New research by the Electronic Frontier Foundation has found widely disseminated security software can place personal information stored on its host computers at extreme risk.
ComputerCOP is software sold to law enforcement agencies, endorsed by local police departments and distributed for free as part of Internet safety campaigns. (Video via Electronic Frontier Foundation)
An investigation by the EFF finds part of the software — which ostensibly monitors for certain keywords and sends email alerts to users when they're typed — can monitor and store everything typed on the computer's keyboard.
The EFF found if and when ComputerCOP's keylogger sends email alerts, it also dumps an unencrypted log of everything it recorded — email text, bank account logins, or anything else the user might have typed — to a server maintained by the manufacturer.
As this log is in plain text, anyone watching a computer's network connection could feasibly intercept it when it's sent on its way.
The EFF estimates in recent years, more than 245 agencies and law enforcement organizations around the country could have purchased more than a million copies of the software for distribution.
Since the EFF published its investigation, the Internet has been roundly critical of what it characterizes as spyware distributed in a safety tool's packaging, pointing to the hypocrisy of endangering Internet users — especially children — while claiming to protect them.
Geek.com writes, "The company behind ComputerCOP has also been using a fraudulent endorsement from the Suffolk County Sheriff's Department and lying about having received another one from the ACLU. If you know anything about the ACLU, you'll know that they're not all that keen on things like surveillance software that infringes upon your civil liberties."
ComputerCOP even shipped with an apparent letter of endorsement from the U.S. Treasury — a letter the Treasury issued a fraud alert on once it was made aware of its existence.
The San Diego district attorney has since issued an alert advising against the use of the keylogger feature.
It's not clear if more official responses are forthcoming, but a recent report in Wired shows this is an issue the government is starting to take seriously.
Last week authorities leveled a federal wiretapping indictment against the developer of StealthGenie, an app that can collect calls, text messages and other information from the phone it's installed on without the user's knowledge.
In the meantime, the EFF has a how-to guide to spotting and removing ComputerCOP on its website.