As have many of you, I've been watching the case of Nicodemo Scarfo with interest -- Scarfo's the alleged mobster in New Jersey being prosecuted with evidence gained by the FBI through the use of a keystroke-snooping Trojan horse.
I'm less concerned about the legal issues involved here -- it appears the Feds acted in accordance with the search warrant's terms -- than with the technical issues. After all, the "Magic Lantern" the Fibbies are reportedly developing is the kind of tool that can easily be adapted for use by attackers.
The week after Thanksgiving, reports surfaced that some US-based publishers of security tools -- Symantec's spokesperson was quoted in The Register -- may choose to avoid detecting law enforcement's cybersnitches. Now, I can understand why McAfee, Symantec, and the rest might want to dodge this issue. If their tools detect police spyware and alert the user, under certain circumstances a vendor might be charged with obstruction of justice.
But these vendors are taking some big risks by playing it safe. The first risk is that unauthorised persons will gain access to Magic Lantern or other software designed for use by law enforcement. Unfortunately, a few police and law enforcement employees are corrupt. It doesn't have to be LAPD, Rampart-style conspiracies, either. Anyone who's ever had problems retrieving stolen property from a police-evidence locker will confirm that not everyone in blue is an angel. It's only slightly less likely that white-hat tools will leak into the black-hat community than my Detroit Lions will end up with the worst record in pro football this season (and even then they won't get the first-draft pick because of expansion. Sigh).
Returning to topic, another risk is the loss of customer confidence. I'm not talking about John and Jane Doe here; they will probably continue to use whatever is preloaded on the PC they buy online or at the superstore, or whatever their teenager recommends. I'm speaking of corporate-IT types and security professionals like you and me. We have a lot to worry about when this technology becomes the payload of a future email virus. As a keystroke grabber, tools such as Magic Lantern are perfect for capturing passwords and passphrases; thereby rendering encryption and other security measures as helpless as a newborn.
So if domestic vendors turned a blind eye to copware, and refused to defend customers from law enforcement tools that criminals will turn to their own purposes, many of us would have a duty to look elsewhere for protection. Overseas vendors stand to benefit. After all, criminalising the use of effective tools from overseas would be no more successful at stopping the bad guys from using them than firearm laws are at preventing crooks from owning guns.
PJ Connolly covers collaboration, networking, operating systems, and security for the Infoworld Test Centre.