Slashdot Mirror
EFF Sues FBI For Records About Paid Best Buy Geek Squad Informants (eff.org)
The Electronic Frontier Foundation is suing the FBI for records "about the extent to which it directs and trains Best Buy employees to conduct warrantless searches of people's devices." The lawsuit stems around an incident in 2011 where a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. The repair technician was a paid FBI informant that found child pornography on the doctor's computer, ultimately resulting in the doctor being charged with possessing child pornography. From the EFF's report: A federal prosecution of a doctor in California revealed that the FBI has been working for several years to cultivate informants in Best Buy's national repair facility in Brooks, Kentucky, including reportedly paying eight Geek Squad employees as informants. According to court records in the prosecution of the doctor, Mark Rettenmaier, the scheme would work as follows: Customers with computer problems would take their devices to the Geek Squad for repair. Once Geek Squad employees had the devices, they would surreptitiously search the unallocated storage space on the devices for evidence of suspected child porn images and then report any hits to the FBI for criminal prosecution. Court records show that some Geek Squad employees received $500 or $1,000 payments from the FBI. At no point did the FBI get warrants based on probable cause before Geek Squad informants conducted these searches. Nor are these cases the result of Best Buy employees happening across potential illegal content on a device and alerting authorities. Rather, the FBI was apparently directing Geek Squad workers to conduct fishing expeditions on people's devices to find evidence of criminal activity. Prosecutors would later argue, as they did in Rettenmaier's case, that because private Geek Squad personnel conducted the searches, there was no Fourth Amendment violation. The judge in Rettenmaier's case appeared to agree with prosecutors, ruling earlier this month that because the doctor consented both orally and in writing to the Geek Squad's search of his device, their search did not amount to a Fourth Amendment violation. The court, however, threw out other evidence against Rettenmaier after ruling that FBI agents misstated key facts in the application for a warrant to search his home and smartphone. We disagree with the court's ruling that Rettenmaier consented to a de-facto government search of his devices when he sought Best Buy's help to repair his computer. But the court's ruling demonstrates that law enforcement agents are potentially exploiting legal ambiguity about when private searches become government action that appears intentionally designed to try to avoid the Fourth Amendment.
Since this was an active program by the FBI to recruit and pay on piecework basis for material found that was illegal, the Best Buy workers were no longer working for Best Buy with regards to this action and were effectively working for the FBI in a sort of deputized role. As such the terms of conditions by Best Buy should not apply, and since they are effectively contract workers for the FBI -- they should have required warrants. Thus the evidence should be thrown out.
I think it's relevant to the customers that visit Best Buy, use their services, or have received hardware as a gift. If employees are doing warrant-less searches and being paid by the government to do it, this is foul play. Any information gathered under these false pretenses is inadmissable in court, according to law. If government won't respect its own laws, then it dilutes the value and even the threat that laws present to someone who might decide to start breaking law, and the state of order is weakened.
Without further details, we can't know whether the doctor is guilty or not. The hard drive could have been purchased refurbished, from a friend, found in the guts of an old computer at Goodwill... who knows? The important part is, if we're going to gather information, it should be through the proper channels. Bribing near-minimum-wage workers with a month's wages to violate the same laws that protect us all is closer to organized crime than any legitimate government. They know better, and the EFF is one of the few organizations that calls bullshit when they see it.
It's relevant to Slashdot because if it's happening with Best Buy, it could be happening with other companies and services, too. I should hope the average /.er would avoid BB, but there could be plenty of /.ers who've used the services and it could benefit the lives of people /.ers know, by urging their friends and family to reject Geek Squad service.
It's already had an effect: it got you to comment about it, didn't it? It's also creating some bad PR for Best Buy, and will call its name (and thus quality, trust, customer loyalty) into question as a technology retailer and service company. These injustices are important to expose and punish, to disincentivize criminal conduct, even when committed by a government that claims to protect its people.
Some of the articles seem to indicate employees are stumbling across illegal images as part of their repair process. But they are retrieving images from slack space, which afaik is not something a best buy type repair tech would do as part of a repair. So the techs are at a minimum using forensic tools to recover data. Also where are they billing the time for these non repair activities?...forensic scans are time consuming.
I'm also very curious to know if the techs were then manually reviewing the recovered images, again time consuming, or if the FBI further assisted by providing the tech access to LE tools such as the databases of hashes of known CP to make their searching faster.
As a victim of CP myself I have no love for creeps who access or share it, but for the FBI to argue that best buy employees weren't being led to perform searches on their behalf sounds rediculous.
It's relevant because it means that the police can avoid the 4th amendment simply by having a 3rd party examine things instead of the police doing it directly. It's another word game that's being used to gut the 4th
well not only warrantless but if the informant is paid by cases found, then.. well, you'll see where it goes.
world was created 5 seconds before this post as it is.
FBI: "We're not doing an end-run around the Constitution. We're paying civilians to do an end-run around the Constitution FOR us! There's a difference!"
Courts need to come down on this hard or else it'll become standard practice.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Without further details, we can't know whether the doctor is guilty or not. The hard drive could have been purchased refurbished, from a friend, found in the guts of an old computer at Goodwill... who knows? The important part is, if we're going to gather information, it should be through the proper channels. Bribing near-minimum-wage workers with a month's wages to violate the same laws that protect us all is closer to organized crime than any legitimate government. They know better, and the EFF is one of the few organizations that calls bullshit when they see it.
You forgot to mention another possibility -- when you pay someone a big bounty to find something, you're giving them incentive to put it there themselves.
https://en.wikipedia.org/wiki/...
Before the Anatomy Act 1832, executed criminals were the only legal source of bodies for hospitals to use for surgeon training. Due to high demand from chronic shortage of legal cadavers, "resurrection men" resorted to illegal means to obtain bodies, such as digging up corpses from graveyards or even murder. In 1828, William Burke and William Hare murdered 16 people and sold the bodies. Thomas Williams and John Bishop, part of a group of body snatchers known as the London Burkers, committed murder for the purpose of selling the victim's body in 1831.
well not only warrantless but if the informant is paid by cases found, then.. well, you'll see where it goes.
There's already a lot of other precedent that if the person is acting on behalf of the government, then they are a de-facto government agent.
A really common scenario is when the police bust somebody, and in exchange for a much lighter sentence, he has to become a CI and catch some of his cohorts in the act and have them busted. But in many cases, these CI's don't actually know anybody who they can catch, so they talk somebody else into breaking the law in spite of all of that person's objections. That person will easily get the charges dropped due to entrapment, because the CI was a de-facto government agent, even though he wasn't a police officer.
Paying these guys to do the FBI's bidding easily makes them a government agent.
It would have been the easiest thing in the world to pick up $1,000 by planting child porn on someone's computer by members of the geek squad.
If more than a half dozen geek squad members were working for the FBI, I'd be shocked that at least one didn't turn out to be planting evidence.
Which should turn up with forensic accounting. (Hmmm. 39 geek squad find 0 to 2 child porn instances but this girl found 7 instances).
.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
what abort chain of custody / forensics issues? The defense has the right to know and they have the right to do there own forensics work with there own lab.
Under reasonable doubt I can say
Who knows if that porn came form other infected systems on the Geek Squad network (I head that they outscored some of the clean up of systems to remote places)
What if an Geek Squad worker has an infected usb disk that just copy's stuff system to system? some workers have copied stuff from people systems for there own use.
what if was just in the browser cache??
http://www.popsci.com/technolo...
http://gizmodo.com/5099383/pop...
That's a horrifying, if relevant and probable point.
People have a lot of incentive to lie or otherwise cheat their "task", especially if it means they can get out of a dead-end job, start saving a little, or buy that sick rig they've been eyeing. $1000 ain't shit to the government, but to nerds trying to make their way up at Geek Squad, that's a big deal. Best Buy's not gonna provide any real incentives to do a good job (at least, not at that level), so these employees probably thought, "Fuck, I'm helping the government AND they value my work! I should keep this up!"
As usual, pitting the poor against the rights of others. It makes me wonder where the employees are in all of this, and what their stories are. It's not like the government just saunters into your HQ one day and demands you do something highly illegal. It was probably an inside job coming from middle management (perhaps legal pressure for another crime, and their compliance is used as currency to avoid jail time), or pre-discussed with leadership behind a gag order.
Whatever the case, it wholly deserves the scrutiny and attention it's receiving.
No. The third-party doctrine only covers information voluntarily given to a third party. The key word in the doctrine is "revelation". Giving a computer to a third party to repair does not constitute revealing all of the data on that computer to that third party, and thus it is not covered by the third-party doctrine. And even with an agreement that gives them the right to inspect files on the system to the extent necessary to effect repairs, that still does not grant them the right to inspect arbitrary, non-software files, which means at no point can it reasonably be considered to be a revelation of the existence of those files, much less of the contents of those files.
It seems prima facie obvious that giving hardware to a third party for repair purposes absolutely does not remove the expectation of privacy for data contained on that hardware. No Best Buy customer goes in for a computer repair thinking, "I'm giving all of my files to Best Buy for their employees' entertainment." You're giving them a computer to repair, with the expectation that your data will remain securely on that computer and will not leave that computer. In much the same way that storing a hard drive in a safety deposit box does not grant the bank the right to open the box without a warranty and give the files to law enforcement, neither can a computer repair grant Best Buy that right.
Additionally, as others have mentioned, there are fundamental chain of custody problems involved when non-law-enforcement personnel inspect a computer, to such an extent that any "evidence" obtained should be considered highly suspect to the point of being circumstantial, and arguably shouldn't even be sufficient to qualify as probable cause for a warranted search of the owner's home/office/email/*. But that issue is only relevant if the person opens up the computer and finds kiddie porn on the desktop, such that seeing it was an inevitable and normal part of the repair process. If the person had to even double-click on a folder called XXX to find the kiddie porn, we're back to fruit of the poisonous tree, and the evidence should be considered inadmissable—doubly so if law enforcement enticed those employees to break the law as part of gathering that evidence.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I think it's a travesty that the government is allowed to violate the Fourth Amendment by using a 3rd party as a proxy. Unfortunately, there is legal precedent for this type of abuse. In Smith v Maryland the SCOTUS ruled that the individual has no expectation of privacy for data turned over to a 3rd party. Government asked the phone company to install a device to trace Smith's calls without seeking a warrant. The criminal court, appeals court & SCOTUS all ruled that this was legal & the evidence was therefore admissible. There was another terrible decision where the court ruled that government can get your bank records without a warrant, claiming that the records are the property of the bank & not your private papers.
This case seems to contain a new wrinkle because the FBI was paying people to go on fishing expeditions rather than targeting a specific person. I hope the courts will conclude this was an illegal search, but I think that's unlikely.
One of the great flaws in The U.S. Constitution is that government is allowed to be the arbiter of its own power.
If there is Protected Health Information on his computer, he probably shouldn't be bringing it to Best Buy. Otherwise he's basically begging to be hit with HIPAA violations.
Unless Geek Squad is qualified to handle PHI. But I would be surprised if they are.