In a recent court case that was decided earlier this month, the police had used a keystroke logger to record the typing of a suspected ecstasy manufacturer who has been using encryption to thwart the police.
In the wake of that, CNET’s News.com did a survey of 13 leading anti-spyware vendors and found none have cooperated (or acknowledge doing that) unofficially with government agencies. Still, some of them did indicate that if so ordered by a court to keep quiet, they would obey and not alert customers to the presence of government-planted spyware.
The entire question of whether police spyware should be allowed is becoming more urgent given that the use of keyloggers, especially, are becoming increasingly necessary, and as a result, they are frequently used. This is due in large part to the prevalence of encryption used both in hard disk and network communications. Microsoft’s Windows Vista and Apple’s OS X, for example, both include built-in encryption features.
In theory, government agencies could even seek a court order requiring security companies to deliver spyware to their customers as part of an auto-update feature. Most modern security companies, including operating system makers such as Microsoft and Apple, offer regular patches and bug fixes. Although it would be technically tricky, it would be possible to send an infected update to a customer if the vendor were ordered to do so.
But if fedware becomes more common, savvy criminals could simply turn to open-source software that's less likely to have backdoors for police. ClamAV and OpenAntiVirus.org both offer open-source security software, and it's also possible to boot off of a CD-ROM and inspect the hard drive for malicious tampering.
