
FBI Used Best Buy's Geek Squad to Increase Secret Public Surveillance - randomname2
http://www.ocweekly.com/news/fbi-used-best-buys-geek-squad-to-increase-secret-public-surveillance-7950030
======
mnm1
I only want to know one thing: how does the government intend to prove beyond
any reasonable doubt that the Geek Squad employees themselves didn't put the
alleged porn pictures on the device? Does Geek Squad have a chain of custody
and other such procedures? Was the device tracked every single moment and
NEVER, not even for a second, allowed alone with anyone outside the government
(this actually seems impossible unless agents were present when the device was
taken in)? Seems to me like that would be a good way for Geek Squad scumbags
to make some extra cash from the government while the government looks the
other way and tries to convict innocent people. Also seems to me like this
case should have been dismissed already based on these concerns.

~~~
TACIXAT
This case pisses me off. Truly. Not because of what the FBI did, but because
of all these articles coming out, from the doctor's home town, that leave out
a ton of detail. Then a bunch of people in the comments defending someone who
had naked pictures of underage girls and works in a position of power. He's
trying to get off on a technicality.

How could we possibly know?

>Mark Rettenmaier, a gynecologic oncologist on staff at Hoag Hospital, had the
pornography on three portable hard drives, a laptop and his iPhone, according
to a federal grand jury indictment filed in November.

1\. [http://www.latimes.com/tn-dpt-me-1224-doctor-
update-20141222...](http://www.latimes.com/tn-dpt-me-1224-doctor-
update-20141222-story.html)

~~~
dsfyu404ed
WTF?

Should law enforcement not be obligated to follow the law when they're hunting
down people we don't like?

~~~
Svezik
Talk to a millennial sometime. They don't teach these things in school any
more. Talk about the presumption of innocence or the right to a fair trial and
they look at you like you're from outer space.

~~~
dragonwriter
Not only are Millennials I know as likely to be aware of those things as older
people I know, Millennials are among the most passionate about protecting
them.

------
dbot
There is a reason that safeguards like attorney-client, priest-penitent, and
spousal privilege exist. For most of civilization, these are the people with
whom we entrust our deepest secrets. Society doesn't work if these
relationships aren't respected.

Today, our deepest secrets are usually stored somewhere on a hard drive. When
we turn them over to the "priests" of PC repair, there is no real protection
beyond the terms of a one-sided, clickwrap contract. I've never used a repair
service for this reason - I'll either fix the problem myself or throw the
device away. It sucks, but articles like this suggest it's not a bad idea...

~~~
hackuser
> safeguards like attorney-client, priest-penitent, and spousal privilege

Let's add the Fourth Amendment to the U.S. Constitution, protecting your
"papers, and effects" though it's not currently respected. It seems obvious to
me that your modern "papers" are what is on your hard drive.

~~~
danielweber
> It seems obvious to me that your modern "papers" are what is on your hard
> drive.

And they are protected in your possession. If you turn over all your papers to
a third-party, though, that changes things.

 _eta_ We may need more privileged communications, but they are very rare.
Creating one is probably a good idea, but this will have to happen
legislatively. Geek Squad finding child porn isn't much different from the
photo processors of old finding it.

~~~
hackuser
> they are protected in your possession. If you turn over all your papers to a
> third-party, though, that changes things

I believe that interpretation is standard for U.S. courts. However, it's not
in the wording itself.

(Courts of course, must interpret the law beyond the wording; I fully support
that. The law is not an algorithm, and also someone must apply the law to
individual situations. Otherwise the First Amendment, for example, would
protect slander, threats, shouting fire in a crowded theater, etc.)

I don't like that particular interpretation. It implies the 4th Amendment
applies only in your windowless basement, with no communication in or out.
That isn't realistic, and is especially unrealistic in the age of the
Internet.

~~~
fnordfnordfnord
>Otherwise the First Amendment, for example, would protect ... shouting fire
in a crowded theater,

But that is protected speech, and the SCOTUS case it refers to was overturned
long ago because it set a terrible precedent. Holmes used that analogy to
support the prosecution and conviction of Charles Schenck under the Espionage
Act for writing and distributing a pamphlet that expressed his opposition to
the draft during World War I.

[https://www.aclu.org/blog/foreign-policy-exception-first-
ame...](https://www.aclu.org/blog/foreign-policy-exception-first-
amendment?redirect=blog/free-speech/foreign-policy-exception-first-amendment)

~~~
hackuser
I don't know about that case, but if you falsely shout "fire" in a crowded,
dark theater, I'm pretty sure you will be breaking the law. It probably would
be breaking the law if you did it in a well-lit conference hall. (Whether you
are arrested or just thrown out probably depends on if anyone gets hurt,
physically or financially.)

~~~
fnordfnordfnord
[Brandenberg]([https://en.wikipedia.org/wiki/Brandenburg_v._Ohio](https://en.wikipedia.org/wiki/Brandenburg_v._Ohio))
is the case you want to look at. The court held that, to be unprotected
“incitement,” speech must meet three requirements. The speaker must intend to
cause violence. The violence must be the likely result of the speech. And the
violence must be imminent. So, if equivalent circumstances are established,
yes, the shouter might well be in trouble.

Before you quote the "fire in a theater" precedent again, please go and look
up
[Schenck]([https://en.wikipedia.org/wiki/Schenck_v._United_States](https://en.wikipedia.org/wiki/Schenck_v._United_States))
as well, since that's the origin of the quote, and because it's apparent that
there is very little distance between "speech that will cause immediate harm
to people isn't protected" and "speech criticizing wars isn't protected when
we're at war" when you're a SCOTUS chief justice.

------
finnn
"Would you like to share you location with this site?" holy shit that's
malicious.

On an article about surveillance, no less

~~~
diminoten
Would you rather not be asked?

~~~
dredmorbius
Frankly, yes. The presumption that _any_ website should be able to access
location information should be taboo.

If it's necessary to determine _a_ location for the purposes of a query (e.g.,
"where is a pizza restaurant (and personal information feed front-end to
personal data tracking, FWIW) near <address> or <postal code>?"), then allow
the user to state where they're interested in this.

I've got precisely the same gripes against Google (Maps, etc., Android),
Apple, and any given mobile phone provider.

~~~
scrollaway
> then allow the user to state where they're interested in this.

Which is precisely what is happening here.

We do not let computers decide whether the purpose is nefarious or good.

~~~
dredmorbius
No it's not.

If I'm actively engaging in something, and there's the option to specify
(note: _not_ be interrupted by a pop-up) for location, manually input, that's
within the realm of acceptability.

Though it's distantly possible I might have no idea of my location within,
say, a 1km resolution at a point in time, that is an exceptionally distant and
rare likelihood for me. And I've no interest in leaving a set of high-time-
resolution location tracking datapoints across a slew of data repositories and
"information partners".

~~~
scrollaway
> _that is an exceptionally distant and rare likelihood for me_

Congratulations on not getting out much? Please remember you're not everybody.
For a lot of people, websites being able to ask for a location is a useful
feature.

Keyword: _ask_. They're not just _getting it_ , they're asking. If you don't
want to "leave a set of high-time-resolution location tracking datapoints
across a slew of data repositories", you can click no, just as I do almost all
the time, except when it's useful.

Because it's useful.

~~~
dredmorbius
How, specifically, is the OC Weekly having access to your GPS / ICBM
coordinates useful _to you_?

As for my generally excellent sense of geographic location, I make no
apologies.

~~~
scrollaway
There are other websites. If your beef is with one website, take it up with
the website.

~~~
dredmorbius
You're dodging the question.

~~~
diminoten
Your question was a bad one.

------
throw2016
The chances of a specific geek squad 'operative' chancing upon a 'target' the
FBI is interested in is so low and minuscule one has to wonder how its worth
it unless they are operating a dragnet or the FBI has too many people on
staff.

If the bar is so low one has to wonder how many high value companies are not
infiltrated by FBI, NSA and other 3 letter agencies.

When commentators here suggest the answer to privacy or surveillance is
'technical' it comes across as false empowerment. How can individuals or
groups win against nation state actors with near endless resources, time,
influence, power and armies of bureaucrats and engineers working 24/7 to
achieve objectives? It's a nonstarter and the solution has to be socio-
political.

The law doesn't stop them, if anything they are adept at skirting around laws,
misleading judges, working the system and banding together to protect
themselves. Even worse there is zero consequence when things blow up, and its
those leaking information who are hounded.

~~~
Spooky23
You might be surprised.

I've worked in large scale IT and I'm aware of investigations and convictions
of people having this shit on corporate devices. For a national chain like
BestBuy serving the general public, they probably have an incident weekly.

This article was light in details. Seeing this type of material is
traumatizing, and it's important to give employees clear protocols to follow
so there's as little question as possible about what to do. I find the
compensation for tips potentially troubling, but there isn't much context.
There's a lot of smoke in this article, but not a ton of fire regarding
specifics.

~~~
throw2016
This is not smoke, it's a smoking gun. Protecting employees from child porn
and trauma is no doubt a sensitive issue but given the article does not even
touch on that this just muddies the waters.

The focus here was on FBI's illegal data collection methods, misleading judges
and recruiting operatives in best buy.

These geek squad staff are for all essential purposes FBI operatives and as
detailed in the article at one time there were 8 operatives including the
manager in a single location! It will be amiss to expect more evidence or
'context' than this.

If the FBI can expend so much energy and time on lowly geek squad how much
time do they expend on Facebook, Google, Intel, Amd, Linux, VC Funds, security
standards, industry standards. The list goes on. Things are seriously broken
but many of us seem to be in a kind of denial quick to think the worst of
others while failing to hold ourselves accountable to the same high standards.

~~~
Spooky23
Read a better article.

[https://www.washingtonpost.com/local/public-safety/if-a-
best...](https://www.washingtonpost.com/local/public-safety/if-a-best-buy-
technician-is-a-paid-fbi-informant-are-his-computer-searches-
legal/2017/01/09/f56028b4-d442-11e6-9cb0-54ab630851e8_story.html)

There are details missing in the story posted here. For one, the Louisville
facility is a large service facility where at least some employees specialize
in data recovery. This isn't a case of the whole service department in a
BestBuy being deputized.

BestBuy also specificly stated that they do not condone employees accepting
payment.

I'm not justifying what is or isn't happening. Just pointing out that there
are a lot of holes in the story.

~~~
AnimalMuppet
> BestBuy also specificly stated that they do not condone employees accepting
> payment.

"Do not condone" is different from "you're fired if you do that". BestBuy's
position needs to be that it will fire people for this kind of stunt. If
nothing else, it's tarnishing the brand's image.

------
rrggrr
How long before some disgruntled geek squadette plants illegal content on an
innocent person's hard drive? From time to time analogous incidents occur in
food preparation (contaminating food), medicine (injuring patients), and even
law enforcement. The problem with digital crime is the difficulty in
determining who did what, when, with certainty.

~~~
jacquesm
> How long before some disgruntled geek squadette plants illegal content on an
> innocent person's hard drive?

Negative time isn't a thing.

~~~
JBReefer
It certainly is, but your point is well taken.

------
clarkcox3
If you're repairing someone else's computer and come across child porn, aren't
you obligated to report it? (if only to cover your own ass, as technically you
are now in possession of cp).

~~~
notatoad
Yes, if you come across anything illegal while repairing somebody's computer
you are obligated to report it. However, you're not allowed to go looking for
illegal stuff while repairing a computer.

And if the FBI is advertising cash rewards for "accidentally finding" illegal
content, that sounds a lot like an illegal search.

~~~
daxorid
Can you cite the specific statute? I have never heard of a legal obligation
for non-healthcare workers to report crimes.

~~~
cuckcuckspruce
It's called misprision of a felony[0]:

Whoever, having knowledge of the actual commission of a felony cognizable by a
court of the United States, conceals and does not as soon as possible make
known the same to some judge or other person in civil or military authority
under the United States, shall be fined under this title or imprisoned not
more than three years, or both.

[0]
[https://www.law.cornell.edu/uscode/text/18/4](https://www.law.cornell.edu/uscode/text/18/4)

------
jdavis703
I sent my Macbook into the Apple Store's Genius Bar to be fixed (yay unibody
design). They wanted the drive's encryption password so that they could
"backup" my data and add it to a new drive if needed. It looked as if they
just store this password in the "notes" field. Of course I didn't give it to
them, but it pays to be extra paranoid, even about services from companies you
think you should trust.

~~~
jacobsenscott
This is exactly why the right to repair your own equipment is so essential.

------
TACIXAT
I just want to post a few excerpts from court documents that always seem to be
missing from these articles. Warning, descriptions of sexual imagery of
children.

>The picture in question was “of a fully nude, white prepubescent female on
her hands and knees on a bed, with a brown choker-type collar around her
neck.” (Dkt. 152 at 7.) Presumably in the form of thumbnails, Agent Riley also
saw “partial images of genitalia of young girls” and states that “[i]t
appeared there was a lot of [child pornography] as the tech didn’t have to
scroll, the window popped up with image after image of [child pornography] and
child erotica/grooming images.” [1]

>A later search of the iPhone revealed alleged child pornography that is
charged in Count 2 of the Indictment. [2]

On the classification of Best Buy workers as CHS

>During 2007 and 2008, I am aware of four employees of Best Buy Geek Squad in
Brooks, Kentucky, who contacted us regarding child pornography on customers'
devices. To best track the relationship with these individuals and document
contacts the FBI had with them, we classified these individuals as
confidential human sources ("CHS's"), though they were simply employees at the
Best Buy Geek Squad who happened to be in a position to report child
pornography that technicians had come across on devices during the course of
repair. [3]

1\. Case 8:14-cr-00188-CJC / Document 173 / Filed 12/19/16

2\. Case 8:14-cr-00188-CJC / Document 76 / Filed 10/30/15

3\. Case 8:14-cr-00188-CJC / Document 176-1 / Filed 01/05/17

~~~
throwaway729
The key question for me is whether the CHS's were trusted and spontaneous.

Trusted in the sense of there existing a chain of evidence that doesn't depend
on the CHS's.

Spontaneous is the sense that BB staff weren't running scans carte blanc for
the FBI on every HDD that passed through their facilities.

Trusting CHS's is debatable. The lack of spontaneity is damned scary, though.

~~~
TACIXAT
It sounds like the techs were not on a fishing expedition, but came across the
images in performance of their normal duties.

>The hard drive arrived at Best Buy’s Brooks, Kentucky facility on November
25, 2011, and an initial search was performed by a Best Buy employee at 9:00
p.m. on November 28, 2011, revealing that the “drive appears to have been
restored, underlying data visible.” (Bates 853.) Best Buy called Rettenmaier
less than thirty minutes later; he authorized “Level 2” repair and identified
“[p]ictures, excel files, quicken files, text and word documents” as the most
important files to recover. (Id.)

>On or about December 20, 2011, Best Buy technician John “Trey” Westphal
observed what he deemed to be inappropriate content on the hard drive. (Dkt.
152 at 4.) His discovery occurred after the data recovery repair for
images—“to determine that the repair was successful [Westphal] must access the
files to verify that the files were recovered intact.” (Bates 823.)

The later search of Rettenmaier's home turned up child pornography on 5
separate device. Those facts lead me to stand where I do on this issue.

~~~
fnordfnordfnord
>The later search of Rettenmaier's home turned up child pornography on 5
separate device. Those facts lead me to stand where I do on this issue.

As abhorrent as CP is, the more important question here is whether the FBI's
investigative tactics comply with our civil rights. It sounds exactly like the
FBI set the Geek Squad on a fishing expedition. None of the stuff you added
refutes that. Just because they found child pornography evidence independent
of that discovered by the Geek Squad does not mean that we should be satisfied
with their investigative tactics. You need to weigh this against the
possibility that the FBI's "lists of targeted citizens" is obviously
problematic. There are almost certainly people on that list who are in fact
innocent of a crime. What if this list had been made public by a Best Buy
employee? Simply having one's name on the list with [person recently
prosecuted] for [abhorrent crime] could ruin a person's reputation.

------
butterfi
To my knowledge, Geek Squad had a shaky reputation to start with, I can't
imagine this is going to help.

~~~
chris_wot
Next thing we know, their store will be blown up by a rogue undercover female
agent who loses her mind to a nefarious villain, but everyone will be saved by
the local Geek Squad weirdo, his sleazy friend and irresponsible, lazy yet
remarkably likeable slacker who has somehow managed to become store manager
and whose best friend is a reluctant covert CIA agent with remarkable athletic
and mental abilities.

------
vermontdevil
Best Buy is in trouble PR wise. Even non-tech people on NextDoor in my area
are telling others to avoid Geek Squad for computer repairs due to this.

~~~
differentView
Don't most people just go along with it and say "I have nothing to hide".

~~~
goodplay
You say this, but I've noticed "servalince-fetegue" on (surprisingly) non-tech
people. I think the general populace are starting to wise up to what is
happening; perhaps not on a large enough scale to effect anything, but it's
happening nonetheless.

I think the future might not be as bleak as it currently seems. Talk with
people. Explain what's going on and why it's bad. Despite the common rhetoric
of people not caring, many do.

------
ramblenode
Previous discussion:
[https://news.ycombinator.com/item?id=13358287](https://news.ycombinator.com/item?id=13358287)

------
jMyles
> shared lists of targeted citizens

Wait, what? The story says this and then nothing more about it. What do we
know about this? Where are these lists?

------
lizavp
Went to Best Buy to purchase a laptop for my Mom. Geek Squad had installed the
"free anti-virus" that came with the laptop. They opened a brand new factory
sealed laptop. I noped right out the door.

------
mirimir
I wonder what "'not exactly' child porn" means.

I mean, some child beauty pageant stuff seems iffy. Consider JonBenét Ramsey:
[https://goo.gl/images/50otkX](https://goo.gl/images/50otkX)

------
tomohawk
I wonder if that's how they bugged Sharyl Attkisson

[https://sharylattkisson.com/reporter-wars-my-secrecy-
battles...](https://sharylattkisson.com/reporter-wars-my-secrecy-battles-with-
federal-government/)

------
linkregister
This story is shocking and deserves public exposure.

The OC Weekly seems like the bizarre indie magazines available at a Communist
coffeeshop in Berkeley, CA. Maybe it's just the illustrations. Either way, the
medium distracts from the message.

------
brightball
So they watched Chuck on NBC?

------
EdSharkey
Like Best Buy doesn't have enough problems. What a shame.

------
ravenstine
I wouldn't hand my computer over to anyone, Geek Squad or not. It's handing
the keys to your life over to some person whose motivations you have no idea
of. Rather than repair my computer, I would buy a new one. I recommend
everyone do the same. Think of it as insurance for your livelihood, and the
most guaranteed insurance at that. Well worth the money, especially
considering the average lifetime of a laptop.

------
huffmsa
Posse comitatus act for the 21st century.

"And the meek shall inherit the earth"

------
arrty88
Anyone know if apple's geniuses work with the feds?

------
bluesmoon
That's nothing. The Buy More in Burbank has a joint CIA/NSA lair hidden
beneath it and the Nerd Herd are operatives. There's even this one guy with
some kind of Database (possibly NoSQL) installed in his brain.

~~~
5v3nd0ttg
Haha, I actually did a search on the page for "chuck". Well done!

~~~
mandliya
Same! As soon as I read the title, I did a 'Chuck' search.

~~~
jimnotgym
me too

