ComputerCop
ComputerCop (stylized ComputerCOP) is content control software developed by the Bohemia, New York-based company ComputerCop Software. The software offers the ability for users to scan content on a computer (such as files, images, video, and web browser history) for objectionable content, along with a key logging component that allows parents to be notified if certain words are being typed. Upon its original release, the software was endorsed by NYPD detective Bo Dietl, and was originally branded as Bo Dietl's One Tough Computer Cop (in reference to his autobiographal film One Tough Cop).[1] It initially only contained scanning software; later versions dropped Dietl's endorsement and branding, but also added a keylogger.[1]
The software, which is intended to promote children's internet safety, is not generally sold to the public, but is sold directly to local law enforcement agencies and police departments in bulk with custom branding and endorsements, and then distributed to the public at no charge as a form of outreach.
The software gained infamy in October 2014 following the release of a report by the Electronic Frontier Foundation, a non-profit digital rights group, which alleged that ComputerCop was privacy-invasive due to a number of security flaws, including the storage and transmission of key logging output in a non-encrypted format. The reports resulted in varying responses from agencies who planned to, or had distributed the software, although they continued to endorse the software for its public safety benefits.
Operation
[edit]ComputerCop is distributed on a CD-ROM, and consists of two software components; a content scanner, and a key logger. The scanner can be run directly off the CD, and performs a scan of the system's hard drive for files containing objectionable content, and a user's web browsing history for objectionable websites. While it can scan the content of file names and documents for keywords relating to such content, it cannot scan the content of images themselves.[1]
The software comes with a second component known as "KeyAlert", which is designed to monitor the use of websites and online chat services; when installed on the computer, it scans and logs keyboard input by the computer's user, searching for and logging the use of strings related to objectionable content and user-specified keywords. It can also provide e-mail notifications whenever such activity is detected. Logged data is stored on the computer's hard drive; on the Windows version, it is stored as unencrypted plain text. The OS X version does encrypt logging data with a password.[1]
Distribution
[edit]The ComputerCop software is marketed directly to district attorneys and law enforcement agencies as a semi-white-label product. Its packaging can be branded with an agency's logo, and an introductory video featuring an official from the agency can be played upon insertion of the disc—either provided by the agency itself, or filmed by ComputerCop Software. The software is purchased in bulk by the agency, who can then distribute the software for free to members of the public as an outreach campaign for children's internet safety. Its developers also touted that offering the software could help provide an agency with "positive media attention", and that it was also an "election and fundraising tool".[1] The software is not marketed directly to consumers, although surplus copies exist for sale online.[1]
Reception
[edit]On October 1, 2014, the Electronic Frontier Foundation released a report considering the ComputerCop software to be spyware due to a number of major design flaws—particularly within its key logging system. The EFF condemned the 245 agencies that, according to public records and other materials obtained by the foundation, distributed ComputerCop, for using knowingly using public funding to purchase and distribute insecure surveillance software to the general public.[2][1]
The EFF did not consider the scanning portion of the software to be adequately effective due to a large number of false positives, a lack of support for web browsers other than Internet Explorer and Safari, along with an inability to distinguish between application data files and user files, or scan the contents of image files themselves. More significantly, the key logger was criticized for storing logged data in non-encrypted plain text on the user's hard drive, including passwords and other sensitive information. It was also found that an insecure connection was used to transmit the log data to a third-party server to generate e-mail notifications; log data could easily be intercepted over a public Wi-Fi hotspot using packet analyzer software.[1] ComputerCop head Stephen DelGiorno denied any major problems with the software, stating that their software "doesn't give sexual predators or identity thieves more access to children's computers", as it "works with the existing email and Internet access services that computer user has already engaged", but noted that they would update their privacy policy to indicate that they did not store user information.[1]
The EFF also noted several questionable claims made by ComputerCop's distributors in promotional material; the company had distributed a letter by Raymond M. Dineen, former director of the Treasury Executive Office for Asset Forfeiture, which endorsed the software as a "valid crime protection tool", and specified that purchase of the software was an acceptable use of equitable sharing funds. DelGiorno claimed that the letter, which was undated, was from 2001, but that certain elements (such as the letterhead, which was re-created) were modified for presentation purposes. The EFF attempted to request an original copy of the letter from the Treasury Department, but the department was unable to locate it. Shortly afterward, the Treasury Department issued a fraud alert believing that the document was falsified.[1] Promotional material for ComputerCop was also found to contain endorsements by the American Civil Liberties Union and the National Center for Missing and Exploited Children. The ACLU denied that it had endorsed the software, while the NCME stated that in 1998, it gave permission for ComputerCop to include its endorsement, but only for a year.[1]
Following these reports, the San Diego County District Attorney's Office issued a warning advising against using the key logging features of the ComputerCop software; however, District Attorney Bonnie Dumanis (who endorsed the software) still stated that "the benefits of this software in protecting children from predators and bullies online and providing parents with an effective oversight tool outweigh the limited security concerns about the product, which can be fixed."[3] Steve Moawad, the Senior Deputy District Attorney of Contra Costa County, California, similarly noted that the EFF had "overstat[ed] the risk" of ComputerCop, and that there had not yet been any identity theft cases in connection to the software.[4]
After having announced the purchase and distribution of 5,000 copies of ComputerCop only a few days prior to the EFF report, Limestone County sheriff Mike Blakely defended the software and disputed the Electronic Frontier Foundation's actions, describing the group as a non-credible "ultra-liberal" organization that is "more interested in protecting predators and pedophiles than in protecting our children." He also argued that the technology provided by ComputerCop could have helped prevent the Columbine High School massacre.[5] In further statements to the technology website Ars Technica, Blakely stated that proper use of the software was "something we whole-heartedly endorse", but that "if you're of the persuasion of the people of the EFF who would rather not do anything, then that's something that I can't help."[6]
In September 2016, the Treasury Department completed an investigation, confirming that the distributors had "altered the 2001 letter from TEOAF and made it appear to be blanket permission for all law enforcement agencies to use equitable sharing funds to purchase the software", but that it cannot be prosecuted due to statute of limitations.[7]
See also
[edit]- Internet security
- List of content-control software
- Comparison of antivirus software
- Comparison of firewalls
- State of Connecticut v. Julie Amero
References
[edit]- ^ a b c d e f g h i j k "ComputerCOP: The Dubious 'Internet Safety Software' That Hundreds of Police Agencies Have Distributed to Families". Electronic Frontier Foundation. October 2014. Retrieved 2 October 2014.
- ^ "ComputerCOP: internet safety software distributed by police turns out to be spyware". Geek.com. Archived from the original on 3 October 2014. Retrieved 2 October 2014.
- ^ "DA warns about software she pushed". U-T San Diego. Retrieved 2 October 2014.
- ^ "Free 'ComputerCOP' software put personal data at risk, digital group says". Contra Costa Times. MediaNews Group. Retrieved 6 October 2014.
- ^ "Limestone Sheriff clashes with activist group over computer program". WAFF.com. Raycom Media. 1 October 2014. Retrieved 2 October 2014.
- ^ "Alabama Sheriff says ComputerCOP keylogger could have stopped Columbine". Ars Technica. 4 October 2014. Retrieved 6 October 2014.
- ^ "Treasury Department Concludes Fraud Investigation into ComputerCOP "Internet Safety" Software". Electronic Frontier Foundation. 2017-11-21. Retrieved 2017-11-27.