back to article Don't gripe if you hand your PC to Geek Squad and they rat you out to the Feds – judge

A judge has ruled that people who give their knackered computers to Best Buy's Geek Squad for repairs have no comeback if technicians find and report any illegal material to the Feds. The ruling, by US District Court Judge Cormac Carney, came this week over the case of Dr Mark Rettenmaier, a prominent California gynecologist …

  1. bombastic bob Silver badge
    Big Brother

    offers $500 bounties

    keep this in mind next time you want some 3rd party individual to fix your computer

    1. Anonymous Coward
      Anonymous Coward

      Re: offers $500 bounties

      Indeed... "offers $500 bounties for successful finds of illegal material" whether you find it, or copy it there yourself, right? Sounds like a super-tight system that does not lead to abuse or fraud. No matter, Best Buy will be joining their dead friends Circuit City some time in the near future. Just lock up the doctor, the geek squad tech, and the FBI agent involved with this goddamn mess, and be done with them all! They all sound like shitheads to me.

      1. DropBear
        WTF?

        Re: offers $500 bounties

        Exactly, I cannot fathom how this sort of thing is a valid "find" in any sense* - what proof do we have that any "found" file wasn't planted by the tech? Are they now suddenly beyond reproach and incorruptible or something?!? And please not even a peep more about "metadata" - what idiot thinks that is "proof" of anything when it can be suitably rewritten by anyone at any time?!?

        * The thousands of other pics are a totally different issue, I'm not defending those...

      2. Anonymous Coward
        Anonymous Coward

        Re: offers $500 bounties

        So will Geek Squad be charging $600 to avoid "finding" anything incriminating on your computer?

        1. Someone Else Silver badge
          Big Brother

          Re: offers $500 bounties

          "I'm gonna Geek Squad me a minivan!"

    2. redpawn

      Re: offers $500 bounties

      They would catch more people if they upped the reward to $10,000. Think of the benefits to the legal and prison industries. Buy for profit prison stocks now and beat the rush!

    3. Dimmer Bronze badge

      Re: offers $500 bounties

      Simple-

      Chain of custody.

      Had a highway cop come to me for an assist. He was getting fired because they said he did not turn in a report on time. It appears their forensic team could not figure out the difference between file creation date and last access date of the file.

      And our freedom depends on these guys?

  2. John H Woods Silver badge

    I can understand offering bounties...

    ... for tip-offs... all normal Police/Informant stuff. But I fail to see how this material can be consider evidence... it doesn't even meet basic chain-of-custody requirements.

    1. Steve Knox

      Re: I can understand offering bounties...

      Which is why the FBI didn't use the image to charge the "good" doctor, but instead used it to obtain a search warrant. Evidence requirements for obtaining a search warrant are lighter than for prosecutions -- otherwise you'd have to prove a crime was committed before you could search for evidence of crime.

      Bit of a cart, horse problem there.

      1. Anonymous Coward
        Anonymous Coward

        Re: I can understand offering bounties...

        I understand that "probable cause" is a less onerous burden of proof than "beyond reasonable doubt" ... I'm just sceptical that a non state official's apparently forensic search of a hard drive, turning up a apparently non-illegal frame from an illegal video, even meets the former.

        The argument that it does would appear to rest on the intrinsic honesty of the Geek Squad staff performing their civic duty. But when relatively low paid staff can secure a relatively large bounty, their motives become less clear cut. Indeed it seems that the only reason for a non state official to make a search of unallocated sectors would be to secure such a bounty or make some other material gain (unless, of course, they had actually been asked to attempt to recover deleted files).

  3. Anonymous Coward
    Anonymous Coward

    I'd be a little more concerned why they were looking for, undeleting and viewing files in the first place. Picture's video's etc have nothing to do with operating system repair..

    PC repair is just that, Fix it! Customers personal files are none of your business. Techs are on the honour system, they are expected to not snoop. It sure sounds like the Geek Squad spends a lot of time looking for this kind of content and I'll bet billing the customer for the time spent doing it...

    1. a_yank_lurker

      @AC - When I work on someone's machine, I am not rummaging through their files. This smells like someone was looking trough logs and decided to look at a file.

      As far as the image being deleted, I am not sure if the ferals were told or bothered to ask. But it is an important point to build a case. But the ferals have certain targets such as pedos that they will often not only bend the rules but shatter them. This smells like the latter.

      1. Yet Another Anonymous coward Silver badge

        > When I work on someone's machine, I am not rummaging through their files.

        Unless you can get a $500 bonus for finding anything

    2. Mark 85

      Among some of the sharper consumer types (not employed geeks), Geek Squad and some other places are know for going through the HDD's and copying anything that interests them... pictures, games, etc. Best advice if you're a customer is to keep everything on a separate, removable HDD and remove it before taking the box in for work.

  4. Anonymous Coward
    Anonymous Coward

    Given that the data could only have been obtained

    by intentionally looking at every deleted image then it is clear that geek squad were acting not for their customer's benefit but inorder to claim the FBI bribe. Having done data recovery in the past then there tends to be a lot of deleted images on any machine that is using the internet and it takes quite a time to find anything unless you know the filename or date. Typically I would just image the drive and let the customer extract what they wanted rather than waste time peering at random images but then again I was not being paid to find evidence against the owner.

    It would have been better if the FBI had made certain that their target was indeed a paedo before revealing to the world that they have this legal loophole availible to catch pervs. The case as presented here seems somewhat weak to waste this whole legal backdoor operation upon. Further it is more than possible that the defense will just say geek squad put it there themselves so they could claim their FBI bribe. It is clear that geek squad is unscupulous and their agents willing to spend more time searching for evidence against their customer than actually fixing the fault they were paid to find, if I was a judge I would be very sceptical

    If you are using low level disk tools then it is minor to spoof meta data such as time stamp etc, they would need seperate internet records or similar to show that the defendant got this file on his computer by acts that are themselves illegal and prove that it was the defendant at the wheel at that time.

    Given that no mention is made of this style of supporting evidence then I would say they have wasted any bounties they have already paid and would be better to cut geek squad loose.

    That the FBI was using government funds in what can only be seen as an obvious attempt to promote the creation of fake evidence is somewhat worrying, perhaps they should drop the "I" in their acronym.

    1. Alan Newbury
      Devil

      Re: Given that the data could only have been obtained

      "perhaps they should drop the "I" in their acronym." - I don't know, Federal Bureau of Incrimination works for me

      1. Anonymous Coward
        Anonymous Coward

        Re: Given that the data could only have been obtained

        @Alan Newbury

        Perhaps the local FBI field office was trying to live up to the alternate expansion of their acronym:

        Famous But Incompetent (which is more suitable for the refined readership of a family friendly publication like El Reg than "F***ing Bunch of Idiots" or "F***ing Blithering Idiots").

  5. WatAWorld

    Class Action suit? FBI paying bounty for illegal searches of photos, emails and documents?

    The agency has a close relationship with Geek Squads, and offers $500 bounties for successful finds of illegal material.

    Rettenmaier's defense team had argued that this was an invalid search, but Judge Carney ruled that is was legitimate since the defendant had signed a contract with the Geek Squad that contains a warning that illegal material will be reported.

    Is this correct:

    1. So the FBI was either knowingly paying for illegal searches, or turning a blind eye to the fact that $500 is going to cause illegal searches.

    2. The searches include any material relating to crime or possible crime, including emails and documents.

    3. The FBI is paying Geek Squad, and Geek Squad is accepting, payment for searching and viewing all sorts of emails, documents and pictures on everyone's computer, hoping for a $500 bounty.

    4. The illegal material in this was not stumbled across, but discovered after an active search paid for by the potential for the FBI bounty.

    I think there is a class action suit possible on behalf of all Geek Squad customers whose confidentially was violated by the existence of this FBI bounty and Geek Squad's acceptance of it.

    1. Voland's right hand Silver badge

      Re: Class Action suit? FBI paying bounty for illegal searches of photos, emails and documents?

      The judge erred in law.

      You cannot sign off a fundamental right enshrined by the constitution by signing a contract. That is the case both in USA and worldwide (for the countries which have constitutions and the concepts of fundamental rights).

      As far as the role of Best Buy, the only way they could have found a one-off deleted image is industrialized search - clone the disk and run everything past a hash comparison for known "dubious" images. The only people who own an up-to date database of that are the police. So, in fact, they are on a no-win-no-fee contract with the police and performing an illegal police search on every machine. There is no doubt about the lack of legality - you cannot waive your right by signing a contract with a private party.

      .

    2. Ramazan

      Re: was not stumbled across, but discovered after an active search

      Most probably they were tipped by something/someone in advance, i.e. they knew beforehand that there might be paedo images on the HDD. Or they "stumbled upon" something in browser history and then decided to search for pics (less likely).

      1. martinusher Silver badge

        Re: was not stumbled across, but discovered after an active search

        The bounty implies that there's a direct incentive for a Geek Squad technician to actually put material on a drive so as to 'find' it. Since they're assumed to be technically competent it would be almost impossible to prove they didn't.

        We've had problems in the US with images of pre-pubescent children being flagged as illegal content. Some of the earliest were with drugstore photo processing back in the chemical picture days. Taking snapshots of ones children unclothed -- definitely a no-no in today's 'liberal' America. (....and we complain about the Taliban)

    3. Tom 35

      Re: Class Action suit? FBI paying bounty for illegal searches of photos, emails and documents?

      I expect the GOPers would come up with retroactive permission just like the Telecom spy suit.

  6. WatAWorld

    a prominent California gynecologist

    "a prominent California gynecologist"

    I know I'd expect to find confidential medical information on a physician's computer.

    And what sorts of confidential information and photos would one expect to find on a gynecologist's or plastic surgeon's computer?

    Seems to me like there has been more than one perverted criminal act here.

    1. JCitizen
      Holmes

      Re: a prominent California gynecologist

      Doctors find themselves in the distasteful position of having to treat victims of child abuse - so it would not be unusual to find pictures of such cases in the doctor's computer. They have to gather photo graphic evidence for the child's medical case as well.

      They would have to give a doctor wide latitude as long as they are case histories, only as records of private patients. Many doctors have to go to special training seminars on child abuse, and it would be no wonder they would have graphic training details in the files as well.

      1. Ramazan

        Re: no wonder they would have graphic training details in the files as well.

        in this case it would be trivial for the said doctor to prove his innocence by pointing out the source of images. FBI should also be able to tell the difference, so this your argument is invalid here.

      2. Anonymous Coward
        Anonymous Coward

        Re: a prominent California gynecologist

        I hope the mere existence of such photos isn't justified by having been gathered for & used in a training seminar.

  7. Anonymous Coward
    Anonymous Coward

    4th amendment ????

    If the FBI is offering bounties, then - irrespective of whether it's a formal arrangement, or ad-hoc, there is a *very* good argument that Geek Squad/Best Buy are acting as "agents of the state".

    The moment that relationship is established to the satisfaction of a court, then the defendant has the immediate (and retrospective) protection from unlawful searches provided by the US Constitutions fourth amendment. Which would require that the FBI had a warrant *before* they went a-snoopin'

    Add that to the fruit of the poison tree doctrine, and this is a very shaky case. Generally US law is very clear that you can't break the law to enforce the law. (Unlike the UK where i's positively encouraged)

  8. Anonymous Coward
    Anonymous Coward

    Whole disk encryption ...

    I vaguely wonder if there's a gap in the market for a whole disk encryption system which allows 2 levels of access:..

    1) Decrypt/Read-Only, so the disk can be copied and read for diagnostic/maintenance purposes

    2) Encrypt/Read-Write, so only the authorised key holder can make changes.

    Give your PC to the repair shop with key (1).

    1. DropBear

      Re: Whole disk encryption ...

      In what universe would such a thing (if even possible...) not be much worse?

      They would still be free to help themselves to anything potentially sensitive on your drive, except now you couldn't even deny ownership of anything they might find objectionable (needs not be obviously illegal content - you never know what they might find "interesting")...

    2. DontFeedTheTrolls
      FAIL

      Re: Whole disk encryption ...

      Given the vast majority of computers handed in for "repair" are related to disk or OS issues you'd need to give them the write key to fix the problem.

    3. Anonymous Coward
      Facepalm

      Re: Whole disk encryption ...

      Wat.

      It is only if they can't read that they can't find the evidence, or the original problem, so they might as well not have the machine-- they still can't do their job even if they could write, which they needed to do anyway in order to solve the original problem. (but you can always write, zeroing a bucket of apparently random data is writing) Also you might want to read up on symmetric crypto, PKI, LUKS, etc. Then vaguely wondering will go better for you.

      LUKS could allow read-only access but all someone has to do is rewrite the open-source block device & dm-crypt stuff to allow anything-- because it's either opened or not opened and there is and can ever be only one key that turns nonsense into sense. Well, unless someone made an algo that could deterministically decrypt into two or more sets of meaningful data based only on which key was used, which would be hella neat for when the {bad guys,investigators} resort to beating you with a wrench. IIRC TrueCrypt did something like that but it wasn't literally the same data, just a key-triggered decoy filesystem that would hopefully bring an end to the "alternative interrogation". Someone with their own modified TC could still determine which key you had given them, I think... disclaimer: No, really, I mean it's really hard and I typically don't do more than repeat what I hear

      If some pedo was a marginally self-interested pedo, he'd take his hard drive out, swap it for a known dead one, and let Geek Squad sell him a new hard drive then get Windows onto it. Then buy a USB 2.0 enclosure for like $20 and stick the private (dirty) one into it and keep the data. This gives horrible new meaning to "nearsighted gynecologist" and says "I suck at thinking"

  9. Cereberus

    The bigger picture

    Without referring to what the doctor may or may not have done, whether or not it is legal and whether a warrant was justified my concern goes outside the details fo the case itself.

    If these guys are doing a search to find the picture in question it would suggest they routinely scan through all the files. I have confidential documents on my laptop when it shows signs of being about to break, not a problem as I have backups so I delete all the sensitive files and take it to Mr Snoopy the PC repair man. Mr Snoopy then pulls copies of these files and has access to this info.

    Personally, as someone who knows what they are doing I wouldn't take it to a PC repair shop in the first place, and any sensitive files would be encrypted but how many doctors, politicians, business people would think to do this, never mind know how to do it? I know there other considerations like you should have a decent IT policy, backups, not have sensitive info on a personal machine and so on but time has repeatedly shown that these guidelines aren't followed. It doesn't give a repair man the right to lift this material when I put a machine in for repair.

    1. JCitizen
      Big Brother

      Re: The bigger picture

      Under US HIPAA regulations the doctor might even be required to encrypt patient files to keep them confidential, when giving up the files for computer maintenance. Our whole organization was under HIPAA, and we were very cognizant of every move we made to maintain compliance. I really wonder how much training doctors get along these lines, though.

    2. Ramazan

      Re: I have confidential documents on my laptop

      You should put confidential documents on an encrypted volume. But the question is, if Best Buy finds out you have encrypted some data and reports this to FBI, will a search warrant be issued?

      P.S. use "shred -u" instead of "rm" to remove confidential docs if you can't use encryption. If you can, don't forget to enable the "wipe" option during cryptvol setup. You can do "badblocks -svwtrandom /dev/sda" to wipe the whole HDD before giving your PC to repair shop.

    3. Tom 35

      Re: The bigger picture

      I seem to remember a story awhile ago about an apple shop where staff was discovered collecting and sharing "home videos" that they found on computers and phones that they serviced.

  10. Hans 1
    WTF?

    I think this is ok, as, who knows what was wrong with the system, it would not boot. The drive might have been dodgy ... what do you do, get data recovery, retrieve all data you can onto another drive, install an os, copy data over, done!

    Now, if in the process you come across pedophile images or whatever, you HAVE TO REPORT IT. IBM Portsmouth found exactly that and had to report it. It is YOUR obligation as a citizen to report any crimes you witness.

    What I find quite disturbing, though, is how the guy identified the still of a girl as pedophile material, when the image as such was not even classified as "pornography" of any kind.

    I have never seen pedophile content, I would not be able to identify this photo as pedophile content ... a still of a "famous pedophile video" ? WTF ? How can this stuff be widely known ? <joke>Oh, I see, I've never been to church, must be that!</joke> Seriously, I dunno ...

    1. Jason Bloomberg Silver badge

      "famous pedophile video" ? WTF ?

      I would presume the author meant infamous, notorious, widely known by the authorities or amongst pedos, or it's a particularly left-pondian figure of speech.

      I can't recall what the article originally said but it now reads "It was a still from a well-known child abuse video".

      1. DomWilko

        I still find the phrase 'well-known child abuse video' very disturbing.

    2. Orv Silver badge

      Generally if I'm copying data from a failing drive to a good one, I'm not looking through individual deleted files, though. Usually it'd be a bitwise copy with something like ddrescue. If I had more sophisticated tools that understood the filesystem I'd probably skip unallocated space altogether, to save time.

      No, unless he brought it in to have deleted files recovered, the only possible reason for them to be poking around in the unallocated space is in hopes of getting that $500 jackpot.

    3. Someone Else Silver badge

      @Hans 1: I don't know what side of the pond you live on, but over here in The Colonies, we explicitly have no obligation whatsoever to report crimes, or anything else, for that matter.

  11. kain preacher

    Wait the fact that these people are paid to discover crimes that are not in plain sight should make them agents of the police. It's like this if I break into a house and see a dead body and call the cops you are screwed. If the police pay me to do that I'm an agent of the police and need a warrant.

  12. Robert Helpmann??
    Childcatcher

    Nothing new here. Move along...

    This story was already covered by El Reg: link.

    I didn't notice much in the way of new news, so it must be a slow day if we are being offered re-runs...

    As for the accused, first we're going to give him a fair trial, then we're going to hang him.

  13. casaloco

    His lawyer must suck donkey balls.

    "The doctor also verbally consented to an engineer checking his hard drive." - His lawyer must be utterly useless. He consented for them to CHECK his hard drive. Check it. For the purposes of conducting a repair. Not browse it. Not search it. Not copy it. Not recover deleted data from it.

    If they do anything more than run HDTune Pro they've committed an offense and the evidence and statement are only valid for one case - the one against the geek squad employee who did it.

    For his lawyer not to get the case throw out on day 1 is ridiculous.

    1. PNGuinn
      Stop

      "The doctor also verbally consented to an engineer checking his hard drive."

      Ok look at it this way.

      When I copy off a set of images from one off the memory card my cameras, for any purpose, backup, archive, pass a set of wedding photos to the happy couple etc etc I generally test open a few files off the copy as a quick and dirty check that all went well.

      It could be that these guys did just that - and for the purposes of not "snooping" personal data, and presuming innocence of the customer, would it not be better to open a random few images than say, .doc files?

      And then they found something potentially nasty. So, did they then immediately call the authorities to report or open all the images they could to -er- look for evidence themselves?

      From the article it would seem the former.

  14. JCDenton

    "and the engineers called in the FBI"

    Did TheRegister just refer to a GeekSquad employee as an "engineer"? Oh, lol!

  15. Fatman

    The 'takeaway' lesson is....

    1) Have your browser clear the cache on exit every time you close it, (and close it frequently), and

    2) Frequently overwrite free disk space to remove any fragments of deleted files.

    1. Ramazan

      Re: Frequently overwrite free disk space to remove any fragments

      Ain't gonna work though, because some data might stick in a swap file (swap partition) or fs journal or other "caches" you don't know about.

      Listen here, guys, you must use "whole disk encryption" where everything (excluding /boot) is encrypted, including swap partition of course. Otherwise there's no guarantee Best Buy et al won't leer at your files.

      1. Ramazan

        Re: Frequently overwrite free disk space to remove any fragments

        and BTW I don't know of any tools to overwrite the said "free space". More to this, overwriting let's say 1 terabyte of free space would take on order of ten hours or more, so your advice is totally impractical, besides the already mentioned problem of filesystem journal and swap partition. Also, "cleaning" of web caches doesn't do any "shred", it just unlinks.

        Whole disk encryption on the contrary is:

        1. highly practical

        2. widely available

        3. its setup is straightforward and user-friendly -- it can be performed in stock Debian installation wizard (wizard, for fucks' sake!) since goddamn AGES!

        1. tony trolle

          Re: Frequently overwrite free disk space to remove any fragments

          " BTW I don't know of any tools to overwrite the said "free space""

          Poor Ramazan never used CCleaner ? it has that option

        2. JulieM Silver badge

          Re: Frequently overwrite free disk space to remove any fragments

          You can overwrite unallocated space by creating junk files (which will be stored in said space) until no more will fit, no matter how small; then just deleting them. Even a .wav file of static and power hum, or a bitmap of the inside of the lid of a scanner, will do. Now you know exactly what's occupying your unallocated space.

          Data cannot be recovered after a single overwrite. It has never been done in practice except for a few contrived cases that even then would not have resulted in a complete file, let alone a whole disk; and HDD technology has improved since then in ways that make it even harder.

  16. Alan Brown Silver badge

    Multiple levels of fail here

    1: This story has been run before

    2: $500 bounty means that the geek squad is acting as agents of the state (fruit of the poisoned tree)

    3: trawling deleted files - major ethics violations

    4: trawling files at all - again, major ethics violations. I'm surprised that some outfits haven't turned this around, given the reputation of "Geek Squads" for lifting "interesting" stuff off customer drives (eg: honeypotting for "interesting" software showing up elsewhere after the host PC has been into Best Buy)

    I'm not defending pervs at all, but it's clear that:

    a: Best Buy has a major liability on its hands.

    b: Any court case bought as a result of "geek squad" discoveries has a high chance of being thrown out - which is NOT good for anyone - expecially victims or those who may end up falsely accused.

    There's a reason that rules for evidence gathering and chains of custody exist. Circumventing them is bad news and anyone who attempts to do so should find their career unceremoniously stomped into the ground. It's corrupt behaviour and needs to be treated as such.

    That said, if someone runs across illegal material whilst working on a client's PC, in most countries they're required to notify the authorities. Bounties don't enter the equation because failing to do so makes one an accessory after the fact.

  17. eJ2095

    just a thought

    Whats to stop them dropping an image on the drive etc etc (if they are worth there salt make it come from an earlier point in time)

    then claim the bounty?

  18. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like