Thursday, January 12, 2017
Corporate IT Lessons from Geek Squad Legal Case
Make sure end users sign off on allowing forensic searches of computers
The life of the corporate desktop team can turn into a legal nightmare quickly if end users haven’t agreed that it’s OK for techs to search their machines, something that has come to light in a California child pornography case involving Best Buy’s Geek Squad.
In that case, Geeks working on a customer laptop found a pornographic picture and turned it over to the FBI, which paid them $500 and prosecuted the owner of the machine.
Now the Geeks in question are in hot water because the arrangement with the FBI violates the corporate policies of Best Buy, which runs Geek Squad.
And the admissibility of the evidence they found is in question because it’s not clear they had the right to access the picture, which was stored in free space on the hard drive; it had been deleted and no longer appeared on the file system.
At issue is the matter of illegal search and seizure, says Steven M. Abrams, an attorney who practices cyber law and digital forensics in Mount Pleasant, S.C. To legally search the hard drive requires a warrant that spells out beforehand what’s being looked for, where you can look and what crime is being investigated.
The exception is if the evidence is in plain view – can be seen by someone without using special tools requiring special expertise, he says. “Anyone legally in this space could see this thing,” he says. In the Geek Squad instance, a digital forensic carving tool was used to recover an image from free space, so it was not in plain view.
In many states computer technicians are obligated by law to tell police if they find child pornography.
If they find it, they must report it to police. In a corporate setting, that means if a desktop tech finds such images, they must report it, too, Abrams says.
If the image was in free space, it could be argued that the tech had no business looking there. If the user were charged and the charges were dismissed because the evidence was tainted, the defendant could sue the tech for damages caused by publicity in the case, he says.
The way to avoid this is to get all employees to sign affidavits saying that the techs have the right to search the hard drives including free space.
That way they have consent up front to search and don’t have to worry about lawsuits.
Techs should check with their HR departments to see if such policies are in place, and recommend them if they’re not, he says.
Abrams says that in discussions with FBI and Secret Service officials in South Carolina, he heard that agents there had considered paying Best Buy Geek Squad members for finding child pornography on customers’ machines. The regional U.S. attorney nixed the idea based on the interpretation that the arrangement to pay the Geeks would make them agents of the Secret Service or the FBI.
That would make them subject to having warrants before they could look at customers’ computers.