"Sophos believes that computer crime authorities need to tread extremely carefully when using computer software to spy on individuals," Cluley told vnunet.com.
"They may find that using spyware actually does them more harm than good, and Sophos will certainly not give 'special treatment' to malware written by the authorities."
Cluley explained that the problem faced by all police-authorised spyware is whether it could avoid detection by antivirus products.
"Security products like Sophos Anti-Virus detect well in excess of 250,000 different examples of viruses, worms, Trojan horses, spyware and adware and are improving all the time in their detection of previously unseen malware," he said.
"If a criminal was warned by his security software that he was being spied on he might delete all the evidence that the investigators are actually after, and the very act of spying via computer might itself put the entire investigation at risk."
Cluley added that the only way for the authorities to get round this problem is to ask security vendors to deliberately not detect the spyware, which raised questions of law and ethics. "Sophos believes that this is unworkable," he said.
The security expert also questioned what would happen when different countries became involved.
"The Americans could theoretically write a piece of spyware to spy on criminals in its own country and ask us not to detect it," he said.
"The French may then ask us to detect the American spyware in case the Americans use it against them. Whom should we obey?"
Cluley made his comments in response to news that the FBI had used locator spyware to catch a teenager making anonymous bomb threats against his school on the MySpace website.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
