Monday, October 27, 2008

Who’s peeking at your private stuff?

Have you ever wondered just how much your computer repair guy knows about you?

Did you know that when you drop off your computer at the repair store, you are giving up your expectation of privacy? In other words, you are giving the computer repair people full permission to look at anything in your computer. And if they decide to reveal something they find, there probably isn’t much you can do about it.

When you turn your computer over to a computer store, the employees are members of the public, and with your permission you are giving them access to your computer information.

Let me give some specific examples of what I mean by giving permission, where you mean to or not:

  • You take your computer to the repair shop to get your email fixed. When you do this, you are giving tacit permission for the repair shop to test your email account to make sure it is working. How else would they know if they fixed it? In the process of testing your email account, they are going to send and receive emails, and possibly open emails to make sure everything is ok. If they reveal something that they see in your email to a third party, you probably can’t do anything about it, since you gave them implicit permission to view your email.
  • You take your computer to the repair shop because it is running slow and ask them to check it out. In the course of doing so, they review your files and locate contraband. The next thing you know, when you arrive to pick up the computer, the police are standing there waiting for you. Guess, what? You gave the computer shop permission to examine your computer, and if they found something suspicious, you have lost your expectation of privacy.
  • You ask your local repair shop to install an upgrade of your financial software. In the process of testing the upgrade, they open your financial files, revealing your bank account information, check register, transactions, payment history and so forth. If you did not specifically tell them not to open your financial files in the process of installing the software, chances are you lost your expectation of privacy.

Check our this court decision for more information on how this can be viewed:

Other ways you can put your information into the public arena:

  • You have the hard drive in your computer upgraded to a new larger hard drive. When you get to the shop to pick it up, the computer shop gives you the old hard drive and you subsequently give it away or toss it in the trash. Under the legal concept of abandonment, you have no expectation of privacy for anything on that hard drive.
  • You work at a company that has a computer usage policy that says you are not allowed to use the computer for personal use, including personal email. The policy says that your computer is subject to inspection by the company. The company inspects your computer at some point and locates e-mails from your private Yahoo mail account in the internet cache. You would not have an expectation of privacy for those emails, even though you did not know they were in the internet cache.
  • You install Limewire on your computer and allow sharing of your downloaded files with others. After all, you want to be nice about it and participate in the network. Once you do that, you have opened your computer to the public and it is no longer protected from inspection by pretty much anyone. Especially the police who may be monitoring traffic on the Limewire network through Operation Fairplay.

Even more ways to give your information away:

  • By tossing a bunch of old floppy disks, backup tapes or CDs into the trash.
  • Giving your email password to a computer person to fix your email and not changing it after they are done.
  • Giving anyone your network password, even your corporate IT support person and not changing it later.

How can you protect yourself?

If you run a large or small business and you use a computer service company, have them sign a non-disclosure agreement.

If you must take your computer in for repair, take a written note outlining exactly what you want done and restricting access to anything else on the computer. Have them sign it in your presence and get a copy.

Of course the simplest way to protect yourself would to be sure you don’t have any personal information on your computer. Of course, in order to do that, you probably shouldn’t use one, since no matter what; you probably have something on there that is personal and private, even if it is only your email.

No comments:

Post a Comment

I have moderated my comments due to spam.