Perhaps an indication of the size of the black-economy where computer hardware has become currency, last year it was discovered that over 1000 notebook computers had been stolen from government departments in the 18 month period leading up to June 2000. Earlier this week a report in the The Daily Telegraph suggested that laptops, like cash in silicon form, gave thieves incentive to target North Sydney office towers regularly over the last year, leading to the burglary of AU$250,000 worth of notebook computers.

The humiliation of the theft is possibly as infuriating a burden for the government to bare as the financial loss associated with it, but they can assuage some of their distress knowing that their problems are shared by one of the world's most powerful law enforcement agencies. In May, thieves reduced the size of the United States Federal Bureau of Investigation's laptop fleet by 182, in one operation. If the FBI can't keep its laptops safe from thieves who can?

Les Ralph, national director of Web Internet Network Security (WINS) doesn't believe that laptop-theft will ever be eradicated but he is personally incensed by the brazen attitude of thieves who he believes have been allowed to get away with these crimes too easily, for too long.

"Nine times out of ten the police don't even have a start point for investigating," he said.

Ralph is placing the force of his convictions behind WINS's new laptop anti-theft product, PC PhoneHome. Currently being demonstrated to an unnamed government agency, PC PhoneHome combines stealth software with a central tracking service.

Whilst installed on a laptop, PC PhoneHome regularly searches for an open TCP/IP port and attempts to send data over the Internet. It notifies WINS central server of its IP number, hard drive serial number and the username of the individual logged on to the laptop. If the laptop is stolen the data could provide the owner with enough clues to help police recover it.

Laptop security products like PC PhoneHome aren't new. US-based LapTrak is identical to PC PhoneHome. Like PC PhoneHome LapTrak's software stealthily communicates with a central monitoring service. However PC PhoneHome may differentiate itself in one important respect. WINS claims that their software will survive both partition destruction and low-level formatting (a disk preparation process conducted by drive manufacturers).

"We seem to have waved a red flag at every hacker in the world," said Ralph referring to the hundreds of emails he receives from incredulous individuals challenging PC PhoneHome's validity.

Ralph was prepared to say that the software "exploits known vulnerabilities in drive formats", but was reluctant to reveal more for fear of revealing clues that would help criminals reverse the process. If the software is as tenacious as WINS claims, it has an important advantage over LapTrak's software - statements on the Laptrak Web site claims that no software can survive low-level formats.

Given that so much of PC PhoneHome's power rests with the integrity of the hard drive it seems natural that a cautious criminal could avoid unwanted attention from authorities by replacing the hard drive.

"It's becoming harder to buy laptop parts," said Ralph. "Most crims don't do anything more than a low-level format and won't spend money on a new hard drive. Nine time out of ten it's a drug addict trying to get money for a hit."

As a test, ZDNet rang Compaq and asked their parts and service division if they could deliver a new hard drive for a laptop. Asking for the model our laptop was the absolute outer limit of their curiosity about our purchase, and it's hard to imagine that the 1,000 laptops Telstra lost last year (a serious case of theft believed to be an inside job) could have been organised by junkies.

Privacy vs. Security

Privacy and secuirty make interesting bedfellows. While privacy often depends on secuirty there are many more occasions that the two conflict; the former usually has to bend to the will of the latter. PC PhoneHome is case in point.

As it constantly transmits information pertaining to the movement and behaviour of individuals naturally qualifies for the scrutiny of privacy advocates. It's difficult to guarantee that it will always be used appropriately or that its use will always produce an acceptable outcome for all the individuals that come within its reach.

Ralph says PC PhoneHome simply gives police enough forensic information to justify an investigation and the means to carry out it out. However, PC PhoneHome has already been used by overseas enterprises to ensure that its employees are logging on to network resources via a secure point. It is reasonable to assume that an employer could extrapolate from the same records to generate information that employee's may consider personal and beyond the company's interests.

PC PhoneHome's primary function will throw ISPs (Internet Service Providers) into the middle of the fray as they will be prompted to furnish law enforcement agencies with sensitive information that could help them trace stolen property.

Under the terms of The Telecommunications Act, ISPs and IAPs (Internet Access Providers) are required to provide "reasonable necessary assistance" to law enforcement agencies in upholding criminal law. In the case of PC PhoneHome customer registration details and calling line identification would be the most commonly requested data, but it is within the power of the act to reveal email transactions and network activity logs.

Mindful of their need to protect the secrecy of their investigation methods, Victorian State Police's computer crimes investigation unit commented on the forensic value of PC PhoneHome very guardedly. A spokesperson for the unit said that "on face value" the information would be sufficient to begin an investigation but was less sure that an IP address alone could secure a warrant.

ISP needn't necessarily require a court order, warrant or disclosure order to divulge customer information. It is legal for ISPs to produce information without a legal certificate if they deem that the request is reasonably necessary for the enforcement of criminal law.

"We're happy to co-operate with law enforcement agencies as long as we're fulfilling our obligations to our customers as set out in the telecommunications act," says David Bathur, Public Relations manager for Ozemail. "[PC PhoneHome] certainly would seem to boost Personal security however, as always, we will remain sensitive to the privacy concerns of our customers."

But where Ozemail's customers can exercise some influence over the company's attitudes to privacy, employees are less empowered.

Ralph could recall at least one Australian organisation that has chosen to deploy PC PhoneHome at an enterprise level without informing its employees of the monitoring measures in place on the laptops that are so entwined with their lives.

-I like the idea that it can run in a covert way," he said. "At the moment police have little or no data about laptop theft, this will give us all a chance to have it."

Working in network security Ralph is not insensitive to the concerns of privacy advocates but he is concerned by the idea that they might be used as a barrier to hide criminal activity.

"Sometimes you have to come up with a solution that search both sides of the fence," he said. "Someone's got to start paying these bastards back".

The effectiveness of PC PhoneHome will vary with the technical proficiency of the thieves pursuing your laptop but the covert manner in which it operates should outwit all but the most tech-savvy offenders. Light-fingered employees, snatch-and-grab attackers, airport lurkers and cat burglars will probably be the most vulnerable to discovery if products like PC PhoneHome become successful.

It may spell the end of the 'bloke-at-the-pub' PC channel and a few governement departments may end up with a little less egg on their faces, but what are we letting ourselves in for?

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.