offers $500 bounties
keep this in mind next time you want some 3rd party individual to fix your computer
A judge has ruled that people who give their knackered computers to Best Buy's Geek Squad for repairs have no comeback if technicians find and report any illegal material to the Feds. The ruling, by US District Court Judge Cormac Carney, came this week over the case of Dr Mark Rettenmaier, a prominent California gynecologist …
Indeed... "offers $500 bounties for successful finds of illegal material" whether you find it, or copy it there yourself, right? Sounds like a super-tight system that does not lead to abuse or fraud. No matter, Best Buy will be joining their dead friends Circuit City some time in the near future. Just lock up the doctor, the geek squad tech, and the FBI agent involved with this goddamn mess, and be done with them all! They all sound like shitheads to me.
Exactly, I cannot fathom how this sort of thing is a valid "find" in any sense* - what proof do we have that any "found" file wasn't planted by the tech? Are they now suddenly beyond reproach and incorruptible or something?!? And please not even a peep more about "metadata" - what idiot thinks that is "proof" of anything when it can be suitably rewritten by anyone at any time?!?
* The thousands of other pics are a totally different issue, I'm not defending those...
Simple-
Chain of custody.
Had a highway cop come to me for an assist. He was getting fired because they said he did not turn in a report on time. It appears their forensic team could not figure out the difference between file creation date and last access date of the file.
And our freedom depends on these guys?
Which is why the FBI didn't use the image to charge the "good" doctor, but instead used it to obtain a search warrant. Evidence requirements for obtaining a search warrant are lighter than for prosecutions -- otherwise you'd have to prove a crime was committed before you could search for evidence of crime.
Bit of a cart, horse problem there.
I understand that "probable cause" is a less onerous burden of proof than "beyond reasonable doubt" ... I'm just sceptical that a non state official's apparently forensic search of a hard drive, turning up a apparently non-illegal frame from an illegal video, even meets the former.
The argument that it does would appear to rest on the intrinsic honesty of the Geek Squad staff performing their civic duty. But when relatively low paid staff can secure a relatively large bounty, their motives become less clear cut. Indeed it seems that the only reason for a non state official to make a search of unallocated sectors would be to secure such a bounty or make some other material gain (unless, of course, they had actually been asked to attempt to recover deleted files).
I'd be a little more concerned why they were looking for, undeleting and viewing files in the first place. Picture's video's etc have nothing to do with operating system repair..
PC repair is just that, Fix it! Customers personal files are none of your business. Techs are on the honour system, they are expected to not snoop. It sure sounds like the Geek Squad spends a lot of time looking for this kind of content and I'll bet billing the customer for the time spent doing it...
@AC - When I work on someone's machine, I am not rummaging through their files. This smells like someone was looking trough logs and decided to look at a file.
As far as the image being deleted, I am not sure if the ferals were told or bothered to ask. But it is an important point to build a case. But the ferals have certain targets such as pedos that they will often not only bend the rules but shatter them. This smells like the latter.
Among some of the sharper consumer types (not employed geeks), Geek Squad and some other places are know for going through the HDD's and copying anything that interests them... pictures, games, etc. Best advice if you're a customer is to keep everything on a separate, removable HDD and remove it before taking the box in for work.
by intentionally looking at every deleted image then it is clear that geek squad were acting not for their customer's benefit but inorder to claim the FBI bribe. Having done data recovery in the past then there tends to be a lot of deleted images on any machine that is using the internet and it takes quite a time to find anything unless you know the filename or date. Typically I would just image the drive and let the customer extract what they wanted rather than waste time peering at random images but then again I was not being paid to find evidence against the owner.
It would have been better if the FBI had made certain that their target was indeed a paedo before revealing to the world that they have this legal loophole availible to catch pervs. The case as presented here seems somewhat weak to waste this whole legal backdoor operation upon. Further it is more than possible that the defense will just say geek squad put it there themselves so they could claim their FBI bribe. It is clear that geek squad is unscupulous and their agents willing to spend more time searching for evidence against their customer than actually fixing the fault they were paid to find, if I was a judge I would be very sceptical
If you are using low level disk tools then it is minor to spoof meta data such as time stamp etc, they would need seperate internet records or similar to show that the defendant got this file on his computer by acts that are themselves illegal and prove that it was the defendant at the wheel at that time.
Given that no mention is made of this style of supporting evidence then I would say they have wasted any bounties they have already paid and would be better to cut geek squad loose.
That the FBI was using government funds in what can only be seen as an obvious attempt to promote the creation of fake evidence is somewhat worrying, perhaps they should drop the "I" in their acronym.
@Alan Newbury
Perhaps the local FBI field office was trying to live up to the alternate expansion of their acronym:
Famous But Incompetent (which is more suitable for the refined readership of a family friendly publication like El Reg than "F***ing Bunch of Idiots" or "F***ing Blithering Idiots").
The agency has a close relationship with Geek Squads, and offers $500 bounties for successful finds of illegal material.
Rettenmaier's defense team had argued that this was an invalid search, but Judge Carney ruled that is was legitimate since the defendant had signed a contract with the Geek Squad that contains a warning that illegal material will be reported.
Is this correct:
1. So the FBI was either knowingly paying for illegal searches, or turning a blind eye to the fact that $500 is going to cause illegal searches.
2. The searches include any material relating to crime or possible crime, including emails and documents.
3. The FBI is paying Geek Squad, and Geek Squad is accepting, payment for searching and viewing all sorts of emails, documents and pictures on everyone's computer, hoping for a $500 bounty.
4. The illegal material in this was not stumbled across, but discovered after an active search paid for by the potential for the FBI bounty.
I think there is a class action suit possible on behalf of all Geek Squad customers whose confidentially was violated by the existence of this FBI bounty and Geek Squad's acceptance of it.
The judge erred in law.
You cannot sign off a fundamental right enshrined by the constitution by signing a contract. That is the case both in USA and worldwide (for the countries which have constitutions and the concepts of fundamental rights).
As far as the role of Best Buy, the only way they could have found a one-off deleted image is industrialized search - clone the disk and run everything past a hash comparison for known "dubious" images. The only people who own an up-to date database of that are the police. So, in fact, they are on a no-win-no-fee contract with the police and performing an illegal police search on every machine. There is no doubt about the lack of legality - you cannot waive your right by signing a contract with a private party.
.
Most probably they were tipped by something/someone in advance, i.e. they knew beforehand that there might be paedo images on the HDD. Or they "stumbled upon" something in browser history and then decided to search for pics (less likely).
The bounty implies that there's a direct incentive for a Geek Squad technician to actually put material on a drive so as to 'find' it. Since they're assumed to be technically competent it would be almost impossible to prove they didn't.
We've had problems in the US with images of pre-pubescent children being flagged as illegal content. Some of the earliest were with drugstore photo processing back in the chemical picture days. Taking snapshots of ones children unclothed -- definitely a no-no in today's 'liberal' America. (....and we complain about the Taliban)
"a prominent California gynecologist"
I know I'd expect to find confidential medical information on a physician's computer.
And what sorts of confidential information and photos would one expect to find on a gynecologist's or plastic surgeon's computer?
Seems to me like there has been more than one perverted criminal act here.
Doctors find themselves in the distasteful position of having to treat victims of child abuse - so it would not be unusual to find pictures of such cases in the doctor's computer. They have to gather photo graphic evidence for the child's medical case as well.
They would have to give a doctor wide latitude as long as they are case histories, only as records of private patients. Many doctors have to go to special training seminars on child abuse, and it would be no wonder they would have graphic training details in the files as well.
If the FBI is offering bounties, then - irrespective of whether it's a formal arrangement, or ad-hoc, there is a *very* good argument that Geek Squad/Best Buy are acting as "agents of the state".
The moment that relationship is established to the satisfaction of a court, then the defendant has the immediate (and retrospective) protection from unlawful searches provided by the US Constitutions fourth amendment. Which would require that the FBI had a warrant *before* they went a-snoopin'
Add that to the fruit of the poison tree doctrine, and this is a very shaky case. Generally US law is very clear that you can't break the law to enforce the law. (Unlike the UK where i's positively encouraged)
I vaguely wonder if there's a gap in the market for a whole disk encryption system which allows 2 levels of access:..
1) Decrypt/Read-Only, so the disk can be copied and read for diagnostic/maintenance purposes
2) Encrypt/Read-Write, so only the authorised key holder can make changes.
Give your PC to the repair shop with key (1).
In what universe would such a thing (if even possible...) not be much worse?
They would still be free to help themselves to anything potentially sensitive on your drive, except now you couldn't even deny ownership of anything they might find objectionable (needs not be obviously illegal content - you never know what they might find "interesting")...
Wat.
It is only if they can't read that they can't find the evidence, or the original problem, so they might as well not have the machine-- they still can't do their job even if they could write, which they needed to do anyway in order to solve the original problem. (but you can always write, zeroing a bucket of apparently random data is writing) Also you might want to read up on symmetric crypto, PKI, LUKS, etc. Then vaguely wondering will go better for you.
LUKS could allow read-only access but all someone has to do is rewrite the open-source block device & dm-crypt stuff to allow anything-- because it's either opened or not opened and there is and can ever be only one key that turns nonsense into sense. Well, unless someone made an algo that could deterministically decrypt into two or more sets of meaningful data based only on which key was used, which would be hella neat for when the {bad guys,investigators} resort to beating you with a wrench. IIRC TrueCrypt did something like that but it wasn't literally the same data, just a key-triggered decoy filesystem that would hopefully bring an end to the "alternative interrogation". Someone with their own modified TC could still determine which key you had given them, I think... disclaimer: No, really, I mean it's really hard and I typically don't do more than repeat what I hear
If some pedo was a marginally self-interested pedo, he'd take his hard drive out, swap it for a known dead one, and let Geek Squad sell him a new hard drive then get Windows onto it. Then buy a USB 2.0 enclosure for like $20 and stick the private (dirty) one into it and keep the data. This gives horrible new meaning to "nearsighted gynecologist" and says "I suck at thinking"
Without referring to what the doctor may or may not have done, whether or not it is legal and whether a warrant was justified my concern goes outside the details fo the case itself.
If these guys are doing a search to find the picture in question it would suggest they routinely scan through all the files. I have confidential documents on my laptop when it shows signs of being about to break, not a problem as I have backups so I delete all the sensitive files and take it to Mr Snoopy the PC repair man. Mr Snoopy then pulls copies of these files and has access to this info.
Personally, as someone who knows what they are doing I wouldn't take it to a PC repair shop in the first place, and any sensitive files would be encrypted but how many doctors, politicians, business people would think to do this, never mind know how to do it? I know there other considerations like you should have a decent IT policy, backups, not have sensitive info on a personal machine and so on but time has repeatedly shown that these guidelines aren't followed. It doesn't give a repair man the right to lift this material when I put a machine in for repair.
Under US HIPAA regulations the doctor might even be required to encrypt patient files to keep them confidential, when giving up the files for computer maintenance. Our whole organization was under HIPAA, and we were very cognizant of every move we made to maintain compliance. I really wonder how much training doctors get along these lines, though.
You should put confidential documents on an encrypted volume. But the question is, if Best Buy finds out you have encrypted some data and reports this to FBI, will a search warrant be issued?
P.S. use "shred -u" instead of "rm" to remove confidential docs if you can't use encryption. If you can, don't forget to enable the "wipe" option during cryptvol setup. You can do "badblocks -svwtrandom /dev/sda" to wipe the whole HDD before giving your PC to repair shop.
I think this is ok, as, who knows what was wrong with the system, it would not boot. The drive might have been dodgy ... what do you do, get data recovery, retrieve all data you can onto another drive, install an os, copy data over, done!
Now, if in the process you come across pedophile images or whatever, you HAVE TO REPORT IT. IBM Portsmouth found exactly that and had to report it. It is YOUR obligation as a citizen to report any crimes you witness.
What I find quite disturbing, though, is how the guy identified the still of a girl as pedophile material, when the image as such was not even classified as "pornography" of any kind.
I have never seen pedophile content, I would not be able to identify this photo as pedophile content ... a still of a "famous pedophile video" ? WTF ? How can this stuff be widely known ? <joke>Oh, I see, I've never been to church, must be that!</joke> Seriously, I dunno ...
"famous pedophile video" ? WTF ?
I would presume the author meant infamous, notorious, widely known by the authorities or amongst pedos, or it's a particularly left-pondian figure of speech.
I can't recall what the article originally said but it now reads "It was a still from a well-known child abuse video".
Generally if I'm copying data from a failing drive to a good one, I'm not looking through individual deleted files, though. Usually it'd be a bitwise copy with something like ddrescue. If I had more sophisticated tools that understood the filesystem I'd probably skip unallocated space altogether, to save time.
No, unless he brought it in to have deleted files recovered, the only possible reason for them to be poking around in the unallocated space is in hopes of getting that $500 jackpot.
Wait the fact that these people are paid to discover crimes that are not in plain sight should make them agents of the police. It's like this if I break into a house and see a dead body and call the cops you are screwed. If the police pay me to do that I'm an agent of the police and need a warrant.
This story was already covered by El Reg: link.
I didn't notice much in the way of new news, so it must be a slow day if we are being offered re-runs...
As for the accused, first we're going to give him a fair trial, then we're going to hang him.
"The doctor also verbally consented to an engineer checking his hard drive." - His lawyer must be utterly useless. He consented for them to CHECK his hard drive. Check it. For the purposes of conducting a repair. Not browse it. Not search it. Not copy it. Not recover deleted data from it.
If they do anything more than run HDTune Pro they've committed an offense and the evidence and statement are only valid for one case - the one against the geek squad employee who did it.
For his lawyer not to get the case throw out on day 1 is ridiculous.
Ok look at it this way.
When I copy off a set of images from one off the memory card my cameras, for any purpose, backup, archive, pass a set of wedding photos to the happy couple etc etc I generally test open a few files off the copy as a quick and dirty check that all went well.
It could be that these guys did just that - and for the purposes of not "snooping" personal data, and presuming innocence of the customer, would it not be better to open a random few images than say, .doc files?
And then they found something potentially nasty. So, did they then immediately call the authorities to report or open all the images they could to -er- look for evidence themselves?
From the article it would seem the former.
Ain't gonna work though, because some data might stick in a swap file (swap partition) or fs journal or other "caches" you don't know about.
Listen here, guys, you must use "whole disk encryption" where everything (excluding /boot) is encrypted, including swap partition of course. Otherwise there's no guarantee Best Buy et al won't leer at your files.
and BTW I don't know of any tools to overwrite the said "free space". More to this, overwriting let's say 1 terabyte of free space would take on order of ten hours or more, so your advice is totally impractical, besides the already mentioned problem of filesystem journal and swap partition. Also, "cleaning" of web caches doesn't do any "shred", it just unlinks.
Whole disk encryption on the contrary is:
1. highly practical
2. widely available
3. its setup is straightforward and user-friendly -- it can be performed in stock Debian installation wizard (wizard, for fucks' sake!) since goddamn AGES!
You can overwrite unallocated space by creating junk files (which will be stored in said space) until no more will fit, no matter how small; then just deleting them. Even a .wav file of static and power hum, or a bitmap of the inside of the lid of a scanner, will do. Now you know exactly what's occupying your unallocated space.
Data cannot be recovered after a single overwrite. It has never been done in practice except for a few contrived cases that even then would not have resulted in a complete file, let alone a whole disk; and HDD technology has improved since then in ways that make it even harder.
1: This story has been run before
2: $500 bounty means that the geek squad is acting as agents of the state (fruit of the poisoned tree)
3: trawling deleted files - major ethics violations
4: trawling files at all - again, major ethics violations. I'm surprised that some outfits haven't turned this around, given the reputation of "Geek Squads" for lifting "interesting" stuff off customer drives (eg: honeypotting for "interesting" software showing up elsewhere after the host PC has been into Best Buy)
I'm not defending pervs at all, but it's clear that:
a: Best Buy has a major liability on its hands.
b: Any court case bought as a result of "geek squad" discoveries has a high chance of being thrown out - which is NOT good for anyone - expecially victims or those who may end up falsely accused.
There's a reason that rules for evidence gathering and chains of custody exist. Circumventing them is bad news and anyone who attempts to do so should find their career unceremoniously stomped into the ground. It's corrupt behaviour and needs to be treated as such.
That said, if someone runs across illegal material whilst working on a client's PC, in most countries they're required to notify the authorities. Bounties don't enter the equation because failing to do so makes one an accessory after the fact.
This post has been deleted by its author