Best Buy's GeekSquad Employees paid by FBI as Informants

[coasterghost]

Quote

The documents released to EFF show that Best Buy officials have enjoyed a particularly close relationship with the agency for at least 10 years. For example, an FBI memo from September 2008 details how Best Buy hosted a meeting of the agency’s “Cyber Working Group” at the company’s Kentucky repair facility.

 

The memo and a related email show that Geek Squad employees also gave FBI officials a tour of the facility before their meeting and makes clear that the law enforcement agency’s Louisville Division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”

 

Another document records a $500 payment from the FBI to a confidential Geek Squad informant. This appears to be one of the same payments at issue in the prosecution of Mark Rettenmaier, the California doctor who was charged with possession of child pornography after Best Buy sent his computer to the Kentucky Geek Squad repair facility.

 

Other documents show that over the years of working with Geek Squad employees, FBI agents developed a process for investigating and prosecuting people who sent their devices to the Geek Squad for repairs. The documents detail a series of FBI investigations in which a Geek Squad employee would call the FBI’s Louisville field office after finding what they believed was child pornography.

 

The FBI agent would show up, review the images or video and determine whether they believe they are illegal content. After that, they would seize the hard drive or computer and send it to another FBI field office near where the owner of the device lived. Agents at that local FBI office would then investigate further, and in some cases try to obtain a warrant to search the device. 

...

For example, documents reflect that Geek Squad employees only alert the FBI when they happen to find illegal materials during a manual search of images on a device and that the FBI does not direct those employees to actively find illegal content.

 

But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material. For example, the image found on Rettenmaier’s hard drive was in an unallocated space, which typically requires forensic software to find. Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography. Such a bounty would likely encourage Geek Squad employees to actively sweep for suspicious content.

Best Buy's Statement:

Quote

As we said more than a year ago, our Geek Squad repair employees discover what appears to be child pornography on customers' computers nearly 100 times a year. Our employees do not search for this material; they inadvertently discover it when attempting to confirm we have recovered lost customer data.

 

We have a moral and, in more than 20 states, a legal obligation to report these findings to law enforcement. We share this policy with our customers in writing before we begin any repair.

 

As a company, we have not sought or received training from law enforcement in how to search for child pornography. Our policies prohibit employees from doing anything other than what is necessary to solve the customer's problem. In the wake of these allegations, we have redoubled our efforts to train employees on what to do -- and not do -- in these circumstances.

 

We have learned that four employees may have received payment after turning over alleged child pornography to the FBI. Any decision to accept payment was in very poor judgement and inconsistent with our training and policies. Three of these employees are no longer with the company and the fourth has been reprimanded and reassigned."

Part of the Geek Squad Terms of Service: 

Quote

TO THE MAXIMUM EXTENT PERMITTED BY LAW: (A) WE WILL UNDER NO CIRCUMSTANCES BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO COSTS OF RECOVERING, REPROGRAMMING, OR REPRODUCING ANY PROGRAM OR DATA OR THE FAILURE TO MAINTAIN THE CONFIDENTIALITY OF DATA, ANY LOSS OF BUSINESS, PROFITS, REVENUE OR ANTICIPATED SAVINGS, RESULTING FROM OUR OBLIGATIONS UNDER THESE TERMS; AND (B) OUR TOTAL LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE ORIGINAL PURCHASE PRICE OF THE PLAN INCLUDING TAXES. THE LIMITATIONS IN THIS SECTION WILL NOT LIMIT OR EXCLUDE LIABILITY CAUSED BY OUR GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT OR FRAUD.

Immediately, after this section, they state by agreeing to the terms of service that you waive any "right you may have to a jury trial, and the right to participate in any class action, private attorney general action, or other representative or consolidated action as either a representative or member of a class, including any class arbitration or consolidated arbitration proceeding. The parties collectively and you, individually, acknowledge and do not agree to arbitration of any claim hereunder on a class-action, collective or representative basis under any circumstances."

 

I am honestly, not that shocked at all in the actions of the FBI nor Geeksquad, I am however more than surprised by the way that Geek Squad seems to proactively search for this, while covering them selves completely for any thing plausible. It will be interesting especially if any Customers were blackmailed by Geek Squad employees over other acts such as nudes that they took themselves since Geek Squad has it set up in such a way to shield all the employees from any acts of Data Intrusion. It's going to be interesting to see how this all plays about.

 

Sources:

EFF: https://www.eff.org/deeplinks/2018/03/geek-squads-relationship-fbi-cozier-we-thought

ZDNet: http://www.zdnet.com/article/new-documents-reveal-fbi-paid-geek-squad-repair-staff-as-informants/

PCMag: https://www.pcmag.com/news/359710/the-fbi-paid-geek-squad-employees-as-informants

Washington Post: https://www.washingtonpost.com/news/true-crime/wp/2017/04/03/records-show-deep-ties-between-fbi-and-best-buy-computer-technicians-looking-for-child-porn/?utm_term=.60b6e2e05fbc

GeekSquad TOS: http://storage.bestbuy.com/geeksquad/terms/total_tech_support/tts_2017_04_23_to_current_v1_english.pdf

[TidaLWaveZ]

My independent computer repair business will be booming once I litter my social media with this.

 

Good work OP...

 

[Electronics Wizardy]

TLDR; They can look at your stuff. If you care about your data encrypt it or take your drive out. Your windows password does nothing.

 

I really don't see a problem with this as your giving them access to your data and your know its on there(thats required to be charged with child porn in the U.S.)

[AshleyAshes]

2 minutes ago, TidaLWaveZ said:

My independent computer repair business will be booming once I litter my social media with this.

 

Good work OP...

 

Yes, because the kind of people who take their stuff to Geek Squad for repairs are tuned into ALL the latest tech news and goings ons...

[TimeOmnivore]

Hasn't news of this Best Buy/FBI partnership been known for a while now? Did something new happen to make it pop up again?

[AshleyAshes]

Just now, Electronics Wizardy said:

TLDR; They can look at your stuff. If you care about your data encrypt it or take your drive out. Your windows password does nothing.

If these people, with criminal content on their drives, were smart enough to use strong operational security, they'd also be smart enough not to take the systems and their criminal content to Geek Squad for repairs in the first place.

[Windows7ge]

9 minutes ago, Electronics Wizardy said:

I really don't see a problem with this as your giving them access to your data and your know its on there(thats required to be charged with child porn in the U.S.)

I remember reading a story about a year ago. A older man's computer stopped working so he brought it to a repair shop. Upon getting the system working again the tech discovered that he had child pornography on it. The repair shop reported him and he was arrested.

 

I'm not sure what makes me feel worse. His repulsive habit or his idiocy.

[coasterghost]

13 minutes ago, Electronics Wizardy said:

TLDR; They can look at your stuff. If you care about your data encrypt it or take your drive out. Your windows password does nothing.

 

I really don't see a problem with this as your giving them access to your data and your know its on there(thats required to be charged with child porn in the U.S.)

Some repair companies won’t even look at or repair a computer without a hard drive. There is also a difference by inadvertently stumbling on it and being paid by the government as a confidential informant. 

[Fetzie]

4 minutes ago, coasterghost said:

Some repair companies won’t even look at or repair a computer without a hard drive. There is also a difference by inadvertently stumbling on it and being paid by the government as a confidential informant. 

So put in an hdd with a clean windows installation when handing it over for repair?

[asus killer]

if they actively searched the hard drive without permission, and no, sending a PC for repair doesn't give permission to search personal files on a hard drive, that would be considered inadmissible evidence in most civilized countries.

If they turned on the PC and the desktop had a picture of a naked child that's a completely different story.

For a company that allows this, i imagined that while searching they could find all sort of personal data, it's really bad.

Really weird and scary to have a police agency involved in this and actively promoting and rewarding this behavior.

[AngryBeaver]

35 minutes ago, coasterghost said:

Best Buy's Statement:

Part of the Geek Squad Terms of Service: 

Immediately, after this section, they state by agreeing to the terms of service that you waive any "right you may have to a jury trial, and the right to participate in any class action, private attorney general action, or other representative or consolidated action as either a representative or member of a class, including any class arbitration or consolidated arbitration proceeding. The parties collectively and you, individually, acknowledge and do not agree to arbitration of any claim hereunder on a class-action, collective or representative basis under any circumstances."

 

I am honestly, not that shocked at all in the actions of the FBI nor Geeksquad, I am however more than surprised by the way that Geek Squad seems to proactively search for this, while covering them selves completely for any thing plausible. It will be interesting especially if any Customers were blackmailed by Geek Squad employees over other acts such as nudes that they took themselves since Geek Squad has it set up in such a way to shield all the employees from any acts of Data Intrusion. It's going to be interesting to see how this all plays about.

 

Sources:

EFF: https://www.eff.org/deeplinks/2018/03/geek-squads-relationship-fbi-cozier-we-thought

ZDNet: http://www.zdnet.com/article/new-documents-reveal-fbi-paid-geek-squad-repair-staff-as-informants/

PCMag: https://www.pcmag.com/news/359710/the-fbi-paid-geek-squad-employees-as-informants

Washington Post: https://www.washingtonpost.com/news/true-crime/wp/2017/04/03/records-show-deep-ties-between-fbi-and-best-buy-computer-technicians-looking-for-child-porn/?utm_term=.60b6e2e05fbc

GeekSquad TOS: http://storage.bestbuy.com/geeksquad/terms/total_tech_support/tts_2017_04_23_to_current_v1_english.pdf

You don't need just forensic software to recover or see this data in unallocated areas. If for example the geeksquad agent is trying to do a complete image of a drive that is failing some of the software used might reveal this information. If you bring in a drive because you accidentally deleted something you need then that also would cause them to look in unallocated spaces.

 

Then there are all of the times this stuff is seen in a circumstance that doesn't fit in to the above. So do they actively search for this stuff? No, they don't. However, if they uncover it in the course of their duties they will be forced to report it. I can tell you now that they would prefer to never find this stuff as it makes their life more difficult and turns in to a low of paperwork and back and forth with law enforcement.

 

So I am not sure why this is getting so much publicity. If anything this is a good thing... if you have child porn or other illegal material on your machine... then maybe you shouldn't bring it in for repairs... or better yet maybe you shouldn't have been doing something illegal in the first place!

 

Also when you bring your computer in for repairs also remember you are not protected by the 4th amendment unless it deals with a government entity. So while they do not active search for this type of think.. depending on why your machine needs service... it might be seen in the normal course of work. So instead of blaming these companies for finding this stuff... maybe we should be thanking them for getting these type of people off the streets. 

[mynameisjuan]

14 minutes ago, Fetzie said:

So put in an hdd with a clean windows installation when handing it over for repair?

Because most repairs are not hardware. The OS is usually fucked up and they are repairing that. Guarantee if you install a clean drive your PC would be fine, so why bring it in?

[earth4s]

As a tech this does not surprise me at all. Law enforcement usually pays rewards for information like this all the time. I even remember part of one of the CompTIA certifications making a point on reporting illegal content (I.G. child porn, not software) in the course of repairing a system. The point of recovery of data from "unallocated space" is kinda sketchy as their are a number of free and commercial software that can do this. Depending on why he took his computer for repair I can see one of those tools being used to stumble across those images. Then again Geek squad tech tend to be on the low end of the pay spectrum so I can see them deliberately looking for incriminating evidence for quick cash. For some reason this entire thing comes off as trying to sensationalize something that is a moot point.

[Bcat00]

What you expect when you hand off a device for repair? Only a idiot would believe the other side wouldn't fiddle with your files, applies to everything and not just electronics.

[AngryBeaver]

2 minutes ago, mynameisjuan said:

Because most repairs are not hardware. The OS is usually fucked up and they are repairing that. Guarantee if you install a clean drive your PC would be fine, so why bring it in?

Well if you aren't doing something illegal you have nothing to worry about. Should we really be blaming these companies for being responsible and reporting things they find while performing their jobs? If you don't want to worry about the FBI knocking on your door... then maybe you shouldn't be watching child-pornography.

[mynameisjuan]

5 minutes ago, AngryBeaver said:

Well if you aren't doing something illegal you have nothing to worry about. Should we really be blaming these companies for being responsible and reporting things they find while performing their jobs? If you don't want to worry about the FBI knocking on your door... then maybe you shouldn't be watching child-pornography.

Dude where the hell did I say it should be the companies fault.....It was just a response about reinstalling windows... 

[Vanderburg]

49 minutes ago, Electronics Wizardy said:

TLDR; They can look at your stuff. If you care about your data encrypt it or take your drive out. Your windows password does nothing.

 

I really don't see a problem with this as your giving them access to your data and your know its on there(thats required to be charged with child porn in the U.S.)

I think part of the problem is one, it incentivizes them to search for it on your devices instead of finding it incidentally. And two, searching for it, expecting a possible reward could potentially risk them acting as agents on behalf of the state, and then it could be a warrantless search (and one that needed a warrant), getting the evidence thrown out in court.

[AngryBeaver]

7 minutes ago, Vanderburg said:

I think part of the problem is one, it incentivizes them to search for it on your devices instead of finding it incidentally. And two, searching for it, expecting a possible reward could potentially risk them acting as agents on behalf of the state, and then it could be a warrantless search (and one that needed a warrant), getting the evidence thrown out in court.

You are 100% incorrect here. The warrant-less search also known as the fourth amendment ONLY protects you from government agencies. It does not protect you from a geek-squad agent for example or from the loss-prevention guy standing at the door at walmart.

 

It just means a member of law-enforcement cannot search your property without permission, a warranty, or justifiable cause.

 

Also as to the reward being a way to make them "agents on behalf of the sate" that is also incorrect. These are very similar to how informants are given rewards. They are not actual law-enforcement and are not bound by the same rules, but information given by them can be used as a basis to obtain a warrant.

[AshleyAshes]

ITT: Americans learn that if you have bodies buried under the floor in your basement and the HVAC technician you called over discovers them, that's totally admissible in court.

[dfsdfgfkjsefoiqzemnd]

1 hour ago, TimeOmnivore said:

Hasn't news of this Best Buy/FBI partnership been known for a while now? Did something new happen to make it pop up again?

It has.  This is a REALLY old retoast

 

 

[Zodiark1593]

2 hours ago, AshleyAshes said:

If these people, with criminal content on their drives, were smart enough to use strong operational security, they'd also be smart enough not to take the systems and their criminal content to Geek Squad for repairs in the first place.

I wonder if said "criminal content" includes copyright infringement stuff too? I wouldn't put it past the MPAA to pay Best Buy to disclose the identy of anyone with infringing material on their PCs.

[Misanthrope]

Does this means that the RCMP is using Future Shop employees?

[AshleyAshes]

8 minutes ago, Zodiark1593 said:

I wonder if said "criminal content" includes copyright infringement stuff too? I wouldn't put it past the MPAA to pay Best Buy to disclose the identy of anyone with infringing material on their PCs.

Copyright is the realm of civil law not criminal.  That issue is basically between the copyright older and the pirate, unless we are talking about large scale operations.  Like, literally the FBI COULDN'T care about your pirated Harry Potter movies, the FBI operate PURELY in the realm of criminal law, civil is not under their authority.  As for the MPAA, the law works differently in terms of reporting criminal activity and activity that violates civil law.

[Drak3]

3 hours ago, AngryBeaver said:

Well if you aren't doing something illegal you have nothing to worry about.

When handing someone your personal machine, that isn't true at all. It'd be INCREDIBLY EASY to plant evidense, and hard to prove it was planted.

 

Given that prior stories of FBI/BB dealings over this type of stuff, wouldn't surprised me if employees have considered it, or if it happened once or twice. I recall it was pay per report or something similar.

[AngryBeaver]

4 minutes ago, Drak3 said:

When handing someone your personal machine, that isn't true at all. It'd be INCREDIBLY EASY to plant evidense, and hard to prove it was planted.

 

Given that prior stories of FBI/BB dealings over this type of stuff, wouldn't surprised me if employees have considered it, or if it happened once or twice. I recall it was pay per report or something similar.

Actually when it comes to the PC side of thing... it is possible to see it was planted. Chances are I can tell you EXACTLY when the data was added. If it was added while the machine was in the shops custody then that is pretty easy to say... oh wow this was planted.

 

You should do some research on what is possible via Computer Forensics and E-discovery.