When Shawn Macleod of Austin, Texas, suspected his estranged wife was engaging in some kind of suspicious behavior, he installed a spyware program on her computer to monitor her e-mails and Web behavior.
He now faces four years in jail.
The turn of events began in August 2005 when Macleod’s estranged wife Kristy reported to police that she suspected Macleod was monitoring her computer use. Detectives caught Macleod when he fell for a sting operation. The detectives then searched the computer and found SpyRecon software on it, according to a report in the Austin-American Statesman.
SpyRecon from Secure Tactics is billed as “the most effective and powerful
Password Finding and Spy Software!” on its rather 1990s-looking homepage. The company had no contact phone number, only an e-mail address, and did not respond to queries from InternetNews.com.
Austin police charged Macleod with unlawful interception of electronic communication, the equivalent of an illegal wiretap, which is a second-degree felony that can carry a 20-year sentence. Macleod pleaded guilty in May and was given his four-year sentence this month.
Chris Benham, vice president of marketing for Web Root Software, maker of the spyware detector Spy Sweeper, was a bit surprised at the severity of the punishment. “The fact they could apply a law to protect this woman’s privacy is good to have. Four years seems like an aggressive amount given it wasn’t a violent crime, but I appreciate there are people watching our privacy,” he told InternetNews.com.
There have been other cases similar to Macleod’s this year, but they have resulted in less severe penalties. In Rochester, N.Y., a Sheriff’s deputy was given five years probation for sneaking spyware onto a neighbor’s computer whom he suspected was a threat to young girls in the neighborhood. Also, there is a second spyware case under way in Austin, which is pending.
Can IT managers and employers face similar legal retribution from disgruntled employees if they monitor employee activity too closely? Employee monitoring is somewhat commonplace, although it’s usually restricted to tracking employee Web activity, not actually putting a key logger on their computers. But security specialists say companies do have more latitude to protect themselves.
“There really needs to be a distinction made between the workplace and private individuals,” said Paul Ferguson, network architect for Trend Micro. “The idea of me thinking my wife is hiding something from me and planting something on her computer to spy on her is very different from corporate security policies which every enterprise has a right to do.”
Benham doesn’t think such a case could apply to a corporate environment, because there are work-related security concerns. “There are tools to track information that leaves the company, to ensure corporate secrets don’t go out. Companies have tools for monitoring Internet usage, but I’m not aware of any company doing anything like that. There is a degree of respect for your employees to be had,” he said.
Added Ferguson: “What’s okay to do at home sometimes is not okay to do at work. The roles and responsibility of someone in the workplace are completely different from the roles of a private individual in their home.”