No Right to Privacy When Your Computer Is Repaired 853
Billosaur writes "ZDNet's Police Blotter bring us the interesting story of a Pennsylvania man who brought his computer into Circuit City to have a DVD burner installed on his computer and wound up being arrested for having child pornography on his hard drive. Circuit City employees discovered the child pornography while perusing Kenneth Sodomsky's hard drive for files to test the burner, then proceeded to call the police, who arrested Sodomsky and confiscated the computer. Sodomsky's lawyer argued in court that the Circuit City techs had no right to go rifling through the hard drive, and the trial court agreed, but prosecutors appealed and the appeals court overturned the lower court's decision, based on the fact that Sodomsky had consented to the installation of the DVD drive."
Re:Ultimately.... (Score:5, Informative)
Windows EFS is decent crypto (I think it's 3DES on workstation, AES on server versions) but once you've authenticated your session, you're in to all the files automatically, it's only good for preventing offline reads. That's it. Privacy -- in general, not just for these situations where someone was doing something illegal -- would be greatly served (and Geek Squad wouldn't find people's private videos of themselves on vacation or whatever) if they'd just add in the feature everyone wants.
Local file access security exists only in a domain or with third-party tools like TrueCrypt.
Re:Apple care (Score:3, Informative)
Re:Apple care (Score:4, Informative)
Yeah right... (Score:5, Informative)
That's right your Honor, we were just looking for some jpegs and avis to test the burner with.
The ones that have flesh-colored icons work are best for testing burners.
Actually (Score:1, Informative)
Re:Legal computer repair? (Score:4, Informative)
So it only matter when you're requesting their services for an opinion on law, legal services, or help in a legal proceeding. It'd be a bit of a stretch to claim any of those three if you had them install a DVD burner for you - hence, AC Privilege wouldn't apply.
"poking around for files to test the burner?" (Score:5, Informative)
I hate child porn as much as anyone else, but this stinks of people looking for personal details on their clients that are none of their business. This shady shit has to stop.
Re:Fake? (Score:4, Informative)
Re:Mod this down, too, idiots (Score:1, Informative)
Re:Idiot... (Score:3, Informative)
Re:Planted-evidence defense (Score:1, Informative)
If you know who did something, it's usually much easier to prove it than without that a priori information.
Pedophiles are the Modern Witches (Score:3, Informative)
Yet when someone takes their computer into a best buy, circuit city, etc, that person then becomes a client of said store, and has different rights?
The point is that they looked through his files without his express permission.
Was he dumb? Yes.
Were they wrong in going through his files, even for a test burn? Yes.
If they do a routine test burn, they should also do a routine disc read.
Why not have a test dvd that they copy, and burn back?
The fact is these stores LOVE to rummage through your files.
It's good PR when the company can say they help fight child porn.
It's a laugh riot for the employees to dig through your favorites and personal files.
It's not beyond reason to suspect that said files may have been planted.
It's wrong of them to do it, and legally, this guy has a good defense.
When you develop film, they HAVE to see the pictures to do their job.
Film developers are required by law to report anything involving child abuse or animal abuse (and probably murder, etc).
A tech installing a dvd drive does not need to look through your files, even for a test burn.
It's the equivalent of a plumber coming into your house and pawing through your stack of magazines on the lid of your toilet tank.
This did not warrant an arrest for this man.
It warranted an investigation, with the computer being returned and law enforcement going to a judge requesting a warrant.
It's called due process.
Re:Ultimately.... (Score:1, Informative)
Second, they should not be poking around the CUSTOMERS files- use a USB key with a (public domain) video file on it. Or,
There is NO excuse for a simple hardware install to turn into a search of the customers hard drive.
Re:Apple care (Score:1, Informative)
I have my home directory on an external hard disk so the only stuff on the computer hard disk is the operating system and swap. I could do away with the swap partition but it is easy enough to wipe that partition in the event I was going to hand-over the computer to someone. Besides I do a lot of work-related writing on the computer and certainly do not want unauthorized persons to be reading those documents at some future date.
Re:Ultimately.... (Score:3, Informative)
Second, there is nothing stopping one tech from putting it on there to have another see it and call the cops. I have friends who have found kiddy porn on clients computers before. And yes, they have notified the authorities. But from there, they took it to another shop who I know the techs and the couple of items turn into more then what his hard drive had marked as used space. A portion of the evidence presented in court wasn't there when the original complaint was made. Of course I assume they ran recovery software and claimed those, but file that were deleted before the fact aren't really files that can be viewed, so I'm not entirely sure about how that happened or how it played with the charges.
Finally, Yes, I agree. Separate emotion from the real issue. The real issue is that you should expect techs to look through files when they are doing something that would be considered "fixing" the computer. You might not expect them to open the files and so on, but they would at least look through them. Also, if your going to have files that could be considered illegal on your computer, don't give it to someone else when they can see them. Finally, find Spyware, virus or something that can give you an escape if you are caught. Something as simple as a back door trojan and a webserver hosting the files that while turned off can be turned on by the trojan can give you the reasonable doubt if anything happens.
Re:"poking around for files to test the burner?" (Score:5, Informative)
NO you never "put some data on a customers computer", you never test a burner and its software by just checking the hardware, you never "go looking through peoples files... just for the hell of it".
Usually I grab a few gig of files from the "Windows" folder, which, once the burn is tested as successful, said disk is destroyed (not just binned, i peel the backing off it and break it).
Giving me your computer to fix software problems (burner install requires software work) is giving me permission to access your data for the purposes of making said repair. As a microsoft cert installer (and we are a member of the MS partener program) we have the right to make copies of windows files for internal use, so thats how I test them, an easier way is to use the customers data, as they have the rights in regard to that.
Lay off the guys, they did their job AND their duty to the letter of the law, you should be thanking them not looking for a which to burn.
Oh, and as for external testing programs, yeah knoppix will test the drive, but if their copy of nero is fubar they will be in the next day talking to your manager about having you sacked
Its NOT about privacy.... (Score:3, Informative)
How do you prove he didnt get it by clicking on some pr0n spam. How do you know he didnt just get it off of google images and it got into his cache.
What has to stop is the assumption that people are responsible for whatever shit gets dropped in their box. They arent and most specially arent when using microsoft software. Anyone can put the pr0n there.
Re:Apple care (Score:5, Informative)
But, this case raises TWO different questions that are getting confused.
1 -- Did the service technician violate the privacy of the computer owner by looking at files on the hard drive that might not have been required to perform the repair work? This is a question of civil law, and possibly of the contract between the user and technician.
2 -- Can the police use the evidence found by the technician to prosecute the computer owner? This is a question of constitutional law and criminal procedure.
The answers to 1 and 2 are not necessarily linked.
The constitution provides protection against GOVERNMENT searches of your property. The government can't, without a warrant or an emergency, take your computer away and look through your files. Nor can the government pay a repairman to do what the government can't do directly--for example, if the government paid repairmen to snoop through computer.
But, the constitution doesn't say anything about what OTHER people can do. If the repairman did snoop beyond the limits of his authorization then the computer owner might be able to sue the repairman. But, just because the repairman did a bad thing doesn't mean that the protections in the constitution against government invasion are automatically triggered. Take a different example -- a burglar breaks into a home, steals a lot of stuff, and also sees child porn on the way out the door. If the burglar gives an anonymous tip to the police (or bargains for a lighter sentence in exchange for testimony) then the evidence can probably still be used, even though the burglar had no right whatsoever to be in your house. In fact, it was CRIMINAL for the burglar to be inside your house at the time he saw the child porn, but it's still probably fair game in a prosecution.
The key difference is whether the STATE has violated your right to privacy. You can't bargain with the state to set a higher or lower expectation of privacy; we have a Constitution that sets a minimum floor of privacy for everyone. But, you can negotiate with a computer repair service--if one service offers "no privacy-we'll read all your files" and the other say "complete privacy, for a little bit more money" then you get to pick which one you like, and to sue the "complete privacy" company if they break their word.
Disclaimer: Before you do something dumb, speak with YOUR attorney. I am not an attorney and the law often turns on what seem like very small differences in facts; your situation is probably different and will require personalized advice.
Re:Ultimately.... (Score:3, Informative)
Yes, badge: Ich meine Abzeichen tragen mit Stolz (excuse my german, it's rusty)
As rich_r said, we (the pimply faced teens) realised it wasn't our call to make and passed it on to the someone else to deal with. Many others have said that if you see something that you think is illegal you should report it.
http://yro.slashdot.org/article.pl?sid=07/12/15/1459243 raises a similar issue. Customs officers _thought_ that some cartoons among a bunch of ADULT porn were illegal so they detained the guy. The whole thing there is now the police want access to the encrypted drive to see if there is or is not actually illegal porn there. That whole mess became significant because a judge ruled that the defendant can't be forced to even divulge that he knows the encryption key; let-alone actually give it to police. That guy was reported on the basis that somebody THOUGHT something was illegal, not because they were sure of it.
To pull a terrorism analogy here, if your neighbour was collecting lots of ammonium nitrate what would you do? Say "geez he must really care about his garden" or possibly report him. It is not your or my call to make if what the guy is doing is illegal. At the end of the day if it's not illegal and you do report him the worst that happens is the police knock on his door, he lets them poke about and they say sorry for bothering you.
WTF? You're entitled to your opinion I guess. There are varying levels of what is right and not.Re:"poking around for files to test the burner?" (Score:2, Informative)
And one small tip. If you take your PC in to have data recovered or backed up, do yourself and your tech a favor and tell them (as accurately as you remember) the names of the FOLDERS your important stuff is in so we don't have to open them. I don't know how many times I've been asked to back up "just whatever pictures you can find" and while trying to locate these pictures, opened up a 10 gig folder of dude-porn. Damn you XP and your thumbnails!!!
Re:Apple care (Score:4, Informative)
Re:Apple care (Score:3, Informative)
The technician in this case apparently, according to TFA, was searching for random video files on the customer's PC to burn using the newly installed DVD burner to make sure everything was working. He got suspicious based on the names of some files, including one listing a male name and a number he thought was an age of 13 or 14. Upon deciding he'd probably found child porn, he contacted authorities. This doesn't sound like rifling through all the guy's files at all if that's the way it really happened.
The judge decided the test was a commercially common and acceptable way to test a DVD burner -- by searching for video files on the user's drive. I'm not sure how common it is these days to do it that way, but it certainly sounds reasonable and not nefarious to test it that way.
The appellate court also decided that you have no privilege of confidentiality with a computer store like you would with a doctor or lawyer.
Re:Apple care (Score:2, Informative)