Can A Computer Store Tech Look At Your Files?
from the yes,-within-some-limits dept
Declan McCullough is discussing a recent lawsuit where a guy brought his computer to Circuit City to have a new DVD drive installed. The technician who did the installation then wanted to test it out the software that came with it by playing a video. The tech found a video file on the hard drive and played it... only to discover that the video was child pornography. He called the police and the guy was arrested. The question before the court was whether or not the technician had a legal right to open a file on the hard drive. While the lower court said no, an appeals court has said that it was acceptable, because the guy had given access to the computer and the technician wasn't randomly searching, but was performing a test in a "commercially accepted manner." Of course, that seems a little odd too. If the job was to install a DVD player -- shouldn't the test have involved a DVD rather than a local file? However, it's hard to argue against the ruling too strongly. The guy did know what was on his computer and handed it to others, knowing they'd have access to the machine.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: computer technician
Companies: circuit city
Reader Comments
Subscribe: RSS
View by: Time | Thread
That's what you get.
[ link to this | view in chronology ]
porn dogs
[ link to this | view in chronology ]
Re: porn dogs
[ link to this | view in chronology ]
Prosecute the pervert, Fire the tech
[ link to this | view in chronology ]
Re: Prosecute the pervert, Fire the tech
[ link to this | view in chronology ]
Re: Prosecute the pervert, Fire the tech
child porn fuckers need to be stopped... imagine a child in your life that gets abused by one of these sick people
worry about privacy for good people
[ link to this | view in chronology ]
Re: Re: Prosecute the pervert, Fire the tech
If only the "good people" have privacy, then no one has privacy, even the "good people".
[ link to this | view in chronology ]
Re: Prosecute the pervert, Fire the tech
Keep in mind, under industry certifications, access to personal files are granted to the IT tech if the owner submits the hardware (& information) to the technician. What can be used in court and outside of the realm of the PC repair action is what is under scrutiny, not the technician.
[ link to this | view in chronology ]
Re: Prosecute the pervert, Fire the tech
[ link to this | view in chronology ]
The only way the evidence could be thrown out is if the technician TOLD him they don't report child pornography which would be entrapment. The point is, if it's there, it's ILLEGAL. Case closed.
[ link to this | view in chronology ]
what if...
I'm more interested in the comments about these places searching for porn.
What if I took my computer to one of these places and told them specifically what they have access to to perform a particular job.
Then what if I had filemon logging all file access while the computer was in their possession. (filemon for windows... because most of these shops probably wouldn't know what to do with linux [not you turtle... I'm thinking more of the chains])
And what if the logs indicated that a full file scan happened by something that shouldn't do a full file scan (explorer.exe as opposed to antivirus, defrag, whatevs).
Who wins that court battle (civil)? (this is assuming that the place would accept the repair/upgrade job under my guidelines... which wouldn't happen MOST of the time)
[ link to this | view in chronology ]
Keep the tech
This means ask the client to provide a test file, and only test that one.
Hard drive, never leave your HD in a computer going to a tech person, pull it out and keep it safe, its your data and its not needed for any test that might be going on unless its related to software, in that case hang around and if your not allowed find a smaller shop that will let you be a part of the solution, that's not that easy, most tech guys dont want to let you know they know as little as you and are poking around until they stumble over the problem, in general 15 min is max for any problem, if more then ghost the drive with new image ( make a backup before handing in the computer now you know why)
[ link to this | view in chronology ]
Re: Keep the tech
Agreed. But there's one detail.
People who are able to pull the hard drive (and put it back) are likely to be able to install a new DVD drive.
I'll suggest that this bit of advice is of very limited usefulness...
[ link to this | view in chronology ]
Re: Re: Keep the tech
[ link to this | view in chronology ]
Re: Keep the tech
[ link to this | view in chronology ]
Perhaps missing something?
[ link to this | view in chronology ]
Re: Perhaps missing something?
By having a knee-jerk reaction. There is a large portion of our society in which anybody accused of this crime is automatically assumed to be guilty and deserving of a death sentence. No evidence is necessary for these people. They are so overwhelmed with a desire to "protect the children" that they will burn anybody at the stake. I sincerely hope somebody accuses them of the same crime some day, so that they might gain some appreciation for "due process" and "innocent until proven guilty".
[ link to this | view in chronology ]
Wrong - yes, Illegal - No
That said, I do not believe it was in any way, shape, or form illegal for the file to be viewed. Further, the technician did the correct thing, ethically, morally, and legally, by reporting it. He had full access to the PC given to him by the owner of the PC. The file was not encrypted, hidden, or password-protected. In my opinion, as a average person who IS NOT A LAWYER the arrest and conviction should be upheld.
If I were the technician's supervisor, I would sit him down and tell him he did the right thing in reporting this to the authorities, but that he should not look at user's files. The privacy issues are significant, and while he did a good thing in helping take this person down, he still should not have looked at a customers private files.
[ link to this | view in chronology ]
Do you read CubFX?
"The most he should ever look at are system files or program files associated with the specific problem he is attempting to resolve."
He picked a random video file, most likely from "My Videos" if its Windows XP, to play on the software that was installed with the DVD player. It's perfectly normal, especially since most places don't have a 'test' DVD of their own to use.
It's kind of important from a customer service standpoint to make sure what you are doing actually works, otherwise you won't get more customers.
[ link to this | view in chronology ]
re: Trevlac
I agree with Turtle Ilsand. Prosecute the pervert, fire the tech.
[ link to this | view in chronology ]
Depends on the agreement he signed...
Suppose I drop my car off to get fixed at my local mechanic's garage. Inside the locked glove compartment is a package of powdered coke and a loaded Glock with the serial number filed off. My mechanic, during the process of fixing the car opens my glove compartment and sees the contraband and calls the police. The police seize the vehicle and arrest me when I come in to pick up the car.
Is the evidence admissible in this case? Or is this different?
[ link to this | view in chronology ]
Re: Depends on the agreement he signed...
I would tend to think that the police could use the evidence, but may have to arrest the mechanic for b&e. Then you may have a nice civil suit against the mechanic/garage when/if you get out.
but what do i know.
[ link to this | view in chronology ]
Re: Depends on the agreement he signed...
Yes, the evidence is admissble. What people seem to be confusing here is criminal prosecution vesus civil liability. Yes, the police can use the evidence against you that your mechanic found. The 4th Amendment only protects against warrnatless searches by the government, not private individuals. Therefore, the evidence is admissible against you at trial (unless the government/police asked the mechanic to search your car, in which case he's now acting as an agent of the government, not a private individual).
However, even if you're convicted, you still would have a civil claim against the mechanic for searching your vehicle without your permission.
[ link to this | view in chronology ]
Are you kidding me?!
It's hard to argue too strongly against an invasion of privacy, because in this one particular incident it involved a guy who was into some really nasty shit?
It's either an invasion of privacy and should not hold up in court ... or it isn't one and it should hold up in court. It is entirely irrelevant what the guy is suspected of doing.
[ link to this | view in chronology ]
Happens All the Time
[ link to this | view in chronology ]
Re: Happens All the Time
I discused the confidential nature of any information related to the computer only in terms of and agreement that all information is confidential. When I came to pick up the computer before leaving my office the computer tech qouted ethics as a means in which he operates his business.
I returned the following day with an All rights reserved confidentiality agreement for his signature and he refused to sign it until he can have his attorney view the document. While I understand professionalism he wasn't professional enough to offer me a confidentially agreement yet he did make the mistake of signing the agreement followed by the wording "refuse to sign unitl I speak with an attorney" thereby acknowledging a verbal understanding of the agreement.
I say this only to say regardless the reasoning be mindful of what you have on your computer when intrusting it to a third party. By the way this tech was my cousin... And as for the tech/pron situation he did the right thing by tuning him in because the child he might have violated next might have been your own, however knowing that it is a regular practice for computer repair tech to look into to your infromation what ever the reason. The next business that I will develop is a ethical computer store.
[ link to this | view in chronology ]
Agree and disagree.
Most people are saying to test the DVD drive you should you a DVD. Agreed. But to test the software that the "Customer" asked to have installed, you should test all features. Including the feature that the software will play videos off the hard drive. The tech shouldn't have searched the computer for files, instead they should have informed the customer of the feature, and offer to test it with the customer at the time of pick up. There are too many video formats out there now that a computer tech cannot tell the customer that the files on their HDD will work without testing them.
You may agree or disagree as you wish. Those are my two cents.
[ link to this | view in chronology ]
Re: Agree and disagree.
The software came with the DVD drive. It should not have been used to test ANYTHING but the product that it came with.
Once again...that was the DVD drive.
We techs DO NOT concern ourselves with all of the possible file formats and all that other BS. That is NOT our problem. It is NOT our concern what file formats the user is exposed to or may use - UNLESS they bought software that is relevant to them and they bought it EXPRESSLY for that purpose.
Anyone in the tech support industry knows the rules... Do ONLY what is needed. The rest is left to the user to either figure out on their own...or PAY to be taught.
You can NOT argue that there is any kind of correlation between the DVD drive and a file that existed on the system prior to his having brought the computer to the store. The terms of the job did NOT state that the tech was supposed to play any video files.
Whenever I do a backup, I have ALWAYS ignored the contents of the folders. I have only ever copied the folder ITSELF without ever having looked into the folder. If there were issues with specific files, I informed my customer before proceeding in any way. If they wanted it fixed, troubleshooted, etc, I got THEIR ok to deal with it. (Some customers get PISSED if you look in their pictures folder. You wouldn't believe some of them!)
You're just another zealot who calmly shrugs off the specifics of enforcing the law.
[ link to this | view in chronology ]
Re: Re: Agree and disagree.
If you go the extra mile, you get repeat customers. Frankly, business is built off repeat customers. If you do only what you have to do, you are telling your customers "Thanks for your money, come back if you want, we really don't care."
[ link to this | view in chronology ]
Not to defend the idiot with the child porn on his computer...in the LEAST bit... (So don't talk shit on me for my argument. I DO NOT support it. Even when a friend of mine was recently sent to PRISON for 10 years for the same goddamn thing.)
But I guarantee you that any paperwork he signed at the store did NOT give any permissions to view personal files. ONLY TO BACK THEM UP at most. (I've worked in the industry. They're very particular about it.)
In light of that, I must apparently remind all of you that there IS a little document written on centuries-old parchment that is currently on display in Washington DC...
It's a little thing called, "The Constitution". There is a little thing called "The Fourth Amendment" which protects us against illegal search and seizure - WITHOUT A FEDERAL WARRANT. Said warrant may be issued under "reasonable" measures.
A document stating that Circuit City can install a drive does not give express permission to obtain evidence against this man; whether purposefully or inadvertently.
As mentioned in the article, the employee had no business viewing the personal files of the user as he was installing a DVD DRIVE. The software may have come with the DVD drive, and it may play video files other than the type found on the DVD disc... But the employee's objective was to install the DVD drive. Any software associated with this device should have been used to test ONLY the drive.
People... I realize that people commit crime every fucking day... But it seems that 'in the name of justice' that we are more and more often conveniently brushing aside the principles for which I myself was a soldier.
You people really need to brush up on some American history.
Here. Educate yourselves.
http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
[ link to this | view in chronology ]
Re: Federal Warrants
As a private citizen, I might be held civilly for the intrusion, I would still not be need a warrant unless i was acting as an agent of the Gov't
[ link to this | view in chronology ]
Re: Ummmm
Cases like this are the reason that my clients must sign a document that tells them it is possible during diagnosis and repair that any file could be accessed, and that any unlawful materials found on the drive must be reported to the police.
Even with this clearly spelled out to them, I have several customers a month that I have to turn in.
[ link to this | view in chronology ]
Re:
We obviously have two evils at work here: The tech guy who was snooping where he should not have been snooping; The abominable person behind the child porn.
It should not matter how the information was obtained in deciding punishment, the fact is the information was obtained and it showed that someone was violating something beyond the conventions of human legalities. The only question at hand should be, "Is the guy who brought the computer in responsible for the despicable content?" If so, appropriate punishment is due. This is how the purpose of the laws can be protected instead of the letters of the law upheld. The constitution was designed as a tool to guide our thinking not control it. Human conscience and common sense have to play a role in the decision making process that results in intelligent action. We are not computers following exact logical statements and restrictions.
Words are nothing without meaning and the meaning of different words change over time in different cultures and under different contexts. So an understanding of purpose has to come into play rather than the letters put on paper. We are not proofing calculus formulas. Throw into the mix of letters a little bit of sense and judgment and you have a functioning society capable of making all the right choices and not debating whether or not a man should be punished for such an obvious violation of natural law. The law that is apparent to everyone in every culture and every time. That voice inside your head that says, "this is wrong" or, "this is right." Hopefully everyone agrees that child pornography is wrong. From there it is a simple path in reasoning to reach a correct conclusion to action.
Bottom line:
In the interest of protecting the children victimized, the responsible and participating parties need to be punished or prevented from committing the crime again.
In the interest of the constitution, find out who is responsible for the violation assuming the customer is innocent until PROVEN guilty. Don't spread rumors and speculation via media and propaganda so that the whole country is unfairly biased against a potentially innocent man to the point he can't receive a fair trial. No one seems to understand the full story behind it all. It sounds like the computer could have been used by other people; It does seem at least logical that someone wouldn't knowingly bring in a computer with grossly illegal content so readily available though I would have to say I have seen people do dumber things.
In the interest of a consumer's basic and expected confidentiality for the requested service performed, the technician should be reprimanded appropriately by the store owner unless the store's policy is to peruse a customer's personal files unnecessarily, which is obviously the case here according to the experts above. If it is acceptable store policy then consumers should be made aware that any of their personal files may be viewed for no specific commercial purpose and possibly the pleasure or tastes of the technician that happens to be assigned to work on the device.
In the interest of encouraging appropriate and correct action despite the potential for self harm, give the store technician a thumbs up for his inappropriate actions leading to the prevention of more heinous crimes. Dumb luck and randomness in wrong action served a good purpose. Hopefully he learns the right lesson and doesn't think he should continue pursuing the violation of people's privacy.
These routes of action will take our country one very small step closer to regaining the decision making process that seemed so much simpler in former times - as conveyed in readings and conversation not direct experience. These were times apparently when it was not a question whether a guilty party deserved to be punished, but whether the suspected party were actually guilty or not. Ill willed legislation, lawsuits, tyrants, criminals, and other filth seem to have infected the thinking of our race like a disease and can only be cured the old fashioned way - not mass homicides and anarchy - increasing the number of individuals making enough individual correct decisions over time to change the trend from muddled and doubtful thinking to purposeful and meaningful thinking. The exact lines and letters do not need to be the focus, because what are they except symbols and condensed representations for meaning and purpose. The bigger picture and the actual purpose or meaning needs to be the focus. This will alleviate enough brain power to actually see what is going on. This issue might have been a little bit difficult to wrap a mind around, but 99% of the decisions people have to make in life are very simple, black & white or unimportant/irrelevant.
Child porn: wrong
Assuming innocence until proven guilty: right
Invasion of privacy: wrong
Preventing crime: right
Join the revolution in correct and simple thinking. It will not be a step backward in the line of progression I assure you modernests and progessionists; It may be a step backward in time though.
Sincerely,
Citizen disgruntled with the reasoning and decision making power of the only rational species on earth
[ link to this | view in chronology ]
Re:
It does not protect against banks, or companies.
[ link to this | view in chronology ]
How do you prove the tech didn't put it there?
Not that I think that's what happened -- this is more the scenario for a Law and Order show -- but stranger things have happened...
[ link to this | view in chronology ]
Re: How do you prove the tech didn't put it there?
I think you see what I mean.
[ link to this | view in chronology ]
We can't just let our emotions flare up and start prosecuting people left and right. The Constitution was made with the realization that without an article to contain justice and to guide it in the right direction...
...that ZEALOTS would eventually create chaos and call it "Justice".
So how many of you are going to start railing against me "for great justice"?
How many of you are going to side with the biased soccer moms of our country just because YOU deem it necessary and righteous...all the while ignoring the specifics of our laws and creeds?
You all may be perfectly willing to ignore the wisdom of our forefathers and KILL the man for having had the material on his drive... But did he actually HURT anyone? Did he do anything more than contribute to the exploitation of a young person?
Then you should also be holding the parents of these children EQUALLY responsible for allowing the lives of their children to fall into these circumstances.
Once again, I am not saying that I support this kind of activity in any way, shape or form... But it just PISSES ME OFF when I sit here and watch so many people IGNORANTLY bleeting for justice...like the lambs that you've all become.
You forget what REAL justice is...because this country has ALSO brushed it aside for the sake of convenience, status and LET'S NOT FORGET...for GOD.
*rolls eyes*
I love the christians...and how they are so willing to persecute ANYONE in the name of justice. They claim to live by the very laws that they created 'under God', but CONTINUALLY fail to recognize the specifics of these very laws they claim when it comes time to.
Whatever. I'm just ranting now. You get the point.
Don't be so quick to dismiss the rights of others if you're going to be so quick to think of doing so. EVERYONE is [supposed to be] innocent UNTIL PROVEN GUILTY. So don't point your finger until you know the truth.
It makes you a hypocrite.
What if it wasn't that man's fault? What if a buddy happened to browse around on his computer and download a bit of that garbage without his knowledge?
THAT would be where the right to a FAIR TRIAL would come in. Now wouldn't it?
So leave it to THEM to figure his guilt.
[ link to this | view in chronology ]
Re:
I, like most of the commentators here, have not read the original article or any of the information about the trial/hearing and so on. It IS possible though, that the defendant was informed at the time he dropped his tower off that files from his computer may be used for test purposes to make sure his new DVD-ROM player and its accompanying software (which in all honesty probably does play files from the hard drive in multiple formats) were working appropriately.
It seems unlikely to me, but its possible. Given the probably ignorance of the judges when it comes to the tech field the guy probably is right to keep appealing.
Tottaly deserves to be punished for being a freaking pedo' but as the big C says, everyone has rights in this country.
[ link to this | view in chronology ]
Re: Re:
[Citation Needed]
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
I just thought of an even worse scenario...
[ link to this | view in chronology ]
How about this scenario?
[ link to this | view in chronology ]
Re: How about this scenario?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: lisa
The question is not only if the tech did something illegal or not, but also that they broke client confidentiality and their company will suffer for it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Read that crap before you sign it if you're thinking about complaining after.
[ link to this | view in chronology ]
Re:
http://leeannejaud.pictiger.com/albums/42405/16939866/
[ link to this | view in chronology ]
I remember...
[ link to this | view in chronology ]
Not defending the perv, but ...
[ link to this | view in chronology ]
But as a tech it's your job to click "back" and ignore and just copy the files over (unless they're illegal, at which point need to be reported); and not deliberately search out stuff (ala Best Buy).
[ link to this | view in chronology ]
Child pornography is a disgusting practice, by the way. Sick.
[ link to this | view in chronology ]
Cyryl
[ link to this | view in chronology ]
help me with the difference..
[ link to this | view in chronology ]
To make a long story short
The customer was in the wrong. What he did was illegal and he should be prosecuted.
The evidence is admissable. Had the customer taken the PC to a police/government owned service center it would have constituted an illegal search of his hard disk. But this case involved an unethical search of his hard disk that resulted in him being reported to the police. The police then had either a) probable cause or b) justification for a search warrant and could obtain the evidence legally. No way the evidence will be thrown out.
Of course, the customer could probably make a case that the unethical/unprofessional actions of the service center and technician have caused him harm and could sue them for something. He probably wouldn't win have a strong case unless he were acquitted of the child porn charges.
[ link to this | view in chronology ]
Well, that was stupid
[ link to this | view in chronology ]
User/ Client files.
As for the story itself, yes you're signing away your system in those retail stores, but for a dvd drive test, there's no reason to hunt for a video on the system. Borrow a dvd and play it in the drive.
[ link to this | view in chronology ]
Re: I just thought of an even worse scenario.
This (use of malware to install child porn on unsuspecting users' systems is worse. But that's not the scary part -- this is:
It's already happened.
One of the tactics used by spammers to avoid having their web sites shut down is to distribute them across many zombie'd Windows systems and then use various DNS techniques (such as fast flux) to direct traffic to them. This approach is favored when the content in question has dubious legal status in the jurisdiction(s) involved, e.g., child porn, drugs, gambling, etc.
It's unlikely that the former owners of the systems being used for this purpose have any idea what's going on -- but were they so unfortunate as to have their systems serviced by a similarly unethical tech (who, BTW, should be fired on the spot) then they might well find themselves in the same situation.
The problem is that many so-called "forensics experts" have yet to figure out (or admit) that this problem exists on a massive scale -- despite object lessons like the Julie Amero case, that have served to highlight what some of us have said for years.
[ link to this | view in chronology ]
Not too much to object to
I do agree with Rich though, there is deifnately some potnential for infected PCs to end up having some bad stuff stored on them. However, that's really a point for defense to bring up at trial I would think.
[ link to this | view in chronology ]
Porn
[ link to this | view in chronology ]
Prosecute Pervert, but fire the tech?
To quote Planes, Trains, & Automobiles:
"If your kid spills the milk, what do you do, beat him?"
Unless you specifically trained the tech and told him NOT to EVER look through the users files for testing something, then you have zero basis to fire the guy. He was just doing his job. If you have no policies against it that you notified him of, then the best you could do is make a policy about it and just have a chat with him.
But hey, if you want the bad PR of jumping straight to firing the tech for following the law and reporting it, you go ahead. The only way you will stave that off is if you have policies in place, and the tech knew damn well about it.
When I was working as computer repair a couple years back, we were told that we do not specifically go searching for files. BUT, if you happen to stumble across something like this in the due course of work, it gets reported. Did not search any persons computer for anything though unless they requested it backed up and didnt know where it was.
Best phone issue I ever helped solve: RJ-45 mystically shoved into an RJ-11 port. How that lady did that is still beyond me.
[ link to this | view in chronology ]
Re: Prosecute Pervert, but fire the tech?
It's nice everyone wants to say this guy is sick and perverted and should burn. Can't say I don't agree, but that's a moral dilemma, it should not make it a legal dilemma.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If someone who is 19, and his gf is 17.
Parents call cops. Statutory Rape, then the offenders list.
Now this poor bastard is hosed for the rest of his life.
This is the problem of knee-jerk laws and lists.
What happens if, like a case recently, when your name is mistakenly confused with someone else's details.
Some guy was convicted of killing someone under the assumption that this guy was 'really' bad.According to the list.
Unsure if it was murder, or attempted.
[ link to this | view in chronology ]
It was a dvd BURNER, and he was looking for a video file to BURN to the dvd, to test it out.
duh.
[ link to this | view in chronology ]
We don't know he was snooping
It's just as likely that the customer had the porn stored in the 'My Videos' folder. The tech went to the first logical place to find a test file and played the first file he clicked on.
I know to some of you that's not the point, but my point is, anyone who is stupid enough to leave illegal porn in a standard video folder on a PC, deserves to get arrested.
[ link to this | view in chronology ]
Did anyone read the original article?
First, what happened:
It seems that the software in question performed the search for video files. Now, think about Nero 7 and/or Roxio 8 or 9(the previous versions). All 3 have organizing and media library functions. And in all likelihood, all three would prompt you to search the computer (at least the user's home folder) for media files-pictures, music, video-if not during setup then when accessing the library function.
According to the cour docs, when the list of files came up, the FILENAME of the file announced not only that the file was porn but listed a male name an indicated an age of 13 or 14. How that's possible I don't know, but the police would easily have been able to verify it. In this case, it doesn't seem like the tech went out of his way to find porn. Doesn't seem like he was snooping. If you read the court's decision, it seems very balanced.
Now let's think about another situation. A client asks you to back up their files. Their My Documents folder is 6 GB, and they don't have a dual-layer burner. As a tech, you HAVE to open their folder to see what's taking up the space. Windows Explorer tells you that there's only 240MB of files in the root of My Documents. So you have to go through each folder and see how big it is. The quickest way to do this is not to go to properties but to open the folder and glance at the status bar. The first one you go for is My Pictures because you've done this 1,292,689 times before, and you know that's where most of it is. That only yields about 1GB. Then you hit music. 20MB. This is starting to get strange. You hit videos. Bam. Thumbnail mode. Nasty stuff smacks you in the face.
Now what do you do? If you're a person who watches porn, you might be inclined to peruse the files, and the filenames and/or thumbnails may reveal child porn. If you're like me, you quickly switch to icon, list, or details mode. Then you look at the size of the folder. It's 5GB. Even that won't fit on one DVD. Now you have to look at the files' sizes and filenames.
Here's another one. You install a DVD player. You install whatever bloatware burning program came with it, and it changes associations of file formats. You still want to make sure that DiVX or other codecs still work with the new player, but before you do that, you want to see if this guy's doing anything with video. If he's not, there's no need to worry. So you do a quick search for video to see if there's any H264, Xvid, Divx, or whatever.
One more for good measure: suppose you get a computer that has spyware on it. After cleaning it, I usually take a look at the browsing history to see if it's obvious where they picked it up. Often it is, and I can tell my customer to stop playing texas hold 'em at that particular website, or whatever.
In any of those situations, you might run across porn (I know I have a number of times). And you might see a filename, thumbnail, page title, or email fragment that suggests something illegal. What do you do if you find it? Do you open it? Certainly not if the customer is nearby. But what if they're gone? Most probably would.
If you're wrong, and it's "regular" porn, then you can just go about your business. If it's something freaky, but not illegal, congratulations, you just gave yourself nightmares for a week. If it's child porn or something else that's illegal, then you call the cops.
But if you DON'T open it, do you call the cops just on suspicion from a filename? This guy could have a sick sense of humor, or just be testing you to see if you snoop through his stuff. Could be episodes of Booh-Bah renamed to make you feel like an idiot.
Could you live with yourself if you let some child predator go when you could've called it in?
I've personally had a couple clients whose computers were so full of sick (but not illegal) porn that they insisted I back up, and wanted to foist on me ("Make a copy for yourself if you want"), and I WISH I could've called the FBI.
[ link to this | view in chronology ]
Bad cases make bad case law...
The guy should be prosecuted, but a computer tech should be F.I.R.E.D. for going through a customer's files, regardless of intent.
[ link to this | view in chronology ]
Lack of forensic savvy
Suppose we put aside for a moment the question of whether the tech should or should not have accessed the files in question. And let's suppose that the tech found files that meet the legal definition of child porn in the appropriate jurisdiction. Now what?
The first thing that comes to mind is "how can it be proved that the tech didn't plant them?". The answer to that is "it can't". There's only the tech's word. Given that tech had unfettered access to the system's software and hardware, there's no way to prove that he did or didn't.
The second thing that comes to mind is "how can it be proved that the putative owner of the computer is the person who put those files there?" The answer to that is also "it can't". Given that estimates of the hijacked system population worldwide range from 80M to 250M, odds are already good and getting better than any Windows system chosen at random has been hijacked. And of course once that's happened, all bets are off: log files can be faked, timestamps modified, etc.
The issue I'm getting at is that unless someone's got a videotape of the putative owner sitting in front of the system and actively taking the steps required to put that material there, then there is no evidence that they did so. Yes, I'm aware that this is not how it tends to play out in the court system, but that's exactly the problem I'm trying to highlight: dissection of Windows systems has no evidentiary value, because the evidence is subject to arbitrary manipulation by third parties.
The court system needs to catch up to technical reality -- and stop relying on "evidence" that's so flimsy. And yes, this probably means that some number of prosecutions will fail, but a prosecution based on non-evidence should fail.
[ link to this | view in chronology ]
Re: Lack of forensic savvy
[ link to this | view in chronology ]
Re: Lack of forensic savvy
That's why the crime isn't "reproduction of child pornography" or "copying of child pornography onto your hard drive." It's called "possession of child pornography," and much like "possession of illegal/controlled substances" if something that you own has the contraband inside it, then it's assumed that you are the possessor. Obviously the courts will make certain exceptions, like if your stolen car is recovered with a kilo of cocaine in it, but those are exceptions and not the rule.
[ link to this | view in chronology ]
Fact or Fiction
[ link to this | view in chronology ]
I guess I have to assume everyone here hasn't broken any kind of law relating to PC's in the least. Pirated Windows, torrented movies, shared mp3's...
It's kinda ironic when you think about it. If I found something like this on a machine while working on it the scumbag would be reported to the police ASAP.
If you're bringing your PC to a shop to be worked on, take that crap off there. If you didn't have the chance, why risk it?
[ link to this | view in chronology ]
Assumptions
The question of this case will be whether there is an assumed right to privacy not whether constitutional rights had been broken, at least not yet. A court will need to decide if there is a reasonable right to privacy based on the situation. It could be argued that by providing the computer to the company, it was an invite to view otherwise private files since it can be assumed they have that capability, similiarly to inviting someone in your house and having a bong on the kitchen table.
It definately is a slipperly slope that could go either way, but I feel that by providing the data to a facility that is known to have access to it, there is no invasion of privacy since no attempt was made to protect the data and it could have been discovered accidently. I'd also like that to coincide with a ruling that encryption does not constitute an assumptioon of guilt for the very same reason as discussed in a recent story here. It's just taking reasonable steps to safeguard your property and information.
[ link to this | view in chronology ]
Re: Lack of forensic savvy
That's why the crime isn't "reproduction of child pornography" or "copying of child pornography onto your hard drive." It's called "possession of child pornography [...]
Agreed. But the problem we're faced with is that there is nothing stopping the new owners of all those compromised systems out there from uploading a child porn video onto every single one of them and instantly creating tens of millions of "criminals". One anonymous phone call later...someone gets a knock on their door, is served with a search warrant, and their life is destroyed. (Or one anonymous phone call later, someone is informed that unless they pay up, the next call will trigger the process.)
I keep coming back to the Julie Amero case. She was publicly crucified, her career ruined, her life torn apart -- because she had the bad luck to be the one closest to one of those kazillion compromised Windows systems when it happened to do something noticeable in the presence of witnesses. Imagine what would have happened to her if what showed up on the screen hadn't been just porn -- but child porn. Do you think she'd ever teach again?
Unfortunately, her case is unlikely to be the last -- I think it's just a harbinger of far worse to come. We need to collectively realize that the abysmally poor state of computer security worldwide is such that "evidence" is almost always no such thing. And yes, this doesn't bode well for successful prosecution of the real child porn people and other similar types.
[ link to this | view in chronology ]
#67 & the article itself...
Is that any different from planting coke in another's car/house?
The onus then falls to the victim to demonstrate they had no knowledge of it's existence. Very hard to do but it happens.
As for the article - the guy should be charge and the court will decide if it's reasonable to believe that a) the tech put it there b) the system was hacked c) the content was NOT porn (kids in the tub?) or d) the guy is a pig.
As for the tech; if there was a disclaimer to the customer and no policy on this he's pretty much off the hook. If there was no disclaimer/is a policy that this violates then appropriate action should be taken - it's up to the business owner/manager to determine what that action is.
[ link to this | view in chronology ]
...
...aside of course from the obvious fact that coke is harder to come by then a copy of an image you already have...
I was thinking more in terms of a one-off victim then a mass-victimation (is that a word?).
[ link to this | view in chronology ]
Re: #67 & the article itself...
The onus then falls to the victim to demonstrate they had no knowledge of it's existence. Very hard to do but it happens.
That's the problem. If we lived in a world where it was reasonable to presume that computer systems are secure, and therefore that anything on them was put there by a deliberate act of their owners, then, sure, it would also be reasonable to expect that those owners show non-involvement.
We don't live in that world. We live in a world where enormous numbers of systems are already compromised and a similarly large number are vulnerable. Given that, the presumption should be the opposite -- and prosecutors should have to prove that anything found on a computer was deliberately put there by its putative owner.
BTW: I try to say "putative owner" when I mean "the person whose desk the computer is on". They're not the real owner. The real owner is whoever now has effective control of it. I adhere to the maxim "If someone else can run arbitrary code on your computer...it's not YOUR computer any more".
[ link to this | view in chronology ]
Re #69 & Rich Kulaweic
I agree with Rich on the argument he presented.
Has has some good points.
All it would take is for one of those bot herders in country X to decide they want a good laugh. Then they would direct all infected PCs to download some child porn.
Instant victims of millions of people.
Might make the law makers think twice when half of their home PCs all of a sudden have child porn on it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
hmmm
Can't argue that point. People should be presumed innocent - especially non-techies with techie crime charges.
Unfortunately I don't think the legal system works that way. From what I've seen (generally speaking) it it's on your comp then it's your behind.
Not to say that should be the case...
And yes, KT - I was hoping for an answer. Spell check didn't think it was a word (and I didn't realize the misspelling until after I submitted anyway) so I wasn't certain.
Thanks.
[ link to this | view in chronology ]
COMMON SENSE
[ link to this | view in chronology ]
Re: No Such Thing as Privacy
Amen to that.
Now if you'd be so kind as to invite a couple FBI people over to your house, let them make sure your computer is clean, then let the IRS go through your personal (whoops, I mean public now) financial records with a fine tooth comb - don't worry, you've got nothing to hide - now, we'd better get some RIAA lawyers in there to make sure you don't have any illicit music on there. Nothing to hide, right?
But what about those bad ol' neighbors. Sure the guy next door is good to have a beer with, but he might be abusing his kids, and dammit, while you're at it, you really wanna see if he's got pictures of his hot wife. Surely that's your business right? How about the guy across the street? Maybe he's got terrorist bomb making chemicals paid for on his visa bill. Better look at it to make sure, right?
"Those who sacrifice liberty for security lose both and deserve neither" - Ben Franklin
You, sir, deserve your petty life of fear.
[ link to this | view in chronology ]
The actual quote is "There is not such thing as privacy, get over it." A direct quote from Larry Ellison, CEO of Sun.
And as far as "Save the Children !" goes, it seems to be the rallying cry for every bit of invasive legislation in the country designed to strip us of our basic civil liberties.
Puts his head in his hands as he explains Irony.
[ link to this | view in chronology ]
Re:
The actual quote is "There is not such thing as privacy, get over it." A direct quote from Larry Ellison, CEO of Sun
Er. Larry Ellison is CEO of Oracle, not Sun, and did not say that quote. Scott McNealy said it, and it was when he was CEO of SUN, which he no longer is (though, he remains chairman of the board).
[ link to this | view in chronology ]
The constitution
I was always under the assumption that the constitution was written to protect U.S. citizens from government agencies (federal, state, and local). Where does it say that corporations have to follow the Bill of Rights?
There is no "right against illegal search and seizure" as it applies to corporations. If they can convince a judge to do whatever, then they will.
At the same time, there is no "right to free speech" on any website. Yes, ANY WEBSITE. All websites are privately owned and they all have their own rules on what people can and can not say.
I can't tell you how many times I've seen people say "that site is censoring me! I have a right to free speech." Um, no, you have the right to free speech if you stand in a public place and speak your mind about the government. You can't bash a website (or other users) on a website and not expect the site admins to do something.
And what if the site is hosted in Europe? Sure, they have *similar* laws protecting free speech, but they certainly don't have "constitutional rights" as defined by the U.S. constitution.
Sorry for getting off-topic, but I'm so sick of people claiming "constitutional rights" when there are none.
Anyway, back onto the topic:
An earlier poster mentioned the comparison of a mechanic finding a gun in your glove compartment. While the discovery of something illegal may be similar, the situations are not: if you're accused of having an illegal handgun, you'll go to court, maybe go to jail, and that's probably it.
If you're accused of having child porn, you're basically "guilty until proven innocent". And if you're convicted, you'll have to register as a sex offender *forever*.
While this is good for offenders that are found guilty, what happens to the people who are wrongly accused?
[ link to this | view in chronology ]
Don't let the facts and reality get in the way.
It's one of those facts that are ignored in the effort, or lack there, of justifying the means.
[ link to this | view in chronology ]
Re #78 Carter
I very much so agree.
Don't really know what else to say.
Just felt you needed to be thanked and told you aren't the only one.
[ link to this | view in chronology ]
Comment
[ link to this | view in chronology ]
That's why this needs to be stopped. It's too easy for this type of thing to happen. I'd be more worried that our government or law enforcement would be planting stuff.
Allowing this to happen opens the door to all sorts of nasty things. Suppose the government decides one day that the techs have to search the computer drives. This could happen - think of The Patriot Act and how that has impacted librarians throughout the country.
[ link to this | view in chronology ]
RE: Let's Be Careful
Secondly, my feeling is if you send your computer to a tech company or a friend to get fixed, just assume that they are going to look through your files...I ALWAYS do. So, if there is something there you do not want people to see...save it to a flash drive.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]