FBI informant at Best Buy’s Geek Squad conducted warrantless searches of customers’ devices
14 January 2017
Geek Squad computer technicians working at electronics retailer Best Buy have conducted warrantless searches of customers’ devices as FBI informants, and were rewarded bounties shortly before turning in a device that contained child pornography, FBI records obtained in an on-going court case reveal.
Testimony in the case United States v. Mark A. Retenmaier revealed that since at least 2008, Best Buy’s Geek Squad computer technician teams have had at least one supervisor at its central repair facility in Kentucky that was an active FBI informant.
The case involves material which the FBI knew did not meet the legal definition of pornography, found under circumstances that render it impossible to ascertain who, when, and where the material was acquired, let alone whether or not the device’s owner was even aware of its existence.
United States prosecutors in the case argue that customers who agree to Geek Squad’s data recovery service agreement, which stipulates that devices containing illicit material be turned over to law enforcement, are waiving their Fourth Amendment rights and thus may be subjected to baseless, warrantless searches and seizures by the government.
The FBI paid one such Geek Squad supervisor, Justin Meade, $500 in October 2011, two months before his subordinate, John Westphal, discovered allegedly “inappropriate material” that led to the investigation that is the subject of US v. Rettenmaier .
The FBI did not explain why they paid Meade, who denies any recollection of ever being paid by the FBI. Meade had been collaborating with the FBI since at least October 2008, and had been in regular contact with multiple FBI handlers.
One email sent by FBI Agent Jennifer Cardwell to Meade in October 2009 expressed interest in meeting “to discuss some other ideas for collaboration.” Other emails show Meade referring possible leads to FBI agents from devices sent to Best Buy’s main repair facility in Brooks, Kentucky from all across the country.
“The FBI appears to be able to access data at [Best Buy’s Kentucky facility] whenever they want,” said James Riddet, Rettenmaier’s defense attorney, “and apparently neither Best Buy nor the FBI bothers make a record of the access when it occurs.”
The communications “suggest that the FBI considers [Meade] … to be a partner in the ongoing effort of law enforcement to detect and prosecute child pornography violators,” argues Riddet. “Here it is very clear that Best Buy, and specifically the supervisor who reports its technician’s discovery of ‘inappropriate’ content on customers’ computers, are not only working together, but actually planning to conduct more such searches in the future.”
The FBI’s case against Rettenmaier, a California surgeon, began after Rettenmaier brought his desktop computer to Best Buy in November 2011 because it would not boot. Geek Squad informed him that he had a faulty hard drive, and that if he wanted to retain his files, his hard drive would need to be sent to Geek Squad’s data recovery center in Kentucky, which Rettenmaier agreed to.
John Westphal, a Geek Squad employee and FBI informant, then discovered allegedly “inappropriate content” on Rettenmaier’s hard drive, which he reported to Meade. Meade then emailed a report to FBI Agent Tracey Riley, stating that “We have another one out of California we want you to look at, when can you swing by?” His supervisor at Best Buy, Randall Ratliff, was cc’d on the email.
After Geek Squad repaired Rettenmaier’s hard drive, the FBI seized it and conducted—without a warrant—two deeper scans into the “unallocated space” of the hard drive, which is disk space that is designated as available to store new information. Any data in unallocated space cannot be accessed without use of forensic software.
Intact data can be retrieved or “carved out”, but it is impossible to ascertain solely from the carved data who, when, where, and how the data was acquired in the first place, leaving open the possibility that the data was planted by malware without the user’s knowledge. A federal appellate court ruled unequivocally in February 2011 that data found on unallocated space cannot constitute knowing possession.
The first of the two intensive searcher was done by former FBI agent Adam Keown using osTriage, forensic software which is incapable of carving images. The prosecutors representing the United States claim that Keown’s search was unsuccessful, and therefore no search records exist to produce to the court.
The second search, using more sophisticated software, carved an image of a nude girl kneeling on a bed. FBI Agent Cynthia Kayle admitted worryingly in an email to fellow FBI Agent Michael Osborn that “our [United States Attorney] won’t charge on carved images”, and discussed how to present the findings to federal magistrate judge Anne Gannon.
FBI Agent Riley, aware that the image did not meet the legal requirements for pornography, proceeded to request a search warrant from Gannon, while neglecting to mention the image was retrieved from unallocated space. Gannon agreed to authorize a federal search warrant of Rettenmaier’s home and hard drive in February 2012, based on Riley’s description of the image. The FBI raided Rettenmaier’s home later that month.
“When you boil it all down and you put all the facts together, there is no probable cause,” said Riddet.
The prosecution argues that the email exchange between Agent Kayle and Agent Osborn is “irrelevant”, that any testimony from Gannon on what Agent Riley reported to her would be “cumulative” and so not reveal anything new, and that any communication between Meade and any FBI agents not working on the investigation against Rettenmaier is “irrelevant”.
The FBI agents have claimed to be unable to recall specific details on communications with Geek Squad informers.
District Court Judge Cormac J. Carney, unimpressed by the memory loss suffered by the prosecution, has ordered a new “diligent” search for evidence and compelled Gannon’s future testimony on whether she saw the image before approving the search warrant.
The case has now stretched over twenty-six months and the FBI has, so far, been unable to prove that Rettenmaier knowingly possessed child pornography—or even knowingly possessed that single carved image which does not meet the legal definition of child pornography.
On the other hand, the FBI has deliberately seized and operated at least two dozen child pornography sites in the past two years in order to deploy malware to infect and track at least 8,000 computers in 120 countries.