Child-Guard Software Touted by Cops May Weaken Security
A screencap of a ComputerCOP promotional video with the Loudoun County Sheriff's Office in Virginia
The child-protection software ComputerCOP might actually put children at more risk from stalkers, snoops and other criminals, says a prominent digital-rights group.
The San Francisco-based Electronic Frontier Foundation (EFF) examined ComputerCOP, which is distributed free of charge by police and sheriff's departments across the United States.
The EFF found that, among other issues, ComputerCOP doesn't encrypt the reports it emails parents about children's online activities, making personal information even easier to find and steal. Worse, it has a keylogger that can be used not only by parents, but by anyone, to spy on anyone else.
MORE: How to Protect Yourself from Digital Stalkers
What does ComputerCOP do?
ComputerCOP's main application interface searches documents, photos and other media stored on a given computer. It runs off a CD and cannot be installed to a specific computer. Parents will have to insert the CD each time they want to use this feature.
The EFF report noted that ComputerCOP automatically searches the computer's files for preprogrammed keywords related to drugs, alcohol, sex and violence. The searches appear to be only for text, meaning ComputerCOP probably cannot search through unlabeled images and other media files. If pornography were to be saved under a non-suspicious filenames, ComputerCOP might not be able to find it.
"While that feature may sound impressive, in practice the software is unreliable," the EFF report said. "On some computer systems, it produces a giant haystack of false positives, including flagging items as innocuous as raw computer code. On other systems, it will only produce a handful of results, while typing keywords such as 'drugs' into [OS X's] Finder or [Windows 8's] File Explorer will turn up a far larger number of hits."
There's no harm in having an inefficient search engine. But according to the EFF, the real danger lies with the ComputerCOP KeyAlert, a keylogger which must be separately downloaded and installed to the computer.
ComputerCOP's keylogger
KeyAlert keeps a record of the keys pressed on the computer on which it's installed. Parents can access the record to read messages, online search terms, passwords and other information their children type in.
The EFF said KeyAlert captured full records of every key pressed on a given computer, or at least large chunks of logged data.
Contacted by Tom's Guide, ComputerCOP President and CEO Stephen DelGiorno said that was inaccurate. KeyAlert does not capture every single key press, he said; rather, it captures only preprogrammed phrases such as "meet me" and other keywords related to drugs, alcohol, sex and violence, as well as other keywords ComputerCOP users can add.
On a Windows PC, the EFF said, KeyAlert stores logs in an unencrypted form, and anyone with access to the computer can read them. On a Mac, the records are encrypted with ComputerCOP's default password, which the EFF alleged was the same on every version of ComputerCOP.
The "alert" part of KeyAlert lets parents set it up so that, if certain keywords are typed in, the flagged text will be emailed to the designated parent. The EFF said KeyAlert transmits the unencrypted text to a server controlled by ComputerCOP, which then emails the text to the parent.
The lack of encryption makes it extremely easy for anyone to "sniff" the upstream connection between a computer and the ComputerCOP servers. Anyone doing so could read everything in the keylog, which could include information such as the monitored child's name, email addresses, search history or passwords.
ComputerCOP's DelGiorno did not address ComputerCOP's encryption practices in his communications with Tom's Guide. We await further responses from his company.
Other uses?
The EFF claimed ComputerCOP could be used for purposes other than a parent monitoring a child.
"ComputerCOP does not have the ability to distinguish between children and adults, so law enforcement agencies that distribute the software are also giving recipients the tools to spy on other adults who use a shared computer, such as spouses, roommates, and coworkers," the EFF report said.
MORE: StealthGenie Spyware App Busted: What About the Rest?
DelGiorno responded that ComputerCOP could not be used to surreptitiously spy on non-consenting adults, because neither the CD-based interface nor the KeyAlert software make any effort to hide themselves from users.
"[KeyAlert] does not surreptitiously install. And it is not hidden," DelGiorno told Tom's Guide. "The user can remove the feature easily via the feature's control window."
In a screenshot posted along with the EFF's guide for removing KeyAlert, its icon is clearly visible in the system tray at the bottom right. The fact that ComputerCOP apparently does not try to hide itself from the people being monitored does suggest that it is intended only for use by parents.
- Best Android Security Apps 2014
- 7 Ways to NSA-Proof Your Smartphone
- 12 Mobile Privacy and Security Apps
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.