Forgot your password?
typodupeerror
The Courts Government News

No Right to Privacy When Your Computer Is Repaired 853

Posted by Zonk
from the ouch-vaguely-ironic-name-there dept.
Billosaur writes "ZDNet's Police Blotter bring us the interesting story of a Pennsylvania man who brought his computer into Circuit City to have a DVD burner installed on his computer and wound up being arrested for having child pornography on his hard drive. Circuit City employees discovered the child pornography while perusing Kenneth Sodomsky's hard drive for files to test the burner, then proceeded to call the police, who arrested Sodomsky and confiscated the computer. Sodomsky's lawyer argued in court that the Circuit City techs had no right to go rifling through the hard drive, and the trial court agreed, but prosecutors appealed and the appeals court overturned the lower court's decision, based on the fact that Sodomsky had consented to the installation of the DVD drive."
This discussion has been archived. No new comments can be posted.

No Right to Privacy When Your Computer Is Repaired

Comments Filter:
  • Fake? (Score:5, Funny)

    by zooblethorpe (686757) on Thursday December 20, 2007 @07:03PM (#21772106)

    When the perp has a name like "Sodomsky", I really gotta wonder if this is for real...

    Cheers,

  • Ultimately.... (Score:5, Insightful)

    by Whiney Mac Fanboy (963289) * <whineymacfanboy@gmail.com> on Thursday December 20, 2007 @07:03PM (#21772116) Homepage Journal
    Ultimately it doesn't matter whether you have a right to privacy or not. It's not a right you can rely on. Expect the monkeys to paw through your private photos & videos regardless of where you get your PC repaired.

    The answer is routine encryption, but let's face it - if you need help installing a DVD drive, you're unlikely to have any idea what encryption even is....
    • Re:Ultimately.... (Score:4, Insightful)

      by TheLazySci-FiAuthor (1089561) <thelazyscifiauthor@gmail.com> on Thursday December 20, 2007 @07:05PM (#21772150) Homepage Journal
      Privacy is like Freedom: It is not granted, it is earned.

      If you need a locksmith to open your safe, you can't expect him to overlook the dead body inside.
      • Re:Ultimately.... (Score:5, Insightful)

        by Gr8Apes (679165) on Thursday December 20, 2007 @07:23PM (#21772468)

        Privacy is like Freedom: It is not granted, it is earned.

        If you need a locksmith to open your safe, you can't expect him to overlook the dead body inside.
        No. It is taken and exercised, and fought for if needed. It's interesting that you chose freedom as an object for comparison, as privacy is freedom. You'd be hard pressed to have freedom without privacy in reality.
      • by EmbeddedJanitor (597831) on Thursday December 20, 2007 @08:45PM (#21773466)
        The kind of "Freedom" you guys enjoy in the USA has been earned. You had a great consitution and proper personal freedoms but you let various people scare you into shredding that constitution and those freedoms.
        • by Anonymous Coward
          Hitler and Stalin came in quietly. W. was freely elected (kind of). The part that amazes me is the number of idiots who argue for lose of gun rights or lose of civil rights (such as privacy), and think that they are being patriotic. The entire group that steals our rights, wraps themselves in the flag, while so many others ignore that.

          I would not say that we earned this. We have earned our freedoms. But I will say that due to spineless assholes we are losing them rapidly. I only hope that our children wil
      • Re:Ultimately.... (Score:5, Insightful)

        by WindBourne (631190) on Thursday December 20, 2007 @08:54PM (#21773564) Journal
        If you need a locksmith to open your safe, you can't expect him to overlook the dead body inside.

        Yes, but this sounds more like a case of a locksmith who has to open your garage door and then finds a body under your master bed. While we do not know all the facts on this, it sounds like the tech went looking for it. Of course, anohter question is, did he or somebody else at the store plant it?

    • Re:Ultimately.... (Score:5, Informative)

      by man_ls (248470) on Thursday December 20, 2007 @07:08PM (#21772210)
      Windows doesn't offer any way to "password protect" with any actual security, files and folders and so forth. That's a major part of the problem -- people want like 1 or 2 folders to be encrypted to where you actually have to authenticate to get in each time.

      Windows EFS is decent crypto (I think it's 3DES on workstation, AES on server versions) but once you've authenticated your session, you're in to all the files automatically, it's only good for preventing offline reads. That's it. Privacy -- in general, not just for these situations where someone was doing something illegal -- would be greatly served (and Geek Squad wouldn't find people's private videos of themselves on vacation or whatever) if they'd just add in the feature everyone wants.

      Local file access security exists only in a domain or with third-party tools like TrueCrypt.
      • Re:Ultimately.... (Score:5, Insightful)

        by FirstTimeCaller (521493) on Thursday December 20, 2007 @07:55PM (#21772898)

        Privacy -- in general, not just for these situations where someone was doing something illegal -- would be greatly served (and Geek Squad wouldn't find people's private videos of themselves on vacation or whatever) if they'd just add in the feature everyone wants.
        Not everyone wants that. The NSA, CIA, FBI and Secret Service would probably prefer that you not be able to easily encrypt your data.
    • Ten minutes to fix the DVD. Five days to go through your media looking for bank info, pictures of the missus to post on www.lonelyhearts.com etc.
    • by westlake (615356) on Thursday December 20, 2007 @07:39PM (#21772710)
      it doesn't matter whether you have a right to privacy or not. It's not a right you can rely on

      The constitutional Right To Privacy, to the extent that it exists at all, applies only to govenment agencies.

      The defendant might try bringing a civil action.

      But no matter hiw you frame the issues, there is only a snowball's chance in hell that a jury will punish Circuit City for reporting a crime it discovered in the ordinary course of business.

  • Idiot... (Score:5, Insightful)

    by Pedrito (94783) on Thursday December 20, 2007 @07:06PM (#21772174) Homepage
    That's like taking your car to get it repaired and being pissed off when you get arrested because the mechanic notices the 5 kilos of coke in your back seat. I mean, come on. The guy is an idiot and a criminal and he should go to prison.

    You wanna break the law and not get caught? Use some brain cells. Sorry, if I take my computer to get it repaired (and I have), I yank the hard drives. ALWAYS. I have no expectation of privacy when I drop my computer off with a tech. I do it largely because I have client data on my computer and I would be liable if I took it in for repairs and someone stole the data. It's just common sense, and if a criminal can't amass enough common sense to do the same, well, they deserve to be arrested, tried, and convicted.
    • Re: (Score:3, Insightful)

      by geekoid (135745)
      and when I've been arrested, my name trashed in the paper, and lost my job, and it turns out to have been sugar then what?

    • Re: (Score:3, Insightful)

      Sorry, if I take my computer to get it repaired (and I have), I yank the hard drives. ALWAYS... It's just common sense, and if a criminal can't amass enough common sense to do the same, well, they deserve to be arrested, tried, and convicted.

      If he knew how to yank the hard drives (and put them back in), would he need to pay someone to install his DVD drive? I suppose he could always go to Circuit City and get them to remove them and reinstall them... oh, oh, yeah.

    • Re:Idiot... (Score:5, Funny)

      by Anonymous Coward on Thursday December 20, 2007 @07:30PM (#21772594)
      "when you get arrested because the mechanic notices the 5 kilos of coke in your back seat." ... especially if your last name happens to be Peruvianmarchingpowderski
    • Re: (Score:3, Funny)

      by Kjella (173770)
      expectation and guarantee are two different things. i have an expectation that he won't rifle through the papers in the trunk but i have no guarantee. that it's too important to chance that is really a different story, and doesn't excuse people messing about where they have no business. if he was so stupid as to leave it easily in sight, like in the back seat then it's a different story but my impression is that too many like to snoop. the chances of getting caught are slim to none and if you do stumble on
    • Re:Idiot... (Score:5, Insightful)

      by Vellmont (569020) on Thursday December 20, 2007 @07:34PM (#21772646)

      The guy is an idiot

      There seems to be a belief on slashdot that if you're an idiot, you deserve whatever fate has befallen you. I have a basic problem with this attitude. The guy may not have been too bright about this, and he's definitely a criminal. But being dumb doesn't make you any more guilty, or any more deserving of punishment.

      I have no expectation of privacy when I drop my computer off with a tech.

      While I know that a tech can look at any file on the computer he/she wishes, this doesn't mean there's no expectation of privacy. If I let someone into my house to fix the drain, that doesn't mean it's OK for them to go searching through my house, read my private journals and look through my medical records.

      In you scenario, would it be legally OK for a tech to reveal your client details to a 3rd party? What if I have medical test results on my computer, would it be legal for a tech to reveal my medical records on his/her blog? I'd say both those things should have some expectation of privacy.

      Don't assume that just because someone committed a crime, or "is an idiot" that they have no expectation of privacy. The "I needed to burn some files" excuse is pretty lame. The tech was probably looking through the files for his own purposes, not to burn something.
    • by orzetto (545509) on Thursday December 20, 2007 @07:52PM (#21772876)

      The guy is an idiot and a criminal and he should go to prison.

      If I had been the guy's lawyer, the first thing I would have argued is that since the evidence was not uncovered by a sworn police officer, it could have been planted. What if this guy was a rude on the clerk, who was a vindictive bastard and decided to frame him? Or maybe a jolly clerk may have decided to pull a prank that went out of control when someone in the shop contacted the police ("hey Jimbo! this guy's name is Sodomsky, guess what I found on his drive!").

      Yes, the courts could have checked the last-modified filestat, but that can be tampered too.

    • Re: (Score:3, Insightful)

      by bughunter (10093)

      That's like taking your car to get it repaired and being pissed off when you get arrested because the mechanic notices the 5 kilos of coke in your back seat.

      Since when does the legality of one's possessions alter one's rights?

      If that porn had been "legal porn," then those Circuit City techs could easily have lost their jobs just for rifling thru the person's filesystem. There have been such cases receiving /. attention recently.

      When the foil and saran wrapped bricks in the trunk of my car turn out t

      • Re: (Score:3, Insightful)

        by tkw954 (709413)
        I'd say that the employee should be fired AND the owner of the computer should be punished.
    • Re: (Score:3, Insightful)

      by skeeto (1138903)

      The guy is an idiot and a criminal

      Since when are being either of these wrong? Remember, just about everyone who has been in the US for more than a week is a criminal. Some people might argue the former as well.

    • Your clients can hold you liable for unauthorized access to their data?

      Yet when someone takes their computer into a best buy, circuit city, etc, that person then becomes a client of said store, and has different rights?

      The point is that they looked through his files without his express permission.
      Was he dumb? Yes.
      Were they wrong in going through his files, even for a test burn? Yes.

      If they do a routine test burn, they should also do a routine disc read.
      Why not have a test dvd that they copy, and burn back
  • by mlawrence (1094477) <martin&martinlawrence,ca> on Thursday December 20, 2007 @07:08PM (#21772204) Homepage
    I was running a consulting company in Halifax just under a year ago, and a soldider from the armed forces had contacted me to fix his hard drive. While my tech was working on it, he discovered hundreds of gigabytes of porn, including many shots of young (pre-puberty) girls. The police had to get a search warrant for my office in order to legally seize the computer. The police did ask how we came across the images, because that was the most obvious way the case might have been thrown out. I never heard anything about the case again.
  • by moankey (142715) on Thursday December 20, 2007 @07:10PM (#21772236)
    It not like the employees installed a keylogger or monitoring software and discovered it, it was on his machine when they were asked to do work on it.

    Its like crying privacy rights if I ask a plumber to come fix my kitchen sink, I take off to run errands, and when I get back I am arrested for having murdered victims in my bedroom. Did the plumber violate my privacy and thus charges be thrown out?

    Someone with legal knowledge please clear this up.
  • idiot (Score:3, Funny)

    by roman_mir (125474) on Thursday December 20, 2007 @07:14PM (#21772292) Homepage Journal
    If this is true (what are this guy's first and middle names? Paedo Fill?) Then this guy is a moron. Giving a computer with stuff like that to whoever? His other charge should be 'being a moron'.
  • by mcrbids (148650) on Thursday December 20, 2007 @07:14PM (#21772298) Journal
    AFAIK, when you turn information into your lawyer, it's protected by "client-attorney priviledge". Your attorney can know that you murdered somebody, and is under no obligation to tell anybody. (In fact, he/she could be sanctioned or disbarred if they DID tell anybody)

    So, could you offer a bonded "secure" computer repair service through attorneys?
    • Re: (Score:3, Interesting)

      by jdjbuffalo (318589)
      They passed a law a few years ago saying that you have to report it to police if you find CP on someone's machine.
    • by AndrewM1 (648443) on Thursday December 20, 2007 @07:32PM (#21772614)
      No, you couldn't. In the US, at least, Attorney-Client Privilege comes in only when:

      The communication relates to a fact of which the attorney was informed:

            1. by his client,
            2. without the presence of strangers,
            3. for the purpose of securing primarily either:
                        1. an opinion on law, or
                        2. legal services, or
                        3. assistance in some legal proceeding,


      So it only matter when you're requesting their services for an opinion on law, legal services, or help in a legal proceeding. It'd be a bit of a stretch to claim any of those three if you had them install a DVD burner for you - hence, AC Privilege wouldn't apply.
  • by Schraegstrichpunkt (931443) on Thursday December 20, 2007 @07:17PM (#21772356) Homepage

    Without reading the article, what I'm guessing they're saying is that the evidence is not inadmissible in criminal court, because the person installing the hardware (and software, i.e. drivers) had blanket permission to boot up the computer and use it for the purpose of doing the installation. If, in the course of performing the installs, the person stumbles upon evidence that a crime has been committed, you can't retroactively claim that they didn't have permission to use the computer.

    What they're probably not saying is that you have no recourse if that person posts the embarassing (but legal) video you made for your spouse folder to YouTube, or even gossips about it.

    Just from reading the summary, I have no reason to believe that there's been anything new happening here. The police are held to the same standard all the time.

  • by BlueParrot (965239) on Thursday December 20, 2007 @07:22PM (#21772436)
    Ok, I'm guessing that the staff at the store were not police officers, so I find it hard to see how them doing something wrong would invalidate evidence gathered by the police, provided that the police did everything right. Now IANAL but it would appear to me that it basically boils down to what the police did after receiving the tip, or does US law actually say the police can't act on tips from the public if the public only knows what they know because of illegal actions? I.e, if I a crook breaks in to somebody's home to steal something, then finds a large quantity of drugs, I'd expect that the police would need a warrant to search the house, but surely the mere fact that the crook tipped them of doesn't mean they can't investigate? Thus I'm guessing that the real issue here is weather the police would have needed a warrant to have a look at the computer while it was in repair. What is precedence on that? Does the police need a warrant to search your car while it is being repaired, or can the mechanic just let them have a look around if they want to ?
  • by aussie_a (778472) on Thursday December 20, 2007 @07:22PM (#21772444) Journal
    He might actually have a right to privacy, however he would have to sue circuit city to get restitution for it being infringed. IANAL but I am a human being, and if someone who is not working at the behest of the police infringes on someone's rights but also discovers evidence and turns it over to the police, that evidence should be admissible. For example if a thief breaks into someone's home and discovers child porn and hands it over to the police, the prosecutor should be allowed to use that evidence. Now if there was evidence that the thief was working for the police (for example they routinely handed over evidence to the police) that would be a different story.
  • Yeah right... (Score:5, Informative)

    by spiritraveller (641174) on Thursday December 20, 2007 @07:23PM (#21772454)
    "Circuit City employees discovered the child pornography while perusing Kenneth Sodomsky's hard drive for files to test the burner"

    That's right your Honor, we were just looking for some jpegs and avis to test the burner with.

    The ones that have flesh-colored icons work are best for testing burners.
  • Simple Solution (Score:4, Insightful)

    by sqrt(2) (786011) on Thursday December 20, 2007 @07:23PM (#21772456) Journal
    Take out all the HDDs before you send it in to be repaired. This is prudent even if you're not concerned with privacy (but you should be) to protect your data from the idiots at the repair center that might finish off their work with a complimentary format and reinstall. I've seen that happen before. I don't have much sympathy for people who tried and failed to hide their child porn, but as with most losses of privacy it has a small impact on guilty people (who will just find a way around it) and a huge impact on the rest of us.
  • by ffflala (793437) on Thursday December 20, 2007 @07:29PM (#21772576)
    -The Car Analogy (obligatory): take to mechanic for repair, leave illegal material in an unlocked glovebox. Fuses are in the glovebox, mechanic finds illegal material. Arrested, trail court dismisses on evidentiary grounds, prosecution appeal currently pending. Al Sharpton somehow becomes involved in media coverage.

    -The Kitchen Appliance Analogy: take mini fridge in for repair. Leave severed hand of (former) roommate in freezer. Hand is found when test of ice cube tray attempted. Convicted to 30 year sentence, paroled in 9 years. Begin anew with career as tech security consultant.

    -The Post Office Analogy: Take large, heavy package to post office. Deliver using media mail rate, the cheapest shipping option. Miss sign claiming that any media mail package is subject to inspection by any PO employee. Box is lined with child pornography. Arrested, sentenced in federal court, killed in prison after 2 years.

    -The 19th Century Tech Analogy: take daguerreotype plates in for annual silver halide tune up and focus lens coal-cloth polishing. Leave illegal woodcuts of "ladies of the night" wearing bloomers and baring arms and shoulders(!) underneath stack of plates. Illegal woodcuts & etchings located when technician reaches bottom of stack. Immediately jailed, lynched by angry torch-bearing mob by evening. Grave marker doubles consonants and adds "e"s to the ends of first and last names.
  • by Opportunist (166417) on Thursday December 20, 2007 @08:24PM (#21773220)
    Quite directly and sensibly. As the head of the department, I'd have the guy who reported it fired. No, not because I want to protect a pedophile. But he simply has no business in a customer's personal files. Yes, in this case breaking into the privacy of the person helped discovering another crime. Yes, that's "another". Not "a", not even "a more serious".

    I happen to get a lot of client PCs on my desk, for similar matters. We do forensics for various high profile customers who want to follow the trail when a trojan hijacks their machine and they want to have proof how it happened. Which also means we got quite a few certs from various places, private and governmental, that allow our findings to be used as evidence in a trial. Looking through a customer's personal files (or any files not related to the problem outlined in very fine detail) is simply a no-go. No matter what.

    Yes, that means that I would have to let a pedophile get off the hook. By the contract between my company and the customer, and (as odd as this may sound), even by law. I must not look at those files. Having certain customers from certain companies that deal with certain topics plays a role here, but that's not the point.

    Should I accidently look at a file that does not belong to the case at hand (for example, when looking for trojan screenshots and I happen to run across a porn pic that happens to be in the same location a certain trojan would put its pics, or when undeleting files and perusing the findings), I have to ignore it. I never saw it. For all I know, it does not exist.

    Now, the kid who discovered that pedophile pics might consider himself being in the right. IMO, he's not. He broke the primary law of business: Don't break your contract with your customer. Don't invade your customer's (or anyone's) privacy.

    Yes, I consider an invasion into privacy a bigger crime than collecting kiddy porn. In other words, our politicians are lower than pedos in my books.
  • Huh? (Score:3, Funny)

    by argStyopa (232550) on Thursday December 20, 2007 @08:44PM (#21773454) Journal
    Sodomsky?

    Are you serious?

    That's like....occuponymous.
  • by dindi (78034) on Thursday December 20, 2007 @09:09PM (#21773738) Homepage
    I freelance, and I work for a few casinos, sportsbooks, and some investment firms.

    I have a very clear data policy publicly available on my site, and I ask all my customers to read them.

    I have these to protect myself and to protect my clients. I always tell them what data/logins/access I need, and ask them to agree or deny.

    Did Circuit City tell the guy that they were about to look into his files? Did they warn him what access they needed, and what they needed to modify? If not: well the guy is right.

    Note 1: I am not sorry for a kiddiporn lover who gets arrested.
    Note 2: My data policy can cost my life, so I am very open and strict about it. Most importantly I always ask clients to give me the least possible access necessary, so a data lifting accusation is out of question.

    Note 3: The highest danger factor of being a tech in Central America is losing knee caps/life/fingers after stealing customer info data from a gaming operation. It is best to not even attempt is, and even better to not even get suspected.

  • by alexborges (313924) on Thursday December 20, 2007 @10:25PM (#21774558)
    Its about stupidity. You see, im not worried that they checked, not worried that they found. What worries me is how the HELL do you prove beyond the shadow of a doubt that the guy was actually the user of that porn?

    How do you prove he didnt get it by clicking on some pr0n spam. How do you know he didnt just get it off of google images and it got into his cache.

    What has to stop is the assumption that people are responsible for whatever shit gets dropped in their box. They arent and most specially arent when using microsoft software. Anyone can put the pr0n there.
  • by belmolis (702863) <billposer@alum.m[ ]edu ['it.' in gap]> on Thursday December 20, 2007 @10:39PM (#21774674) Homepage

    There are two issues here that need to be distinguished. One is whether the techs had any business going through the guy's files. The other is whether the state can use what they discovered against him. To the first, I would say that although it isn't safe to assume that the techs won't go through your files, they don't have any business doing so except to the generally limited extent that it is necessary for their work. Obviously if you have a problem with corrupted files they're going to want to look at the files, and they may well need to look at various kinds of system files and config files, but most of the time there is no good reason for them to look at other files. If they want to test a DVD burner, they can perfectly well use a file that they keep for that purpose.

    On the second issue I am surprised at the trial court's ruling. As a rule, the state is entitled to use evidence whether or not it was legally obtained so long as it wasn't the state that broke the rules. If the person who obtains evidence is a police officer or is acting as an agent of the state, the evidence must be excluded if there was no search warrant and it does not fall under one of the exceptions to the need for a warrant. If, however, the evidence is obtained by a private party acting on his own, not at the behest of the police, it is generally admissible even if the private party had no right to do what it did. The principle is that the state should not be penalized for actions outside of its control. The Fourth Amendment constraints government action, not that of other parties.

  • by Chris Pimlott (16212) on Thursday December 20, 2007 @10:46PM (#21774754)
    It's all well and good to debate the general case of whether there is an expectation of privacy when you hire someone to work on your PC. But what matters in this case is the specific agreement. I'm sure the store has a standard form with lots of boilerplate where the customer grants them rights to do such and such with their computer, waives certain liabilities, etc. The specifics of that agreement are really what's important, without that you can't say whether it was legal or not.
  • Lots of problems (Score:4, Insightful)

    by cdrguru (88047) on Thursday December 20, 2007 @11:08PM (#21774932) Homepage
    1. In most parts of the US if you somehow "discover" child porn you are required to report it. You aren't collecting evidence in any way - you are reporting a potential crime.
    2. The first thing the police will do is handle the computer as a source of potential evidence. They will have their forensic people image the hard drive and search out illegal materials. Whatever the technician found is irrelevent.
    3. If the technician planted evidence on the computer, this will be clearly shown by a forensic examination of the hard drive. There is almost no chance someone would be able to successfully fake things well enough not to stand out as a frame-up.
  • Overlooked point. (Score:4, Insightful)

    by Jartan (219704) on Friday December 21, 2007 @04:46AM (#21776588)
    This may not be relevant but I think it's worth pointing out that the reason the tech was supposedly looking for files is bullshit. They probably made that up after they discovered the files. The tech was almost certainly looking for normal porn or movies on purpose to copy it. Using a video file to check if a burner is installed correctly is utter nonsense.

    I know in some Best Buys it gets so bad that it's not even techs individually doing this sort of thing. Last time I had a friend working at one they even had a server setup where they copied customers files that were interesting so everyone could get at them. I can't imagine Circuit City is any different.

    This thing is only going to get worse. Fact is some people are always going to have reasonable reasons for trusting someone else to work on their computer. A lot of these techs even use tools to override any normal security just to make their jobs easier. People are going to have to get smart about not putting things they want private on non removable media. Software is going to have to become more mature at making sure normal users know where there information is on their drive and know how to remove it also.
  • by Mad-cat (134809) on Friday December 21, 2007 @11:18AM (#21779104) Homepage
    Disclaimer: I am not a lawyer, but I am a police officer and have testified as a witness in many trials. I am also well-versed in most criminal and constitutional case law, and with Florida criminal statutes.

    Typically, trial and appeals courts don't examine whether or not you had a *right* to privacy. They usually examine whether "under identical circumstances, would a reasonable person expect privacy?"

    In other words, if you're doing something in your un-fenced back yard, you have no "reasonable" expectation of privacy, even though you are on private property. On the other hand, if you are in your home, you do have a reasonable expectation of privacy.

God is real, unless declared integer.

Working...