When Best Buy's 'Geek Squad' Meets the FBI: A Data Privacy Tale
Can the FBI pay tech support to look for evidence of misconduct on people's computers?
April 26, 2018 at 06:20 PM
5 minute read
Photo Credit: Mike Mozart/Flickr
On Friday, the U.S. Department of Justice is scheduled to file a motion for summary judgment in a case that could concern every general counsel, CEO or other corporate executive who has ever taken a personal computer to a technician to be repaired.
The issue behind the case is that most repair shops ask customers to sign repair contracts acknowledging that if a tech finds any evidence of something illegal on the computer, the tech can report it to authorities.
The bigger question is: Is it legal for the FBI to pay techs to look for evidence of misconduct on people's computers?
Yes, said a federal judge in California, in a case involving Richfield, Minnesota-based Best Buy Corp., the world's largest electronics retailer.
No, said Aaron Mackey, a staff attorney for the Electronic Frontier Foundation, which is suing the FBI over a Freedom of Information Act request seeking more information about such practices. EFF is a San Francisco-based nonprofit organization that defends civil liberties in the digital world.
In a statement, Best Buy spokesperson Jeff Shelman said four employees may have received payment after turning over alleged child pornography to the FBI.
“Any decision to accept payment was in very poor judgment and inconsistent with our training and policies,” he said. “Three of these employees are no longer with the company and the fourth has been reprimanded and reassigned.”
The case began over a year ago when a doctor in Southern California took his personal computer to Best Buy so its “Geek Squad” could fix the computer's faults. Best Buy sent the computer to its central repair facility near Louisville, Kentucky, where the techs found child porn on the device.
The techs called the local division of the FBI, and agents obtained a warrant and raided the doctor's home, finding more child porn. They charged the doctor. The case was dismissed last November due to problems with the warrant unrelated to the techs.
But not before U.S. District Judge Cormac Carney in the Central District of California said in his ruling that the doctor “cannot reasonably have expected that the child pornography on his hard drive would remain private through the data-recovery process he authorized. [The doctor's] only reasonable expectation was that once child pornography was found, Geek Squad City would turn around and show it to the FBI.”
Mackey told Corporate Counsel Thursday that the ruling is “problematic.” It's one thing to say there is no expectation of privacy if a technician stumbles across a pornographic photo while repairing the computer, Mackey said.
But it's quite another to say there is no expectation of privacy after a technician does a forensic search of a customer's computer specifically looking for evidence of illegality, he said, while accepting money from the FBI as a paid informant.
“The images were found in unallocated space on the hard drive,” Mackey said. “They would only have been found while doing a forensic search using software to scan the device and see what's on it. The contract doesn't say anything about doing that.”
What if the customer was a general counsel and the computer contained evidence of a possible overseas bribe? Or a CEO and it contained evidence of securities fraud?
“In theory [under the judge's ruling],” Mackey replied, “if they came across the other evidence and knew what they were seeing, they could report it.”
For its part, Best Buy's statement said, “Our Geek Squad repair employees discover what appears to be child pornography on customers' computers nearly 100 times a year. Our employees do not search for this material; they inadvertently discover it when attempting to confirm we have recovered lost customer data.”
It continued, “We have a moral and, in more than 20 states, a legal obligation to report these findings to law enforcement. We share this policy with our customers in writing before we begin any repair.”
But Mackey said, in a blog he wrote, that the FBI's use of techs to search customers' computers without a warrant threatens to circumvent computer owners' Fourth Amendment rights.
Documents show the relationship between the FBI and Best Buy techs had been going on for at least 10 years, Mackey said, and management knew about it.
He detailed other findings of his FOIA request in a recent interview with editor David Hechler of the Legal BlackBook.
Still Mackey said he and EFF want more information, such as whether the FBI had any similar relationships, trainings or guidance with other companies that repair computers. They also want information that was redacted from documents it received.
In its motion for summary judgment, the DOJ is likely to continue its argument that any other information EFF seeks is exempt from disclosure.
Depending on what the government argues, Mackey said his group will probably urge the court to order more disclosure in its cross motion for summary judgment, due by May 30.
Meanwhile Best Buy has taken other steps as well. Its statement said, “Our policies prohibit employees from doing anything other than what is necessary to solve the customer's problem. In the wake of these allegations, we have redoubled our efforts to train employees on what to do—and not do—in these circumstances.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Why ACLU's New Legal Director Says It's a 'Good Time to Take the Reins'
GC of Florida State Agency Steps Down After Threatening TV Stations That Aired Abortion-Rights Ad
Kroger Suit Claims FTC Using Unconstitutional Process to Try to Kill Megamerger
Outgoing ACLU Legal Director David Cole Reflects on Wins, Losses in Trump Era
Trending Stories
- 1First California Zantac Jury Ends in Mistrial
- 2Democrats Give Up Circuit Court Picks for Trial Judges in Reported Deal with GOP
- 3Trump Taps Former Fla. Attorney General for AG
- 4Newsom Names Two Judges to Appellate Courts in San Francisco, Orange County
- 5Biden Has Few Ways to Protect His Environmental Legacy, Say Lawyers, Advocates
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
