It appears that Dan, myself, and all of the Computer Science Canada community is being threatened with legal actions, courtesy of LanSchool — a classroom management software, that monitors students’ activity (“now available with USB Limiting and Keystroke Monitoring”).
It seems the cause for concern is this 2 year old review of their software.
Please note that the author of the review and questioned software, Dan, is dyslexic, so excuse the spelling, where applicable.
This page detials a proof of conspect expolite of the lanschool program. CompSci.ca and Hacker Dan do not support, condone or recomend the use of it in real life (So don’t send us e-mails asking how to get it working or how to hack your schools network). Also since this expolit was found and lanschooled was created, lanschool has upgraded there software so it may no longer be expolitable from the attack desrcibled on this page.
The security flaw, revolving around insecure communication channels, has first been diligently reported to the software’s developer, along with suggestions for a fix. The response essentially stated that the security should be enforced at the school-student level, citing “suspension”. So after some time, the review (along with a proof-of-concept application) has been published online.
It seems that in the last two years LanSchool has released a new version of their software, claimed to have fixed the published security issue, but has now decided to threaten legal actions anyway.
My Anti-Virus software is reporting LanSchool as a virus, what should I do?
Suggesting that the LanSchool software indeed acts in a manner similar enough to a malicious program, to trigger some Anti-Virus applications. The flaws in the design were demonstrated by the proof-of-concept application in question, and were true at the time of publication.
The demands include:
What I find interesting in this legal document, is that it asks:
We must caution you not to destroy any records, electronic or otherwise, including website records and logs, and copies of the software in your possession…
Directly contradicting with their demand to “destroy under oath all copies, whether in print or electronic, of your “LanSchooled” software”. I’m not sure what to think of this.
Since they were aware of the issue for quite some time, I’m not sure why it took them 2 years to address the review and discussion around it. I wonder if we are their only legal target, or if this will turn into a full-scale censorship sweep that would name larger companies such as Google, for hosting a YouTube video on disabling their software (or another, this time with an anti-virus.)
I believe it is within our right to publish critical reviews of software products, and so we plan on getting a lawyer to consult with, in order to defend the author, the community, and the right to critical review in Canada.
In the mean time you could leave us a comment with an advice, or let LanSchool know what you feel regarding this issue. PayPal donations towards our legal fees will be appreciated. In an event that LanSchool will not proceed with legal actions further, any unused donations will be donated to EFF.org — “the leading civil liberties group defending your rights in the digital world.”
The matter seems to have been resolved. See the followup post here.