If your computer had problems, would you take it to the nearest FBI office for repairs? Probably not.
But in some cases, you may as well have done so. And it could get you in some very hot water.
Thanks to court records, an indefatigable defense attorney, and some good reporting, we now know that the FBI has recruited and paid technicians of Best Buy's Geek Squad to act as informants — at the very least — and more likely as agents of the government in the legal sense of that term.
The story starts way back in 2011 when a physician in Orange County, California — Mark Rettenmaier — had computer trouble. He took his laptop to the Geek Squad for diagnosis and repair. Normally, the technicians would examine the hardware for problems and, if necessary, also look at the operating system (such as Windows, Linux, or Mac OS X) to see if the trouble involved corrupted files or something similar.
The Geek Squad went well beyond the call of their prescribed duty. They deep-scanned the doctor's hard drive, examining what's called unallocated space on the disk. That's areas of the drive where no files are stored, according to the computer's index of what is on the drive. It could be "virgin" blank space — never used in the past — or it could be space that had been used at some point for one or more files which had since been deleted.
Either way, that space is largely inaccessible to non-tech types. Heck, most users seem to have trouble using the "undelete" function of the file manager of their operating system just to undo an accidental delete of a moment before. Also, malware, auto-downloads by page scripts in browsers, or various other means can put files on your computer which may end up deleted (by the user or as part of a process) and thus stuck in unallocated space.
The doctor didn't have any software tools installed that would have permitted him to look at that space or manipulate it.
The techs found something interesting in that space: an image file. They decided it was child pornography and alerted the FBI.
I'll pause here while some cheer for catching a slime-bag in the act and giving him his just desserts.
Now that that's over, it's time to burst the bubble: things weren't what you might have assumed they would be.
First, it turns out that the image isn't actually kiddie porn. It did depict a naked underage girl, but:
[Defense attorney] Riddet asked [Judge] Carney to take his first look at the image found on his client's device, pointing out the picture does not depict sex or show genitals. The lawyer then questioned agent Tracey L. Riley, who retreated from her original, case-launching stance that the image—known as "9yoJenny"—was definitely child pornography to "not exactly" child porn. [1]
Second, a federal appeals court had previously ruled in a different case that files found in unallocated space couldn't be used to show possession or intent, because there is no way of knowing how they got there or who accessed them. Knowing that, the authorities nevertheless held back the information of where on the computer the image had been found.
Agents won a magistrate judge's permission to advance the case by failing to advise him of those facts and falsified an official time line to hide warrantless searches … [1]
Third, the FBI and prosecutors withheld crucial information about how exactly the image was discovered. It wasn't due to normal technical service operations by the Geek Squad. It was because the techs had been recruited by the FBI, trained, and encouraged to do these highly technical deep searches to find suspicious materials in order to receive cash payments as rewards.
In plain English, the FBI turned them into paid informers acting as unregistered agents of the government.
… the company's repair technicians routinely search devices brought in for repair for files that could earn them $500 reward as FBI informants. [2]
Best Buy has issued a statement saying that neither Best Buy nor the Geek Squad in particular have a relationship with the FBI. Yet, a glance at the circumstances seems to contradict that, even if the relationship isn't official. The tech who found the image file was John Westphal.
Westphal notified his boss, Justin Meade, also an FBI informant, who alerted colleague Randall Ratliff, another FBI informant at Best Buy, as well as the FBI. [3]
So, in just a single Geek Squad location, that's at least three employees who were paid by the FBI to search and report about that one computer without a warrant on the government's behalf. In his legal motion, the defense attorney claims that the total Geek Squad informants at that single store included 8 people.
Best Buy's denial seems dubious to me. Moreover, the government is using private citizens and companies as undeputized extralegal agents to conduct warrantless searches, a clear violation of the Fourth Amendment.
The case is still pending but the defense has filed a motion to dismiss the charges based on the government's purported illicit conduct (and although the articles don't say, the motion may include "grounds" since the prosecutor has even admitted the image does not fit the definition of porn). Now it will be up to Judge Carney as to whether or not this case goes forward.
I have no opinion about whether or not the doctor looked at kiddie porn (that single "quasi-porn" image or others). He may have; or, malware could have put it on his computer or he could have momentarily stumbled across a sketchy site that had the image (that would put it in the browser's temporary cache, where it would later be deleted to unallocated space). As the federal appeals court wisely ruled, there is no way to know such things.
But, I do have an opinion about cybersecurity: very few of us are doing what we should about it.
There are a lot of bad actors in the cyberworld, sometimes including agencies of our own federal, state or local government. Everyone should act accordingly, with a modicum of precaution. Whether it's to keep the government from snooping into your business or to keep cyber-thieves from stealing your data, you should never turn your "open" computer over to anyone.
Remember, we only found out about the Geek Squad activities by accident. We have no idea if government agencies have compromised other companies and tech services as well. We also don't know if every repair tech is honest or will happily sell your credit card number and other info to Russian mafiosos.
You can search the internet for tools to do things like "scrub" your unallocated space to truly wipe clean your deleted files. You can also find instant messaging apps that encrypt your messages. You can set up a firewall to keep snoops out and run anti-malware detectors.
But, first and foremost, protect your data. Encrypt!
Many people suggest that you do what is called "full disk encryption" (FDE) where everything on your PC is encrypted and a password is needed to unlock it. That is false security and I do not recommend it.
This case is a perfect example of why I don't like FDE. A repair technician will require access to your unlocked hard drive to fix problems. If that is the method you use to protect your data, you'll be giving the tech access to your unlocked data (emails, financial info like Quicken files, etc).
FDE encrypts your operating system files, your funny cat videos, your silly GIFs, your recipe collection, and everything else on your PC. Nobody cares about that stuff. You can post it all up on a public server for others to look at it, so why encrypt it?
What you need to do is encrypt files that need to be private. Just like in your home, you don't stuff everything you own into a locked room and invite people over to sit on a bare floor and look at bare walls. You may have a gun safe, or a locked jewelry box, hide your money under your mattress, or put valuable documents in a bank safe deposit box. You safeguard only what needs to be safeguarded.
So, get Veracrypt (an updated version of Truecrypt, a long-time open source standard for encrypting files). It's free to download and use and you don't need to register it or otherwise provide any personal information to the program's creators.
Forget Bitlocker and similar commercial programs; neither you nor thousands of security experts around the world can examine their source code to be sure that the NSA, the CIA, the Russian mob, Chinese hackers, or whoever has not inserted hidden backdoors to gain access to your stuff.
Create a folder somewhere on your drive. It could be named MyPrivateStuff or MyData, whatever you like. Use that folder or folders for data and files you want to protect.
Then install Veracrypt and use it to create an encrypted "volume" that is actually just a big file inside that new folder. Move the files or folders that hold confidential information (your Quicken files, your emails, even your address book/contacts) to the new encrypted volume.
Whenever you need to use that data, you'll have to "mount" (open) the encrypted file with Veracrypt. Big hassle, right? No, it takes about 2 seconds.
That's it in a nutshell. Veracrypt has a tutorial and there are plenty of third-party websites with tutorials and helpful information as well. Google it!
You can safely let a technician look at your PC, knowing that he or she doesn't have your Veracrypt password to unlock your data file. You can also easily back up all of your important stuff because it's right there in a single encrypted file.
Do it today. If you wait until tomorrow, and your PC won't boot up, you may be giving a Three Letter Agency free rein to search your personal data when you take it into a computer shop.
[1] FBI Used Best Buy's Geek Squad To Increase Secret Public Surveillance by R. Scott Moxley at OCWeekly
[2] Why you shouldn't trust Geek Squad ever again by Andy Patrizio at Network World
[3] Best Buy Geek Squad Informant Use Has FBI on Defense in Child-Porn Case by R. Scott Moxley at OCWeekly