ComputerCOP parental surveillance is poorly-made 'spyware', says angry EFF

Police shamed for endorsing program

The ComputerCOP home monitoring program widely promoted by US police forces to members of the public as far back the 1990s is really a piece of poorly-engineered "spyware" home users should steer well clear of, according to the Electronic Frontier Foundation (EFF).

It's hard to think of a more comprehensive demolition of a piece of software that has been marketed as a program parents can use to keep tabs on what their children are looking at and downloading via a Windows PCs.

The criticisms fall into two themes - the quality of its underlying engineering and the fact that Police chiefs, sheriffs, and district attorneys seem to have promoted the program's abilities naively, without any understanding of its apparent severe limitations and risks.

On the first score, ComputerCOP contains a keylogging module that captures and transmits data to external servers without encrypting it, something that, if true, is certainly an obsolete design out of the ark. As well as being open to mis-use as a domestic spying tool, this could expose users to predation by real malware if a system became infected because it logs keystokes for users doing legitimate things such as online banking, the organisation said.

The software's search tool also generated a "giant haystack" of false positives if it even worked at all. Worst of all, the distributors of the program had concocted official endorsements from the US Department of Treasury and the American Civil Liberties Union (ACLU) to boost ts veneer of respectablity, it was alleged.

"The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it," said the EFF in its scathing assessment.

Incredibly, police forces appear not to have done any due diligence on these claims or the software's design or engineering.

"Law enforcement agencies have purchased a poor product, slapped their trusted emblems on it, and passed it on to everyday people. It's time for those law enforcement agencies to take away ComputerCOP's badge," the EFF continued.

The EFF said it had found 245 agencies in more than 35 states that purchased had spent significant sums of money buying the software for distribution to the public. The program's website still advertises some of these departments as part of its marketing.

For all its outrage at ComputerCOP, it is hard to see that its makers have done anything illegal. The US already has a confused approach to domestic spyware, some examples of which have promoted themselves as ways to spy on spouses, exes, and even company bosses. In most cases it is the mis-use of the program by members of the public that falls foul of the law, not the fact that a software maker markets programs for these dubious purposes.

A good example would be that of a US sheriff who was put on probation after being caught spying on his wife's communications using a hardware keylogger of the sort openly sold on Amazon.

Further back in time was the Lover Spy program marketed to members of the public to spy on husbands, wives and partners, which ended with an FBI indictment for its alleged creator. In 2012 the FTC also called out retailers that were using a spyware system to remotely monitor PCs rented to members of the public. In short, this is a sector that has been troubled by poorly-made programs determined to cash on Internet paranoia.

In each case, the programs used were considered acceptable until suddenly they weren't.

Is ComputerCOP another example? From the description given by EFF, it looks incredibly out of date, from its clunky interface to a range of features that sound at least a decade out of date. It is surprising that such obsolete technology is still being sold to anyone, let alone promoted by police authorities that should know better.

"As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies."

On this bases, ComputerCOP doesn't sound like a well-made program but it is far from alone in making a living from the US home paranoia market.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecurity

More about Department of TreasuryEFFElectronic Frontier FoundationFBIFTC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place