Slashdot Mirror
Will Security Firms Detect Police Spyware?
cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."
I don't trust any of them NOT to do whatever the cops/government want(s).
Open Source all the way.
They don't need to turn a blind eye to policeware. The commercially available remote administration tools aren't in the databases.
the NPG electrode was replaced with carbon blac
I'm not normally given to conspiracies, but this is ridiculous. The fact that we're having this conversation means that at least someone is concerned about the possibility of Government key loggers not being detected, and if it's taken someone outside of gov't this long to discuss it then I feel certain that the gov't itself has been thinking about this for some time.
These companies will cave to whatever law enforcement agency has jurisdiction for the investigation quicker than the last Harry Potter book hit the torrents. The only possible exception would be those AV companies that are immediately outside of the grasp of the agency involved. I don't even think that those companies are safe because their own governments would likely bear pressure to comply.
load "$",8,1
As far as I am concerned, no company that white-lists "entities" is in security.
White-listing processes/applications/files/data is not global, and is the only level for security. White-listing a company or organization is never an option. It is politics.
"Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"
never buy anything from check point.
So I presume you are against the police using spyware as a tool in all circumstances?
Would your opinion change if the Police had a warrant? What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it?
Is this just limited to adware? If you daughter were kidnapped, would you protest them using her cel phone to track her?
I know it's cool to be against the 5-0, but I feel you opinion may change once you need the police to protect you or give you justice when a crime has been committed against you.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
That's not likely, as there isn't such a thing as a policeware flag. Instead, the federal government will contact the spyware removal companies and let them know that their super secret monitor worm/trogan/virus/whatever is not to be put within their databases.
Sure, at some point someone may create a malicious program that pretends to be an established policeware program, but that would be big enough to create headlines... and it's reign would thus be short.
Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.
Some technologies are simply too easily abused. You want to check my system for criminal activity? Fine. Get a warrant and confiscate it. I don't think this is anti 5-0. This is checks and balances. There are tons of great people involved in law enforcement, but adding tools and acceptions like this is just taking another needless step down a slippery slope.
We keep gleefully throwing away our rights in the name of what? Fear? That's bad rationale. Our founding fathers must be turning in their graves.
Quack, quack.
I don't totally disagree in theory, but as I see it,the problem with this is similar to the problem with encryption key escrow: If there's a hole in the security for the "good guys" the "bad guys" will figure out how to exploit it. If the government has a way to get your encryption keys, even assuming that they're always on their best behavior, you can bet that a smart kid somewhere will figure out how to get your keys as well, and you can't assume that he'll be on his best behavior. Likewise, if you program a blind spot into a virus / malware scanner, I don't think it's unreasonable to bet that the same kid will figure out a way to make his malware look benign enough to slip through the same hole.
It's a simple rule of security: If there's a low security path, the bad guys will take it. That's how they win. Assuming otherwise is silly.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Unlike traditional malware, "policeware" would only be present on the target machine(s), rather than spread to any and every computer, so it's extremely unlikely that AV vendors would ever receive a sample. No sample means it would continue to go undetected, provided it was designed to go undetected in the first place.
And how often do you look at the back of your computer? How often do you think the average user does, or would even notice anything out of the ordinary if they were staring right at one? Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.
The point is, it would be an incompetent department indeed which needed cooperation from AV suppliers to keep their surveillance methods discreet.
https://www.eff.org/https-everywhere
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
This isn't about how and when police should use wiretaps. It is about companies ignoring their ethical obligation to detect any and all "spyware." Hence the note to self: "Never by anything from Checkpoint" They either can't be trusted to do the job you pay them to do.
For an example of why this whitelisting is a problem regardless of whether or not individual wiretapping cases are legit: What if a criminal decides to utilize the police spyware? How hard can it be to take a machine has been "bugged" by the police, find the binary, and copy it for your own use... and do your dirty work undetected? All it takes is one clever hacker to dissect the police keylogger and distribute it amongst his friends....
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Besides, if they'll whitelist the police, they'll whitelist Sony...as many did.
I think we've pushed this "anyone can grow up to be president" thing too far.
1) AV companies whitelist trojan used by government agents.
2) government agents install said trojan on all the bad-guys computers.
So now all the known bad guys have copies of a trojan that is whitelisted by the AV software...
What could possibly go wrong?
That's exactly the level of intelligence I've come to expect from this government.
Oh wait, maybe they'll copyright the the trojan so the bad guys can't copy it and use it on other computers...
Any AV company that co-operates with such a plan is incompetent.
So I presume you are against the police using spyware as a tool in all circumstances?
Yes, unless they have a proper warrant, legally issued by an actual judge. Refer to the 4th amendment.
Would your opinion change if the Police had a warrant?
A warrant means oversight. I'm fine with that. Again, refer to the 4th.
If you daughter were kidnapped, would you protest them using her cel phone to track her?
My only protest is that you are resorting to emotions instead of continuing intelligent debate. In any case, it's a clear non-sequitur (and poorly laid trap) and has no place in the discussion.
It goes from God, to Jerry, to me.
Technically law enforcement is giving the code away free, to the very criminals we should be endeavouring to keep the code away from, all they have to do is find it and get a cracker to reverse engineer it.
A back door is a back door is a back door, when you pay for security software you pay for a complete solution, not some thing that leaks like a sieve. Security companies either declare the holes in the package or they knowingly commit fraud about the security of the software that they are providing.
Basically if the law enforcement want to poke their sticky beaks in, they need to whack in a bit of hardware and have the warrant to go along with it, software is just a bull shit lazy trap waiting to blow up in their and our faces.
Chaos - everything, everywhere, everywhen