// you’re reading...

CompSci.ca

LanSchool threatens compsci.ca with legal actions

The matter seems to have been resolved. See the followup post here.

It appears that Dan, myself, and all of the Computer Science Canada community is being threatened with legal actions, courtesy of LanSchool — a classroom management software, that monitors students’ activity (“now available with USB Limiting and Keystroke Monitoring”).


It seems the cause for concern is this 2 year old review of their software.

Please note that the author of the review and questioned software, Dan, is dyslexic, so excuse the spelling, where applicable.

This page detials a proof of conspect expolite of the lanschool program. CompSci.ca and Hacker Dan do not support, condone or recomend the use of it in real life (So don’t send us e-mails asking how to get it working or how to hack your schools network). Also since this expolit was found and lanschooled was created, lanschool has upgraded there software so it may no longer be expolitable from the attack desrcibled on this page.

The security flaw, revolving around insecure communication channels, has first been diligently reported to the software’s developer, along with suggestions for a fix. The response essentially stated that the security should be enforced at the school-student level, citing “suspension”. So after some time, the review (along with a proof-of-concept application) has been published online.

It seems that in the last two years LanSchool has released a new version of their software, claimed to have fixed the published security issue, but has now decided to threaten legal actions anyway.

See claims made here. PDF, 56 KB

Claims include:

  1. “unauthorized use of its trade-mark” — even though they have no registered trademark in Canada.
  2. “unauthorized use of its logo” — using their logo to refer to the company should fall under fair use.
  3. “In other postings you offer detailed advice about how to use “LanSchooled” to breach the security inherent in our client’s software.” — but earlier in the document they stated “you identified and made LanSchool aware of a potential security flaw in LanSchool version 6.5 (which does not exist in the current version 7.1).”
  4. “you describe our client’s software as a “trojan horse type program that is used by many school boards in Ontario to spy on their students as well as controlling one or all computers in a given lab … LanSchool has many flaws in its design, and thus many security holes….”" — this would amount to defamation only if the statement was untrue. Though considering that LanSchool is designed to allow remote access to the system, to monitor and log activity, I feel like that is an accurate description. Furthermore LanSchool’s #1 FAQ question is :

    My Anti-Virus software is reporting LanSchool as a virus, what should I do?

    Suggesting that the LanSchool software indeed acts in a manner similar enough to a malicious program, to trigger some Anti-Virus applications. The flaws in the design were demonstrated by the proof-of-concept application in question, and were true at the time of publication.

  5. “It is evident that you have intentionally set out on a course to harm our client’s software and business.” — absolutely not. The original review explicitly states that “This page detials a proof of conspect expolite of the lanschool program. CompSci.ca and Hacker Dan do not support, condone or recomend the use of it in real life”. Once again, the company has been made aware of the issue well before the publication.

The demands include:

  1. Removal of the critical review of their software.
  2. Destruction of author’s intellectual property, in the form of the proof-of-concept application.
  3. Not making use of any of LanSchool’s software in the future.

What I find interesting in this legal document, is that it asks:

We must caution you not to destroy any records, electronic or otherwise, including website records and logs, and copies of the software in your possession…

Directly contradicting with their demand to “destroy under oath all copies, whether in print or electronic, of your “LanSchooled” software”. I’m not sure what to think of this.

Since they were aware of the issue for quite some time, I’m not sure why it took them 2 years to address the review and discussion around it. I wonder if we are their only legal target, or if this will turn into a full-scale censorship sweep that would name larger companies such as Google, for hosting a YouTube video on disabling their software (or another, this time with an anti-virus.)

I believe it is within our right to publish critical reviews of software products, and so we plan on getting a lawyer to consult with, in order to defend the author, the community, and the right to critical review in Canada.

In the mean time you could leave us a comment with an advice, or let LanSchool know what you feel regarding this issue. PayPal donations towards our legal fees will be appreciated. In an event that LanSchool will not proceed with legal actions further, any unused donations will be donated to EFF.org — “the leading civil liberties group defending your rights in the digital world.”

The matter seems to have been resolved. See the followup post here.

Read more

Discussion

  1. Posted by LaZyLion | August 5, 2008, 11:39 pm

    isn’t there a statute of limitations on defamation/libel?

    Reply to comment

  2. Posted by Jeb | August 6, 2008, 12:23 am

    They’re just mad that Compsci.ca comes up in third position on Google when you search for “LanSchool”

    Reply to comment

  3. Posted by Tony | August 6, 2008, 12:42 am

    @LazyLion — you are absolutely right. It seems that in Ontario (province where both Dan and I reside), the “Basic Limitation Period” is 2 years; under Libel and Slander Act, that period is retained at just 3 months. I’m not sure how to interpret the latter, as it was published in 1990 and largely concerns newspapers and “broadcasting”. Though if this holds up under the 2 year general case, we should still be good at having them drop at least one of the claims.

    Thank you.

    Reply to comment

  4. Posted by Anonymous | August 6, 2008, 12:49 am

    Look. They’re not making unreasonable demands. You’re young, so you don’t know what you’re getting into. I’d strongly recommend just letting it go. You’re not fighting a moral or ethical battle worth fighting. Otherwise, lawyer up… and see just how deep the rabbit hole goes.

    Reply to comment

  5. Posted by Huw | August 6, 2008, 1:43 am

    You may want to read Dan Rutter’s take on letters-from-lawyers here:

    http://dansdata.blogsome.com/2008/08/05/holy-crap-a-legal-letter/

    Key paragraph:

    The deadly-serious, here-comes-the-subpoena, check-yo’self-before-you-wreck-yo’self attitude that legal nastygrams always project is at least half of what the client is paying for. That attitude will be precisely the same regardless of the lawyer’s opinion regarding the merits of the case, and regardless of what the client’s said he’s willing to pay for. The lawyer will act just as scary even if he’s 100% certain that the complainant is a raving loony who has obviously just paid his last $200 to have that letter sent.

    Reply to comment

  6. Posted by Tony | August 6, 2008, 1:59 am

    @Huw — thx for the link, that was an interesting read.

    Reply to comment

  7. Posted by Dave | August 6, 2008, 3:05 am

    I would be honored if I ran a website with reviews on it and got a letter like that. Of course you are piss people off, that’s how reviews work. Some people just take it as criticism and some people get a lawyer to send you a scary letter. That’s all it is, a scary letter. You can’t expect a lawyer to not send a scary letter that will save the client lot’s of money by not going to court. Even if going to court was not planned it can still cause you to take it down.
    So it’s cheap, legal intimidation.

    Reply to comment

  8. Posted by Gandalf | August 6, 2008, 6:37 am

    Good luck guys, I really hope to see this resolved favourably when I return from vacation. I don’t see how they can reasonably hope have destroyed “those copies distributed to any other third party”. It’s the internet.

    Reply to comment

  9. Posted by Frank Black | August 6, 2008, 6:55 am
  10. Posted by The Third Bit » Blog Archive » Tony, Dan, LanSchool, and Doing the Right Thing | August 6, 2008, 7:22 am
  11. Posted by Adam | August 6, 2008, 8:11 am

    http://www.adidem.org/articles/DS5.html

    Look at the defences section.

    Now I’m not a lawyer, I’m a compsci student but I’m currently taking a course on ‘Business & Consumer Law’ and to me it seems like they have a very weak case (or none at all). The fact that this happened over two years ago is a sign of the weak case.

    Still hosting the code for the “hack” could be dangerous though under criminal code of Canada (if Lanschool can convince a judge that its used for hacking).

    Reply to comment

  12. Posted by anonymous | August 6, 2008, 9:26 am

    Obligatory humorous reading for people who receive legal threats: http://thepiratebay.org/legal

    Reply to comment

  13. Posted by Gianni Chiappetta | August 6, 2008, 11:08 am

    Hey Tony, this is an outrageous claim accompanied with ridiculous demands. If there is anything I can do to support your cause please let me know!

    Reply to comment

  14. Posted by Andrew Whittington | August 6, 2008, 11:19 am

    I wonder if LanSchooled has ever read a movie, or restaurant review? Reviews are common, and if you had a bad, faulty, etc… product, expect reviews to be negative.

    Reply to comment

  15. Posted by Leigh Honeywell | August 6, 2008, 11:50 am

    @Anonymous: actually, it looks like these “kids” followed industry standard practices for responsible disclosure of security vulnerabilities: disclose to the vendor, wait for the patch, then disclose fully the vulnerability so that everyone applies the patch.

    That said, Dan and CS.ca would be well advised to lawyer up and contact appropriate online rights groups such as the EFF and http://www.onlinerights.ca/ . You guys are well within your fair use rights, in my very unlawyerly but not uninformed opinion :)

    Reply to comment

  16. Posted by Aziz | August 6, 2008, 1:21 pm

    The CompSci.ca community has both your backs. I don’t think LanSchool has any ground, just trying to push some “punks” around. Lets *school* them though. We’re not afraid to stick up for digital rights and freedom of speech.

    Also, ongooing discussion, and my letter: http://compsci.ca/v3/viewtopic.php?p=168426

    Reply to comment

  17. Posted by Tony | August 6, 2008, 3:49 pm

    Thank you for the support and suggestions!

    Coincidentally, it seems that Ars has just reported on EFF’s new Coders’ Rights Project, that’s incredibly in-line with what happened here.

    Security and encryption researchers help build a safer future for all of us using digital technologies, yet too many legitimate researchers face serious legal challenges that prevent or inhibit their work.

    So that is something else we’ll be looking at, for guidance.

    Reply to comment

  18. Posted by Hacking LanSchool | DavidCrow.ca | August 6, 2008, 4:24 pm

    [...] like Rob or Michael (or one of Michael’s students) will step in and provide these kids some pro bono legal advice for dealing with a company looking to manage their online profile. LanSchool has requested that the Tony Targonski and Dan [...]

  19. Posted by DDJ | DDJ's Portal Blog | August 6, 2008, 4:30 pm

  20. Posted by Steve Holden | August 6, 2008, 4:53 pm

    Don’t bother lawyering up until you’ve had an opinion from EFF. This is just a try-on to get you to take down material that might have a negative impact on their sales. Not ass negative as the publicity they are now receiving, of course, but that simply demonstrates that they don’t really understand the Internet.

    Reply to comment

  21. Posted by Runlevel6 » LanSchool threatens compsci.ca | August 6, 2008, 8:23 pm

    [...] liberties group defending your rights in the digital world”. Even a comment of support on their blog post would help. You can donate and read more on the compsci.ca blog [...]

  22. Posted by Chris | August 6, 2008, 9:02 pm

    I second the motion to consult with EFF. They have a lot of experience dealing with this kind of crap. Also, send a pointer to this blog entry to Instapundit; he lives for exposing over-zealous lawyers.

    FWIW, I’m pretty sure you’re on solid ground here.

    Reply to comment

  23. Posted by sunil | August 7, 2008, 2:45 am

    they might just be wasting your time.. you concentrate on blogging.. i will on reading ur posts.. tht by far is far more interesting than some of these stupid and trite remarks

    Reply to comment

  24. Posted by Hannah | August 7, 2008, 12:29 pm

    I understand the industry standard of finding a bug, telling the vender about it, giving them time for a patch, and then warning the market as a whole to encourage use of the new patch. What i dont get is why didn’t you do another review after the new v. 7 came out? You keep saying that LanSchool said they patched the problem – but didnt you ever test it to see if that’s true? Seems to me that is some pretty important information for the public to know. If you want to claim that you did all this for the general welfare of society that’s great, but how could you possibly leave the job half done?!

    Good Luck with all that legal stuff, when its all over and done with update your review

    Reply to comment

  25. Posted by Andrew | August 18, 2008, 7:09 am

    Well, at least you don’t have to go to court or pay any money. Really all you have to do is get rid of it and pretend it never happened, then send them a letter. If I got something like this in my inbox, I would be freak out.

    Reply to comment

  26. Posted by Legal status update | August 19, 2008, 7:59 pm

    [...] LanSchool threatens compsci.ca with legal actions [...]

Post a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>