Spyware and KeyLoggers: Legalities and Analyses

Key Loggers Columbia SC

        According to the United States Code, title 18, chapter 119, using any means to intentionally intercept wire and electronic communications, such as by using spyware and keyloggers, is illegal.  However, this does not mean that spyware software and keylogging software, themselves, are illegal.  Such programs may be purchased, installed, and used by any person who intends to use them for monitoring activities that do not violate another person’s privacy where a reasonable expectation thereof exists.  The following conditions must exist for the legal installation and use of monitoring applications:  documented ownership of the targeted computer, parental stewardship of a minor child, and in instances where the machine is not owned, the consent of all users of the targeted machine is required, preferably in writing.  As a general rule of thumb, if it is not your business, then you should not be spying.

        A common issue that digital forensics analysts face is assisting clients with detecting and analyzing spyware and keyloggers that may have been intentionally installed on their computers or mobile devices after the client has already taken steps to remove the threat either himself/herself or by hiring an IT technician.  While taking action to remove intrusive spyware software may seem like the logical choice, doing so may jeopardize crucial evidence that might indicate how the software originated on the system, who may have installed it, and what kinds of information may have been targeted.  Simply hiring an IT technician to handle the problem is not an efficient step to secure these kinds of evidence.

        Your average IT technician will be knowledgeable and proficient with handling these types of threats, however, their objectives will be to simply remove any threats and to help you to return your computer or mobile device back to a satisfactory working state.  An IT technician will not take steps to secure any evidence that may answer any questions as to how, who, what, and why, nor will they have the tools or understanding for how to do so.

        Many clients have come to me seeking help with finding evidence that might prove that a spouse or some other person may have been illegally monitoring their activities but only after first eradicating some of the evidence by utilizing anti-spyware software or enlisting the help of IT technical response specialists, such as Best Buy’s Geek Squad.  Such incidences do not always mean a total loss, but that can often be the case depending on the circumstances.  In many cases, it simply means that a system analysis will take longer, as more work will be required of the analyst, and even so, a complete analysis may not yield all of the answers.

        Generally, when faced with a situation such as the one described above, the first goal of the analyst is to verify whether all threats have been eliminated.  If not, then good news, as finding intact evidence will always provide a higher probability for finding the answers to what we want to know.  Otherwise, the next goal is to identify whether any anti-spyware software exists on the system, and if so, try to figure out whether any of them were used to detect spyware or a keylogger.  If no anti-spyware software exists on the system, then the analyst’s goal will be to scan for recent changes to the system and attempt to piece together any former directories, files, or registry data relevant to the use of spyware or keyloggers.  Otherwise, most anti-spyware software create scan logs and quarantine infected files, which can be useful for identifying what type of spyware software was detected.  From there, depending on what kind of information has developed, it may be possible to determine how the spyware software was installed, what kind of data the spyware software was targeting or capturing, how the spyware software was transmitting the data, and perhaps even to whom.

        The entire process can be tedious and time-consuming, which is why I stress that if you suspect the presence of spyware or a keylogger on your computer or mobile device, you should consider taking steps to have a digital forensics analyst document it before having it removed, as it can aid you in any potential or pending litigation.