Cozy Relationship Between The FBI And A Computer Repair Service Spurs 4th Amendment Concerns
Wednesday, March 07, 2018
The Electronic Frontier Foundation (EFF) has learned more about the relationship between Geek Squad, a computer repair service, and the U.S. Federal Bureau of Investigation (FBI). In a March 6th announcement, the EFF said it filed a:
"... FOIA lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights."
Founded in 1966, the Best Buy retail chain operates more than 1,500 stores in North America and employs more than 125,000 people. The chain sells home appliances and electronics both online and at stores in the United States, Canada, and Mexico. Located in about 1,100 Best Buy stores, Geek Squad provides repair services via phone, in-store, or at home. This means that Geek Squad employees configure and fix popular smart devices many consumers have purchased for their homes: cameras and camcorders, cell phones, computers and tablets, home theater, car electronics, home security (e.g., smart doorbells, smart locks, smart thermostats, wireless cameras), smart appliances (e.g., refrigerators, ovens, washing machines, dryers, etc.), smart speakers, video game consoles, wearables (e.g., fitness bands, smart watches), and more.
The 4th Amendment of the U.S. Constitution states:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
It is most puzzling how a broken computer translates into probable cause for a search. The FOIA request was prompted by the prosecution of a doctor in California, "who was charged with possession of child pornography after Best Buy sent his computer to the Kentucky Geek Squad repair facility."
The FOIA request yielded documents which showed:
"... that Best Buy officials have enjoyed a particularly close relationship with the agency for at least 10 years. For example, an FBI memo from September 2008 details how Best Buy hosted a meeting of the agency’s “Cyber Working Group” at the company’s Kentucky repair facility... Another document records a $500 payment from the FBI to a confidential Geek Squad informant... over the years of working with Geek Squad employees, FBI agents developed a process for investigating and prosecuting people who sent their devices to the Geek Squad for repairs..."
The EFF announcement described that process in detail:
"... a series of FBI investigations in which a Geek Squad employee would call the FBI’s Louisville field office after finding what they believed was child pornography. The FBI agent would show up, review the images or video and determine whether they believe they are illegal content. After that, they would seize the hard drive or computer and send it to another FBI field office near where the owner of the device lived. Agents at that local FBI office would then investigate further, and in some cases try to obtain a warrant to search the device... For example, documents reflect that Geek Squad employees only alert the FBI when they happen to find illegal materials during a manual search of images on a device and that the FBI does not direct those employees to actively find illegal content. But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material... Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography..."
Finding child pornography and prosecuting perpetrators is a worthy goal, but the FBI-Geek Squad program seems to blur the line between computer repair and law enforcement. The program and FOIA documents raise several questions:
- What are the program details (e.g., training, qualifications for informants, payments, conditions for payments, scope, etc.) for financial rewarding Geek Squad employees for finding child pornography?
- What other computer/appliance repair vendors does the FBI operate similar programs with?
- What quality control measures does the program contain to prevent wrongful prosecutions?
- What penalties or consequences, if any, for Geek Squad employees who falsely reported child pornography claims?
- Is this Geek Squad program nationwide, or if not, in which states does it operate?
- In cases of suspected child pornography, what other information on targets' devices is collected and archived by the FBI through this program?
- Were/are whole hard drives copied and archived?
- How long is information archived?
- Does the program between the FBI and Geek Squad target other types of crime and threats (e.g., terrorism)?
- What other law enforcement or security agencies does Geek Squad have cozy relationships with?
I'm sure there are more questions to be asked. What are your opinions?
There are many ways that our law enforcement and intelligence agencies attack and compromise domestic and foreign computer systems (e.g., laptops, servers, smartphones, communications network, VPN services, etc.). The method of attack depends on the agency and the applicable laws. The attacks come in two broad categories, human and/or technical. No ordinary person or business is a match for such attacks. So we depend on our laws and institutions (e.g., the courts, Congress, news reporting, etc.) and the integrity and ethics of the men and women who serve as our law enforcement and intelligence agents to prevent, police, and protect us against our law enforcement and intelligence agencies acting illegally.
Now, the work that our law enforcement and intelligence agencies do is necessary to protect the security, advance and protect the interests, and enforce the laws of the United States. And it is almost always that our agencies’ efforts to compromise computer and communications systems is legal and necessary to protect and advance the U.S. interests described supra. But there are times where excesses do happen. Perhaps, it is a close call between legal restrictions and a threat to our citizens. Or, unfortunately, sometimes our generally excellent agents or their leadership fail in their duty, because of corruption, zealousness, anti-democratic tendencies, etc. But it is always a balancing act between lawfulness and security, between integrity and corruption, between gathering necessary or even just useful intelligence and being a fascist. That balancing act never ceases.
Did the FBI go too far here in compromising Best Buy’s Geek Squad without obtaining a warrant to conduct searches of Americans’ computing devices? It is well settled law that a person acting at the behest of the government is an agent of the government so that the protections and restrictions of the U.S. Const.’s Fourth Amendment and other constitutional provisions are invoked, though that is a question of fact. What is clear is that Best Buy has placed itself in the position of perhaps betraying its customers’ trust. And it is clear that the FBI was trying to avoid the Fourth Amendment requirements of probable cause in conducting searches of Americans’ computing devices, and used Best Buy’s Geek Squad to do that. Whether the FBI succeeded in that effort is legally dubious, while Best Buy’s failure to disclose its special, if not agency, relationship with the FBI is almost certainly a betrayal of its customers’ trust.
If you are going to be working for law enforcement as you service customers’ computing devices, can there be any doubt that your customers have the right to know that and know the details of that relationship?
Posted by: Chanson de Roland | Sunday, March 11, 2018 at 07:05 AM