Slashdot Mirror

← Back to Stories (view on slashdot.org)

Restraining Order On Commercial Spyware Lifted

Posted by Soulskill on from the sketchy-enough-for-government-work dept.

Back in 2008, the US Federal Trade Commission filed a restraining order against CyberSpy Software, makers of a commercial spyware program that logged keystrokes, took screenshots, monitored IM conversations, and sent all the collected data back to the company's servers. Reader suraj.sun tips news that the order has now been lifted, allowing CyberSpy to sell its software, but with a few restrictions. "According to the US District Court settlement, the company must not provide users with the means to disguise the software as an innocent file or email attachment. Users must also be advised that doing so may violate US state or federal law. Additionally, all recorded information sent over the Internet must be encrypted and older legacy versions of the software must be removed from computers on which it was previously installed. ... RemoteSpy is said to employ rootkit techniques to hide from virus scanners."

4 of 97 comments (clear)

  1. Easy fix... by gringer · · Score: 4, Informative

    The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment.

    I'll do it for them:

    1. rename 'malicious_software.exe' 'unicorns_with_flowers.jpg.exe'
    2. attach to email

    --
    Ask me about repetitive DNA
  2. Re:The FTC has failed. by Anonymous Coward · · Score: 1, Informative

    I believe it would vary depending on ownership of the machine, etc. For example, in the US it is probably legal for a corporation to monitor keystrokes it's employees make on the computers the company owns. (It probably is not legal to do so in the EU, but this was a US case). It may also depend on what prior information about logging was disseminated to employees. For example, at my work, we have a "logon banner" which comes up before logon that you have to "OK" in order to logon that contains text saying that you may be subject to monitoring. That probably makes it legal.

  3. Re:The FTC has failed. by Anonymous Coward · · Score: 1, Informative

    Companies use this type of software on employee computers owned by the company. The end user consents either in their employment contract or a terms of use contract they sign before they use the computer.

  4. Re:Use in the workplace by LordAndrewSama · · Score: 2, Informative

    They have this sort of thing in Taiwan, I was working for a company in South Africa that bought the license to sell it. Here it is: Ip-Guard Basically, the software is scarily powerful in what it records and can do.

    In south african law it's legal only if the employee is aware of it, so if it's in the employment contract. I think.

    The company I was working for charged too much, didn't make enough sales, went tits-up. Classic case of greed before the fall.