Supreme Court Declines Case Over Techs' Right To Search Your PC

An anonymous reader writes "A few years back, a guy was arrested for possessing child pornography after techs at Circuit City found child porn on his computer, while they were installing a DVD player. The guy insisted that the evidence shouldn't be admissible since the techs shouldn't have been snooping through his computer — and a lower court agreed. The appeals court, however, reversed, noting that the guy had given Circuit City the right to do things on his computer — including testing out the newly installed software (which is how the tech claims he found the video). The guy appealed to the Supreme Court, who has declined to hear the case, meaning that the ruling stands for the time being. So, basically, if you hand your computer over to someone else for repairs, at least in some jurisdictions, they may have pretty free rein in terms of what they're allowed to access on your computer."

Re:In other news...

[Drakkenmensch]

If you can't see that difference you ought to seek help quickly.

Missing the point entirely. I wasn't implying that child porn is on the same level as ill-gotten downloads, rather that if the supreme court allows tech support to gather evidence usable in court, what's stopping the MPAA and RIAA to pay tech shops to tear through their customers' hard drives for any evidence of downloads, and report to them directly their findings along with the culprits' names and addresses?

Re:"Allowed to access" is a bit strong

[Corbets]

No, you've got it right, though I don't see much of a difference between what you wrote and what the GP said.

Police and agents of the state are prevented from obtaining evidence illegally; doing so makes it inadmissible in court. However, information collected by private citizens can be used in court regardless of how it is obtained, though the private citizen can of course be prosecuted for any crimes committed during the collection of that evidence.

Look at it this way: the laws regarding collection of evidence are not designed to protect criminals, they are designed to protect individuals from an overreaching state. But if the state is handed information without doing anything wrong (which includes asking private citizens to illegally obtain evidence, mind you), then it has the right and obligation to act upon that information.

IANAL, though I did just read the chapter on forensics in my CISSP study guide.... :)

Re:If it wasn't child porn

[CajunArson]

No they wouldn't have been, because there is nothing about this case that is legally novel or particularly controversial. The techs were not state actors (meaning working for the government either officially or at the direction of somebody from the government). Therefore, the 4th amendment rights to protection from unreasonable search & seizure do NOT apply (notice how I'm NOT talking about expectation of privacy... you don't even get to that issue when there's no state action).
      There have been cases in the past where criminals have broken into people's houses and stole items that prove crimes (like say papers proving bank fraud or something like that). Later when the cops bust them and recover the items, those papers were completely valid as evidence against the original owners of the papers, even though the police would have needed a warrant to get the papers if they had conducted a direct search & seizure. If a criminal breaking into your house doesn't count as state action, then voluntarily handing over your computer to techs who are supposed to know how to fix the computer is not the brightest move.

It's a huge barrel of worms

[hacker]

Years ago, I worked for $BIG_PHARMA, and in one of the labs, there was a shared printer and some shared PCs. Each PC required a user to log in, using their own credentials.

One day, one of the female scientists walked over to the printer to retrieve some print jobs, and found full-color pr0n prints sitting on the printer that someone had printed from one of the shared PCs in that lab.

An investigation ensued, and they found the offending machine, but couldn't pinpoint who had actually browsed to the site or printed the images. What they did find, was a VERY organized local directory of pr0n on the machine.

When they were looking through the upstream proxy and web logs, they found the site that the images were sourced from, found the date and time they were viewed and requested, etc. They finally figured out who the culpret was... and terminated him.

HOWEVER , they also found hundreds of other PCs across the company visiting the same site all over the logs, including some VERY high-level directors.

So now what do you do? Do you just fire the one person who was caught because of the reported incident, or do you start firing everybody because they're guilty of the same "offense" (browsing restricted content on company resources).

I don't know how it ended up, but I do know a lot of people were talked to and put on probation/had their public web browsing rights restricted or removed (only internal/intranet allowed).

Re:Yup!

[hairyfeet]

As someone who has worked PC repair for ages (as my oldest says "when dinosaurs roamed the earth) allow me to enlighten the childrens here. First i have been buds with some best buy guys over the years, and I have known a few that kept external drives with .BAT files that would trawl your drive for .jpg, .avi, etc. Are you gonna trust that guy not to fuck up and drop something off of said drive while he is looking for files to steal? It is like asking the guy robbing your house not to drop crumbs on your carpet.

Second, I can tell you from experience working on clients computers that there is some seriously nasty malware out there that will do all kinds of nasty shit to your PC, including leaving nice backdoors where Mr. Malware writer can go in and pretty much do anything he wants. I have also seen clickjack bugs that will open up 20+ windows at a time to many different topsites INCLUDING those that advertise child pron. Now according to the law that person could be rotting in jail now for having a bug. Now you may get cleared later but after how much money? What if you don't have the cash for a good lawyer?

That is why my customers can bring their PC to me without fear. Because unless they tell me to go into the My Documents folder I ain't going there. I am working with the desktop and the system32 folder and that's it. That "I needed data to burn" bullshit is just that. The geek squad guys have piles of CDs and flash drives lying around just like I do. When I need to test a burner I simply use the software CD that came with it, or drag my repair tools folder off my flash. But trust me, anybody who has worked PC repair for any length of time knows that story is bullshit. I have known so many guys with porta drives filled with other folks stuff that it ain't even funny.

Have I worked on somebody's PC in the past that may or may not had kiddie porn? Probably but I wouldn't have known because I don't go looking for stuff to steal. To me it is like the guy that comes in to spray your apartment looking through your underwear drawer. It ain't my job to be an undercover for the cops. I just fix the box and hand it back, which is what the geek squad guys SHOULD be doing but I can tell you from talking to quite a few ain't the case. And I think that is the heart of the matter. You know the geek squad guy was stealing, I know the geek squad guy was stealing, hell I'm sure the cops knew it to. letting the geek squad guys steal whatever they want as long as they are good snitches is bullshit and we all know it. But as long as the courts let them get away with it they'll keep right on loading their hard drives. It isn't like Best Buy corp is gonna give a fuck if they help themselves as long as your check clears.

Re:Justice...

[TheRaven64]

You have something in common with many lawmakers today; you are completely missing the point behind this law. The obvious reason for not allowing evidence found illegally is that it is not trustworthy; if someone is willing to break the law to find evidence, how do you know that they are not willing to break the law to plant evidence? The more important issue, however, is that it undermines the police. If you report a crime, and there is a good chance that the result will by your conviction for some other crime, are you going to report the crime in the first place? Probably not. This is already happening in the US, where high-profile lawyers are recommending that you never talk to the police because everyone is guilty of something, and it's easier for the police to find what you are guilty of than it is to solve the crime you reported. Enforcing the law in such circumstances becomes increasingly difficult.

Yet more perspective

[BenEnglishAtHome]

First job out of college, I was an apartment maintenance man. Commonly, people would call in problems and I'd go into their place to fix things during the day while they were at work. I saw all manner of illegal stuff and it never occurred to me to call the police. I've seen coffee tables literally heaped with a kilo of weed in a very neat pyramid, but I'm not a cop and it's not my job to tattle on other folks, so I just forgot about it.

The only time I did anything to change the status quo was when someone was taking action that damaged the property. I was an agent of the property owner, so if you painted your bedroom black (It takes gallons of expensive Killz to cover black well enough to rent the place after you move out) or if you wallpaper your bathroom with porn (I wonder what kind of impression that made on any female houseguests?), it was my job to report and take action.

Sometimes, the action was pretty simple. For example, someone stole most of the furniture from around a pool. A few days later, I got a ticket to fix a leaky faucet. When I went into the apartment, there was our pool furniture, covered with towels, being used as a living room suite. I didn't say anything to anybody; I just put the furniture back out by the pool. Resident was a little sheepish after that.

Nowadays, I fix computers for a living. When I see something dodgy on an employer-owned computer, it's my job to report it. But on those occasions when I've done work for friends, even when I see something that might be dodgy, I don't take the time to look. It's none of my business. I'm not a cop and outside of work, it's not my job to tattle on you.

Now, here's where I get twisted up. What's the legal obligation of someone who sees something on your computer? I would imagine some jurisdictions have tried to make it illegal to look away when you accidentally stumble across something that might, at first glance, seem a bit to young to be doing what they're doing. In fact, wasn't there a law proposed in Texas that would have required all computer repair shops that do file recovery to have an investigator's license issued by the state just so that they'd hove some idea how to maintain a chain of custody and some legal obligation to actually report what they see rather than ignore things (like I used to do?

I'm not sure what the law is, so I don't work for friends ever since my sisters best friends sons computer needed help and I found, in addition to multiple virus infections and no anti-virus software, a large collection of sexually explicit webcam vids he'd made with his contemporaries. (I'm sure they were all over 18 years old, of course. They may have all been freshmen in high school but I keep telling myself that there were all over 18.) I simply don't want to deal with that stuff so I no longer help people who come to me with "My kids computer is really slow; can you help?"

Likewise, if I worked at Best Buy or some such repair depot, there's flat out no way I'd look at anything on the drive I didn't absolutely have to to get the job done. I just don't need the drama in my life.