Its hard to feel sorry for anyone making a living out of selling keylogging software. Officially, there are legitimate uses for putting software on a PC in order to monitor how that computer is being used but we cant think of many.
A parent watching how a child is using the Internet? Companies that want to make sure their staff arent skiving when theyre supposed to be working? Perhaps.
Anecdotally, there are few pieces of software more likely to abused than keyloggers, and thats before you get round to considering the criminal use of keylogging techniques in data theft scams. By their nature, keyloggers attempt to hide on any PC on which they are installed, and that implies a lack of consent from anybody subsequently using that machine.
With this in mind, we were interested to hear of a spat that broke out on Slashdot a few weeks back between the publisher of a commercial (i.e legitimate) keylogging program called SpyMon, and anti-spyware company, Sunbelt Software.
The nexus of the debate was an e-mail sent to Sunbelt Software CEO, Alex Eckelberry, by SpyMons publisher, RetroCoder. It drew his attention to the end-user license agreement (EULA) that comes with SpyMon:
If you read the copyright agreement when you downloaded or ran our program you will see that Anti-spyware publishers/software houses are NOT allowed to download, run or examine the software in any way. By doing so you are breaking EU copyright law, this is a criminal offence. Please remove our program from your detection list or we will be forced to take action against you.
In plain English, RetroCoder was attempting to use the terms of EU copyright law to stop third-parties (in this case, Sunbelt) from disclosing the presence of its keylogger on a PC, a bizarre misunderstanding of what such laws actually do.
Speaking to Eckelberry, we confirmed that, contrary to some claims on Slashdot, Sunbelt is not actually being sued by RetroCoder. As far as he is concerned, Sunbelt merely alerts the user to the existence of the SpyMon program, which it is perfectly entitled to do. It is up to the user to decide whether to remove it or not.
Putting such provisions in EULA in however a misconceived fashion - just confirms to us what an unreconstructed mess that have turned into. Nobody can consent to hand away their basic legal rights just by virtue of clicking yes when installing a software that much is clear.
You do wonder whether Sunbelt would find it as easy to resist if they were dealing with a large and powerful company. The mere threat of legal action from such a entity would be intimidating.
In fairness, the SpyMon website does make clear the ambiguous nature of keylogging:
Misuse of this program will enable the buyer to view hidden passwords or even to drive some people crazy! This is not allowed in some countries, so please don't do it...
That's some marketing pitch.