Are there paid FBI informants in your IT department like Geek Squad?

New documents show that some employees of Best Buy's Geek Squad repair staff were paid by the FBI to find and report illegal content.

Geek Squad's FBI informant case illustrates need for good IT policies
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Documents from an Electronic Frontier Foundation FOIA request show that the FBI paid some Geek Squad repair employees to act as informants.
  • Enterprise IT must revisit their own policies around illegal and unethical information, and possibly audit their IT department to ensure compliance with company policy.

The FBI has been working with Best Buy's Geek Squad repair employees as confidential informants for years, even going so far as to pay them for information, according to documents released by the Electronic Frontier Foundation (EFF) on Tuesday.

Best Buy's relationship with the FBI was brought to public attention after a high-profile case involving child pornography found on the hard drive of a California physician in early 2017. However, the EFF documents claim that the FBI has been working with the Best Buy division for "at least 10 years."

The documents came as the result of a lawsuit brought about by the EFF, after its request for documents from the FBI under the Freedom of Information Act (FOIA) was denied. Now that the documents have been released, more information has come to light about the FBI's relationship with Best Buy and Geek Squad.

SEE: Security awareness and training policy (Tech Pro Research)

A memo showed that the FBI held a meeting at the Geek Squad repair facility in Louisville, KY and maintained "close liaison with the Geek Squad's management." A different memo noted that a $500 payment was issued to a confidential informant.

Geek Squad's policy is to only hand over materials to law enforcement if they happen to find them during the course of a normal repair. But, "some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material," the EFF documents said.

Still, if the FBI used these employees as informants--especially paid informants--they could be seen as an extension of that branch of law enforcement. As such, their searching for illegal material could be seen as a violation of the fourth amendment, which prohibits unreasonable searches and seizures.

This argument was also made by the EFF, which stated that "any evidence obtained as a result of the illegal searches should be thrown out of court."

While the case has critical implications for citizen privacy, it also has implications for enterprise IT. A Best Buy spokesperson shared a lengthy statement with our sister site ZDNet, part of which read:

As a company, we have not sought or received training from law enforcement in how to search for child pornography. Our policies prohibit employees from doing anything other than what is necessary to solve the customer's problem. In the wake of these allegations, we have redoubled our efforts to train employees on what to do -- and not do -- in these circumstances.

We have learned that four employees may have received payment after turning over alleged child pornography to the FBI. Any decision to accept payment was in very poor judgement and inconsistent with our training and policies. Three of these employees are no longer with the company and the fourth has been reprimanded and reassigned.

The key takeaway here is that Best Buy claims it didn't know about the alleged informants at first. And, if something like this could happen under Best Buy's nose, it could likely happen at any number of major enterprises.

Enterprise IT departments should use these revelations as a wake up call. It would be prudent to revisit any existing policies on interactions with unethical or illegal materials (or create one if the firm hasn't yet), including relevant state and federal laws. IT leaders should then focus their efforts on educating and training their employees on following these policies, so that future situations can be handled in the most efficient manner, according to company guidelines.

Also see

Image: iStockphoto/domoyega