Questions were raised last year about whether FBI agents were actively recruiting technicians at Best Buy's Geek Squad to search for illegal content on customer devices. According to newly released documents, however, prior reports only scratched the surface: Best Buy's ties with the FBI appear more complex than once surmised.
The existence of the Geek Squad informants was first revealed via the prosecution of a California doctor named Mark Rettenmaier. After Rettenmaier sent his computer to Geek Squad for repair in 2011, technicians working out of a massive Kentucky repair shop discovered thousands of images depicting child abuse on Rettenmaier's device. Court filings later revealed that there were "eight FBI informants at Geek Squad City", and a number had received $US500 ($643) to $US1000 ($1286) payments in exchange for acting as confidential sources.
It was unclear at the time how much Best Buy knew about the arrangement. However, documents recently acquired by the Electronic Frontier Foundation - which last year sued the US Justice Department under the Freedom of Information Act after the FBI denied the group access to records - show that Best Buy has, at least at certain times, maintained a relationship with the feds, at one point hosting a meeting with the FBI's Cyber Crimes Working Group at its Kentucky repair facility.
The 2008 meeting with the FBI kicked off with a tour of the Geek Squad facility, according to one memo. The bureau's Louisville Division has "maintained close liaison with the Geek Squad's management in an effort to glean case initiations and to support the division's Computer Intrusion and Cyber Crime programs," the memo says.
When Geek Squad employees did locate child pornography on a customer's device, FBI agents would appear at the facility and the device would be seized and sent to a field office near the owner. In certain cases, a warrant was obtained to search the device.
At first blush, it seems Geek Squad is providing a public service by helping the bureau capture suspects trafficking in child pornography. However, the arrangement - law enforcement paying retail employees to riffle through customer data for illegal content - raises a number of important Fourth Amendment issues.
While Best Buy itself is authorised by customers to search the devices, the company's partnership with the FBI, to some, suggests that Best Buy is effectively acting as an arm of the bureau - conducting searches that would otherwise require a probable cause warrant.
Moreover, the bounty the employees have been paid for locating illegal content may incentivise them to conduct searches that aren't necessary to complete repairs. (As the EFF points out: "The image found on Rettenmaier's hard drive was in an unallocated space, which typically requires forensic software to find.")
This year, the FBI appears to for the first time have overlooked a reporting obligation established by the US Attorney General's office, and in doing so, the bureau appears to have greatly low-balled the total number of times it authorised confidential informants to engage in criminal activity last year.
In January 2017, Best Buy spokesperson Jeff Shelman told The Washington Post that Best Buy and Geek Squad "have no relationship with the FBI", but that, "from time to time", its repair agents "discover material that may be child pornography and we have a legal and moral obligation to turn that material over to law enforcement".
"Any circumstances in which an employee received payment from the FBI is the result of extremely poor individual judgment, is not something we tolerate and is certainly not a part of our normal business behaviour," Shelman added.
Best Buy told Gizmodo on Tuesday that Geek Squad repair employees discover "what appears to be child pornography" on customers' computers nearly 100 times a year, but that it is only discovered "inadvertently" when "attempting to confirm we have recovered lost customer data".
"We have a moral and, in more than 20 states, a legal obligation to report these findings to law enforcement," the company said. "We share this policy with our customers in writing before we begin any repair."
Other remarks made by a Best Buy's spokesperson, however, appear to be contradicted by the FBI records. The company told Gizmodo that its policies "prohibit employees from doing anything other than what is necessary to solve the customer's problem". This policy doesn't appear to comport with what the FBI's records show - that Geek Squad hosted a meeting with US federal agents and provided them with a tour of its computer repair shop. Best Buy declined to further clarify its statement.
The EFF said the FBI has refused to confirm or deny whether it has similar relationships with other businesses offering computer repair. In response to the EFF's Freedom of Information Act request, the FBI failed to turn over any documents that would reveal whether it has developed internal policies or training materials for cultivating sources at repair facilities. The EFF said it intends to challenge the bureau's response to its request this autumn.