LS Commentary: It looks like Larry Ropp really was trying to put an end to a very noxious, illegal practice on the part of his employer, an auto insurance company. Certainly, it would appear that his intentions were good, and people may wonder why he's indicted for it. But the FBI could put a keyboard logger on you only under very defined circumstances, and a warrant is almost always required. These rules are in place to protect all of us; we simply cannot do normal business without the expectation of a degree of default privacy. To allow individuals to violate the privacy of others, even for causes they consider just, would make a mockery of the protections provided by law. There was nothing about this case that prevented the employer from taking this matter to the authorities and allowing them to obtain a warrant. They still might have used his services to plant the logger, but then, at least, it would have been sanctioned by law. . . .
A former claims adjuster for a U.S. insurance company is the first to be charged under federal wiretap law for the covert use of a hardware keystroke logger, after he was caught using the device while secretly helping consumer attorneys gather information to use against his own company.

Larry Ropp, 46, was indicted Tuesday by a federal grand jury in Los Angeles on a single count of endeavoring to intercept electronic communications. Ropp is accused of installing a "KEYKatcher" keystroke logger on the PC of a secretary to a vice president at the Bristol West Insurance Group where he worked. The KEYKatcher attaches inline with a keyboard connector, and stores every keystroke in an internal memory for later retrieval.

In an interview with SecurityFocus, Ropp admitted to using the device, which he says he ordered off the Internet. But he defended his office skullduggery as a necessary evil to expose improper anti-consumer practices at the company. "The FBI themselves use key loggers quite a bit," he said. "Here, I'm a whistleblower, and I'm getting the shaft."

Ropp was working at Bristol West's Anaheim, California office last year when a state appeals court ruled that the company had been illegally canceling the policies of customers who were a single day late with their payments. Under California law, an insurance company must give 10 days notice before canceling a delinquent customer's automobile liability policy. Bristol West had been circumventing that requirement by issuing "cancellation notices" with every bill, before payment was due, so that by the due date the 10 days had already passed.

"If it was due Tuesday, and you had an accident on Wednesday, you didn't have any insurance," says Ropp. "It was out-and-out a wrongful, illegal denial."

A California appellate court ruled against Bristol West in January, in a lawsuit filed by a customer, Curtis Mackey, who'd been involved in an auto accident two weeks after missing a payment, and was consequently denied a claim. Without admitting wrongdoing, the company subsequently agreed to pay six million dollars to settle a separate class action lawsuit filed on behalf of customners whose policy was canceled without proper notice.

The link for this article located at SecurityFocus is no longer available.