[Politech] Will security firms detect police spyware? A survey of 13 of them [priv]

From: Declan McCullagh (declan@private)
Date: Tue Jul 17 2007 - 10:03:12 PDT


Last week I sent out a note wondering about the Feds forcing security 
companies to whitelist police spyware (either through a court order or 
old-fashioned coercion):
http://www.politechbot.com/2007/07/12/dea-key-logger/

Subsequently, a colleague at CNET and I did a survey asking 13 of the 
top anti-spyware vendors, including Symantec, McAfee, IBM, and 
Microsoft, three questions:

1. Have you ever had any discussions with any government agency, not 
counting conversations related to a lawful court order signed by a 
judge, about not detecting spyware or keystroke loggers installed by a 
police or intelligence agency?

2. Is it your policy to alert the user to the presence of any spyware or 
keystroke logger, even if it is installed by a police or intelligence 
agency in the absence of a lawful court order signed by a judge?

3. Have you ever received such a court order signed by a judge requiring 
you to cooperate with law enforcement authorities in terms of not 
detecting government-installed spyware or delivering government spyware 
to your users?

The short answer is that we received "No" answers from all 13 companies 
to the second question. But not all would reply to the third.

The article with the summary of the survey is here:
http://news.com.com/2100-7348_3-6197020.html

The actual survey results, verbatim, are here:
http://news.com.com/2100-7348_3-6196990.html

-Declan
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Tue Jul 17 2007 - 10:22:47 PDT