Security firms on police spyware, in their own words

Will companies that make antispyware software detect key loggers implanted by federal agents? We survey 13 companies and include their answers verbatim.

In a case decided earlier this month by the 9th U.S. Circuit Court of Appeals, federal agents used spyware with a keystroke logger to record the typing of a suspect who used encryption to scramble his communications.

But would that government spyware used in that investigation actually be detected by security software? Or would security companies intentionally fail to report it?

To answer that question, CNET News.com performed the following survey. We asked three questions of 13 security companies, ranging from tiny ones to corporations like Microsoft and IBM, and the results are below.

When there is no answer listed for a specific question, the company chose not to answer it. In some cases we followed up with additional questions. We began the survey last Tuesday and asked the final questions on Monday.

AVG/Grisoft

Responses from Fran Bosecker, spokeswoman for Grisoft, which publishes the AVG Anti-Virus, AVG Anti-Spyware, and AVG Anti-Rootkit programs, many of which are free. Grisoft has offices in the United States, Czech Republic, and Cyprus.

Question: Has Grisoft/AVG ever had any discussions with any government agency about not detecting spyware or keystroke loggers installed by a police or intelligence agency?

Answer: Not to the best of my knowledge in the U.S. or Europe.

Question: Is it Grisoft/AVG's policy to alert the user to the presence of any spyware or keystroke logger, even if it is installed by a police or intelligence agency?

Answer: So far this is the policy, also based on the valid legislature.

Question: Do these policies vary depending on the country (the U.S. vs. others, for instance)?

Answer: Yes. Current AVG policy is to flag Trojans that exhibit these types of actions. With that said, AVG will of course consider all laws, regulations and compliance rules set forth by the nations and/or local governments to the best of our abilities.

Question: We understand that you have to comply with applicable laws and regulations. But do any laws and regulations currently require security companies to ignore spyware/malware/key loggers placed on computers by governmental agencies?

Answer: None that we're aware of in the U.S. or Europe, or at least no law enforcement or agency has asked that we ignore any.

Question: Have you ever received such a court order signed by a judge requiring you to cooperate with law enforcement authorities in terms of not detecting government-installed spyware or delivering government spyware to your users?

Answer: No

Check Point

Responses from Allison Wagda, director of public relations at Check Point Software, which makes the ZoneAlarm security software, including a Vista version announced last month. Other Check Point products provide disk encryption, firewalls and intrusion detection.

Question: Has Check Point ever had any discussions with any government agency about not detecting spyware or keystroke loggers installed by a police or intelligence agency?

Answer: No, we've never been approached with such a request.

Question: Is it Check Point's policy to alert the user to the presence of any spyware or keystroke logger, even if it is installed by a police or intelligence agency?

Answer: Our goal is to detect malicious software. ZoneAlarm does so by detecting certain behaviors (such as keystroke logging) and alerting the user. We do have a policy whereby legal, legitimate software programs from any third-party vendor can be "whitelisted" from detection upon request. We would afford law enforcement the same courtesy.

Question: In a follow-up conversation, we asked Check Point under what circumstances they would afford that "courtesy."

Anwser: We've never been in the situation, but if the request fell outside of our typical parameters for whitelisting (i.e. having a signed certificate, among other things), then we'd consider on a case-by-case basis.

Question: Have you ever received such a court order signed by a judge requiring you to cooperate with law enforcement authorities in terms of not detecting government-installed spyware or delivering government spyware to your users?

Answer: Not to our knowledge.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

NYC taxis to compete with Uber

NYC taxis set to launch an app of their own, one billion people visit Facebook in a day, Chrome sets end date for Flash support and HTC's Vive VR headset gets delayed.

by Jeff Bakalar