Slashdot Mirror
How The FBI Used Geek Squad To Increase Secret Public Surveillance (ocweekly.com)
In 2011 a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. But the repair technician was a paid FBI informant -- one of several working at Geek Squad -- and the doctor was ultimately charged with possessing child pornography, according to OC Weekly. An anonymous reader quotes their new report:
Recently unsealed records reveal a much more extensive secret relationship than previously known between the FBI and Best Buy's Geek Squad, including evidence the agency trained company technicians on law-enforcement operational tactics, shared lists of targeted citizens and, to covertly increase surveillance of the public, encouraged searches of computers even when unrelated to a customer's request for repairs. Assistant United States Attorney M. Anthony Brown last year labeled allegations of a hidden partnership as "wild speculation." But more than a dozen summaries of FBI memoranda filed inside Orange County's Ronald Reagan Federal Courthouse this month in USA v. Mark Rettenmaier contradict the official line...
Other records show how [Geek Squad supervisor Justin] Meade's job gave him "excellent and frequent" access for "several years" to computers belonging to unwitting Best Buy customers, though agents considered him "underutilized" and wanted him "tasked" to search devices "on a more consistent basis"... evidence demonstrates company employees routinely snooped for the agency, contemplated "writing a software program" specifically to aid the FBI in rifling through its customers' computers without probable cause for any crime that had been committed, and were "under the direction and control of the FBI." The doctor's lawyer argues Best Buy became an unofficial wing of the FBI by offering $500 for every time they found evidence leading to criminal charges.
Other records show how [Geek Squad supervisor Justin] Meade's job gave him "excellent and frequent" access for "several years" to computers belonging to unwitting Best Buy customers, though agents considered him "underutilized" and wanted him "tasked" to search devices "on a more consistent basis"... evidence demonstrates company employees routinely snooped for the agency, contemplated "writing a software program" specifically to aid the FBI in rifling through its customers' computers without probable cause for any crime that had been committed, and were "under the direction and control of the FBI." The doctor's lawyer argues Best Buy became an unofficial wing of the FBI by offering $500 for every time they found evidence leading to criminal charges.
Top 976 Complaints and Reviews about Geek Squad Quote: "I feel that they're a scam. They get people to buy their support and anytime they help it costs more money."
9 Confessions Of A Former Geek Squad Geek Quote: "A high percentage of Geek Squad employees lack basic troubleshooting skills such as correctly identifying malfunctioning components."
Geek Squad Complaints and Reviews Quote: "$430 Average loss"
Yelp Reviews for Geek Squad in San Francisco Quote: "Dealing with Geek Squad has been an absolute nightmare!! And judging by the hundreds of other reviews here, im guessing most of you feel the same way."
Geek Squad Consumer Reviews Quote: ""Cheat Squad," Not Geek Squad"
I find these prosecutions rather disturbing, as they amount to victimless thought crime.
Yes, there is a child victim, and the story is terrible, but there is no causal connection, and no need to demonstrate one. The child is the victim of a very different crime, by a different person, possibly long ago. In other cases, there may not even be a single child who has suffered, ever. And that makes no difference to the law.
Whats the point of treating it as a criminal problem? It makes about as much sens as the war on drugs.
What does all this achieve? Is there the slightest bit of evidence that our children are any safer for all these destroyed lives from the War on Porn ?
And if it helps you consider the question more objectively, the images themselves were not particularly shocking. Nothing compared to the sex and violence on an average night's TV.
Agent Tracey Riley admitted to U.S. District Court Judge Cormac J. Carney the so-called "Jenny" image found by a Best Buy Geek Squad technician, who doubled as a paid agency informant, "wasn't child pornography by itself."
Riley tried to recover by explaining that the picture, which contains no sex or genital angles, originated from a "well-known" child-pornography video.
If you have nothing to hide, why should it matter either way?
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." - Cardinal Richelieu (supposedly)
More to the point, if you're taking your machine to be fixed because it was compromised, doesn't that make it just ever so slightly more likely that the child porn on it wasn't your doing?
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Question is: How do you handle the data on a customers computer?
Here is how I handle it:
When I need to reinstall a computer:
1.) Before I do the installation or data gathering I generate a 1:1 hard drive image and I store that on an encrypted drive.
(checksumming of origin and copy included)
This is why I take the computers mostly to my lab to return with a fully prepared, clean and backed up computer.
2.) The backup is then bzip2-ed for space saving.
3.) Then the target hard drive is zero-ed out.
4.) Prior to this backup I gathered the data that needs saving - together with the customer.
5.) Only operate on a need to know basis, before I open a folder I ask the customer, and I only ask and do when it is really neccessary.
6.) I do only copy "blindly" and let the customer know beforehand what I'm going to do next and why - on a non-technical level.
7.) The encypted backup is afterwards stored on a lended hard drive I give over to the customer and I get that drive back after two months and tell the customer - when he remembers anything that needs to be looked up, to call me, and I let them have the drive for longer time when they aren't sure.
The first thing I do when getting a drive back - sure zero-ing it out.
I have a sufficient collection of smaller and larger checked hard drives that my former customers donate to me for deletion and for keeping.
Prior to the hard drive solution I longterm stored the data on LTO-5 tapes and gave these to the customer - I got a bunch cheap for 3-5 EUR per 1.5Tbyte tape - but the prices grew to much.
Yes, I have nice customers and I let them exactly know what I do with this donated drives. The compression from 2. comes in handy there.
8.) The encryption passphrase is later changed to be known to the customer only or directly when I do "on-site" work.
- yes I do train my customers to remember the phrase and I let them test it several times.
Why:
- I do only know what I need to know (when I don't know I'm not required to act - like I would need to do, if get to know about the presence of anything criminal on the computer)
- I have generated a backup and can revert data to that state
but at the earliest possible point in time I surrender that data and the knowledge about the encryption key to the customer
- the amount of unencrypted or "only-deleted" data is minimized, by zero-ing out the hard drive prior to reuse or even disposal
- the customer is aware and in control of all my actions because I'm laying them out transparently before I act
- My customers are satisfied and I get recommended to their family members and friends - and yes its still a hobby I do not do advertisement
If you have nothing to hide, why should it matter either way?
I see you didn't read the summary. They are paying people $500 to plant child porn on your computer.
Because those geek-squad FBI moles were trained by the FBI and could be considered a direct part of the operation.
If so the evidence could be obtained illegally.
And this is different than narcotic informats - except the geek-squad-moles are considered criminals ;)
Unfortunately, the 4th Amendment only restricts the government. There's nothing restricting your neighbor, a private company, or the employees of a private company from collecting a reward if they happen to notice you doing something illegal.
Which is the same problem with saying that it's only censorship if the government does it, not if private companies do it.
The end-run around the Constitution can be summed up in one terrifying word: Outsourcing.
-=This sig has nothing to do with my comment. Move along now=-
Didn't this story run a few months ago? Has it happened again? Has anything changed, or is EditorDavid new?
Unfortunately, the 4th Amendment only restricts the government. There's nothing restricting your neighbor, a private company, or the employees of a private company from collecting a reward if they happen to notice you doing something illegal.
Ah spoken by someone who hasn't a clue and instead starts playing the role of statist apologist. When the government trains, directs, and pays a "private citizen", that person becomes an agent of the government. This makes those persons subject to the same rules; probable cause, warrants, oath or affirmation.. This bit I dug up on nolo.com The admissibility of evidence found by a private citizen usually turns on the government’s “share” of the search. In other words, how involved was the government? While cases where the government ordered or paid a citizen to conduct the search are fairly straightforward, others aren’t. In determining whether to admit the evidence in question, courts consider questions like: whether the government initiated the search how much control the government had over the private citizen who conducted the search, and what the private citizen’s purpose was in conducting the search. And what was the FBI doing? Oh yeah... paying them..training them...giving them lists of people to search extra carefully. You clueless, statist, cocksucking fuck. Now please go back to blowing your J. Edgar Hoover love doll.
An honestly-chosen username - how refreshing.
This crap has to be illegal.
It's like giving a plumber access to your house to fix a plumbing problem, but then he also goes through the underwear drawer in your little girls bedroom as well as through all of your mail on your desk etc etc. I cannot believe that would be considered legal and I can't believe that what Best Buy is doing should be either..
I'm sorry, but after all the tech support jobs I've been at, someone is going to search for *.jpg/gif/png/whatever.
I never have myself, but at every job I've been at, a bored nerd is going to do a random search for pics/porn. It takes 30 seconds when they are spending hours on a computer.
These days, I work for a company that has a long disclosure that people ignore while I read it to them, but the big thing is "if you have shit you don't want us seeing, make a second account with a password that we can use to fix your shit."
Again, I have never done it myself, but I have seen so many colleagues do it that I can only assume it's common over all areas.
"Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
I'm actually a little surprised that ransomware hasn't started dumping illegal images in victim's hard drives, just to discourage them from taking the machine to be fixed.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
The problem with "Innocent people have nothing to hide" is that it isn't you who will determine what's "innocent".
I have shit to hide. Legal or illegal that is NOT any of your's or anyone else's concern.
You want to check, get probably cause, a warrant, and have judicial oversight. Just because they are lazy doesn't give them the right to invade innocent people's privacy.
I'm actually a little surprised that ransomware hasn't started dumping illegal images in victim's hard drives, just to discourage them from taking the machine to be fixed.
In addition, when there is money to be made and you've been told X is a target an unscrupulous person might "find" the desired evidence to collect a reward.
I'm a consultant - I convert gibberish into cash-flow.
In my case no kiddie porn but some rather hot information on my system. It will NEVER see Geek Squad. I've been around computers long enough to encrypt and to know how to image drives etc.
And I've always distrusted Geek Squad - I've seen their handiwork and made a tidy sum cleaning up their messes.
If you have nothing to hide, why should it matter either way? Note that the article is about someone that had nothing to hide and nothing was found but he has gone through a long protracted court case with no end in sight....
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
I'm actually a little surprised that ransomware hasn't started dumping illegal images in victim's hard drives, just to discourage them from taking the machine to be fixed.
Why? The computer tech will tell them that the machine can't be "fixed", all the important data is encrypted. And I would think most users understand that if you do pay the ransom the data has to be rescued and the computer fixed so it doesn't happen again which many people will need help to. The ransomware only wins if you pay the ransom, if it's threatening to destroy your life many people will take a hammer to it and put it in the nearest dumpster, regardless of the lost data. And if you do pay the ransom but can't take your machine to the shop because you fear the kiddie porn is still there you'll need a new machine to transfer the data to instead of a data backup / wipe / reinstall / data restore, which will discourage many to no benefit for the ransomware author.
Let's try a delta analysis, forget all those who'd always pay or never pay anyway. The only situation where the ransomware maker is better off is if you wouldn't pay the ransom if you could take it to the shop for a wipe/reinstall, which is the only thing they could do - but you would pay the ransom to rescue the data yourself. But if you're capable of doing that, why would you take it to the shop in the first place? It means you're more than capable of doing a wipe/reinstall yourself. So my business analysis is that this would bring in exactly zero new business and cause them to lose a lot of the business they have. They could of course do it to be bigger asshats and cause people to lose more data, money or end up in jail but it wouldn't make any business sense at all.
Live today, because you never know what tomorrow brings
My understanding - from a talk at DefCon by a lawyer - was that once the FBI is aware of what Geek Squad staff are doing, those staff have become agents of the state and therefore require a warrant.
It's "fine" for somebody to look at your drive and inform the authorities if they find something illegal - the government was not aware of what was happening so it's admissable. This changes the moment the government says "thanks for that, let us know if this happens again, by the way here's some cash". They've instructed someone to access private information without a warrant.
Source: https://youtu.be/ibQGWXfWc7c - DEFCON 17: Search And Seizure Explained - They Took My Laptop!
The problem with child porn possession is that it is what's known as a "strict liability offense." Mere existence can be used to assert possession and therefore guilt and you must literally be able to prove your innocence. If you find child porn on a customer's computer and report it, you're getting yourself pulled into a likely multi-year court case in which you'll be a star witness and the defense will possibly suggest that you placed the porn for some reason. Now think about what happens if this argument sticks: instead of the porn being a thing on the computer that you reported on sight, YOU become the target of investigation and possible felony prosecution. It's also a mandatory reporting crime, so it is discovered that you did not report it in a timely fashion, you'll be charged with a crime. You could even be investigated and have your property seized just because you could potentially have copied it for yourself. Doesn't matter if you did, only that you could have.
It is probably a crime legal to do this, but the best answer to this is to wipe the hard drive with 'dd' in Linux and say that some sort of virus nuked the customer's data. If the customer has a problem with that, ask them what they had on there and if they had anything illegal. The problem will solve itself. Illegal or not, if there is no evidence, there is nothing to prosecute. Problem solved. Fortunately I haven't ever been in that situation and haven't had to deal with it.
Sticking to your moral beliefs for a victimless crime (yes, possessing photos is a victimless crime) is never EVER worth getting yourself dragged into the legal system. The system doesn't give a fuck. It will chew you up and spit you out a broken man to live a life of social exile. You are low-grade meat to the legal machine.
It's super fucking retarded that you can go to prison for decades just by having a photograph. You don't have to fuck a kid in the ass, you don't have to even take the photo of the kid getting fucked in the ass, you just have to knowingly have the photograph in your possession and you're instant evil. Japan was doing it right: possession wasn't a crime, lolicon drawings weren't a crime, kiddie rapists could masturbate to it instead of seeking out real kids to pound on, but the USA pushed 'em into making possession illegal in 2014/2015. Guess what? The rates of child abuse in Japan exploded in 2016. It could just be coincidental, but I doubt it.
Not only did I read the summery, I read the article. But thanks for not reading the parent post who asked if this would hurt or help Geek Squad's business.
The answer to this as I stated is that a lot of people do not think they have anything to worry about because "if you have nothing to hide" and they will be oblivious about this article and its implications when they take their computers into best buy to get them fixed..The people in the know, are people who already would go somewhere else or do it themselves so it wouldn't likely affect their business at all.
I would think they methods they use are really unimportant here, given the level of direct involvement by the FBI here. This is akin to giving a PI a list of names, what to look for, and then paying them if he finds anything.
Geek squad is clearly acting as agent of the FBI here. All evidence should be disallowed due to lack of warrant.
If you have nothing to hide, why should it matter either way?
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." - Cardinal Richelieu (supposedly)
More to the point, if you're taking your machine to be fixed because it was compromised, doesn't that make it just ever so slightly more likely that the child porn on it wasn't your doing?
And if they get $500 for every instance of kiddie porn they claim to find, that sounds like an incentive to me.
If you have nothing to hide, why should it matter either way?
Because the 4th Amendment to the Constitution of the United States explicitly makes this kind of fishing expedition illegal for Federal agencies, and the FBI is arguably breaking the very laws it's sworn to uphold and enforce.
But... aside from deliberate and willful lawlessness which circumvents legal protections the Founders saw fit to write into the foundational law of country... yeah, what's the problem?
Crumb's Corollary: Never bring a knife to a bun fight.
Only to find it, they'd arrest anyone they knew of who planted it.
Oh, that's just adorable.