After court documents in the 2017 prosecution of a California child pornography case revealed that a Kentucky Geek Squad employee had been used as an informant to obtain evidence, the Electronic Frontier Foundation filed a Freedom of Information Act lawsuit to seek further information on the level of institutional cooperation between the FBI and Best Buy’s Geek Squad computer repair service.
According to OC Weekly, during a routine repair job a Geek Squad tech reportedly found a questionable image in the trash space on a California defendant’s computer using forensic tools, reported it to the FBI, and received a $500 payment for the tip. Files found in the trash space of a computer are often irretrievable without professional tools and can exist on someone’s computer due to a malware attack without the computer user’s knowledge.
Electronic Frontier Foundation’s lawsuit discovered that the FBI had paid other Geek Squad employees the $500 fee for informant services. Best Buy admitted to EFF that four employees have received the payouts.
The lawsuit also revealed a memo noting that the FBI conducted a 2008 Cyber Working Group meeting at the Geek Squad’s Brooks, Ky. location, described as the company’s primary repair hub “east of the Rocky Mountains,” demonstrating that cooperation between the FBI and the Geek Squad goes back at least a decade.
The memo noted that the FBI’s Louisville Division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”
EFF’s Aaron Mackey, who expressed worries that the stings could violate customer’s 4th Amendment privacy protections, said, “Other documents show that over the years of working with Geek Squad employees, FBI agents developed a process for investigating and prosecuting people who sent their devices to the Geek Squad for repairs. The documents detail a series of FBI investigations in which a Geek Squad employee would call the FBI’s Louisville field office after finding what they believed was child pornography.”
He continued, “The FBI agent would show up, review the images or video and determine whether they believe they are illegal content. After that, they would seize the hard drive or computer and send it to another FBI field office near where the owner of the device lived. Agents at that local FBI office would then investigate further, and in some cases try to obtain a warrant to search the device.”
According to ZDNet, Best Buy said in a statement that it does not instruct employees to search for child pornography and other illegal content, but that if it is discovered accidentally the company’s policy is to report to authorities, citing a “moral and, in more than 20 states, a legal” obligation to do so. Best Buy claims its employees are not allowed to go out of their way to search for this data, though the data collected in the 2017 California child pornography case that led to these revelations appears to contradict that policy by having been conducted with forensic software meant to analyze trash space.
“We have learned that four employees may have received payment after turning over alleged child pornography to the FBI. Any decision to accept payment was in very poor judgement and inconsistent with our training and policies. Three of these employees are no longer with the company and the fourth has been reprimanded and reassigned,” Best Buy’s statement added.
The EFF says that because the FBI paid these Geek Squad employees to search for information on individuals who have not been accused of a crime, they were effectively conducting warrantless searches on behalf of the government, “and thus any evidence obtained as a result of the illegal searches should be thrown out of court.”