back to article Fresh docs detail 10-year link between Geek Squad informers and Feds

Best Buy and the FBI have had a longstanding and very cosy relationship that incentivised Geek Squad techies to go hunting for porn on customers PCs, documents obtained under a Freedom of Information Act have shown. US tech retailer Best Buy has always denied having a relationship with the Feds, but the documents reveal …

  1. Mike Lewis

    I'm more worried about Best Buy employees planting evidence than finding evidence.

    1. Ole Juul

      reliability of evidence

      I would say that if a computer has been to such a facility and out of the hands of the owner, then any evidence found on it is suspect. Anyone who has had root access could have put something there.

      1. Destroy All Monsters Silver badge

        Re: reliability of evidence

        Which means "cannot be used in court".

        In principle.

        But I suspect the FBI will revv up a little investigation by itself and "surprise" the owner later.

      2. a_yank_lurker

        Re: reliability of evidence

        I would rule any evidence not found with a proper paper trail is invalid. It is too easy to install anything on a drive when you have physical access. Waving some money to retail techie is nothing more than a bribe to the 'find' something.

      3. rh587

        Re: reliability of evidence

        I would say that if a computer has been to such a facility and out of the hands of the owner, then any evidence found on it is suspect. Anyone who has had root access could have put something there.

        But whilst not convict-able evidence in and of itself, it's also grounds for further investigation and potentially a search warrant on the owner's home to examine other hardware.

        If you take your car to the dealership for a service, don't expect them to ignore the dead body or the severed limbs in the boot. Expect a visit from the boys in blue.

        In the case cited of course the image was in unallocated space, which a techie has no business snooping around in unless they're being paid to do data recovery, but the idea that technicians could stumble over illicit material in the normal course of their work is hardly novel or fanciful.

        1. bwesley

          Re: reliability of evidence

          Well said.

          The laws are different in Australia. I personally found clear child pornography on a laptop I was removing a virus infection from.

          When I found it I rung a friend who was a local police officer asking what my obligations were. His response was if I didn't report it I and it was last found out I knew about it, I could have been charged in aiding the perpetrator.

          Needless to say I reported it, the Laptop was seized, his house was raided and he was charged. I had to give evidence how I found it in the course of doing the repair (he did not make any attempts to hide the images). He confessed and gave up a major kingpin in the distribution of child porn and he went down along with hundreds of others.

    2. Anonymous Coward
      Anonymous Coward

      The incentive structure certainly favors the low paid Geek Squad guy planting evidence. He'd have some handy once he finds it on someone else's computer.

      All he has to do is wait for someone to come in who "looks the part" of a pedo, and has a lot of rather extreme porn on his PC. Tossing in some kiddie pics amongst the horse pics or whatever else might be there would be more believable than planting them on some old lady's computer that's got nothing but recipes on it.

      1. Anonymous Coward
        Anonymous Coward

        @DougS

        I would be more worried that the tech would check out my facebook page and decide the didn't like my politics and then plan something.

        BTW how do describe someone who looks the part?

        1. Robert Moore
          Joke

          Re: @DougS

          BTW how do describe someone who looks the part?

          your question is difficult to answer exactly. But if you walk into the washroom, and take a look in the mirror... That's the look.

    3. John Smith 19 Gold badge
      Big Brother

      "I'm more worried about Best Buy employees planting evidence than finding evidence."

      Worry not citizen.

      That is indeed another service their staff can supply on request.

      <signed>

      Big Brother.

  2. Anonymous Coward
    Anonymous Coward

    Naughty though we all know PC world do this over here. e.g. Gary Glitter.

    This leads me to the ethical question, is it right for computer technicians to search customers hard drives for pictures? Where do you draw the line? Clearly in this case someone has run a deep search in unallocated space.

    Is the invasion of privacy worth it if you catch paedophiles?

    Personally I'm not sure because how can I be against other government snooping but then allow for this to happen but then this isn't being performed by the government.

    1. Christoph

      It's not at all unknown for someone repairing a computer to search for *.jpg in case there's some interesting porn they can make a copy of. Searching the unallocated space is something else entirely.

      If it's done at the direct request of the government and paid for by them it hardly counts as not being performed by them.

      1. Anonymous Coward
        Anonymous Coward

        @Christoph

        Of course but on the other hand the government isn't keeping the data for future use. I think in this case they are paying them to check and report if they find anything of interest. It does make you wonder where money is involved what else they look for.

        @Boris the Cockroach

        That's what I was thinking as well, this is stasi by the backdoor.

      2. JeffyPoooh
        Pint

        "Searching the unallocated space is something else entirely."

        It might be the situation where the customer's hard disk has been corrupted, and the IT service actually being provided is File Recovery (where the recovery software could be searching the entire drive looking for file fragments for reassembly).

        Or it might be something more sinister. But that's far less likely, I think.

    2. Boris the Cockroach Silver badge
      Big Brother

      4th amendment covers this nicely.

      The government should NEED a warrent to search you, otherwise whats to stop them planting evidence, then nicking you for it.

      Secondly, it means we become a nation of snoopers and snitches, and records from the nazi era of germany show that most people were denounced to the gestapo not for being bad germans, but because they had a score to settle.

      Do you really want that.........

      1. Alistair
        Windows

        @ Boris the Cockroach:

        Please recall that the american prison system is private enterprise. And then spend some time thinking your logic through.

    3. J. Cook Silver badge

      "This leads me to the ethical question, is it right for computer technicians to search customers hard drives for pictures? Where do you draw the line? Clearly in this case someone has run a deep search in unallocated space."

      Ethically, I would answer no. I am paid to fix their problems, not to go snooping around. Even if fixing the problem requires me to backup the data on the machine to a temporary storage device (i.e., failing storage device, data recovery)

      If there's a legal case, I'd be handing the whole mess off to a qualified forensics examiner (i.e., Not Me.) who has the proper equipment for such things.

      1. Anonymous Coward
        Anonymous Coward

        "Ethically, I would answer no. I am paid to fix their problems, not to go snooping around. Even if fixing the problem requires me to backup the data on the machine to a temporary storage device (i.e., failing storage device, data recovery)"

        Yup, however if a file name or image is seen that is suspicious I would investigate a little more and report if it is kiddie porn or similar.

        1. FuzzyTheBear

          Really ?

          f a file name or image is seen that is suspicious I would investigate a little more and report if it is kiddie porn or similar ...

          Where is your search warrant ?

          What gives you the right to substitute yourself for the law ?

          If i was your boss i'd fire you instantly this minute for just considering your actions which is that you put yourself above the law.

          Hey .. if you're his boss : fire him , noone can trust him with anything like private documents files and folders full of trade secrets , he takes it on himself to access stuff he has no right to.

        2. Doctor Syntax Silver badge

          "Yup, however if a file name or image is seen that is suspicious"

          File name, maybe in limited curcumstance. Image - why are you looking at images on a customer's computer?

          Let's presume the customer to be innocent of anything, an old-fashioned assumption admittedly but an essential one if we wish to live in a free society. So what might be on the computer? All manner of personal stuff if it's consumer machine, all manner of commercial material if it's a business computer.

          The default assumption must be that it's confidential to the owner and/or user. In the case of personal stuff, at least in Europe, it will arguably* be protected by existing personal data legislation and even more so under GDPR. In the case of a commercial machine there's likely to be commercially sensitive material on there, some of it subject to various regulatory regimes: financial, medical etc. To go poking around in contents, even listing file names, of anything not immediately relevant to the work that's being done is at minimum a breach of confidence and quite possibly a breach of other legislation or regulation.

          TL;DR A tech has no right to go poking around in the PC's contents.

          * There must be an argument that anyone accessing a PC is at the time the processor of any day data file they open.

      2. Anonymous Coward
        Anonymous Coward

        > This leads me to the ethical question, is it right for computer technicians to search customers hard drives for pictures?

        Quite apart from ethical considerations, accessing data beyond what you are reasonably expected to require access to in order to provide the service will likely constitute a violation of the Computer Misuse Act in the UK (which is where I did my forensic training æons ago) so ethical or not, it would be illegal.

        In practical terms, seeing a directory listing if, e.g., your work order includes backing up a computer at the filesystem level is probably authorised access¹. Accessing the contents of any files is probably in violation of the Act.

        ¹ If on the other hand you were tasked with replacing a keyboard, even a directory listing is likely off-limits.

    4. rh587

      This leads me to the ethical question, is it right for computer technicians to search customers hard drives for pictures? Where do you draw the line? Clearly in this case someone has run a deep search in unallocated space.

      Is the invasion of privacy worth it if you catch paedophiles?

      If they're digging around beyond the scope of the job they're doing, then I'd have to ask WTF they're about.

      If they're trying to clear out some malware and are rooting around in the browser settings where they happen across a cookie or cached images, then I'd be inclined to say bang to rights.

  3. Will Godfrey Silver badge
    Unhappy

    Very unpleasant people

    The original abuse is despicable.

    Getting the images is sick.

    Now that's the straightforward bit.

    People hunting for the images to try and help the victims is sort of laudable, but I wouldn't want to be tainted with seeing them.

    People doing that purely for financial gain. That's a big NO in my book. They are directly profiting from the victims.

  4. Anonymous Coward
    Anonymous Coward

    The point here is that the FBI and best buy considered the image pornographic

    In this case the judge ruled it was not and here lies the problem with classifying porn. In order to be called porn then it needs to be seen as offensive to a reasonable person.

    BestBuy and the FBI were clearly unreasonable across the board and were shown unfit to vet images as being legal or otherwise.

    Given the life destroying stigma associated with kiddyporn then there needs to be professionals making the assessment since the amatures currently being used show that they not only ruined a case if the Doc was guilty or marked a innocent for life as a monster if otherwise.

    Since we now clearly cannot trust the assessment of the FBI then how can we know if the "evidence" found at the docs home was actually illegal either.

    Classic case of too much power in the wrong hands

  5. Sureo

    Lesson

    Don't use Best Buy's service, better yet don't do business with them at all.

    1. Chemical Bob

      Re: Lesson

      After they screwed up their stores with the whole 'store within a store' concept, it's very easy not doing business with them as I can't find a damn thing in their stores anymore.

  6. Anonymous Coward
    Anonymous Coward

    This is all wrong on so many levels...

    Just how many innocent parties of Best-Buy (PC-World / Curry's/ Dixons), get to have their computers scanned in the search for an occasional pedo?

    Sure, a few low-hanging-fruit will get caught in the net. But more serious criminals, the ones behind the content will just disappear into the shadows. In fact, this case is an advertisement to pedos everywhere, to zero sectors, swap out drives, use memory keys and/or encryption etc. Great job FBI...

    Even worse, It sends out all the wrong signals, as it encourages / offers a license to front-line tech staff to become full-time data-pervs. You think they won't cross the line and make copies of your naked girlfriend just as quick?

    I take Best Buys PR-line as the empty corporatese that it is! Maybe pedos should stick with Facebook. After all FB this week sent a survey asking if its ok to show dirty underage pics! Fucken hell the world is fast turning to shit!

    1. Dave 126 Silver badge

      Re: This is all wrong on so many levels...

      >Just how many innocent parties of Best-Buy (PC-World / Curry's/ Dixons), get to have their computers scanned in the search for an occasional pedo?

      If you're a doctor, lawyer etc and have identifiable information about patients / clients then dropping your computer off at PC World is likely a breach of data protection legislation.

      That said, I'd rather my doctor spend his time learning medical stuff, not working out the ins and outs of system backups and whole disk encryption - that stuff should be the default of the computer system (hardware, OS, cloud services etc)

      1. Doctor Syntax Silver badge

        Re: This is all wrong on so many levels...

        "If you're a doctor, lawyer etc and have identifiable information about patients / clients then dropping your computer off at PC World is likely a breach of data protection legislation."

        If there were a problem with it it would have to be handed over to a technician somewhere. That technician has to be trusted. The technician at PC World will take his medical ailments to his doctor and trust that he will be treated ethically. Why shouldn't it work the other way around?

        PC World should be subject to the DPA and/or any other relevant regulation just like any other business handling data.

    2. Anonymous Coward
      Anonymous Coward

      Re: This is all wrong on so many levels...

      Just how many innocent parties of Best-Buy (PC-World / Curry's/ Dixons), get to have their computers scanned in the search for an occasional pedo?

      I think you misunderstand. This isn't about searching for illegal content in an enforcement context. The dubious creeps at the PC repair shop are scanning the customer drives for any porn they can copy for their own use anyway, but "searching for illegal content" legitimises that search.

      And for the real creeps, it means they can leer at illegal content with impunity, so long as they dob sufficient creep customers in to "pay" for their hobby. There's an unpleasant thought.

      1. Anonymous Coward
        Anonymous Coward

        'I think you misunderstand. This isn't about ... illegal content in an enforcement context.'

        Maybe / maybe not.. We know there's 10-years of history here, but things aren't all that clear from the article either... For example, does the FBI have an Informal / Formal reward process if Terrorist materials are found on repaired PC's... Anyone know?

        From past cases (Snowden etc), US corporations tend to deny ties to law enforcement. So we don't really know if Best-Buy is complicit in any way, or if its just a few rogue tech employees. But what this article highlights is past cases may now act as a real incentive to repair shop workers from now on, no???

  7. Destroy All Monsters Silver badge
    Pint

    Oh yeah?

    "CHS", shorthand for "confidential human sources"

    The irony of labeling a disk trufflehog directly out of MiniTrue a "Cylinder Head Sector".

  8. John H Woods Silver badge

    Three words

    Chain. Of. Custody.

    1. Anonymous Coward
      Anonymous Coward

      Re: Three words

      Und für unser britisches Publikum¹:

      0. Continuity

      1. of

      2. evidence

      (or just continuity for short)

      ¹ What? Practising for Brexit.

  9. Anonymous Coward
    Anonymous Coward

    Zero chance this is an "isolated incident"

    I think it's safe to assume that the FBI (and its counterparts around the world) have a similar relationship with techs at every major computer & phone repair service. And if you believe it's just about looking for child porn, you're probably the sort of person who thinks taking a computer to Best Buy et al for repair is a good idea.

    Repair companies have physical access to boxes for hours or days at a time, out of view of the owner. Just what you need for drive imaging, forensic searches, or even planting exotic bugs at the hardware / firmware level -- and access which can be expensive for a TLA to achieve in the wild.

    For the TLAs, "repair" is a convenient and low-cost attack vector, with litle to no detection risk and no need to risk wasting a perfectly good zero-day. On the odd chance that an intrusion is found, the repair company blames an unnamed "rogue employee," ensuring plausible deniability. Repair company, employee / narc and TLA share a good laugh at the gullibility of the Joe Public, and everyone gets back to work.

  10. DCFusor
    Holmes

    A level of indirection

    Your 4th amendment is pretty much irrelevant as it only applies if a government employee is doing the initial looking, and even then....

    It's well known that they buy info from outfits like Experian that would be illegal for them to collect firsthand, and plenty of tales about high bandwidth taps at telcos (feeding Utah which exists for some reason, as did the immunity given telcos) and of course, the suspicions around Google, Facebook, Amazon and so on. We also know how the banks are required to report various activity - no warrant needed there either, and the threshold is low, and the quota high.

    So, it's all OK then, they've given themselves permission to run a Just-Us system. I used to worry about the line attributed to Cardinal Richelieu "Give me 6 lines written by the purest of men" but now that anyone can just make up lies and present them as truth, even that doesn't matter as much.

    I guess they just do it now to try and nip in the bud any real dissent by whoever is "on to them".

    1. kain preacher

      Re: A level of indirection

      "Your 4th amendment is pretty much irrelevant as it only applies if a government employee is doing the initial looking, and even then...."

      That is so wrong. Lets say you ship some drugs ad fed ex suspect there are drugs in your package an open it. That's ok. Now if the police suspect you are shipping drugs and asks fedex to open up the package with out a warrant or some probable cause that's a no no because at that point they are acting as an agent of the police .

      If this was not true police could just ask a so call concerned citizen to break into some house or search packages . It would be a great end run around your 4th amendment

  11. a_yank_lurker

    Ethics

    When I have worked on others' boxes I have never made any effort to search the drives. Doing that always struck me as seriously unethical. Plus even if I ever were to search I have no idea what is pornographic or what is a suspicious file as I do not have the hashes available. This raises the question of how did the techs know the image was pornographic without someone telling them what to look for.

    1. Swarthy

      Re: Ethics

      When I was doing PC repair in a small town in a past life, I always tried to avoid folders that looked like they may have contained porn. There was so little possibility of a positive outcome that it was not worth the risk of needing brain-bleach (especially as I was under-age and could not drink).

  12. Anonymous Coward
    Anonymous Coward

    Traditionally...

    Traditionally (several example in tech news history) the Geek Squad staff would upload all of one's private pictures to the Interweb for their own adolescent amusement. So the FBI just needs to browse the online file server to see what's on any particular Geek Squad customer's computer.

    [Sarcasm Alert]

    1. bombastic bob Silver badge
      Devil

      Re: Traditionally...

      "upload all of one's private pictures to the Interweb for their own adolescent amusement"

      /b on 4chan maybe

  13. JJKing
    Black Helicopters

    Be careful, very, very careful.

    Even if fixing the problem requires me to backup the data on the machine to a temporary storage device

    And now you have any kiddie porn that may have been on that machine on your HDD. Explain that away to the powers that be, oh yeah and good luck. They aren't there to find the truth. They just want to find someone, anyone, guilty!

    I found what turned out to be child porn on a machine and ended up the recipient of a Search Warrant.

    1. J. Cook Silver badge

      Re: Be careful, very, very careful.

      What part of the word 'temporary' was not understood? the expectation is that a temporary storage is scrubbed using proper methods (DBAN, wipedisk, or some other NIST compliant app) between uses.

      In any case, I've long since gotten away from retail class work, and generally only tech my own systems, or the odd parent or friend. (although most of my friends are techs...)

      If it's was a case of failing drive, my SOP was to image the drive to it's replacement.

  14. Anonymous Coward
    Anonymous Coward

    For competent PC repair, when PC cannot boot

    You don't read un-allocated space. It's because it's pointless. Even if the customer accidentally delete say system folder and purged it. Recovering all the folder's content from un-allocated space doesn't guarantee it fully work, especially when names, file path and settings are all messed up.

    The only time you read un-allocated space is when you need to recover lost files, which clearly wasn't this customer request. Greek Squad here obviously aren't doing their PC repairing job, and were specify looking for stuff for fbi.

  15. Anonymous Coward
    Anonymous Coward

    No problem

    I've got no problem with anyone reporting illegal child porn to authorities - as they should.

    1. Anonymous South African Coward Bronze badge

      Re: No problem

      And if somebody dumps illegal images on your PC/laptop/smartphone, and report you, what then?

    2. Doctor Syntax Silver badge

      Re: No problem

      "I've got no problem with anyone reporting illegal child porn to authorities"

      To find it they have to look at file contents.

      If you take your PC in to a technician it will have your private stuff on it. Bank statements. Password lists. Contact lists. A diary. Your personal family photographs. Stuff you're working on which you regard as your IP and consider potentially valuable. Your employer's IP.

      Do you still not have a problem with anyone knowing there's stuff to report?

      1. Anonymous South African Coward Bronze badge

        Re: No problem

        Based on that, I think that *every* company will need to have an inhouse IT department to stop their IP from leaking out. Well, those that's large enough to be able to afford one, that is. *cough*

        One of the pitfalls of outsourcing - quite an easy way of obtaining some other company's IP by spear phishing somebody and causing issues with that PC - and they then send it out for repairs, and you can access it at leisure via a bribed techie.

  16. Aristotles slow and dimwitted horse

    Let us not forget...

    Let us not forget that this is America. The land of the *cough* free *cough* and where there are an awful lot of people with no morals or ethics, or indeed... any clue about much at all. They'll do anything for a quick buck and not have the sense to question why they are doing it*.

    * - I'm not tarring every American with this brush though. I know quite a few of them and they are mostly a fine bunch of people who just want to get on with life. On the other hand...

    1. Eddy Ito
      Paris Hilton

      Re: Let us not forget...

      So you're saying that Americans are pretty much like everyone else.

  17. Marty McFly Silver badge
    Pirate

    Useless article for this audience

    Let me be abundantly clear.... Anyone in tech who needs Best Buy to fix their computers is not qualified to be reading The Register!

    1. fidodogbreath

      Re: Useless article for this audience

      Anyone in tech who needs Best Buy to fix their computers is not qualified to be reading The Register!

      Agreed; but it's still good to be aware of these issues. This sort of bounty-hunting chicanery is probably fairly common at break-fix outsourcing companies as well.

  18. PaulR79

    I do wonder what would happen if someone has an album on their computer of their kids and a few of them happen to be in some state of undress. Whether it's showing them playing in a bath with bubbles all over their head or covered in mud looking grumpy because you stopped them. Do they get their life turned upside down by someone only wondering what they will spend their 'reward' on?

    I have no idea why you'd have pics of your own kids naked as I don't have any but those at least seem plausible to me.

    1. Anonymous Coward
      Anonymous Coward

      It is a technicality

      One of the problems with the average computer is that Thumbnails show all those images. So even if you are trying to avoid seeing anything private - just opening the Pictures folder can show you more than you want to see.

      It was often the case when trying to backup failing hard disks. I have had some very comical issues in my early days. When a file by file copy is going on the PC would often jam on a single file... so you'd try and go in and restart the copy by skipping that file... and now you get to see lots of images you may not have wanted to see.

      The comedy is that it gets you closer to your clients. You work in their trust. Joking about their "Tarts and Conquests" photos. You explain the law to them. Though I did enjoy winding up the copper who had these exact "photos of his kids in the bath" type images. It was *clearly* family photos - but I did point out that the law said "no naked kids".

      Technically the law says - if I see something dodgy I have to report it. In over a decade in this job I have had a small number of occasions where things cross a line. And each case it is handle separately - two of them getting very legally heavy (but not due to my actions).

      Yeah - this is a tough job. And don't forget that usually when the PC is handed over for repair it is due to a fault that hasn't given the owner time to hide everything personal.

  19. Anonymous Coward
    Anonymous Coward

    Used

    Another consideration is whether the computer/hard-disk may have been purchased used. If the images were deleted, and only residing in unallocated space, there's no way of attributing when they were placed on the disk, nor by who. Or, if you have an external hard-disk/USB flash drive/etc., and loan it to a buddy for a temporary backup/file-transfer, who knows what he may have put on it and later erased.

    Anon Y. Mous

  20. unwarranted triumphalism

    No sympathy

    If you can't figure out how to remove the drive(s) from a PC you deserve everything coming to you.

  21. John Smith 19 Gold badge
    Boffin

    Err. "Fruit of the poisoned tree" defense?

    Isn't that what it's called in the US?

  22. Anonymous Coward
    Anonymous Coward

    The end does not justify the means in a constituional democracy.

    In a democracy, the end does not justify the means. That's because citizens have certain guaranteed, inalienable rights (the means,) such as the right to due process and the right to a search warrant sworn before a judge to have private property searched.

    Deeming service employees as paid confidential informants negates the Bill of Rights and everything the Constitution used to stand for.

    However the STASI would be jealous.

    Also, fuck Best Buy.

  23. W. Anderson

    Amateur detectives

    It is bad enough than many of Geek Squad technicians are 'amateur' at best in technical capability, so a $$money incentive from FBI would therefore be easy to get results that may not and probably will not be legitimate.

    How will Geek squad pimp on user of a Chromebook where any data is stored on remote servers, and therefore inaccessible to Geek squad technicians.

    This reality sounds so ridiculous as to be fiction, which is is not.

  24. onefang

    Sometimes it is far too easy to stumble across Things That Should Not Be Seen.

    I do some volunteer work at a seniors place, where I sometimes fix up computers for the seniors. The other day one of them brought in their laptop, complaining that their web browser wasn't working. Sure enough, it wouldn't start up. Simple fix, reinstall the browser. Then test the fix, start up the browser, also demonstrating to the senior who was sitting there watching me, that it was now working fine. Naturally the web browser had crashed the last time it had work, so decided to show the last page he had been viewing at the time. Luckily for me, that particular gay porn site page didn't include pictures.

  25. steviebuk Silver badge

    Geek Squad should never be trusted...

    ...considering way back before Wininternals was purchased by Microsoft, Mark and Bryce released some extra tools of theirs under a license. Went to Geek Squad to show them, at Mark's and Bryce's own expense, the tools and gave them free training. Geek Squad said no thanks then continued to use the tools without a license anyway. So Mark and Bryce sued and won :)

    https://sysinternals.d4rk4.ru/Blog/2006/04/why-winternals-sued-best-buy.html

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like