Tuesday, December 18, 2007

Quote of the Day: Mr. Sodomsky [sic] Knowingly Exposed Himself

(((child pornography; expectations of privacy when you hand over your computer to a third party for maintenance, repair, or hardware installation: specifically, you have none; is the name "Sodomsky" a sort of self-fulfilling prophecy?)))

The Pennsylvania Superior Court states, in overturning a ruling on the admissibility of files discovered by a Circuit City tech in the process of installing a DVD burner in the defendant's PC:

Our result in this case is consistent with the weight of authority in this area. If a person is aware of, or freely grants to a third party, potential access to his computer contents, he has knowingly exposed the contents of his computer to the public and has lost any reasonable expectation of privacy in those contents...
This is plainly bullshit. As Ars Technica notes:
When you drop your PC off at Circuit City for a hardware upgrade (and you do use Circuit City for all your hardware upgrades, don't you?), you probably don't expect the techs to rummage around your hard drive, dredging up "questionable" files and showing them to law enforcement.

Okay, back up. What happened? In short, Sodomsky (o, to change that name!) left his PC at Circuit City for installation of a burner. The tech installed the hardware, then searched Sodomsky's computer for video files to use for testing the burner. He saw video file names that indicated pornography, and then, as AT puts it, "Richert clicked on one that had listed a male name and an age of 13 or 14 and found a video he believed to contain child pornography." He then called the police, who seized the computer and arrested Sodomsky when he came to pick up the laptop.

In the use of what seems to me an important (and telling) phrase, the Court observes that the tech was testing in a "commercially accepted manner," insisting further that "The employee testing the burner was free to select any video for testing purposes, as appellee had not restricted access to any files. Therefore, Mr. Richert did not engage in a fishing expedition in this case..." (emphasis added).

It could be added that you can burn any file to a DVD, not just movies, so using this logic, the tech was precisely free to search for any file, not just a video file, so he had in effect the run of the customer's computer. So, wait, is it possible that the court's decision is vitiated by its ignorance of basic technological aspects of the case? Declan McCullagh, in the C|Net article linked above, notes that the Court's decision refers to "codecs" as "Code X." Clearly, the court knows next to nothing about either burning DVDs or playing or encoding videos. The end result is a decision that says that computer store installation or repair techs have unfettered access to your computer, and whatever they find is admissible in court against you.

Unless . . . you tell them not to run around your computer for files? Even if this is commercially accepted practice, that by no means makes it either legally acceptable, or widely understood, and it strikes me as very odd for the Court to engage in this kind of reasoning. Why isn't the store required instead to tell you that that's what they'll do and give you an opportunity to establish limits within which they are allowed to work? Or, better still, why don't they have, using this case as an example, a standard process that includes a file on a flash drive, which they can insert in the USB [drive] port and burn straight from that drive to test the burner. No use or viewing of the customer's files is required, nor is any copying of files (beyond necessary drivers, user manuals, help files, etc.).

Finally, it's not at all clear what the rationale is for the tech's selection of a video to use for testing. I would argue that his selection of the particular video was itself a fishing expedition. Why does his spotting a file name that seems to indicate pornography give him the right to open that file? Well, it doesn't, unless you say there is no reasonable expectation of privacy, which position I think I have already established is based on specious, indeed pernicious, reasoning.

Let's think analogically: if I spot what appears to be meth lab equipment through the window of a neighbor's house, do I then have the right to sneak into their house to examine the equipment, then grab it to hand it to the cops if I think (rightly or wrongly) that it actually constitutes meth-manufacturing equipment? Surely not (although I might in that case call the cops and tell them I think my neighbors are making meth, but then we would need more evidence for a warrant than my thinking I saw equipment through the window). Let's go a step further and suppose that my neighbors have given me the key to their house so that I can let them in if they lock themselves out. Have they then given me the right to use those keys if I spot through the window what appears to me (ignorant bugger that I am, never having made meth) to be meth equipment? I don't think so.

The long and the short of it is this. First, there are holes everywhere in the Court's logic. Second, I can't believe I'm only seeing coverage of this right now in C|Net and Ars Technica. Third, um, don't be a stupid lUser when you take your computer to Circuit City: set up passwords and guest access and protect your files, since, let's face facts, it's a little bit like trusting the parking garage attendant with your keys. I mean, do we really think this is the first time this tech or some other has accidentally discovered porn on a customer's computer?


Simon said...

Circuit City tests things? Who knew?

Jeffrey said...

Yeah, I have a feeling customers' computers get "tested" a lot, actually. And a ruling like this means that even if you discover where they've been, and they've sifted through, say, diary or journal entries, you've got no recourse. So we can only expect even more "testing."