Apple, China and iCloud Data Safety?

Primer: Pegatron, the factory at the corner of Xiu Yan and Shen Jiang roads is one of the most secretive facilities at the heart of iPhone production and covers an area equal to almost 90 football fields. In the center is a plaza with a firehouse, police station and post office. There are shuttle buses, mega-cafeterias, landscaped lawns and koi ponds. The grey and brown-hued concrete buildings are meant to evoke traditional Chinese architecture. The brand-new Shanghai Disneyland, which opens its doors in June, is a 20-minute drive away.

Inside, the factory still hides a secret, according to China Labor Watch. Base pay remains so low that workers need overtime simply to make ends meet, the advocacy group said. It said 1,261 pay stubs from Pegatron’s Shanghai facility from September and October 2015 show evidence of excessive overtime. Pegatron, an Asustek spinoff, is the world’s biggest contract electronics manufacturer after Foxconn, according to Bloomberg Intelligence. More here.

Image result for pegatron china apple photo

Image result for icloud china apple photo

This Wednesday, Apple will be making some significant changes to how data is stored for users of its iCloud service in China – raising major concerns that the Chinese authorities will now be able to freely monitor Apple’s users in China. This may be quite worrying for he population and may remind you of the iCloud breach on 31 August 2014. Ever since then, people have been very sceptical of storing precious information online and have been purchasing services from businesses like http://www.thefinalstep.co.uk/ to protect their data from any hackers.

Apple has a reputation for being a powerful advocate for privacy and security. The company uses strong encryption by default in its services and grabbed headlines when it appealed a US court order that would allow the FBI to get around the phone’s security. Apple CEO Tim Cook even sent all Apple consumers a personal letter explaining the importance of privacy.

With China, however, a different story has emerged. Apple has been criticised for blocking Chinese users’ access to the Apple News app and for removing VPN apps from the App Store in China. The changes being made to iCloud are the latest indication that China’s repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security. What do these changes mean and what options do Apple’s customers have to protect themselves?

  1. What is happening to Apple’s iCloud service in China?

On 28 February, Apple will transfer operation of its iCloud service for Chinese users to a Chinese company, Guizhou-Cloud Big Data Industry Development Co., Ltd (“GCBD”). The concept of iCloud and other Cloud computing services can be quite confusing to some, especially if it is something completely new to you. It is very interesting to look into. As many of us use services like this to store our files and photos, it makes sense to know what this is all about. Why not look into a site like https://www.salesforce.com/what-is-cloud-computing/ to stay informed.

The move will affect any photos, documents, contacts, messages and other user data and content that Chinese users store on Apple’s cloud-based servers. New Chinese legislation enacted in 2017 requires cloud services to be operated by Chinese companies, meaning companies like Apple must either lease server space inside China or establish joint ventures with Chinese partners.

  1. How does storing user data in China put individuals at risk?

Domestic law gives the Chinese government virtually unfettered access to user data stored inside China without adequate protection for users’ rights to privacy, freedom of expression or other basic human rights. Chinese police enjoy sweeping discretion and use broad and ambiguously constructed laws and regulations to silence dissent, restrict or censor information and harass and prosecute human rights defenders and others in the name of “national security” and other purported criminal offences. As a result, Chinese Internet users can face arrest and imprisonment for merely expressing, communicating or accessing information and ideas that the authorities don’t like.

Furthermore, China’s Cyber Security Law requires network operators to provide “technical support and assistance” to law enforcement and state security agents. That means that when the authorities come to GCBD requesting information about an iCloud user for the purposes of a criminal investigation, the company has a legal obligation to provide it and few, if any, viable legal avenues to challenge or refuse the request.

  1. Apple says it has control over encryption keys and that it won’t allow backdoors. Won’t that protect users in China?

It all depends on the circumstances under which the company will allow GCBD – and the Chinese authorities – access to intelligible decrypted data on iCloud users. When users accept the terms of service for iCloud in China, they agree to allow their information and content to be turned over to law enforcement “if legally required to do so”. Significantly, from now on Apple will store the encryption keys for Chinese users in China, not in the US – making it all but inevitable that the company will be forced to hand over decrypted data so long as the request complies with Chinese law.

Given that many provisions of Chinese law offer inadequate protection to privacy, freedom of expression and other rights, simply checking whether government information requests comply with Chinese law doesn’t address whether complying with the request might contribute to human rights violations. Apple hasn’t confirmed whether or how it will assess whether government information requests might violate users’ human rights. We won’t really know how Apple will respond until it’s put to the test, and unfortunately that’s probably just a matter of time.

As for “backdoors”, or technical measures that would allow law enforcement or other government agencies to access unencrypted user data without having to ask for it, Apple’s commitment to prevent their use is admirable. But the commitment is meaningless if law enforcement can get the companies to decrypt user information simply by saying that it is for a criminal investigation.

  1. What should iCloud users inside China do to protect themselves?

The best way to protect your personal information from being accessed by the Chinese government is to avoid storing it on servers inside China. Users with a credit card and billing address outside China can use those to register their accounts and keep storing their iCloud data outside China. Otherwise, the only option available to Chinese users is to delete their iCloud accounts and permanently opt out of the service. (Apple has provided instructions for how to do so here.) Individual users should seriously consider the risks involved and come to their own decision, but Apple should protect Chinese users by switching iCloud off by default and giving users very clear warnings about the risks they may face by opting in to the service.

  1. How can ICT companies act responsibly when operating in China?

Companies have a responsibility to respect all human rights wherever they operate in the world. Users of their products and services need to be given clear and specific information about risks they might face to their privacy and freedom of expression in China, and what action the company is taking in response. Companies should carry out regular and verifiable human rights impact assessments and demonstrate publicly that they have oversight, due diligence and accountability measures in place to ensure respect for human rights. Finally, companies should do everything they can to influence the Chinese government to protect and respect human rights and speak up and challenge government actions when they threaten human rights. If a company finds that it is unable to mitigate the high risk of human rights violations, it may be forced to decide not to operate in China.

Apple’s official website declares: “At Apple, we believe privacy is a fundamental human right.” It remains to be seen whether Apple can put its words into action.

Space Warfare, the New Battlefield

Image result for military space warfare photo

Primer: The Pentagon is considering creating a combatant command for space warfare, the latest step by the Defense Department to respond to Chinese and Russian militarization high above Earth.

The move — one of several under consideration — is mentioned in a new Pentagon report sent to Congress last week. Right now, space forces are dispersed throughout the military and intelligence community.

There are two kinds of combatant commands. Geographic cocoms oversee military operations in six regions of the world. Functional ones — like U.S. Strategic Command and U.S.Transportation Command — oversee operations that span multiple geographical commands. U.S. Cyber Command is considered a subunified command under STRATCOM, but is being elevated to a functional command.

The Pentagon is looking into whether space should have its own combatant command or subunified command (like Cyber Command), the report says. Space forces were grouped under U.S. Space Command, a unified combatant command, until 2002.

Image result for u.s. space command

***

The Pentagon is preparing for war should China, Russia, or other adversaries attack vital American satellites and other space systems, a senior Pentagon official told Congress on Wednesday.

The Pentagon has requested $12.5 billion in funding for the fiscal year 2019 that begins Oct. 1 for building up what he termed a “more resilient defendable space architecture.”

The request is $1.1 billion more than funding for last year on military space.

Rood, and Air Force Gen. John Hyten, commander of the Omaha-based Strategic Command, testified on the command’s budget request of $24 billion.

Neither elaborated on what space warfare capabilities are being developed. The Pentagon also has not said how it would deter and defend satellites from attack.

Space defense so far has involved development of intelligence capabilities to identify and assess if an incident in space is an attack, or the result of a malfunction or disruption due to collision with space debris.

Military space “resilience” also calls for the Pentagon to rapidly replace or restore satellites after attacks or other disruptions.

The Pentagon’s Defense Science Board, in a report last year, warned that the vulnerability of U.S. satellites to electronic attack was “a crisis to be dealt with immediately.”

The Joint Staff intelligence directorate warned earlier this year that China and Russia will have fully developed space attack weapons in place by 2020 that will threaten all U.S. satellites in low earth orbit—100 miles to 1,200 miles in space.

“Space is a warfighting domain just like the air, ground, maritime, and cyberspace domains,” Hyten said.

Currently, a defense and intelligence center called the National Space Defense Center, located at Schriever Air Force Base, Colorado, runs 24-hour operations for rapid detection, warning, and defense from space attacks.

War games involving space war also are held regularly with U.S. military forces and allies, including Asian and European allies.

China has conducted at least seven tests of hypersonic vehicles and Russia as well has conducted several hypersonic missile tests.

The hypersonic vehicles are designed to defeat missile defenses. More here.

***

February 2018: The Pentagon put Advanced Extremely High Frequency satellites in orbit to ensure communication in the event of a nuclear attack. But those spacecraft could also play a role in the rapid militarization of space.

  • Advanced Extremely High Frequency (AEHF) satellites will be able to keep the U.S. military in communication even after a nuclear attack.
  • They’re also more resistant to electronic jamming, which is a growing concern as tensions with China and Russia heat up.
  • In the war of the future, nations may try to physically destroy other nations’ satellites to disrupt communications and navigation.

Your phone is not going to work on the day nuclear war starts. But the U.S. President, National Security Council, and combat commanders count on being able to communicate. This doomsday connection relies on what we call Advanced Extremely High Frequency (AEHF) satellites that sit in geostationary orbit.

“We need systems that work on the worst day in the history of the world,” says Todd Harrison, director of the Aerospace Security Project at the Center for Strategic and International Studies.

There are four AEHF sats in orbit today. The proposed 2019 U.S. Air Force budget shows about $29.8 million in funding to complete two more, which would launch in 2019 and 2020. Air Force staffers say more money has been set aside in 2019 to ready the software and databases for the pair of new sats.

The Air Force talks about the AEHF satellites as part of its new focus on modernizing America’s nuclear abilities. “We must concurrently modernize the entire nuclear triad and the command and control systems that enable its effectiveness,” says Air Force Secretary Heather Wilson. The Trump administration has its eye on nuclear weapons, but these satellites also sit at the nexus of another big defense trend: Space warfare.

The Department of Defense is also investing in new jam-resistant GPS satellites. It is pouring money into future satellite programs, including AEHF, to the tune of $677 million for research and development in 2019. As orbital threats grow, new potential users—especially the U.S. Army—are taking interest in what the doomsday spacecraft can do. Preparing for post-apocalyptic communication may be just the beginning. More here.

Do the Russians have the Voting Machines Source Codes?

On February 28th, the Senate asks what NSA and Cyber Command are doing about Russian election interference. Admiral Rogers’s answer, in brief, is that his organizations lack the authorities to do much (that he can openly discuss, that is).

US senator grills CEO over the myth of the hacker-proof voting machine
Nation’s biggest voting machine maker reportedly relies on remote-access software.

WASHINGTON (Reuters) – Two Democratic senators on Wednesday asked major vendors of U.S. voting equipment whether they have allowed Russian entities to scrutinize their software, saying the practice could allow Moscow to hack into American elections infrastructure.

The letter from Senators Amy Klobuchar and Jeanne Shaheen followed a series of Reuters reports saying that several major global technology providers have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government.

The senators requested that the three largest election equipment vendors – Election Systems & Software, Dominion Voting Systems and Hart Intercivic – answer whether they have shared source code, or inner workings, or other sensitive data about their technology with any Russian entity.

They also asked whether any software on those companies’ products had been shared with Russia and for the vendors to explain what steps they have taken to improve the security of those products against cyber threats to the election.

The vendors could not immediately be reached for comment. It was not immediately clear whether any of the vendors had made sales in Russia, where votes are submitted via written ballots and usually counted by hand.

“According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities,” the senators wrote. “We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.”

U.S. voters in November will go to the polls in midterm elections, which American intelligence officials have warned could be targeted by Russia or others seeking to disrupt the process.

There is intense scrutiny of the security of U.S. election systems after a 2016 presidential race in which Russia interfered, according to American intelligence agencies, to try to help Donald Trump win with presidency. Trump in the past has been publicly skeptical about Russian election meddling, and Russia has denied the allegations.

Twenty-one states experienced probing of their systems by Russian hackers during the 2016 election, according to U.S. officials.

Though a small number of networks were compromised, voting machines were not directly affected and there remains no evidence any vote was altered, according to U.S. officials and security experts.

Related reading:

Top intel official says US hasn’t deterred Russian meddling (Fifth Domain) “I believe that President (Vladimir) Putin has clearly come to the conclusion that there’s little price to pay and that therefore, ‘I can continue this activity,‘” Adm. Mike Rogers, director of both the U.S. Cyber Command and the National Security Agency, told Congress.

Senators: Cyber Command should disrupt Russian influence campaigns (Fifth Domain) Senators pressed Cyber Command on how they can use their national mission force to combat Russian cyber intrusions.

Rogers: CyberCom lacks authority, resources to defend all of cyberspace (FCW) The outgoing NSA and U.S. Cyber Command chief told lawmakers CyberCom is not sitting on its hands when it comes to potential Russian cyber interference, but it lacks the authority to do more absent additional presidential direction.

NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin (Infosecurity Magazine) NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin. Expect more election interference, Cyber Command boss warns

Decoding NSA director Mike Rogers’ comments on countering Russian cyberattacks (Washington Examiner) It’s not as simple as ‘I’m not authorized to do anything.’

*** Footnotes:

Electronic Systems and Software:

1. In 2014, ES&S claimed that “in the past decade alone,” it had installed more than 260,000 voting systems, more than 15,000 electronic poll books, provided services to more than 75,000 elections. The company has installed statewide voting systems in Alabama, Arkansas, Georgia, Idaho, Iowa, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, New Mexico, North Carolina, North Dakota, Rhode Island, South Carolina, South Dakota, and West Virginia. ES&S claims a U.S. market share of more than 60 percent in customer voting system installations.

The company maintains 10 facilities in the United States, two field offices in Canada (Pickering, Ontario; and Vancouver, British Columbia) and a warehouse in Jackson, Mississippi.

2. Dominion Voting Systems is a global provider of end-to-end election tabulation solutions and services. The company’s international headquarters are in Toronto, Canada, and its U.S. headquarters are in Denver, Colorado. Dominion Voting also maintains a number of additional offices and facilities in the U.S. and Europe.

Dominion’s technology is currently used in 33 U.S. states, including more than 2,000 customer jurisdictions. The company also has 100+ municipal customers in Canada.

3. Hart InterCivic Inc. is a privately held United States company that provides elections, and print solutions to jurisdictions nationwide. While headquartered in Austin, Texas, Hart products are used by hundreds of jurisdictions nationwide, including counties in Texas, the entire states of Hawaii and Oklahoma, half of Washington and Colorado, and certain counties in Ohio, California, Idaho, Illinois, Indiana, Kentucky, Oregon, Pennsylvania, and Virginia.

Hart entered the elections industry in 1912, printing ballots for Texas counties. (Side note: As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law.

One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy.

In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information.

In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.)

*** The text of the letter to the three vendors is below:

The full text of the senators’ letter is below:

Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:

Recent reports of U.S. IT and software companies submitting to source code reviews in order to access foreign markets have raised concern in Congress given the sensitivity of the information requested by countries like China and the Russian Federation. As such, we write to inquire about the security of the voting machines you manufacture and whether your company has been asked to share the source code or other sensitive or proprietary details associated with your voting machines with the Russian Federation.

The U.S. intelligence community has confirmed that Russia interfered with the 2016 presidential elections. As a part of a multi-pronged effort, Russian actors attempted to hack a U.S. voting software company and at least 21 states’ election systems. According to the Chicago Board of Elections, information on thousands of American voters was exposed after an attack on their voter registration system.

Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. The U.S. government and Congress have recently taken steps to address some cyber vulnerabilities, including by banning the use Kaspersky Lab, a Moscow-based cybersecurity firm that has maintained a relationship with Russia’s military and intelligence sectors, from all U.S. government computers. Now, we must also ensure the security of our voting machines and associated software.

Recent reports indicate that U.S. based firms operating on U.S. government platforms gave Russian authorities access to their software. In order to sell their software within Russia, these companies allowed Russian authorities to review their source code for flaws that could be exploited. While some companies maintain this practice is necessary to find defects in software code, experts have warned that it could jeopardize the security of U.S. government computers if these reviews are conducted by hostile actors or nations. U.S. tech companies, the Pentagon, former U.S. security officials, and a former U.S. Department of Commerce official with knowledge of the source code review process have expressed concerns with this practice.

In addition, Russia’s requests for source code reviews have increased. According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys, and Russian regulatory documents, between 1996 and 2013 Russia conducted reviews for 13 technology products from Western companies, but has conducted 28 such reviews in the past three years alone.

As the three largest election equipment vendors, your companies provide voting machines and software used by ninety-two percent of the eligible voting population in the U.S. According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities. We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.  Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack.

In order to help the security and integrity of our systems and to understand the scope of any potential access points into our elections infrastructure, we respectfully request answers to the following questions:

  1. Have you shared your source code or any other sensitive data related to your voting machines or other products with any Russian entity?
  2. To your knowledge, has any of the software that runs on your products been shared with any Russian entity?
  3. What steps have you taken or will you take in order to upgrade existing technologies in light of the increased threat against our elections?

The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020.

Thank you for your attention to this matter, and we look forward to working with you to secure our elections.

Sincerely,

 

Susan Rice Unmasked the Names in the Seychelles Meeting

Who is George Nader? 

Image result for george nader lebanese

A Lebanese-American businessman, Nader currently serves as an adviser to Emirati Crown Prince Mohammed bin Zayed Al-Nahyan, who has developed a close relationship with Jared Kushner. For years, Nader has been a well-known, if somewhat off-the-radar, figure in certain political circles. According to the Times, Nader worked with the Bill Clinton administration in its attempt to broker a peace deal between Syria and Israel, convincing the White House that he could leverage his influential contacts with the Syrian government. After the 2003 invasion of Iraq, Nader worked with Prince’s private security company, Blackwater—which is now known as Academi—as a “business-development consultant,” according to a 2010 deposition. At the time of the 2016 election, he was serving as an adviser to Prince Mohammed, and was a frequent visitor to the White House during the early months of the Trump administration, where he met with Kushner and former chief strategist Steve Bannon.

***

George Nader, a Middle East expert connected to several associates of President Donald Trump, is now cooperating with the special counsel Robert Mueller and has testified before a grand jury in the Russia investigation, The New York Times reported Tuesday.

FBI investigators approached Nader when he landed at Washington Dulles International Airport in January and served him with search warrants and a grand jury subpoena, the report said. At the time, Nader was en route to Mar-a-Lago to meet with President Donald Trump and his associates to celebrate the anniversary of Trump’s first year in office.

The meeting was said to have raised red flags within the US intelligence community because the government was not notified of Crown Prince Mohammed’s visit. The Obama administration felt misled by the UAE as a result, which prompted then-national security adviser Susan Rice to request that Trump associates’ names be unmasked in intelligence reports detailing the meeting.

A senior Middle East official acknowledged to CNN last year that the UAE did not inform the US of the crown prince’s visit in advance but denied that the UAE had misled the Obama administration. The official said that the December Trump Tower meeting was merely part of an effort to build a relationship with the incoming administration.

Mueller’s prosecutors have repeatedly questioned Nader about the meeting, as well as his meetings in the White House with Kushner and Bannon following Trump’s inauguration.

That same month, Kushner met with Sergei Kislyak, then Russia’s ambassador to the US, and reportedly proposed setting up a secure back-channel of communication between Trump and Moscow using Russian facilities.

Shortly after, Kushner had a separate meeting with Sergei Gorkov, the CEO of the sanctioned Russian state-owned bank Vnesheconombank, which was reportedly orchestrated by Kislyak. The interaction piqued investigators’ scrutiny as the FBI began examining whether Russian officials suggested to Kushner that Russian banks could finance Trump associates’ business ventures if US sanctions were lifted or relaxed.

Kushner’s meeting with Gorkov came as he was looking for investors to shore up financing for a building on Fifth Avenue in New York that his family’s real-estate company had purchased.

Prince told the House Intelligence Committee last year that he knew Kirill Dmitriev was a Russian fund manager but did not know it was a sanctioned fund that was controlled by the Russian government.

Image result for seychelles map photo

Image result for seychelles photo

 

After the Seychelles meeting, Dmitriev also met with Anthony Scaramucci, who would later become the White House communications director, at the World Economic Forum in Davos, Switzerland.

Russian state media quoted Scaramucci as saying, after his meeting with Dmitriev, that the Obama administration’s new sanctions on Russia — which were imposed that month to penalize it for interfering in the 2016 election — were ineffective and detrimental to the US-Russia relationship.

Dmitriev’s company, the Russian Direct Investment Fund, was included on the list of Russian economic entities that were penalized as part of that decision.

An RDIF spokesperson reached out to Business Insider to clarify that the fund was included on the US sanctions list because of its status as a former subsidiary of Vnesheconombank. More here.

When it comes to the Russian Direct Investment Fund, Americans and people with ties to the U.S. have held some of the top spots at RDIF. For years, a deputy CEO at the fund was Sean Glodek, a Stanford alum and Wharton MBA graduate who previously worked at Deutsche Bank and Lehman Brothers. The current deputy co-director for RDIF’s Russia-China investment fund is Oleg Chizh, a Brandeis and Columbia graduate. Other Americans have served in top investor relations and advisory roles.

Part of its mission is to make outsiders more comfortable investing in Russia by pairing their capital with RDIF funds. It was formerly part of VEB, the bank that doubles as Russian President Vladimir Putin’s “private slush fund,” according to Atlantic Council fellow Anders Aslund. More here.

Seems the FBI Loves Best Buy’s Geek Squad, Hello Strzok?

Now many of the emails I receive about certain FBI cases make sense.

*** The document referring to the FBI tour of the Geek Squad facility in Kentucky.

Image result for geek squad repair facility kentucky photo and more details

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights.

The documents released to EFF show that Best Buy officials have enjoyed a particularly close relationship with the agency for at least 10 years. For example, an FBI memo from September 2008 details how Best Buy hosted a meeting of the agency’s “Cyber Working Group” at the company’s Kentucky repair facility.

The memo and a related email show that Geek Squad employees also gave FBI officials a tour of the facility before their meeting and makes clear that the law enforcement agency’s Louisville Division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”

Another document records a $500 payment from the FBI to a confidential Geek Squad informant. This appears to be one of the same payments at issue in the prosecution of Mark Rettenmaier, the California doctor who was charged with possession of child pornography after Best Buy sent his computer to the Kentucky Geek Squad repair facility.

Other documents show that over the years of working with Geek Squad employees, FBI agents developed a process for investigating and prosecuting people who sent their devices to the Geek Squad for repairs. The documents detail a series of FBI investigations in which a Geek Squad employee would call the FBI’s Louisville field office after finding what they believed was child pornography.

The FBI agent would show up, review the images or video and determine whether they believe they are illegal content. After that, they would seize the hard drive or computer and send it to another FBI field office near where the owner of the device lived. Agents at that local FBI office would then investigate further, and in some cases try to obtain a warrant to search the device.

Some of these reports indicate that the FBI treated Geek Squad employees as informants, identifying them as “CHS,” which is shorthand for confidential human sources. In other cases, the FBI identifies the initial calls as coming from Best Buy employees, raising questions as to whether certain employees had different relationships with the FBI.

In the case of the investigation into Rettenmaier’s computers, the documents released to EFF do not appear to have been made public in that prosecution. These raise additional questions about the level of cooperation between the company and law enforcement.

For example, documents reflect that Geek Squad employees only alert the FBI when they happen to find illegal materials during a manual search of images on a device and that the FBI does not direct those employees to actively find illegal content.

But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material. For example, the image found on Rettenmaier’s hard drive was in an unallocated space, which typically requires forensic software to find. Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography. Such a bounty would likely encourage Geek Squad employees to actively sweep for suspicious content.

Although these documents provide new details about the FBI’s connection to Geek Squad and its Kentucky repair facility, the FBI has withheld a number of other documents in response to our FOIA suit. Worse, the FBI has refused to confirm or deny to EFF whether it has similar relationships with other computer repair facilities or businesses, despite our FOIA specifically requesting those records. The FBI has also failed to produce documents that would show whether the agency has any internal procedures or training materials that govern when agents seek to cultivate informants at computer repair facilities.

We plan to challenge the FBI’s stonewalling in court later this spring. In the meantime, you can read the documents produced so far here and here.