Last year, we learned that eight Geek Squad employees were being paid as informants by the FBI to report child pornography when they see it on their customers’ computers. The EFF then filed a Freedom of Information Act (FOIA) lawsuit to learn more about this relationship between the FBI and Geek Squad employees. Now, new documents uncovered by the EFF show that the FBI and Geek Squad relationship was cozier than expected.
A 10 Year Relationship
One of the first documents the EFF uncovered showed that Best Buy invited the FBI for a “Cyber Working Group” at the company’s Kentucky repair facility, back in 2008. The Geek Squad employees also gave the FBI a tour of the facility before their meeting.
The memo the EFF got also made clear that the FBI’s Louisville Division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”
One of the documents unveiled that the FBI paid $500 to a Geek Squad informant who called the FBI about finding some potentially illegal images on the computer of Mark Rettenmaier, who is a doctor in California. Rettenmaier was later charged with possession of child pornography after Best Buy sent his computer to Geek Squad, its subsidiary, for repair.
According to the EFF, the documents also revealed that over the years of working with Geek Squad informants, the FBI has been developing a process for investigating and prosecuting people who sent their devices to Geek Squad for repairs.
Some of the documents seem to show that Geek Squad employees alert the FBI only when they find the images on a manual search of the device. However, other evidence in the Rettenmaier case does show that the Geek Squad employees made an affirmative effort to identify illegal content.
Rettenmaier’s alleged illegal content was found on the unallocated space of the drive, which means the Geek Squad employees must have done a forensic-type search to recover those deleted files.
Bypassing Fourth Amendment
The EFF argued before that if the FBI pays a private company’s employees to become informants or give the agency access to data of the company’s customers, then the FBI would in effect be bypassing the Fourth Amendment, which doesn’t allow the government to look through people’s “papers” and effects without a judicial warrant.
EFF’s documents do show that in some cases the FBI obtains a warrant to further analyze the device, but not always. Plus, by then, they would have already “fished” for the crime through other means, such as paying a company’s employees to look for the illegal content on their behalf.
With the passing of the recent FISA law, as well as President Obama’s rule change that allows 17 agencies to freely share data, the FBI is now also able to see someone’s unencrypted communications or privately shared or downloaded content long before it would need to use that evidence in court.
At that point, the agency would have to obtain a judicial warrant (a provision some Congress people have unsuccessfully tried to eliminate). However, the FBI would have already learned about the crime before the warrant was filed, meaning the Fourth Amendment’s protection against government crime “fishing expeditions” would no longer apply.
Best Buy's Statement
In a statement to Tom’s Hardware, Best Buy said that it hasn’t worked with the FBI at the company level to report illegal activities and that it doesn’t condone employees accepting money for reporting illegal content they may find on the customers' computers:
As we said more than a year ago, our Geek Squad repair employees discover what appears to be child pornography on customers’ computers nearly 100 times a year. Our employees do not search for this material; they inadvertently discover it when attempting to confirm we have recovered lost customer data.
We have a moral and, in more than 20 states, a legal obligation to report these findings to law enforcement. We share this policy with our customers in writing before we begin any repair.
As a company, we have not sought or received training from law enforcement in how to search for child pornography. Our policies prohibit employees from doing anything other than what is necessary to solve the customer’s problem. In the wake of these allegations, we have redoubled our efforts to train employees on what to do — and not do — in these circumstances.
We have learned that four employees may have received payment after turning over alleged child pornography to the FBI. Any decision to accept payment was in very poor judgement and inconsistent with our training and policies. Three of these employees are no longer with the company and the fourth has been reprimanded and reassigned.