Slashdot Mirror

← Back to Stories (view on slashdot.org)

How The FBI Used Geek Squad To Increase Secret Public Surveillance (ocweekly.com)

Posted by EditorDavid on from the rights-vs-repairs dept.

In 2011 a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. But the repair technician was a paid FBI informant -- one of several working at Geek Squad -- and the doctor was ultimately charged with possessing child pornography, according to OC Weekly. An anonymous reader quotes their new report: Recently unsealed records reveal a much more extensive secret relationship than previously known between the FBI and Best Buy's Geek Squad, including evidence the agency trained company technicians on law-enforcement operational tactics, shared lists of targeted citizens and, to covertly increase surveillance of the public, encouraged searches of computers even when unrelated to a customer's request for repairs. Assistant United States Attorney M. Anthony Brown last year labeled allegations of a hidden partnership as "wild speculation." But more than a dozen summaries of FBI memoranda filed inside Orange County's Ronald Reagan Federal Courthouse this month in USA v. Mark Rettenmaier contradict the official line...

Other records show how [Geek Squad supervisor Justin] Meade's job gave him "excellent and frequent" access for "several years" to computers belonging to unwitting Best Buy customers, though agents considered him "underutilized" and wanted him "tasked" to search devices "on a more consistent basis"... evidence demonstrates company employees routinely snooped for the agency, contemplated "writing a software program" specifically to aid the FBI in rifling through its customers' computers without probable cause for any crime that had been committed, and were "under the direction and control of the FBI." The doctor's lawyer argues Best Buy became an unofficial wing of the FBI by offering $500 for every time they found evidence leading to criminal charges.

6 of 164 comments (clear)

  1. Re:Is this news going to bring them more business by sumdumass · · Score: 1, Interesting

    If you have nothing to hide, why should it matter either way?

    Actually, it will likely not impact them at all because anyone who gives a fuck and knows about this likely wouldn't be taking their computers to the geek squad in the first place.

    More interesting though might be a labor claim that Best Buy might have against these employees if they pocketed the cash and where working on the clock while doing the FBI's bidding. I don't know how it would be different than a company claiming ownership of a program you wrote on their resources while on the clock at their job.

  2. Re:Is this news going to bring them more business by Pseudonym · · Score: 5, Interesting

    If you have nothing to hide, why should it matter either way?

    "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." - Cardinal Richelieu (supposedly)

    More to the point, if you're taking your machine to be fixed because it was compromised, doesn't that make it just ever so slightly more likely that the child porn on it wasn't your doing?

    --
    sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  3. Re:Is this news going to bring them more business by burni2 · · Score: 4, Interesting

    Question is: How do you handle the data on a customers computer?

    Here is how I handle it:

    When I need to reinstall a computer:

    1.) Before I do the installation or data gathering I generate a 1:1 hard drive image and I store that on an encrypted drive.
    (checksumming of origin and copy included)

    This is why I take the computers mostly to my lab to return with a fully prepared, clean and backed up computer.

    2.) The backup is then bzip2-ed for space saving.

    3.) Then the target hard drive is zero-ed out.

    4.) Prior to this backup I gathered the data that needs saving - together with the customer.

    5.) Only operate on a need to know basis, before I open a folder I ask the customer, and I only ask and do when it is really neccessary.

    6.) I do only copy "blindly" and let the customer know beforehand what I'm going to do next and why - on a non-technical level.

    7.) The encypted backup is afterwards stored on a lended hard drive I give over to the customer and I get that drive back after two months and tell the customer - when he remembers anything that needs to be looked up, to call me, and I let them have the drive for longer time when they aren't sure.

    The first thing I do when getting a drive back - sure zero-ing it out.

    I have a sufficient collection of smaller and larger checked hard drives that my former customers donate to me for deletion and for keeping.

    Prior to the hard drive solution I longterm stored the data on LTO-5 tapes and gave these to the customer - I got a bunch cheap for 3-5 EUR per 1.5Tbyte tape - but the prices grew to much.

    Yes, I have nice customers and I let them exactly know what I do with this donated drives. The compression from 2. comes in handy there.

    8.) The encryption passphrase is later changed to be known to the customer only or directly when I do "on-site" work.
    - yes I do train my customers to remember the phrase and I let them test it several times.

    Why:
    - I do only know what I need to know (when I don't know I'm not required to act - like I would need to do, if get to know about the presence of anything criminal on the computer)

    - I have generated a backup and can revert data to that state
    but at the earliest possible point in time I surrender that data and the knowledge about the encryption key to the customer

    - the amount of unencrypted or "only-deleted" data is minimized, by zero-ing out the hard drive prior to reuse or even disposal

    - the customer is aware and in control of all my actions because I'm laying them out transparently before I act

    - My customers are satisfied and I get recommended to their family members and friends - and yes its still a hobby I do not do advertisement

  4. This story happens all the time by GrandCow · · Score: 4, Interesting

    I'm sorry, but after all the tech support jobs I've been at, someone is going to search for *.jpg/gif/png/whatever.

    I never have myself, but at every job I've been at, a bored nerd is going to do a random search for pics/porn. It takes 30 seconds when they are spending hours on a computer.

    These days, I work for a company that has a long disclosure that people ignore while I read it to them, but the big thing is "if you have shit you don't want us seeing, make a second account with a password that we can use to fix your shit."

    Again, I have never done it myself, but I have seen so many colleagues do it that I can only assume it's common over all areas.

    --
    "Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
  5. Re:Is this news going to bring them more business by AmiMoJo · · Score: 3, Interesting

    I'm actually a little surprised that ransomware hasn't started dumping illegal images in victim's hard drives, just to discourage them from taking the machine to be fixed.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Re:Thought crime by Anonymous Coward · · Score: 2, Interesting

    Wait a second. If the following is true:

    Agent Tracey Riley admitted to U.S. District Court Judge Cormac J. Carney the so-called "Jenny" image found by a Best Buy Geek Squad technician, who doubled as a paid agency informant, "wasn't child pornography by itself."
    Riley tried to recover by explaining that the picture, which contains no sex or genital angles, originated from a "well-known" child-pornography video.

    Is it possible that the image in question was part of an advertisement that was served to the computer while the gynecologist was consuming other (possible legal porn) content? Keep in mind that it would be a still image, which does not magically separate itself from a video.

    Also, if the video was "well known", is it possible that the advertisement was posted by the government as a way to entrap or entice those who would click on the image and follow the ad? Similar government behavior has been well documented.

    Given the argument of Agent Riley, one must assume that no other incriminating images or videos were found on the gynecologist's computer. Otherwise the image in question would be a non-starter for discussion. This makes for a very shaky prosecution as is suggests that the gynecologist was not intentionally consuming child pornography.

    IANAL, but if I had to defend the gynecologist, I would be very curious to know if the image was found in the browser history, where the image originated from, and what other activity occurred around the time stamp of the image. I would also initiate a search for matching images on the Internet to determine the origin of the file. Context means everything.