The Electronic Frontier Foundation wants to protect you from warrantless searches by computer repair people and they’re looking for your help.
Roblimo’s Hideaway
Warrant? Hah! Did John Wayne ever get a warrant? Fourth Amendment, you say? We don’t need no stinking amendments around here. We’re Geek Squad and we’re on the side of THE LAW, so if we find anything illegal on your computer and hand it to the FBI, you have no right to complain, pilgrim, and we deserve a reward!
The FBI seems to agree with the “deserve a reward” statement, because they have been giving Geek Squad employees $500 or $1000 rewards for finding porn on repair customers’ computers.
About that Fourth Amendment: the Geek Squad argument is that their techs are private citizens, not law enforcement personnel. But, you might say, if Geek Squad techs are getting paid by law enforcement, doesn’t that make them agents of law enforcement? Some say yes, some say no, and even the courts don’t seem to be sure, which is why the EFF is Suing the FBI for Records About Best Buy Geek Squad Informants.
Here’s a quote from the EFF page announcing the suit:
- We think that the FBI’s use of Geek Squad informants is not an isolated event. Rather, it is a regular investigative tactic law enforcement employ to obtain digital evidence without first getting a warrant as the Fourth Amendment generally requires. EFF continues to look for opportunities to challenge this type of law enforcement behavior. If you have had your digital devices sent to the main Best Buy repair hub in Brooks, Kentucky for repair and it resulted in criminal proceedings against you, contact us at info@eff.org.
Obviously, if you had Geek Squad repair something of yours and it’s possible that this set The Law against you, the best thing to do is contact the EFF immediately. And, of course, donating money to the EFF is always a good thing to do, especially if you use the Internet — which, come to think of it, you are doing at this very moment.
One important note: lest you think we’re unfairly piling on Geek Squad, it’s only because they’re huge. What makes you think Sheriff Jefferson Beauregard never asks Bill’s Discount Computer Repair to do a little hard drive snooping in return for a beer down at the American Legion, and maybe a wink instead of a speeding ticket next time Bill is rushing to a repair call?
One way you can defend against this problem is to keep any potentially illegal or subversive material on an external hard drive so you can take your computer to a repair shop or send it off for warranty service minus your data. This is actually a good idea in general; if your clean-as-the-driven snow data is on an external drive and is backed up elsewhere, preferably offsite, you don’t risk losing said data if you send your system off for a bit of fixit work.
But hardly anybody backs up their data. I do, most of the time, because I’m a little crazy. I keep almost all my files on external hard drives because my computers actually run on very fast, not very large SSDs. Not only that, if you stick to exFAT32 (which breaks the old FAT file size barrier) you can share the same files across multiple machines and operating systems. And yes, I keep backups of files I deem important on Google Drive. Being a bit paranoid, I encrypt them before uploading. Crazy? Not secret stuff, so maybe a little. It takes hardly any effort, though, so why not?
And a last thing you can do to keep sneaky repair people out of the back corners of your hard drive (or SSD): don’t let your computers out of your sight. I have had exactly one computer job in the last year where I needed help. I called local smart repair person Ray, who came to my house, as did my friend Matt, where Ray showed us what he was doing and we learned from him. Was beer consumed? You bet! Did I pay Ray? Again, you bet! He’s a Mac expert and did a hard drive password bypass on a MacBook Pro in a couple of minutes instead of dicking around for an hour, which Matt and I probably would have.
But as a rule, I do my own computer repairs, which means that if I don’t trust my repair person, I have problems far worse than anything going on in my computer(s).
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
I too, always repair my own devices, except for “surgical precision”. (Like the ThinkPad T420 which needs a new motherboard, and has to be send away to a repair site in California!) But most repair tasks I can do myself, which would stem from my being in the IT field since ’99! So hard drive formatting?…..password resets?……HDD replacement?…..RAM upgrade?….OS installations?…updates?….switching to Linux?…all of it I can do! (Come to think of it?…maybe if I can find the right MoBo…I’ll forego sending my laptops anywhere and do it myself!
But enough about that, in regards to your personal data, whether it’s porn, slapstick comedy videos from the 60’s…programming PDF’s or whatever you consider valuable, the best way to keep it safe is exactly as you described, keep it “off” the local machine and store it on an external Hard Drive. I also backup my laptops and desktops monthly, and whatever I don’t consider valuable?…doesn’t get backed up but deleted.
In regards to the cloud? Well because of my TWO 4TB external hard drives?…I have no need for it. I guess that’s the biggest threat to companies like Google and Cloudera etc..etc. If more consumers decide to start buying 1 / 2 / 4 / 8TB HDD’s and saving their data to those?…then the cloud would cease to exist!? But I don’t trust the cloud, not since its inception to now, and I will never place my data that I gather and collect there…not when I have my own “cloud” servers sitting on my desk and in my laptop bag! Plus?….while others might have to pay some sort of monthly fee to keep their storage? after the (somewhat hefty?) price of $145.00?…I can keep MY cloud storage for as long as they remain working! And the last nail in the coffin is:…you’ve placed all your data in the cloud….what happens when that company goes under?…and they have to sell off their assets and your data disappears?…yeah…with the way things are going, I find it amazing that people trust the cloud even for music storage!
The only thing I use the cloud for is storage stuff I want to share publicly, for that I use only no cost services. Everything else is backup locally.
There are two issues, over and above Security/Privacy, as far as I’m concerned. Bandwidth, and Internet connection costs. For a private individual, it’s just not worth it, unless they have unlimited Bandwidth, and high speed. I have neither.
@Eddie G.
With respect to cloud backup: it’s good to have at least one backup off-site in case there’s a house fire. So if you’re going to put a traditional hard drive in a bank deposit box, you’re covered. If not, then a backup service makes sense.
But if you’re going to use cloud backup, use a backup service that can’t decrypt your data even if they wanted to. Least Authority cloud backup is 100% open source, so it’s provable that they can’t decrypt your data. SpiderOakONE *claims* they can’t decrypt their data, but their software isn’t open source. Carbonite backup has two modes, and in the mode they don’t normally recommend they also *claim* they can’t decrypt your data, but again there is no way to be sure.
The other option is to use an unencrypted service like Google Drive, Microsoft OneDrive, DropBox, etc… etc… but encrypt the files yourself before you upload them.
1) People still go to Best Buy? Why on Earth would anyone go there?!
2) Law enforcement typically has no morals. This shouldn’t be a surprise.
3) Data shouldn’t be stored with the OS. Also, Encrypt your damn drives already people. Sheesh.
Well, I must say this is a refreshing change of pace from your previous articles suggesting that anybody who’s concerned about the government spying on their computer is a tinfoil hat-sporting paranoiac.
@Mike S.
You can always encrypt your data before sending it to the Cloud Storage Service. I experimented with the idea, using transparent encryption, using FUSE and an Encrypted Filesystem, to pre encrypt the data into a local Google Drive folder.
I ended up not using it, for the reasons I’ve already described.
Cildporn sucks, and thoe who watch it and/or store it on their computers should go to prison.
Childporn sucks, and those who watch it and/or store it on their computers should go to prison.
@Peaced Owf
Yes… and, in what way does that fact make illegal searches less illegal? Or do you advocate illegal searches of every persons computer in the hope of finding 1 or 2 paedophiles.
…and why stop there, right?
Obviously criminals are very bad and catching them is very good, so no one will mind if police conduct random searches of everyone’s homes in the middle of the night to catch the bad guys, right? All that mucking around with warrants and probable cause just lets the bad guys escape righteous justice!
Of course this is sarcasm and anyone who thinks it’s a good idea giving up the right to privacy to catch criminals is a moron.
Just use a virtual machine whih is encrypted and is password locked; Plus, since when is porn illegal?
Porn users should worry a lot more about their ISP selling their browsing history than about the Geek Squad.
You can avoid the Geek squad, unless a total idiot. You cannot avoid your ISP and use the Internet, though a VPN helps.
As for the cloud, remember it is your data on someone else’s computer.
@jymm: Well, kinda. When people refer to ISPs selling browsing history, that’s a bit of an oversimplification; they don’t actually sell browsing data directly to third parties, they charge third parties to serve targeted ads based on browsing data (see https://www.techdirt.com/articles/20170329/13234837037/no-you-cant-buy-congresss-internet-data-anyone-elses.shtml for more).
That said, just because they’re not doing it now doesn’t mean they won’t in the future.
Well targeted ads are kind of my point. I doubt illegal sites are sending targeted ads, but regular porn sites will. Imagine a disapproving spouse, boyfriend or girlfriend, or significant other finding an ad for XXX.com. How about the kids? A lot of people who are together only run one account. I still say your ISP is way more of a threat to our privacy than the Geek Squad.
I guess it depends on how you define “private”. If nobody else but my wife can see my browsing history, I still consider that to be private. If my browsing history is being sold to third parties, that’s not private.