I mean, sort of. The problem with this line of argument is that there’s no part of the data-recovery process that examining the contents of image files is helpful in.
Like, Best Buy runs their data recovery tools, and it spits out whatever files it’s able to recover, and that’s kind of it. It’s not like there’s something useful they can learn, or more data they can recover by looking at the contents of the documents. The docs are either correct or corrupted. If they find that they are corrupted, there isn’t a “WORK BETTER” setting on the data recovery tools they can use.
I’m not making a case about the law here (I don’t know what the law will allow), but Best Buy’s practices seem to be clearly unethical. There’s no customer-helpful case for what they’re doing. They are simply serving as paid informants of a government agency because they happen to have access to personal data.
One more reason to run your own backups and use full-disk encryption on your computers.
True. But determining whether the process was successful is certainly part of the process, if for no other reason than being able to report to the customer, “We were able to recover usable data,” or “Unfortunately, data was unrecoverable.”
Of course it’s not necessary to look at every single file, but checking a few representative files would certainly be part of the process.
Some of the forensic tool suites (don’t know if BB actually uses stuff as serious as EnCase or FTK though) will give you a series of thumbnails as well as the filenames, directory names, etc… of what’s on the hard drive, regardless of whether it’s deleted or not.
So you may actually unintentionally run across that stuff if you’re doing things like restoring deleted data.
Back in my forensics days, we routinely incidentally ran across embarrassing stuff without deliberately searching for it. Not a lot of nudes or anything- it was mostly work computers, but a staggering number of sketchy emails to people these people shouldn’t have been emailing. And we weren’t trying to show infidelity or anything like that- just that this guy emailed the plans for something from his work PC to someone outside the company.
I can totally believe that they’d inadvertently run across illegal stuff in the course of restoring data- typically you have to scan the unused space, and it tells you what’s there, often with handy previews.
But if the guy’s in there for them to add memory to his PC, there’s no reason whatsoever to do anything but boot it up and verify that the additional memory is seen. If they search for some reason in that situation, I’d think anything they found ought to be inadmissible.
“He measured data remanence after repeated wipes, and saw that after 31 passes, he was unable (with expensive equipment) to distinguish a multiply-overwritten one from a multiply-overwritten zero. Hence he proposed a 35-pass wipe as an overkill measure.”
He was working with the hard drives of the time. These days even after a few overwrites it would be very very difficult if not impossible to recover the data.
The fact that the file appeared to be in unallocated space is problematic. It could have been a file that he downloaded by mistake, that was misrepresented, or delivered as an e-mail attachment that he did not want. He can argue that when he realized what it was, he deleted it immediately, and the prosecution is tasked with providing other supporting evidence that he was an actual consumer of CP. These systems all have activity logs out the ass, so it should be ease to show that he was actively looking for CP – if in fact he was.
On the other hand, a faulty HD can have corrupted allocation records, which means the file was not actually deleted but had been lost in the course of the failure.
Having paid FBI informants is bad, though. If the Geek Squad does not advertise their relationship with LE, the evidence they collect must be seen as tainted.
But the correct answer is: it might, or it might not, be probable cause. It depends on the “totality of the circumstances,” with attention paid to two main questions: How credible is the informant, and how did the informant know about the facts he is relaying to the police?
An anonymous call that simply made the claim that a captive woman was being held at such-and-so address, without any additional detail, is most likely insufficient evidence to support probable cause.
But if the caller explains some verifiable detail that suggests he is familiar with the basement – some detail that a person would know only if they had seen the basement – that acts in favor of probable cause. And if the call is not anonymous, then this also supports a finding of probable cause.
Illinois v. Gates is a good example of this. The police received an anonymous handwritten letter that said:
The police verified that there was a Lance Gates who held an Illinois driver’s license with an address near Bloomington Road, and that “L. Gates” had made a reservation on Eastern Airlines Flight 245 to West Palm Beach, Fla., scheduled to depart from Chicago on May 5 at 4:15 p. m. Agents in Chicago watched him board the flight, and agents in Florida watched him get into a car the next morning and head north towards Chicago.
Armed with these facts, the police secured a search warrant for the Gates’ home and car, which was executed when Gates arrived back home. Large quantities of contraband were discovered in the car and the home.
The Supreme Court found that the informant’s letter, combined with the details the police were able to observe, was sufficient to sustain probable cause – even though the police saw no illegal activity..
But here, we don’t have a memory replacement or a showing that the tech was regularly cashing FBI informant checks. We have a data recovery task, and an unsubstantiated allegation by defense lawyers that the relationship was “cozy.” The showing is sufficient to allow an evidentiary hearing, which is happening even as we speak. It may well show that these defense allegations are correct in every way.
I guess there would be some cases where it would be legitimate - some categories of ;my computer is broken’ comprise otherwise healthy machines whose hard drives are hopelessly cluttered with crap and/or malware. People pay to have that sort of mess fixed.
It could be. I’m not convinced that checking a few representative files gives any useful information. You still don’t know if other files are valid. Also, the vast majority of files could be tested for validity without a person viewing their contents. A corrupted file is unlikely to look normal except with weird contents. It’s going to be completely malformed and unparsable.
A much better policy is “we recovered everything we could. Some files may be corrupt or only partially recovered. Out of respect for your privacy, we did not view any of your files. Please check them yourself.”
That’s certainly a legitimate reason that they might come across this info without looking for it.
I’d then extend my argument to the makers of that software. It should include a privacy mode for use on other people’s data.
To throw another analogy in there (because there’s nothing better than lots of conflicting analogies when thinking about the intersection of tech, law, privacy): Imagine that we were having this discussion about documents in safety deposit boxes, which were made entirely out of plexiglass. And the banker found something while transporting a pile of documents for the customer. It would be entirely reasonable to point out that the boxes should be opaque, and there should be an inner box that only the customer has access to.
These are “should be” statements about your preference for the policies adopted by private actors. I am agnostic on the wisdom of the policies, but feel it’s necessary to point out that this has no constitutional impact.
But only because the FBI declined comment (not surprisingly).
The Geek and the FBI getting together to discuss ideas for ‘collaboration’ seems pretty cozy.
The records showed that 8 informants had received some sort of payment over a four year period. The Geek claimed to not remember ever being paid by the FBI, but the prosecutors admit that the FBI did pay him.
How could it be covered by the plain view exception if it required a tech searching for it to be found?
Pictures of naked children in the bathtub or at the beach do not constitute child pornography – not even, I believe, if a naked male child is seen to have an erection, though is right on the line. AFAIK, child pornography, at the very least, involves suggestive posing. I remember my mother had a book called Handmade Houses which had a lot of pictures of unique homes in the Big Sur area; the intro page of the book showed a naked 4-ish girl standing on a bridge into one of the houses with the woods in the background. This was a respectable coffee table publication of which I have not heard any child porn accusations.