CompSci.ca LanSchool threatens compsci.ca with legal actions

The matter seems to have been resolved. See the followup post here

It appears that Dan, myself, and all of the Computer Science Canada community is being threatened with legal actions, courtesy of LanSchool — a classroom management software, that monitors students’ activity (“now available with USB Limiting and Keystroke Monitoring”).



It seems the cause for concern is this 2 year old review of their software.



Please note that the author of the review and questioned software, Dan, is dyslexic, so excuse the spelling, where applicable.

This page detials a proof of conspect expolite of the lanschool program. CompSci.ca and Hacker Dan do not support, condone or recomend the use of it in real life (So don’t send us e-mails asking how to get it working or how to hack your schools network). Also since this expolit was found and lanschooled was created, lanschool has upgraded there software so it may no longer be expolitable from the attack desrcibled on this page.

The security flaw, revolving around insecure communication channels, has first been diligently reported to the software’s developer, along with suggestions for a fix. The response essentially stated that the security should be enforced at the school-student level, citing “suspension”. So after some time, the review (along with a proof-of-concept application) has been published online.

It seems that in the last two years LanSchool has released a new version of their software, claimed to have fixed the published security issue, but has now decided to threaten legal actions anyway.

Claims include:

“unauthorized use of its trade-mark” — even though they have no registered trademark in Canada. “unauthorized use of its logo” — using their logo to refer to the company should fall under fair use. “In other postings you offer detailed advice about how to use “LanSchooled” to breach the security inherent in our client’s software.” — but earlier in the document they stated “you identified and made LanSchool aware of a potential security flaw in LanSchool version 6.5 (which does not exist in the current version 7.1).” “you describe our client’s software as a “trojan horse type program that is used by many school boards in Ontario to spy on their students as well as controlling one or all computers in a given lab … LanSchool has many flaws in its design, and thus many security holes….”" — this would amount to defamation only if the statement was untrue. Though considering that LanSchool is designed to allow remote access to the system, to monitor and log activity, I feel like that is an accurate description. Furthermore LanSchool’s #1 FAQ question is :

My Anti-Virus software is reporting LanSchool as a virus, what should I do? Suggesting that the LanSchool software indeed acts in a manner similar enough to a malicious program, to trigger some Anti-Virus applications. The flaws in the design were demonstrated by the proof-of-concept application in question, and were true at the time of publication. “It is evident that you have intentionally set out on a course to harm our client’s software and business.” — absolutely not. The original review explicitly states that “This page detials a proof of conspect expolite of the lanschool program. CompSci.ca and Hacker Dan do not support, condone or recomend the use of it in real life”. Once again, the company has been made aware of the issue well before the publication.

The demands include:

Removal of the critical review of their software. Destruction of author’s intellectual property, in the form of the proof-of-concept application. Not making use of any of LanSchool’s software in the future.

What I find interesting in this legal document, is that it asks:

We must caution you not to destroy any records, electronic or otherwise, including website records and logs, and copies of the software in your possession…

Directly contradicting with their demand to “destroy under oath all copies, whether in print or electronic, of your “LanSchooled” software”. I’m not sure what to think of this.

Since they were aware of the issue for quite some time, I’m not sure why it took them 2 years to address the review and discussion around it. I wonder if we are their only legal target, or if this will turn into a full-scale censorship sweep that would name larger companies such as Google, for hosting a YouTube video on disabling their software (or another, this time with an anti-virus.)

I believe it is within our right to publish critical reviews of software products, and so we plan on getting a lawyer to consult with, in order to defend the author, the community, and the right to critical review in Canada.

In the mean time you could leave us a comment with an advice, or let LanSchool know what you feel regarding this issue. PayPal donations towards our legal fees will be appreciated. In an event that LanSchool will not proceed with legal actions further, any unused donations will be donated to EFF.org — “the leading civil liberties group defending your rights in the digital world.”



The matter seems to have been resolved. See the followup post here.

Read more