10:11 AM

Laptop Tracking Software Faces New Privacy Heat

Judge rules couple can sue maker of Lojack For Laptops software for intercepting and sharing couple's sexually explicit communications with police.

How far can someone go when tracking stolen technology goods?

A case is set to test that question, after substitute teacher Susan Clements-Jeffrey ended up in possession of a stolen laptop that contained LoJack For Laptops, which is remote-recovery software sold by Absolute Software.

Absolute, after being notified by the laptop's owner that it had been stolen, began recording the device's IP address. It also captured what turned out to be sexually explicit messages and images captured with webcams, traded between Clements-Jeffrey, a 52-year-old widow, and Carlton Smith, a high school sweetheart with whom she'd just rekindled a long-distance relationship.

Absolute then shared the intercepted communications with police. They went to Clements-Jeffrey's house without a warrant, but with printouts of several of the sexually explicit webcam images, which they showed her. Ultimately, she admitted them to her apartment, where they found the laptop and arrested her on the charge of receiving stolen property. About a week later, the charge against her was dropped.

The suit, filed by Clements-Jeffrey and Smith--against Absolute Software, Absolute's theft recovery officer, as well as the city of Springfield, Ohio, and its police department--said that their communications had been illegally intercepted, per the Electronic Communications Privacy Act, and their privacy rights violated. The defendants, however, argued that Clements-Jeffrey had no such privacy rights when she was using the stolen laptop, and filed for a summary judgment, which is used to argue that a plaintiff lacks sufficient evidence to pursue a case.

Last week, however, federal judge Walter Herbert Rice dismissed the defendants' motion for a summary judgment, thus allowing the suit to proceed. "Although the Absolute defendants may have had a noble purpose, to assist the school district in recovering its stolen laptop, a reasonable jury could find that they crossed an impermissible boundary when they intercepted Plaintiffs' instant messages and webcam communications," wrote Rice in his judgment. "A reasonable jury could also find that such conduct would cause a person of ordinary sensibilities to suffer shame and humiliation."

The judge's 49-page judgment also suggests that Absolute may need to rethink its laptop recovery business model. "It is one thing to cause a stolen computer to report its IP address or geographical location in an effort to track it down," wrote Rice. "It is something entirely different to violate federal wiretapping laws by intercepting electronic communications of the person using the stolen laptop."

In addition, the judge said that the police department might be at fault for using images that were illegally obtained. One of the arresting officers had said that he was unfamiliar with federal wiretapping laws, and that he'd assumed Absolute had intercepted the communications legally. But according to Rice, "there is enough evidence from which a reasonable jury could find that the Springfield defendants should have known that it was illegal for the Absolute defendants to intercept plaintiffs' private communications."

According to court documents, the laptop in question was issued by the school district to a vocational student and stolen while he used it at the Springfield public library. The same day, the student reported the theft to police.

Later, a ninth-grade student at Kiefer Alternative School, where Clements-Jeffrey was a longtime substitute teacher, purchased the laptop--which had part of its serial number scratched off--at a bus station for $40. He then sold it to Clements-Jeffrey for $60, saying that the two-year-old laptop, which wasn't working after he'd accidentally wiped the hard drive, belonged to his aunt and uncle, and they'd given him permission to sell it.

Clements-Jeffrey agreed to buy the laptop, as long as another Kiefer teacher, Albert Apple, could make it work again. He did so, by reinstalling the operating system and adding free software, at which point the student attempted to renege on his deal. But Clements-Jeffrey insisted, and ultimately bought the laptop.

Read our new report, State Of The IT Service Desk: Change Management Remains Key. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.