As anyone who is interested in the shutdown of Stealthgenie website will know, Invocode CEO, Hamad Akbar, was indicted personally for violation of four US laws, three of which are defined in Title 18, Section 2512, and one in Section 317.
No one knows at this stage what the verdict will be, but let’s try to understand what these laws really say, and what the implication is for the computer monitoring business.
Let’s take a look at the case against StealthGenie and understand what they are actually being accused of.
Of four counts StealthGenie were indicted for, it’s the ones under section 2512 that we need to look at if we are to understand the Fed complaint.
In A Nutshell
- Two counts revolve around, “knowing or having reason to know that the design of such a device renders it primarily useful for the purpose of the surreptitious interception.”
- The third count is about promoting the use of such a device for, “the purpose of the surreptitious interception,”
Given the above, we have to ask what aspect of the design of a computer monitoring application renders it “primarily useful for the purpose of surreptitious interception,” how would one deliberately design such a device, and how would it differ from a device that does “non-surreptitious interception”.
The problem is that it’s difficult to argue that the design of StealthGenie’s product renders it primarily useful for the purpose of surreptitious interception, when they don’t have a separate product for parental or employee monitoring. The product is absolutely identical, regardless of it being used to monitor your child or verify your employee’s behavior. It’s still hidden, it still intercepts, and there is no difference in the software design.
Now, this is a very important fact, as it destroys the heart of the case against StealthGenie, which is predicated around the notion of the “design” of the device. If an identically designed device is used with equal effectiveness in two different situations, and one situation is illegal, then logically it’s the installers intention that’s in question, not the device or its design.
A similar argument was made in the Betamax Case, where and injunction was sought against the sales of VCRs on the basis that its recording capabilities could run afoul of copyright law. The Court rejected this claim on the basis the device is capable of substantial non infringing uses.
Let’s look at another example
Smith & Wesson products are designed to kill, and no one can say that handguns would be designed any differently if used for self-defense or murder. The design does not change for either situation, because the requirements for each situation are the same. Yet no one is accusing Smith & Wesson of murder.
This is why the 2512 laws emphasis on “design” is well intentioned, but meaningless when applied to generic products such monitoring software.
The third count of the indictment is equally problematic as it does not define what surreptitious interception is exactly. Is a remote backup designed as a Window service, or Unix demon, or DOS device driver “surreptitious interception?” Is it illegal to say that they do not have a UI, or that they do not interrupt the user with notifications? What exactly is the law saying in this case.
Now you may be thinking that this is all getting a little silly, but a good lawyer would surely be able to make such a case, which is why it’s clear that the law, in its current form, is not useful.
Therefore, one has to wonder what the motivation of the Feds was to go for StealthGenie when there are so many local producers of monitoring software, such as Web Watchers, and SpectorSoft. In fact, Web Watchers successfully defended themselves from a similar action, where the case against them was dismissed.
Given this precedent, the answer to why the Feds brought these charges would seem to lie in the advertising, not the design of the product.
This assertion can be supported by the fact that two hundred police stations, in thirty five states have been handing out similar spyware call ComputerCOP. Its unlikely that they will be charged with the same offense, even though ComputerCOP could be arguably described as designed for surreptitious interception.
It’s clear that StealthGenie are being punished for their advertising, and not their product -ironically their advertising was false and their call interception never actually worked –
This raises a lot of questions as websites are open to a global audience. It also raises questions about the jurisdiction of the USA, and certainly makes a business rethink which suppliers it does business with.
Regardless of the outcome of this case, the USA has succeeded in creating a shockwave and will make monitoring businesses consider their advertising and suppliers very carefully as this is where the problem lies. Unless Akbar has a lot of money to buy legal services, it’s clear he will have a hard time defending himself from the might of the US legal system.