
Hundreds of law enforcement offices across the United States are handing out free copies of software that claims to protect children and families while they browse the Web. But according to an investigative report by the Electronic Frontier Foundation, this software is actually spyware, and can put your data at risk.
Called ComputerCOP, the software reportedly allows parents to view recently downloaded material, identify keywords like “drugs” or “sex,” and uses a “KeyAlert” system that logs keystrokes to the hard drive, so that parents can see what their kids have been typing.
The software works by placing the CD-ROM into the computer, and if parents choose to enable KeyAlert, the system will capture conversation when one of the suspicious keywords or phrases is typed.
Outdated and complicated to use, ComputerCOP is also ineffective, according to the EFF report. Researchers found that the software doesn’t do what it claims accurately—like identifying trigger words such as “gangs” in Web chat histories or in documents. What’s more, it regularly identifies documents that don’t include any of the trigger words.
See also: Facebook Wants To Be Creepier Than Google With Your Data
According to the EFF, the key logs are unencrypted when running on a Windows machine, and easily decrypted on a Mac. If parents choose to get emails regarding the key logs, which they can through the ComputerCOP software, the information is sent unencrypted to third-party servers, not only putting information at risk, but rendering HTTPS protection on websites useless. The EFF was able to copy passwords using KeyAlert with “shocking ease.”
ComputerCOP’s Clumsy Defense
Stephen DelGiorno, the head of ComputerCOP operations, told ReadWrite that ComputerCOP only captures 500 characters at a time when a trigger word is identified, and saves them on the computer’s local hard drive to be viewed by parents later. But even DelGiorno was unclear about how secure the data is.
“I’d have to ask the programmers, I’m not 100% sure,” DelGiorno said when asked whether or not key logs are encrypted on local hard drives. “I know you can’t find it, but I don’t want to say it’s encrypted at this point.”
“It’s no more dangerous than them sending any email from that computer to another computer,” DelGiorno said. “But I’m not saying [encrypting data sent via email] is a feature we can’t go back and add.”
About 245 law enforcement agencies including sheriff’s departments, police departments, and district attorneys offices have spent thousands in tax dollars to purchase the software and distribute for free to parents, without, apparently, checking the veracity of ComputerCOP’s claims.
See also: New Security Flaws Render Shellshock Patch Ineffective
Apart from the security risk ComputerCOP has posed to an as-yet-unknown number of families, the New York-based company which distributes the software also used false approvals from the ACLU, National Center for Missing and Exploited Children, and the U.S Department of Treasury, which has since issued a fraud alert. DelGiorno told ReadWrite that the company never said the Treasury endorsed the product, rather just said the government body approved the allocation of funding.
The EFF estimates anywhere from hundreds of thousands to one million copies of ComputerCOP were purchased by law enforcement, but because it’s complicated to set up, and doesn’t do what it claims to, many families might not be using it.
Lead image courtesy of DeSoto County Sheriff’s Office