by Dave Maass, Electronic Frontier Foundation
For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.
Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.
As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.
The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.
Furthermore, by providing a free keylogging program — especially one that operates without even the most basic security safeguards — law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers.
EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP’s own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff’s department even bought a copy for every family in its county.
In investigating ComputerCOP, we also discovered misleading marketing material, including a letter of endorsement purportedly from the U.S. Department of Treasury, which has now issued a fraud alert over the document. ComputerCOP further claims an apparently nonexistent endorsement by the American Civil Liberties Union and an expired endorsement from the National Center for Missing and Exploited Children.
Law enforcement agencies have purchased a poor product, slapped their trusted emblems on it, and passed it on to everyday people. It’s time for those law enforcement agencies to take away ComputerCOP’s badge.
© 2014 Electronic Frontier Foundation, CC BY 3.0 US