Best Buy’s Role in a Kiddie Porn Bust Raises Privacy Questions

January 5, 2017, 5:16 PM UTC
Big Box Retailer Best Buy Post Better Than Expected Earnings
SAN BRUNO, CA - NOVEMBER 19: A sign is posted on the exterior of a Best Buy store on November 19, 2015 in San Bruno, California. Best Buy reported better-than-expected third-quarter earnings with net income of $125 million, or 36 cents per share, compared to $107 million, or 30 cents per share, one year ago. (Photo by Justin Sullivan/Getty Images)
Photo by Justin Sullivan—Getty Images

When Dr. Mark Rettenmaier, a California gynecologist, brought his faulty computer to Best Buy’s “Geek Squad,” the company sent it to a repair facility in Kentucky. In the course of fixing it, a technician made an unpleasant discovery: the hard drive contained evidence of child pornography.

The Best Buy worker turned it over to an FBI agent, who concluded the computer had once stored images known as the “Jenny” shots, a series of photographs showing a naked little girl wearing a collar. The agent used this information to obtain a search warrant for the doctor’s house where the FBI say they found child pornography on other devices, including his iPhone.

Rettenmaier is now fighting charges of child porn possession, claiming the FBI conducted an illegal search and that Best Buy (BBY) workers acted as federal agents. In late December, a federal judge sided with the doctor in a procedural ruling, and ordered the FBI to supply more evidence so he could make his case.

While Rettenmaier is unlikely to receive much sympathy, the case does raise important questions about how the FBI works with companies like Best Buy to conduct investigations. In particular, it’s worth noting the agency has acknowledged paying Best Buy employees $500 for tipping them off about child pornography.

Get Data Sheet, Fortune‘s technology newsletter.

The problem, from a privacy perspective, is that such rewards create incentives for technicians to start searching people’s perspective rather than just fix them. And from a legal perspective, the problem is that such searches—and the evidence they might turn up—are unconstitutional if courts conclude people like the Best Buy technicians are indeed government agents.

Also troubling is that any arrangement between the FBI computer repair services like Best Buy could expand and that, in the future, employees could begin tipping of the agency about other things they find on people’s devices.

In court filings in the Rettenmaier case, the U.S. government has rejected the argument that Best Buy workers are federal agents, and claimed they don’t act at the behest of the FBI. The doctor’s lawyer, James Riddet, disagrees.

“FBI and Best Buy made sure that during the period from 2007 to the present, there was always at least one supervisor who was an active informant. The FBI appears to be able to access data at [Best Buy’s main repair facility] whenever they want,” Riddet told the OC Weekly.

The case is still ongoing, and Rettenmaier is currently out on bail. A spokesperson from Best Buy offered the following comment:

“Best Buy is required by law to report the discovery of certain illegal material to law enforcement, but being paid by authorities to do so would violate company policy. If these reports are true, it is purely poor individual judgment. If we discover child pornography in the normal course of servicing a computer, phone or tablet, we have an obligation to contact law enforcement. We believe this is the right thing to do, and we inform our customers before beginning any work that this is our policy.”

This story was updated at 3:25pm ET with Best Buy’s comment.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward