Graham Cluley, senior technology consultant at Sophos, said that law enforcement agencies had to watch their step when it comes to spyware.
"Sophos believes that computer crime authorities need to tread extremely carefully when using computer software to spy on individuals," Cluley told vnunet.com.
"They may find that using spyware actually does them more harm than good, and Sophos will certainly not give 'special treatment' to malware written by the authorities."
Cluley explained that the problem faced by all police-authorised spyware is whether it could avoid detection by antivirus products.
"Security products like Sophos Anti-Virus detect well in excess of 250,000 different examples of viruses, worms, Trojan horses, spyware and adware and are improving all the time in their detection of previously unseen malware," he said.
"If a criminal was warned by his security software that he was being spied on he might delete all the evidence that the investigators are actually after, and the very act of spying via computer might itself put the entire investigation at risk."
Cluley added that the only way for the authorities to get round this problem is to ask security vendors to deliberately not detect the spyware, which raised questions of law and ethics. "Sophos believes that this is unworkable," he said.
The security expert also questioned what would happen when different countries became involved.
"The Americans could theoretically write a piece of spyware to spy on criminals in its own country and ask us not to detect it," he said.
"The French may then ask us to detect the American spyware in case the Americans use it against them. Whom should we obey?"
Cluley made his comments in response to news that the FBI had used locator spyware to catch a teenager making anonymous bomb threats against his school on the MySpace website.
Security expert slams spyware snooping
By Matt Chapman on Jul 20, 2007 3:00PM