Police Blotter: Can Circuit City techs legally peruse files?

Police Blotter is a weekly News.com report on the intersection of technology and the law.

What: Pennsylvania man accused of possessing illegal images objects to Circuit City technician perusing his video files and then alerting police.

When: Superior Court of Pennsylvania rules on December 5.

Outcome: Evidence of illegal images allegedly discovered by technician can be used in court.

What happened, according to court documents:
On October 15, 2004, Kenneth Sodomsky brought his computer to a Circuit City store in Wyomissing, Pa., and asked store technicians to install a DVD burner.

Circuit City told Sodomsky that the upgrade would be finished in about an hour. After installing the DVD burner, the technicians tested the drive's new software by searching the computer's hard drive for video files to play back. (Amusingly, the court refers to "codecs"--video compression and decompression software--as "code X.")

When searching the Windows XP computer for some sample video files, a technician named Stephen Richert allegedly spotted files that "appeared to be pornographic in nature" based on their names. Richert clicked on one that had listed a male name and an age of 13 or 14 and found a video he believed to contain child pornography.

Then the usual series of events happened: Richert called Wyomissing police, who promptly showed up, seized the computer, and, after Sodomsky returned to pick it up, seized its owner as well.

What makes this case relevant to Police Blotter is the question of what privacy rights govern Sodomsky's computer when he drops it off for an upgrade. If he had an expectation of privacy, then the allegedly incriminating files could be suppressed. If not, they could be used as evidence against him.

The trial court granted Sodomsky's request to suppress the information, but prosecutors appealed.

Making this case tricky for the appeals court is that there's not exactly a clear precedent, leaving the judges to reason through analogy. Is this a no-reasonable-expectation-of-privacy situation such as when a defendant hands illegal drugs to a third party? Or is it closer to tenants or bank customers, who retain some privacy rights under state or federal constitutions?

In the case of Sodomsky, the appeals court noted that he gave Circuit City technicians access to the hard drive and consented to the installation of a DVD drive. The court also noted that the technicians weren't randomly perusing the drive for contraband, but instead were testing its functioning in a "commercially accepted manner."

The appeals court reversed the previous order, allowed the evidence to be introduced, and sent the case back to the trial judge for additional proceedings.

Excerpts from appeals court's opinion:
Appellee implies that the DVD drive should have been tested by inserting and playing a DVD. Nevertheless, as noted, Appellee did not ask how the burner would be tested nor did he place any restrictions regarding the manner of that procedure. As Mr. Richert's testimony indicated, the playing of videos already in the computer was a manner of ensuring that the burner was functioning properly. Once the search for videos was initiated, the list of appellee's videos appeared automatically on the computer screen. The employee testing the burner was free to select any video for testing purposes, as appellee had not restricted access to any files. Therefore, Mr. Richert did not engage in a fishing expedition in this case...

The final factor we utilize is the volitional nature of appellee's actions. In this case, Appellee removed the computer from his home, took the computer to Circuit City, and left it there without either removing the videos containing child pornography or changing the titles of the videos so that they did not appear to have illegal content...Appellee was aware of the child pornography and could have elected to leave the store with the computer rather than risk discovery of the pornographic files.

This scenario also stands in contrast with the landlord case relied upon by the trial court. Although landlords routinely retain the right to inspect their premises upon notice, people still retain a privacy expectation in their home despite its status as rental property. Here, however, we find that under the facts and circumstances presented, appellee knowingly exposed to the public, the Circuit City employees, the contents of his video files. It is clear that Circuit City employees were members of the public; hence, if appellee knowingly exposed the contents of his video files to them, as members of the public, he no longer retained an expectation of privacy in those videos nor could he expect that they would not be distributed to other people, including police.

Our result in this case is consistent with the weight of authority in this area. If a person is aware of, or freely grants to a third party, potential access to his computer contents, he has knowingly exposed the contents of his computer to the public and has lost any reasonable expectation of privacy in those contents...

We also conclude that the incriminating nature of the video files was immediately apparent. Appellee suggests that it was unclear whether the videos depicted child pornography because police could not ascertain the age of the naked male, whose face was not revealed, from the portion of the video that they viewed. We disagree....Finally, police had the lawful right to access the videos because, as analyzed extensively above, appellant had abandoned any reasonable expectation of privacy in them.

[ithasacarb]

no sympathy here

First off he had child porn, not going to get very much sympathy from me. Second, he took his computer to Circuit City to get a dvd drive installed. Come on. This guy is obviously ignorant to begin with.

[bemenaker]

He is ignorant, but it's bigger than that.

What happens if you take your computer in, and they find all of your financial records. How do you feel about that now? What if you keep a personal diary on there, detailing every single aspect of your life, and your inner most thoughts and secrets, and they read that. Are you still going to stand there and say, well, I'm a *******?

No one defends someone for child porn, but your right to privacy is something of big issue here. If I authorize you to install a DVD burner, just how in the hell am I authorizing you to view what's in My Documents? When I let a guy in to fix my furnace, he doesn't have the right to look in my bedroom closet and go through it.

[rdupuy11]

Circuit City

All you need to remember from this story is its illegal to take your computer in to Circuit City, because they are searching for a reason to call the police on there customers.

I have zero sympathy for child pornographers...they should find the pornographers and put them in jail.

But...instead they go after the sicko watching the stuff...and not to get treatment, oh no...

they aren't going to do anything to go after the people with camera's who abused the kids, but they will spend unlimited amount of money going to appeals court after appeals court, to get the guy who has a sickness...because they know who he is.

And, I like the fact that someone else pointed out that this guy is actually going to Circuit City to get a DVD burner installed...what a moron.

[Too Old For IT]

First they came for the owners of child porn

First they came for the owners of child porn, and I said nothing ...

You get the rest ...

[markdoiron]

Misleading Headline

The Circuit City tech's weren't "perusing" the man's files. Had they been, that would probably been way beyond the work the man authorized. Peruse: "1. To read carefully; study." This sounds more casual and perfectly legit on the part of the Circuit City tech's.

--mark d.

[arluthier]

Maybe

I have no problem with this guy being hauled off for kiddie porn... BUT... Circuit City and all the other incompetent box store techs need to change their policies.

As another commenter pointed out, searching someones hard drive for a video is not the way to test a DVD burner. There are more appropriate and technically correct methods. Secondly what if they decided to just search for a 'big' file to burn instead. What if this big file was private data (i.e. bank statement PDFs, Quicken/MS Money file, etc.).

Do you want some tech with a DVD of your private data, financial data, or photos of your kids and family?

[homeone]

Wrong way to test a DVD drive

While I do not question that the system owner should be turned in for the child pornography, you do not find video files to test play a new DVD player/burner. If they were testing the burning software, most shops drop in any CD/DVD and set the new burner to do its job. In that process the new drive is tested for both read and write. To test the DVD play back you drop in a DVD movie. Playing any video on the HDD does not test the drive. The owner, I believe, did give access to the HDD when he checked the system in but I don't believe it was a random and acceptable proceedure that was being done when the pornography was found. They were snooping, came across the files, and turned the owner in and justly so. They masked the actions with the story or at least that is my take on everything. Having worked in a computer store in the past, I know how the HDDs were looked over both in the course of normal proceedures and just to see what was there.

[joshsc]

I agree-

While I'll agree it's wrong to have the child porn, I don't agree that the way it was found was legal.
If you had a clothes washer installed, would it be a "commercially accepted manner" of testing for the Tech to go searching through your home, closets, drawers, to find clothes to "test its functionality? NO Nor would anyone stand for it.

We have laws and I've never been one that believe it ok to bend the law to fight a crime. When you start doing that, it diminishes the validity of our laws and the validity of our system of government.

[tektaktyks]

i agree 100%

I was gonna post pretty much same thing,i dont know how it works but do they install software for copying/creating dvd's?Now copying a dvd takes short time but converting an mpg or avi etc takes a "bit" longer,depending on the length of the video,so doing all that under an hour seems a bit bs for the standard procedure.Its a good thing he called the copsbut what if next time u drop your pc at some store and when u come back the cops take you in for your illegal music files..?

[Spork_This1]

Absolutely true.

I was thinking the same thing.

[ralfthedog]

Right way to test software.

They were installing software that came with the drive. The software automaticly indexed all of the video files on the computer.

When the guys from Circuit City installed the software they saw the names of the files. After finding a file named something like, "My illegal kid porn" they called the police.

[crzycritter]

Stupid is as stupid does...

If this Guy was stupid as to think he had privacy rights for a third party not looking at the child porn videos he had on his Computer, then he shouldn't have had those type videos on his computer when he handed the computer over to that third party!! I don't feel one strand of pity for this guy who was so stupid to be looking at child porn in the first place, then leaving it on his Computer when he handed over to A Circuit City Tech! Horrah for the Tech and some senceable Judges!!

[Kings X Rocks!]

Just goes to show...

You can't trust Circuit City techs, since they think that playback of a video file from the HD has something to do with testing a newly installed DVD drive. Yeah right...they were nosing around...

As for the customer...if proven...then there's one less degenerate to have to put up with.

[8ballrunner]

Bad bad bad Circuit City

This person made a mistake in the first place by downloading child pornography, however Circuit City is liable for invasion of privacy, and I have no idea how a court could allow this evidence to be upheld. Do you really think the reaction would of been the same if say it were illegally downloaded movies/mp3s.... I really doubt it. Bad policy for Circuit City to allow the technician access to the hard drive. While a mac os is different, at the Apple Store anyone who brings a system in has the OS booted from a firewire drive. Techs at Circuit City should only be allowed to boot via USB and then this problem would never have occurred. Case will be appealed and overturned once again.

[eBob1]

Emotions

The problem with this is that people tend to get upset over the nature of the subject without thinking of other consequences. For example, what if he had bomb-making plans on his computer? Or, better yet, communist propaganda or material on radical Islam? With the level of fear and paranoia in this country today, I am really surprised that all we ever hear about is child pornography being discovered by some tech and a big-box retailer. I agree that child porn is disgusting and this person needs help, but in the end did these techs have a right to go rifling through the hard drive? Personally, I would scrub my hard drive before I dropped off my computer at one of these places. Then again, I would probably just install the DVD burner on my own.

[Jamesmeredith2]

BULL...

Yes and what happens on the other end, you have naked pictures of your wife and they end up on the net, SSN, bank statments, I believe there is a line here that is being crossed, it is called privacy... it isnt the assumption of privacy but the law that governs privacy... the government is wanting it changed so they can spy on us at will. trample our rights at will, because they say we are only assuming that there is privacy...

it is all bull

[tgrenier]

molestors are dumb I guess

The reason CC techs are not finding terrorist plans or propoganda is because the terrorists are well trained and install their own DVD burners

[thrca]

Like James said

as the commenter (subject: BULL) put, there is this invasion of our freedoms and people are agreeing with it because of the emotions involved in the content. I think the defendant is morally sick for having the content, but I would stand up to the very end to defend his right to privacy.

You mentioned bomb-making plans, communist prop, radical islam, etc. But do these things justify the snooping? bomb-making plans are legal, carrying out the act of making them is not. Communist propoganda is legal in every way, just as democratic or republican propoganda would. I can choose to support radical islam, does that waive my right to privacy?

[chash360]

Terrorist-Pedo connection

Amost completely unrelated, but since the late 80's terrorists have found a wide open communication forum in the US banned Pedo news groups, It is really easy to pass coded terrorist plans in newsgroups no one in the US can easily access (except the Gov). And it makes sense, why would you report seeing terroist assasination or bombing orders, if where you found them was in one of these groups?

[thrca]

Agree to privacy for this jerkoff

...as members of the public, he no longer retained an expectation of privacy in those videos nor could he expect that they would not be distributed to other people, including police...

First off, the guy should be publicly flogged for being a sicko. Besides that point, I feel that he has some privacy rights beyond what the court indicates.

IANAL...

People take their computers to repair shops in confidence that their personal data is not distributed. Hypothetically (I do my own work), If I had a hard drive that was full of clients legal files, doctor files, tax files, or whatever, or my own letters to my grandmother or whatever, and needed them to install a new hard drive to make more space, according to the above excerpt they have the right to distribute said files to the public, (which it is worded to include the police).

Based on the FireDog privacy policy, last updated 9/1/2006, they indicate that any data they use are protected by various measures, giving users the prior indication that their personal data is shared in confidence only to the extent and requirements of the job functions they are contracted to do.

--... these third parties are not authorized to use your information for any reason other than to perform their contractually assigned functions.--

No where in the policy does it indicate that the policy is specific to their website or to their brick-and-mortar store, so one would assume these policies protect their personal data regardless of the location.

Finally, what the h*ll are firedog techs doing trying to "find video files" to test a DVD drive? As a previous commenter said, sounds like a coverup to me, searching for a video file on the HDD has NOTHING whatsoever for testing a burner.

A word of advice for users that keep highly personal, private, or illegal data... Get an external drive like a WD Passport and store the stuff on there. When you take your computer to the repair shop, leave the external drive home.

[mh999999999]

Hmmmmmmmmm.... getting my computer fixed by a store......

If it's true, I hope that the take this guy lock him up and throw away the key.

However, this ruling basically says that any content on your hard drive becomes public domain once you hand your computer over to a technician at a store unless you have taken steps to protect your data.

Since you have to give technicians admin access in order to fix most problems or attach new hardware, your only option is to encrypt everything on your hard drive under a separate account because I sure don?t want some technician to have access to my income/accounting/banking information or send any of my photos/videos of my family or vacations over the web. And even that won?t stop them from taking a copy.

This is a very fine line, catching these creeps or getting your banking information spewed over the web.

[thrca]

Fine Line...

By "catching these creeps", were you referring to the kiddie-porn downloader or the circuit city techs that were rifling thru his personal data? I find both variations strikingly appropriate.

[reechwuzhere]

dirty tech

This is like having someone come to your house to install a DVD player and while they are there, they search the entire property for Compact Discs.

Regardless of what was contained on the drive, the "tech" had no business snooping around.

[thrca]

/agree

Had the tech been contracted to troubleshoot video files not playing properly, I think he would have been well in his rights and his requirements for that matter (as stated by store and website policies), however I find that the course of action is a result of a violation of privacy in the first place.

[spawniii]

Don't blame on the the tech

In order to test the software comes with the DVD burner (nero, cd creator ...) you need to test if the software can play a video file from your hard drive (How do you know if the new software with the burnner will play your video clip from your hard drive if you dont' test it?). This artical deosnt' mention if this customer asked not to install the software come with the burner or not.
Spawn

[spawniii]

Yeap

When you purchase a dvd bunner in a box what does it come with? Only the burnner??? it comes with a burnner solftware (nero, cd creator ...). tech needs to install this software and test it also. Burn sample DVD, Play video clip from Hard Drive. Unless customer doesn't want the tech install the solfware come wwith the burnner
Spawn

[thrca]

Still trying to figure this out

I am still trying to determine the relationship between burning a dvd and playing a video from the hard drive, please feel free to elaborate on your thought process here so maybe I can understand something that isn't making sense.

[russpauly]

The Tech is right and Wrong

This case is a little complicated because being that I work for the computer repair company "Geek Squad" I know our policy for child pornography. At the Squad if an Tech comes across anything that might be suspicious of child pornography we are to go into lockdown mode in our tech area and contact the police. Now, the police have the ultimate decision on whether or not they wish to pursue the case further. I think that the two times that it has happened at my store they pursued. The tricky thing here is why would a tech need to watch a video file after installing a DVD Burner? That does not make sense. Our policy is to not look through the customers files, but rather during a viri/spyware scan or Data Transfer if we notice something suspicious then we can look more into it and contact the police; or if we HAVE to look through the customers files for some reason. Just searching for and looking around at customers data is against our policy and it shouldn't happen because it can just get you in trouble.

So, yes the guy was wrong for having that stuff on his computer and YES he did or should have signed a contract giving his computer to Circuit City with permission to work on it. But I do also think that the Tech in this situation is also at fault because viewing video files has nothing to do with a DVD drive install.

[outpostprime]

Totally agree

If the tech was testing the drive he should have used a drive-testing tool. Nero includes this testing software and its portable so installation isn not required. It tests if it can read and burn and displays read/write performance. That tech is an idiot. I would never use customer?s files for a test. He was snooping as others have said.

Only time I ever had to look at customer?s files was when I was learning from the owner of a computer shop here. Customer came in because of pop ups and the virus scanner was showing his system was viral. I was 15 and came across a bunch of porn. The shop owner right when he heard my disgust after I connected the network cord (got a insane amount of pop ups). He immediately cut the power and told me to perform a format/install on it. To this day I still think what I seen on it had to be the grossest stuff I?ve ever seen xD (old people, hair, and lots other stuff I don?t think anybody here would like to read).

[spawniii]

How do you check the DVD?

At "Geek squad", do you test the burner and the software come with the burner. If you dont' test the software then you do need to start OS. you can check the BIOS to see if the DVD is there. then shuttoff. DONE.
If you don't install the software come with the burner. I think you will see this customer again tomorrow. I can't burn my DVD .... Sorry, your Hardware doesn't work without software.
Spawn

[Pdshad]

Circuit City

Well I don't like child porn,but all computers are set up for plug&play hardware.So the tech did'nt have a right to be in his private files,the computer sholud have picked up the DVD player.And if it did'nt it should have had software with it to install the DVD.Why was he looking for a video to play,He should have put a cd in the cd player and a blank in the DVD to see if it would burn the cd.I think they both should do some jail time

[Spork_This1]

DVD Burners in general

I have seen the actions of techs from dozens of hardware shops in the past and I know that there is a tendency to poke around on customer's drives if not told otherwise. So, while I think that the guy should be strung up for having illicit materials, if that is actually the case, I still have to question the real reason the tech was poking around on the drive - just because of human nature.
However, once the videos were discovered, what would any technician do? What would you think if you found such videos and thought, "Hmmm. I wonder what he wants to do with a DVD burner..."

[bob1960]

acceptable testing method?

Just had to add my two cents worth here...

(disclaimer: nobody commenting here has questioned the illegal or immoral nature of owning child pornography, or any other illegal actions. My comments here are soley related to reasonable access to private data on PCs.)

Concerning the Apple OS comment and booting off an external device: Installing hardware on PCs requires installing drivers to the OS. Even when there is a simple Plug-and-play install, a service tech should reasonably test the installation, and that means using the OS and it's drivers. So booting off an external device (or the owner removing the booting hard drive) would not be reasonable in this case.

However, IMHO, there was unreasonable actions taken by the service techs. If they were trying to test the copying of video files to the DVD burner, they should have used company-provided test video and not the data files found on the customer's hard drive. First, there was no guarantee that there would already be video files, or even compatible and valid video files for the DVD burner installed, on the customer's PC. Secondly, and probably more important, what was going to happen to the DVD that was burned with the private video files taken from the PC? Was the tech going to destroy it after the test was completed? Was it going to be handed over to the PCs owner? Or was it possibly going to be "pirated" by the tech? What about copyright (copy infringement laws) concerning copying of music and video? Does fair use laws cover the coying of IP for diagnostic purposes?

Bottom line: The tech more than likey had other more reasonable methods available to adequately test the installation of the DVD burner using company owned test files (or they should have). So there was no "reasonable cause" to go searching the hard drive for any files that were not related to the hardware device and associated software drivers. A simple USB drive (or the like) should have been used, pre-loaded with all files needed to test the installed hardware.

I sure hope this case isn't referenced in future cases as precident for searching hard drives of PCs at service centers. If so, police, journalists, and politicians (or worse) will be setting up shop in Best Buys, Circuit City's, etc. scanning hard drives or paying techs to give them backup copies for whatever purpose they want.


In reality this case reinforces that any private data that you don't want to share, should either be encrypted or put on a removable device, so you can reasonably control it's use. Be it illegal or just private or personal data.

[Jamesmeredith2]

They had a right but they didnt.

They could have burned the DVD in many different ways. I do not feel that they should be allowed to browse my computer at all. They could have simply insterted a DVD with ads or something on it, copied it to his hard drive, burned a copy and deleted the files back off. That would show it copies and burns disks. But I have read many stories of Techs browsing computers - i do feel that it should be illegal - what about a mechanic working on your car, should he be allowed to rumage through your car simply because you left the keys to work on it? What about the guy working on your furnace? you allow him access to your house, should he have the right to rife thru your dressers? I just feel that computer techs are becoming more and more like private watch dogs than techs.

[tgrenier]

valid testing procedure

The tech was perfectly ok in his testing. He needed to burn a video filer (mpg avi wmv etc) to DVD and then play it back on a standard DVD/TV to see that everything was ok.

The perv's name is SODOMsky. How unfortunate is that?

Tom

[turtleisland]

A Tech I would hire

I own a computer sales/service shop, and I would never hire the tech that did this work. Not because he turned the guy in. Once he found what he believed was child porn, it was the right thing to do. BUT, any tech who thinks he needs to play video files from the HDD is not qualified to work for me. The ONLY 2 test that should have been performed are: 1; test the drives read head with a store provided dvd (if it palys a dvd video the codex work, and the drive reads data. 2; test the drives write head by burning easily accessed files to a blank dvd (such as files from a store cd or better yet, desktop icons which are never considered private). Searching the drive for videos is WRONG, and if he worked for me he be fired on the spot.

[turtleisland]

opps, title should read "A tech I would FIRE" sorry

sorry for the typo in the title, I would NEVER hire this guy.

[ittesi259]

CC didn't have techs in 2004

I was a Circuit City employee in the PC Department in Southern California in 2004....the company at that time had no official techs, even though a blind eye might be given to us doing something for a customer. In other words, this guy never should have used tech in his case at all, he let a sales guy do something....and I can tell you even after they set up their wannabe repair shop it happens all the time that people go diggin around at whats their.