This post was inspired by the recent widely publicized incident where a Best Buy customer in California was charged with child pornography-related crimes after he dropped his computer off at the local store and it was shipped to the Geek Squad center in Kentucky for the actual repairs. There’s also a tie-in with National Stalking Awareness Month related to privacy and security when it comes to electronic data which I will get to later in the post.
A representative sample of articles about the incident:
I’m not really going to go into quotes of any of the articles here, but simply restate what appear to be the facts in my own words. A Geek Squad staffer was running a data recovery (“file carving”) tool on this particular PC. Part of the assigned work was data recovery, so on its face it would appear to be a valid reason. However, the Geek Squad staffer’s job was just to get the PC running, not recover data. It turns out that he was a paid FBI informant who got $500 for each instance of apparent child porn he found.
To its credit, Best Buy issued this statement (quoted from the Network World article):
“Best Buy and Geek Squad have no relationship with the FBI. From time to time, our repair agents discover material that may be child pornography and we have a legal and moral obligation to turn that material over to law enforcement. We are proud of our policy and share it with our customers before we begin any repair.
“Any circumstances in which an employee received payment from the FBI is the result of extremely poor individual judgment, is not something we tolerate and is certainly not a part of our normal business behavior.
“To be clear, our agents unintentionally find child pornography as they try to make the repairs the customer is paying for. They are not looking for it. Our policies prohibit agents from doing anything other than what is necessary to solve the customer’s problem so that we can maintain their privacy and keep up with the volume of repairs.”
My first reaction to reading this was “looks like more spin than a Steve Mizerak massé”. I have a lot of respect for PR as a profession, but this smacks of trying to close the barn door after the horse has already bolted. Depending on the circumstances, I would even question that there is a moral obligation, even if a legal one is there. That they would be proud of this policy, especially if it goes over and above what the law actually requires (despite what they say), is a bit concerning from a privacy standpoint.
The law in Texas appears to have such a requirement. Without quoting the entire law here, the computer technician has to “view the image” “in the course and scope of employment or business” in order for the reporting requirement to kick in. There’s a criminal penalty of a class B misdemeanor ($4,000 fine and/or 180 days county jail as of this writing) as well as possible civil liability. For the terminally curious, it’s Section 110 of the Business and Commerce Code.
Anyway, whether your threat model is a Best Buy technician, or an intimate partner who may have turned to stalking you, the basic ways to protect yourself are pretty much the same. First, realize that without taking any other steps, “deleted” files aren’t really deleted. Whether one empties the Recycle Bin in Windows, or runs the rm command from a GNU/Linux command line, the only thing that is actually removed is the pointer to the data, not the data itself.
If the true intent is to erase a file, one needs to actually erase it, not just remove the pointer to it. BleachBit contains options for wiping the data in the free space of a hard drive (which I would recommend doing at least once per month, if not more often), as well as overwriting file contents or an entire directory’s contents prior to deletion. There is also the shred command for GNU and related systems if working from the command line. This mainly pertains to mechanical hard drives, as a properly configured solid state drive (SSD) should effectively do this for you: enable TRIM on Windows, or mount with the “discard” option on GNU/Linux (yes, it may affect performance but it’s a small price to pay for knowing that deleted files are actually gone and not just floating around). In fact, not only should one not need to overwrite files on have a solid state drive, doing so can shorten the drive’s lifespan.
Second, consider using encryption to keep your data private. There is a reason most websites (including this blog) use HTTPS (encrypted HTTP) now, and why it’s been recommended since the beginning of the World Wide Web to never submit credit card or banking information over unencrypted plain HTTP. Anyone can read plain HTTP while it’s in transit. It’s the electronic equivalent of writing information on a postcard and mailing it–something most people reserve for the most innocuous of communications. Similarly, data encrypted in storage won’t be readable without a decryption key, usually a passphrase (don’t just use a simple word).
Third, consider keeping particularly sensitive data on external storage devices such as USB hard drives, so that the data is not on the computer if it needs to be repaired. This would also reduce the chance of important data on the internal drive getting “accidentally” erased for whatever reason during a repair–though if it’s important, it should be backed up anyway (see below).
Fourth, don’t keep data that you don’t need. If you don’t need your web browsing history from some months ago, get rid of it. Firefox sorts history by calendar month and lumps sites visited over 6 months ago into their own list; unfortunately, this has to be done manually every so often (again, I would recommend monthly). For stuff that should never go into the history to begin with, Chrome has an “incognito” mode and Firefox has a “private browsing” mode. Firefox, at least, also lets one completely disable keeping browsing history if appropriate for one’s situation (Preferences / Privacy / History then select “Never remember history”) and also includes a “Forget” toolbar button for quickly “disappearing” the last 5 minutes, 2 hours, or day’s worth of history.
Finally, don’t forget to keep adequate backups. Remember, if the main copy of the data is encrypted, it only makes sense for the backups to be encrypted as well (and often the backup copies should be encrypted even if the originals are not). The more important something is, the more backup copies of it should exist (either onsite or offsite).