few companies admitted that they would
whitelist policeware if it were requested, including the maker of
ZoneAlarm, a popular firewall app. More interesting, CNET said that
when asked flat-out if they would whitelist for the police when asked,
the question was sometimes ignored.
The issue of checking for police spyware has come up before. After the
Hushmail incident, an article was released about the FBI developing a
new form of spyware delivered as a virus called Magic Lantern that could be installed on users' computers without a agent having to be physically present at the computer. According to an Associated Press article
from 2001, McAfee Corporation contacted the FBI after the Magic Lantern
story broke to “ensure its software wouldn't inadvertently detect the
bureau's snooping software and alert a criminal subject.” McAfee later denied that such contact had taken place.
The issue of whether or not the government should be allowed to
electronically snoop in this way is a contentious one. Many people
would agree that if a search warrant has been previously obtained for a
suspect's house as part of a criminal investigation, the installation
of snooping software would be an acceptable extension of that search.
However, the recent NSA wiretapping scandal
shows that the federal government is not always going to bother
obtaining search warrants in the first place, and considers casting a
wide net of surveillance to be an acceptable method of
counter-terrorism, despite the fact that it is of dubious value as such.
As for court orders to anti-spyware companies to not detect policeware,
no such orders have been confirmed and Kevin Bankston, an attorney with
the Electronic Frontier Foundation, told CNET that “the government
would be pushing the boundaries of the law if it attempted to obtain
such an order.” However, this too could be circumvented by using the
Wiretap Act.
If such an order is given to stop detecting federal government
snoopware, savvy criminals could simply turn to open-source software
such as ClamAV and OpenAntiVirus.org that can be audited to see that
there are no backdoors or workarounds installed at the request of the
government. (source)
I dont know what the law says about this kind of 'malware' in the UK, or even if there is a law that covers it. This needs further investigation one thinks.
Who's watching YOU in Britain today
<!– ckey=”275D05F1″ –>
