LanSchool, publisher of “classroom management solutions”, has threatened to take legal action against Dan and Tony (founders of the massively popular compsci.ca), for publishing a review and proof-of-concept exploit for an old version of their software over two years ago.
When the exploit was discovered in early 2006, Dan (one of the founders of compsci.ca) promptly notified the developers of the LanSchool application. LanSchool disregarded his discovery, and told Dan that his school could take action against him in the form of suspension, detention, &c… As such, after a period of time, a review of LanSchool including a proof-of-concept exploit was published online at compsci.ca.
Fast forward to 2008, LanSchool has released a new version of their self-titled software; exploit fixed. However, they have now decided to take legal action against compsci.ca. Their claims and demands are as follows:
- “unauthorized use of its trade-mark” — even though they have no registered trademark in Canada.
- “unauthorized use of its logo” — using their logo to refer to the company should fall under fair use.
- “In other postings you offer detailed advice about how to use “LanSchooled” to breach the security inherent in our client’s software.” — but earlier in the document they stated “you identified and made LanSchool aware of a potential security flaw in LanSchool version 6.5 (which does not exist in the current version 7.1).”
- “you describe our client’s software as a “trojan horse type program that is used by many school boards in Ontario to spy on their students as well as controlling one or all computers in a given lab … LanSchool has many flaws in its design, and thus many security holes…” — this would amount to defamation only if the statement was untrue. Though considering that LanSchool is designed to allow remote access to the system, to monitor and log activity, I feel like that is an accurate description. Furthermore LanSchool’s #1 FAQ question is:
My Anti-Virus software is reporting LanSchool as a virus, what should I do? Suggesting that the LanSchool software indeed acts in a manner similar enough to a malicious program, to trigger some Anti-Virus applications. The flaws in the design were demonstrated by the proof-of-concept application in question, and were true at the time of publication.
- “It is evident that you have intentionally set out on a course to harm our client’s software and business.” — absolutely not. The original review explicitly states that “This page detials a proof of conspect expolite of the lanschool program. CompSci.ca and Hacker Dan do not support, condone or recomend the use of it in real life”. Once again, the company has been made aware of the issue well before the publication.
- Removal of the critical review of their software.
- Destruction of author’s intellectual property, in the form of the proof-of-concept application.
- Not making use of any of LanSchool’s software in the future.
LanSchool is clearly inhibiting free speech with their outrageous claims and demands, and they are trying to punish Tony and Dan for correctly going about disclosing a product vulnerability.
Tony and Dan are trying to raise money for legal representation via donations, and in the event that LanSchool doesn’t proceed with legal action, the money will be donated to EFF.org — “the leading civil liberties group defending your rights in the digital world”. Even a comment of support on their blog post would help. You can donate and read more on the compsci.ca blog post.
Update: Thankfully the issue has been resolved amicably, you can read about the process on the compsci.ca wiki page.