I've placed two relevant documents from the DEA key logger use here: http://politechbot.com/docs/forrester.alba.dea.investigation.report.070907.p... http://politechbot.com/docs/forrester.alba.dea.key.logger.070907.pdf I remember writing this article for Wired in 2001 about how one antivirus company reportedly contacted the FBI and pledged not to detect malicious fedware: http://www.wired.com/politics/law/news/2001/11/48648 It seems that spyware and key loggers are far more advanced and commonplace today than they were six years ago, as are anti-spyware tools. I wonder if the FBI could seek a court order requiring an anti-spyware company not to report fedware (as in, fedware would be whitelisted if detected and the customer would not be alerted). Anyone worried about this could always run free software, where the risk to a user would be lower. (Yes, I know, the compiler could be compromised or a clever and subtle backdoor in the source not detected, but it's still less risky if that's the threat model.) Previous Politech message: http://www.politechbot.com/2007/07/11/dea-key-logger/ -Declan _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE