Will Security Firms Detect Police Spyware? 269
cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."
Uhm no (Score:2, Interesting)
And publishing data or distributing which compromises investigations is probably a felony.
So how would your open source system work? Would you openly publish how to recognize all of the government's spy software?
The respondents weaseled (Score:5, Interesting)
You can take this as a hint that none of the companies is distributing signatures of the programs that the government uses.
Re:Fastens buckle on tinfoil hat (Score:3, Interesting)
true, but they could atleast try, like Google refused to turn-in the search queries. I know, not every company is a mammoth like Google and cant afford the wrath of Govt., but an initial refusal (and later caving in under pressure) might put them in a better light than complying right at the first request..
what is also interesting is that MS *must have* caved in sometime in the past (from their refusal to answer), and Vista's inbuilt spyware/malware detection makes it more likely to snoop on its users.. privacy concerns explode!
Re:Undetectable Policeware = Undetectable Malware (Score:1, Interesting)
Re:TFA didn't ask about National Security Letters (Score:2, Interesting)
"Have you been given a court order to let police spyware in?" --> Must say no because of a gag order.
"Have you ever been in a position where the law required you to lie about questions related to your spyware activities?" --> ???
Police spyware used by the dark side? (Score:5, Interesting)
2. Crim gets hold of police spyware
3. Crim gets pwns your machine, steals your identity and makes your life a living hell for the next 3 years or more.
If you paid for a piece of anti-spyware and they leave a backdoor open like this, isn't that a case of negligence?
List of Whitelists PLEASE... (Score:2, Interesting)
Re:The opposite. (Score:2, Interesting)
Re:note to self (Score:5, Interesting)
--jeffk++
Re:TFA didn't ask about National Security Letters (Score:2, Interesting)
Most likely, they'd just say they are unable to answer. "Null" answers are always an option for lawyers.
Re:Fastens buckle on tinfoil hat (Score:3, Interesting)
The libertarian definition of government is an organization that claims a legal monopoly on violence in a region. No company or organization is going to long survive direct and focused government duress - its assets will be seized and its staff find themselves contemplating uncomfortable surroundings. That said, everyone should expect that organizations will comply with court orders / security directives (at lease once they have exhaused their appeals processes, if any). Privacy does not trump law.
Judge Learned Hand once admonished a new attorney with something along the following lines "Sir, this is a court of law. It is not a court of justice." Do not attempt to extrapolate your values to the law.
All nations have a need to conduct covert survelience. This may involve software, hardware, human intelligence, etc. It is reasonable to assume that they will make reasonable efforts to preserve these capabilities. Draw your own conclusions. Officials with a court warrant can covertly plant HW monitoring systems in target systems. Such attacks will compromise the system regardless of the OS.
Re:note to self (Score:5, Interesting)
Oversight essentially means they run back to the office and time-stamp a preprinted form. There's a little more involved than that, but not much. They get to choose the most pliable judge available...and there are some who are pretty pliable.
The bizarre thing is that even THAT much oversight is seen as too much by those in charge of the snooping agencies. And it's not usually because of urgency. (As I recall they can get special exemptions for planting a bug on a target of opportunity...retroactive permission.)
The current moral corruption of the police appears to extend all the way from the local level to the federal. (I hope your local police are still honest. If so, count yourself lucky...or uninformed.)
This current level of corruption probably reaches back to Nixon's Imperial Presidency, and before him to FDR's centralization of the government. And before him, also. (Notice that it's not specific to any one party. What one party does, the other party rarely repeals.) With the removal of habeas corpus it's barely disguised any more. This *IS* a police state. So far it's a more humane one than most of it's predecessors, but it has the diagnostic features. Britain is, or appears to be headed, the same way.
Probably this is because of two basic features:
1) Population density makes it more difficult to control people, and
2) The removal of a frontier means that if the powers that be get mad at you, there's no place to escape to.
Ostensibly these two factors pull in opposite directions, but actually the freedom of the frontier had a back-transference that lead to greater liberty in the sessile population.
What can be done? Solutions seem either difficult or undesirable. Either drastically decrease the population (H5N1 may attempt this solution), or create a new frontier (which must be reachable at least by the middle class, if not by the impoverished). Space travel appears too expensive for the foreseeable future. Ditto for under-sea colonies. And it has to be a meat-space frontier. Virtual realities don't have the same "getting out from under the thumb of an oppressive government" effect (except in fantasy...which isn't sufficient).
Why use foreign Anti-Spyware, of course (Score:3, Interesting)
Of course it also implies that gov-spyware is used in such mass quantities that at least one or more somewhat knowledgeable people find that something is wrong and involve anti-virus/spyware vendors.
So... those who believe in world-wide conspiracy -- there is nothing to protect you (otherwise it wouldn't be ww-c
Those who are paranoid -- use anti-virus/spyware kits from different countries. Kill everything suspicious (perhaps including one or two of those anti-virus programs that point at each other as a threat)
Everyone else... panic for a week, then move on to the new threat/panic/book/movie
Are whitelists readable? (Score:3, Interesting)
If they do whitelist government malware, is it possible to read the whitelist and extract the signatures of the whitelisted malware - and then search your system using a modified scanner and the signature they so thoughtfully provided?
Generic test? (Score:4, Interesting)
Alternately, the keylogger is most likely storing the logged keys either in clear or in isomorphic form to the input. So if you inserted your own keylogger into the system, what would it take to scan memory (and drives?) for matches on samples of what your own keylogger captures? Keyloggers aren't going to want to be burdened with heavy encryption to avoid this scanning, since that would add enough system load to make them more spottable by other means. Obviously you'd have to mask out the legitimate memory locations of, say, your word processor the input's going to - which would miss a keylogger patched into your word processor.
Is anyone working on a way to harden systems against this whole category? (Yeah, key-logging dongles are yet another thing. Software insertion is the question I'm addressing.)
What are the chances of... (Score:3, Interesting)
Re:TFA didn't ask about National Security Letters (Score:3, Interesting)
But if what they had received instead was a NSL, they would be under a gag provision (with *jail* as the penalty) to not mention anything about it.
So tell them to answer "no" until such time as their answer changes to "no comment"