EFF: Records Show The FBI Paid Geek Squad Informants For Years

 

Last year, we learned that eight Geek Squad employees were being paid as informants by the FBI to report child pornography when they see it on their customers’ computers. The EFF then filed a Freedom of Information Act (FOIA) lawsuit to learn more about this relationship between the FBI and Geek Squad employees. Now, new documents uncovered by the EFF show that the FBI and Geek Squad relationship was cozier than expected.
A 10 Year Relationship

One of the first documents the EFF uncovered showed that Best Buy invited the FBI for a “Cyber Working Group” at the company’s Kentucky repair facility, back in 2008. The Geek Squad employees also gave the FBI a tour of the facility before their meeting.

Prease to read more here:

http://www.tomshardware.com/news/eff-fbi-qeek-squad-informan...

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

sponsored links

Paid?

The one one thing I find disturbing is the paid part.

Back in the film days and before digital cameras I worked for many years in the photofinishing industry developing for drug stores and camera shops amateur film, many times we reported to the authorities whenever we processed film containing child pornography we would notify the corresponding local police and they would meet the customer as they showed up at the drop-off store to pick up the processed film.

Never did we get or demand payment for doing our civic duty, shame on BestBuy for doing so

--
Garmin 38 - Magellan Gold - Garmin Yellow eTrex - Nuvi 260 - Nuvi 2460LMT - Google Nexus 7 - Toyota Entune NAV

If you're going to be a spy,

If you're going to be a spy, you might as well get paid for it.
And Best Buy getting paid for the FBI using it's employees is just business as usual, I guess.

--
I never get lost, but I do explore new territory every now and then.

Civic Duty/Corporate Citizen

This should be no different than a clinic or a doctor's office reporting suspected child abuse. Why should someone expect to be paid to do what's right?

--
"There's no substitute for local knowledge" nüvi 750, nüvi 3597

Let's not worry about people

Let's not worry about people being altruistic and expect them all to do the right thing. If paying them gets the job done, great, that's what is important.

The FBI, or Interpol, cannot shut those sites down, and frankly I doubt if the FBI really spends a whole lot of time on that since they don't really have any jurisdiction overseas.

I hope the taxpayers money the FBI is spending on Geek Squad informants does some good and is not wasted by the courts throwing out the evidence as being obtained without a warrant.

--
I never get lost, but I do explore new territory every now and then.

If you gets just one its worth it

Child Porn, Pedophilia should be capital Crimes, their Genes need to be eliminated from society!

I guess for me...

The question is this:

If I take a machine in for repair, should I expect any privacy? I mean, so my lover and I enjoy taking intimate, sexy picture of our activities of each other for our own enjoyment.

What right does anyone have to peruse our hard drive seeking anything, perhaps copying our photos and posting them? Woudn't that be considered Theft?

Is there any difference between that and them being paid to look for other stuff? Do they look for manuscripts; perhaps litigation documentation; ideas about something someone is working on getting patented, negotiations about a company about to announce an IPO? and the list goes on and on and on? If someone has plans on how and when a terrorist activity is going to take place, or perhaps the plans for an assassination attempt of a hostile foreign leader? Where does it stop? What are the boundaries? Certainly there must be some but what are they?

I've repaired many machines throughout my life. I've never lost anyone's data, and I've never gone looking through the data for anything either. Yes, I've frequently made an image of their drive as a "just in case"; but it's always been either restored or destroyed; but I've never "rifled" or run programs against the drive seeking anything and I've never kept anything.

If you take your car into a shop to be worked on would you expect them to literally rifle your car looking for something that can be reported to authorities?

I'm not exactly sure what I think about this, I've kind of a foot in both courts...

And then we have software the likes to record your voice, can / does it store data on your drive for later use and can that bio-metric data be used to gain access to an account?

http://cyberguy.com/

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

If you believe they never look at your info you are a fool

I destroy our hard drives when we trash an old puter, drill it, saw it and burn it. Paid to do it for FBI or just plain service Tech, they gonna look for stuff. Pictures are me least worry, I D Theft and Bank, Credit Card Info are what concern me.

As a kid I worked at a car wash, we had a system so good that even if the customer watched we got 95% of the valuables that would not be obvious as they left. We even stole the Badges off the PD's Rain Coats, back then they had metal badges on the old fashioned Yellow Rain Coats, lol.

it takes time

It takes time to check all the images and videos on a computer. There could be tens of thousands of files or more. How can Geek Squad stay in business while doing this?

I do not have any illegal content on my computers, but I don't want Geek Squad or anyone else violating my privacy by opening large numbers of files.

dobs108 smile

Wash At Home

windwalker wrote:

I destroy our hard drives when we trash an old puter, drill it, saw it and burn it. Paid to do it for FBI or just plain service Tech, they gonna look for stuff. Pictures are me least worry, I D Theft and Bank, Credit Card Info are what concern me.

As a kid I worked at a car wash, we had a system so good that even if the customer watched we got 95% of the valuables that would not be obvious as they left. We even stole the Badges off the PD's Rain Coats, back then they had metal badges on the old fashioned Yellow Rain Coats, lol.

This is why I wash my own car. LOL

Bad for BB, publicity like

Bad for BB, publicity like that will stop many people from taking their computer to GS for repair, even though it's clean.

To me it's synonymous to enforcement cameras

Those with anything to hide will not like the service. Those that have nothing to hide won't care.

--
Striving to make the NYC Metro area project the best.

More questions

BarneyBadass wrote:

The question is this:

If I take a machine in for repair, should I expect any privacy? I mean, so my lover and I enjoy taking intimate, sexy picture of our activities of each other for our own enjoyment.

What right does anyone have to peruse our hard drive seeking anything, perhaps copying our photos and posting them? Woudn't that be considered Theft? ....

That's a very good question. Sure, the old argument about "nothing to hide" can be made but that argument has served as justification for oppressive governments and other bad actors and it seems that we're headed in that direction.

With the constant assaults on our privacy and yet another teacher or other individual violating the public trust (not the government's trust mind you, they trust no one) every week or so by having child porn found on their computer, there are two things that amaze me:

1. How on earth could you be excited or aroused by such content?

2. After seeing this in the news over and over, if you have this problem then why wouldn't you encrypt the content? It's not a question of if you'll be caught, but when.

Don't get me wrong here, I'm glad that these people are too stupid to implement such measures but still amazed that they don't. Then again... there are probably plenty who are. If that's not disturbing enough, apparently scientists studying this phenomenon have come to the conclusion that 1% of males are pedophiles.

So according to that statistic, 1 out of every 100 guys are pedophiles!

I wonder if that number has risen over the years or if it was always that way and our connected society has simply brought it out into the light. Either way, it's pretty scary stuff.

Oh, and I'll be sticking to the automated car washes from now on, thank you very much.

- Phil

What's not

What's not to like about someone taking payment to turn someone in?

Sounds like good fun if you annoy the right Geek Squad employee.

--
It's about the Line- If a line can be drawn between the powers granted and the rights retained, it would seem to be the same thing, whether the latter be secured by declaring that they shall not be abridged, or that the former shall not be extended.

.

camerabob wrote:

Those with anything to hide will not like the service. Those that have nothing to hide won't care.

I got nothing to hide but I do care. I don't want anyone checking out the content of my PC. That's why I fix computer problems myself. I don't trust strangers when it comes to fixing my PCs. I'm an IT engineer and I'm occasionally asked by co-workers to help them fix their computer problem. When I do, I don't go snooping around to check what is in the "My Documents, My Pictures" folders. I don't have the right to do that.

Amen.

^^^ What he said ^^^

Medicine cabinets

I guess you either look in 'em, or you don't. grin
https://www.pinterest.com/pin/436919601329073154/
(I don't)

--
It's about the Line- If a line can be drawn between the powers granted and the rights retained, it would seem to be the same thing, whether the latter be secured by declaring that they shall not be abridged, or that the former shall not be extended.

welll

pquesinb wrote:

2. After seeing this in the news over and over, if you have this problem then why wouldn't you encrypt the content? It's not a question of if you'll be caught, but when.

- Phil

Ahhh... yes... but the deal here is if they have the userid / password to bring your system up to work on it, as soon as the system comes up, then the drive's unlocked.

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

snooping

It seems like new "thing" for service workers. When I worked with computer company and we repair customer comps, we didn't snoop in customer drives. It was all about fixing it as soon as possible and return to customer. Nowadays it looks like so called "technicians" have too little knowledge to do repair but too much time go through content of customer drive.

@grzesja

Yup,

I've repaired many a machine. I've never lost any data on anyone's machine. If I needed to install a new OS, I'd give the person 3 options;

1) get the person's permission to spin the data off the drive in the machine; install the new OS and then put the data back in directory. It was then up to them to figure out what to do with the data.

2) either buy from me an additional HDD to install into the machine or spin the data onto, then install the new os and give them the new HW.

3) install the new os and format the drive and let them lose the data.

But I didn't look at the data, I didn't care what they had.

But that was what I did

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

Similarly

90% of the time it's for close friends or relatives. I don't like working for pay, because you are then attached to the machine for life. One 2:00 AM weekday phone call because they felt their problem should now be yours was enough! I only look to the extent that I know the data had been recovered, file names and directory names. I don't open anything myself. I also compare file (or directory content) sizes (not hashes) to confirm the data is the same on both units. I rarely do it (file transfer/restore) any longer unless the person is at their last leg with the issue.

--
Striving to make the NYC Metro area project the best.

Actually...

BarneyBadass wrote:
pquesinb wrote:

2. After seeing this in the news over and over, if you have this problem then why wouldn't you encrypt the content? It's not a question of if you'll be caught, but when.

- Phil

Ahhh... yes... but the deal here is if they have the userid / password to bring your system up to work on it, as soon as the system comes up, then the drive's unlocked.

Actually, no. I'm talking about third-party apps to encrypt the offending files/directories in question or an entire encrypted and hidden partition with TrueCrypt, etc.

The problem with the Big Brother Surveillance State is that more folks will generally become familiar with these solutions to try and protect what's left of their eroding privacy. As a result, folks who really do have something to hide (the smart ones, at least) will be much more likely to avail themselves of such tools, making them harder to detect and prosecute.

And you don't think that

And you don't think that "Big Brother Surveillance State" has the means necessary to unencrypt any file that you encrypt with a downloaded application? Dream on!

--
I never get lost, but I do explore new territory every now and then.

Do the math

KenSny wrote:

And you don't think that "Big Brother Surveillance State" has the means necessary to unencrypt any file that you encrypt with a downloaded application? Dream on!

They have some pretty amazing capabilities but they're not able to easily break non-trivial encryption. Plus, it takes time and costs big bucks to break these codes (if they haven't been back-doored of course), it's not a 10-second fix, especially when you start increasing key sizes.

The attempts to install backdoors in encryption algorithms (Skipjack, Diffie-Hellman dual elliptic-curve, etc.) has created a lot of public scrutiny and anyone who truly has something to hide will be sticking to algorithms that have not been known to be back-doored, and hey, how about using multiple-passes on especially sensitive data with different algorithms to be reasonably certain that at least one of those algorithms does NOT have a back-door?

I just came up with that idea while writing this reply to make my point, a determined/motivated criminal will put much more thought into it and undoubtedly come up with a "better" solution. Never underestimate what a determined group or individual can do (and yes, that advice also applies to those 3-letter agencies).

This is of course assuming that the data or criminal activity is even detected in the first place... when you can have entire encrypted disk partitions which look like free-space/random data - like it or not, the odds are no longer in the authorities' favor. A criminal will happily spend an extra minute or two (or ten) encrypting his data if it means that the agency attempting to brute-force the key will need an extra 500 years to do it.

Increased surveillance will only increase development and adoption of more advanced ways to evade detection. It has always been this way whether you believe in evolution or not... build a better mousetrap and you almost always wind up with a smarter mouse.

FYI: TrueCrypt Is Not Secured

Just a FYI, TrueCrypt is known to be flawed and not secured. Development has ceased, and its developers have advised users to migrate over to BitLocker nearly four years ago. BitLocker won't be any more secured though for those leery of Microsoft's proprietary design and potential backdoors. It's adequate for protecting against the casual prying eyes, but offers no protection against State entities though.

Encrypted or not

I'm sure there is a pattern or something that will be an indicator. I know the Gov has Sampling Programs that kick out findings for further examination by tech's. As long as it us used to dirt bags, I am for it!!!

Thanks for the update

tli wrote:

Just a FYI, TrueCrypt is known to be flawed and not secured. Development has ceased, and its developers have advised users to migrate over to BitLocker nearly four years ago. BitLocker won't be any more secured though for those leery of Microsoft's proprietary design and potential backdoors. It's adequate for protecting against the casual prying eyes, but offers no protection against State entities though.

I had heard about flaws in TrueCrypt some time ago but hadn't thoroughly looked into it since I haven't had a need to use it. I figured there was probably a suitable replacement or fix for it but you're right, I'd certainly never trust an M$ replacement.

Even though it may have cryptological flaws, it's still more than sufficient to protect against a Geek Squad tech.

VeraCrypt

pquesinb wrote:

... I figured there was probably a suitable replacement or fix for it ...

VeraCrypt is the successor to TrueCrypt--still open source and free, FYI.