I've placed two relevant documents from the DEA key logger use here:
http://politechbot.com/docs/forrester.alba.dea.investigation.report.070907.pdf
http://politechbot.com/docs/forrester.alba.dea.key.logger.070907.pdf
I remember writing this article for Wired in 2001 about how one
antivirus company reportedly contacted the FBI and pledged not to detect
malicious fedware:
http://www.wired.com/politics/law/news/2001/11/48648
It seems that spyware and key loggers are far more advanced and
commonplace today than they were six years ago, as are anti-spyware
tools. I wonder if the FBI could seek a court order requiring an
anti-spyware company not to report fedware (as in, fedware would be
whitelisted if detected and the customer would not be alerted).
Anyone worried about this could always run free software, where the risk
to a user would be lower. (Yes, I know, the compiler could be
compromised or a clever and subtle backdoor in the source not detected,
but it's still less risky if that's the threat model.)
Previous Politech message:
http://www.politechbot.com/2007/07/11/dea-key-logger/
-Declan
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)