I’ve often wondered how Geek Squad stays in business. The prices it charges for even the most trivial repairs are absurd. More and more I’m becoming convinced that Geek Squad stays in business because it is being propped up by the Federal Bureau of Investigations (FBI):
After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.
EFF filed a Freedom of Information Act (FOIA) lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights.
While Geek Squad has been caught red handed working with the FBI, any employee at any computer repair company could be operating under the same deal. The FBI has a vested interest in access the information on as many computers as possible and people who repair computers often have unrestricted access to a lot of information on a lot of computers.
If you’re going to send your computer to somebody else for repairs, here are my recommendations to guard your privacy. If the device you’re sending in has a removable hard drive, remove the drive that is in it and replace it with a blank drive (one that has never been used to store personal information). On the blank drive install the operating system that came on the device and a user account with generic credentials (this is one of the few times where the password “password” is a good idea) so the repair person can log in. By doing this you ensure that the repair person doesn’t have access to any of your personal data. When the device comes back, format the drive that you provided the repair person, remove it, and install the hard drive with your data again.
If your device doesn’t have a removable drive, ensure that the first thing you do when you initially start the device after getting it out of the box is enable full disk encryption. When you need to send the device in for repairs, format the drive, reinstall the default operating system, setup a user account with generic credentials, and send the device in. When the drive comes back, wipe the drive again and restore your data from a backup. For those who are wondering why full disk encryption should be enabled it’s because formatting a drive doesn’t necessarily erase the data. By default formatting a drive wipes the file allocation table but leaves the data preserved. Enabling full disk encryption ensures that the data on the drive is unreadable without the proper decryption key. While formatting won’t erase the data, the data will be unreadable to the repair man if they attempt to restore the old file allocation table to pilfer your data for law enforcers.