Many people have seen advertisements on the internet offering software that will let you monitor activity on a computer. These ads bark “Catch a Cheating Spouse” or “Secretly Monitor Email” or “Spy on Your Computer.” In many circumstances, this type of software is not only sneaky, it’s criminal.
There are many different types of monitoring and logging software and not all of them use the same methods or have the same results. Let’s look at some of the most common features:
Keylogging: Also called keystroke recording, this software intercepts every key pressed and records it. Because it doesn’t rely on anything visual, it can capture passwords that are obscured on screen as well as commands that don’t make a visual change, such as the CTRL-C command used by many applications to Copy something.
Screen Capture: This can be event-based or time-based. Every time the selected criteria is met, the software takes a screenshot (a picture of what’s displayed on the screen) and records it. By looking at the screenshots, it is possible for a layperson to see information that would be difficult for them to find any other way (such as pornography.)
Window Capture: If one looks at the applications running on a computer, nearly all have a very clear “Title” in the upper-left hand corner. As this article is being written, the title visible on this computer is “When Snooping Becomes a Crime.doc – Microsoft Word”. Window capture applications log the title of open windows and the time and date they are opened and closed. This can produce a significant amount of detail into the activity on the computer, including names of webpages viewed, documents opened and emails sent and received.
It is not uncommon for monitoring software to have multiple methods of capturing and reporting information – indeed, many will have all the features noted above.
What the Law Says
The United States Code is the body of laws that are commonly referred to as “Federal Law”. In this case, 18 U.S.C. §1029, 18 U.S.C. §1030, 18 U.S.C §2510 and 18 U.S.C. §2701 are the applicable statutes. 18 U.S.C §1030 is part of the Fraud and False Statements chapter, 18 U.S.C §2510 is part of the Wire and Electronic Communications Interception chapter (a/k/a the Wiretap Act) and 18 U.S.C §2701 is part of the Stored Wire and Electronic Communications chapter.
Applying the law
Subsection (a)(2)(C) of 18 U.S.C §1030 states that one has committed a crime if he “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—information from any protected computer if the conduct involved an interstate or foreign communication;” In this case, any computer that accesses the internet is involved in interstate communication. Punishment is up to 10 years for a first offense.
Subsection (a)(2)(C) of 18 U.S.C §2510 states that one has committed a crime if he “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;” This is the whole purpose of the software in most cases. There are exemptions when the interceptor is a party to the communication or when one of the parties has given consent to the interception. This is why you see such wordy logon screens at corporations letting you know that you are consenting to monitoring. Punishment is up to 5 years for a first offense.
Subsection (a)(2)(C) of 18 U.S.C §2701 states that one has committed a crime if he “intentionally accesses without authorization a facility through which an electronic communication service is provided… and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system” This portion refers to things like logging into someone’s webmail account and reading or deleting emails; or signing on to an instant messenger network as someone else and receiving saved Ims. Punishment is up to 1 year for a first offense.
All three of these statutes also have civil fines associated with them, thousands of dollars in some cases. Add to this the cost of hiring an attorney to defend you in a criminal case and a separate attorney to defend you in your civil case and the costs could easily surpass $100,000 not counting what might be a sizable judgement should you lose the civil case.
In closing, be aware of the dangers when “investigating” your own computer and leave it to the professionals.