Slashdot Mirror
No Right to Privacy When Your Computer Is Repaired
Billosaur writes "ZDNet's Police Blotter bring us the interesting story of a Pennsylvania man who brought his computer into Circuit City to have a DVD burner installed on his computer and wound up being arrested for having child pornography on his hard drive. Circuit City employees discovered the child pornography while perusing Kenneth Sodomsky's hard drive for files to test the burner, then proceeded to call the police, who arrested Sodomsky and confiscated the computer. Sodomsky's lawyer argued in court that the Circuit City techs had no right to go rifling through the hard drive, and the trial court agreed, but prosecutors appealed and the appeals court overturned the lower court's decision, based on the fact that Sodomsky had consented to the installation of the DVD drive."
Windows doesn't offer any way to "password protect" with any actual security, files and folders and so forth. That's a major part of the problem -- people want like 1 or 2 folders to be encrypted to where you actually have to authenticate to get in each time.
Windows EFS is decent crypto (I think it's 3DES on workstation, AES on server versions) but once you've authenticated your session, you're in to all the files automatically, it's only good for preventing offline reads. That's it. Privacy -- in general, not just for these situations where someone was doing something illegal -- would be greatly served (and Geek Squad wouldn't find people's private videos of themselves on vacation or whatever) if they'd just add in the feature everyone wants.
Local file access security exists only in a domain or with third-party tools like TrueCrypt.
Well yeah they need to be able to login to make sure whatever they're repairing worked. Just create them a joe user account and give that to them.
Or better yet ... learn how to fix your computer yourself. Or just keep all your important information on an external hard drive.
The higher the technology, the sharper that two-edged sword.
"Circuit City employees discovered the child pornography while perusing Kenneth Sodomsky's hard drive for files to test the burner"
That's right your Honor, we were just looking for some jpegs and avis to test the burner with.
The ones that have flesh-colored icons work are best for testing burners.
So it only matter when you're requesting their services for an opinion on law, legal services, or help in a legal proceeding. It'd be a bit of a stretch to claim any of those three if you had them install a DVD burner for you - hence, AC Privilege wouldn't apply.
I don't know about anyone else, but 'poking around for files' is pretty damn intrusive. Just burn a couple of files on the desktop to the CD rom.
I hate child porn as much as anyone else, but this stinks of people looking for personal details on their clients that are none of their business. This shady shit has to stop.
The USA federal criminal statute had been amended to include computer generated CP (18 USC 2256, 2258). http://www.cyber-rights.org/reports/uscases.htm
Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
Your clients can hold you liable for unauthorized access to their data?
Yet when someone takes their computer into a best buy, circuit city, etc, that person then becomes a client of said store, and has different rights?
The point is that they looked through his files without his express permission.
Was he dumb? Yes.
Were they wrong in going through his files, even for a test burn? Yes.
If they do a routine test burn, they should also do a routine disc read.
Why not have a test dvd that they copy, and burn back?
The fact is these stores LOVE to rummage through your files.
It's good PR when the company can say they help fight child porn.
It's a laugh riot for the employees to dig through your favorites and personal files.
It's not beyond reason to suspect that said files may have been planted.
It's wrong of them to do it, and legally, this guy has a good defense.
When you develop film, they HAVE to see the pictures to do their job.
Film developers are required by law to report anything involving child abuse or animal abuse (and probably murder, etc).
A tech installing a dvd drive does not need to look through your files, even for a test burn.
It's the equivalent of a plumber coming into your house and pawing through your stack of magazines on the lid of your toilet tank.
This did not warrant an arrest for this man.
It warranted an investigation, with the computer being returned and law enforcement going to a judge requesting a warrant.
It's called due process.
The above raises a good point -- store your data in a manner that's not easily accessed.
But, this case raises TWO different questions that are getting confused.
1 -- Did the service technician violate the privacy of the computer owner by looking at files on the hard drive that might not have been required to perform the repair work? This is a question of civil law, and possibly of the contract between the user and technician.
2 -- Can the police use the evidence found by the technician to prosecute the computer owner? This is a question of constitutional law and criminal procedure.
The answers to 1 and 2 are not necessarily linked.
The constitution provides protection against GOVERNMENT searches of your property. The government can't, without a warrant or an emergency, take your computer away and look through your files. Nor can the government pay a repairman to do what the government can't do directly--for example, if the government paid repairmen to snoop through computer.
But, the constitution doesn't say anything about what OTHER people can do. If the repairman did snoop beyond the limits of his authorization then the computer owner might be able to sue the repairman. But, just because the repairman did a bad thing doesn't mean that the protections in the constitution against government invasion are automatically triggered. Take a different example -- a burglar breaks into a home, steals a lot of stuff, and also sees child porn on the way out the door. If the burglar gives an anonymous tip to the police (or bargains for a lighter sentence in exchange for testimony) then the evidence can probably still be used, even though the burglar had no right whatsoever to be in your house. In fact, it was CRIMINAL for the burglar to be inside your house at the time he saw the child porn, but it's still probably fair game in a prosecution.
The key difference is whether the STATE has violated your right to privacy. You can't bargain with the state to set a higher or lower expectation of privacy; we have a Constitution that sets a minimum floor of privacy for everyone. But, you can negotiate with a computer repair service--if one service offers "no privacy-we'll read all your files" and the other say "complete privacy, for a little bit more money" then you get to pick which one you like, and to sue the "complete privacy" company if they break their word.
Disclaimer: Before you do something dumb, speak with YOUR attorney. I am not an attorney and the law often turns on what seem like very small differences in facts; your situation is probably different and will require personalized advice.
It's official. Most of you are morons.