Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How should I protect myself when other people use my computer?

Question:

I have a computer in my place of business where I allowed many people to
access and use my computer to send and receive emails, allowing some of them to
apply for their own emails with Yahoo.

One day about nine months ago, I was visited by the two FBI Agents. When
they came in my business one of them asked me if I was the owner; I replied
yes, I owned the business. Then he asked if I had a computer, I said yes at the
back of the building.

I know that what I am about to tell you, I had been wrong for letting others
use my computer, however being new to computers, I had no idea of the dangers
of that.

There’s much more to this question … or rather this story.

I’m presenting it as a cautionary tale.

]]>

The story continues:

My business is not too far from the high school, and I have a number of students that do business with me. When I was asked by a lot of them if they could use my computer to write friends emails, and play some games I replied, “well sure, go ahead.”

“… you simply cannot allow people you don’t know and trust to use your computer.”

Well the FBI Agents asked if they could look at my computer I said sure. I had no idea what they were looking for. They did get on my computer and found much to to my surprise a lot of some type of illegal porn, they called it child porn.

When they found that on my computer, they told me that they would have to pick up my computer and send it to forensics, for examination. They also said that my IP address was traced from a porn investigation from up north somewhere.

They mentioned that a person had been sending me child porn, and that I had been downloading it. I have NEVER done that!

They asked me if I were the only person using the computer I told them about the use of the computer by many others. Then they wanted me to give them names. I only remembered the first names of many of them, but some I did remember the full names which I gave them. Some of these people were adults and some just kids from the school.

It has now been about nine months since this all happened, and I have not heard from them. They still have my $1,700.00 computer, external hard drive, monitor, keyboard, speakers, and everything I had.

I did contact an attorney, he said that he didn’t think I had anything to worry about, however he wanted $ 5,000.00 to sign me up as a client, Sir I don’t have that kind of money.

Could you please help?

Unfortunately, I cannot.

I am not a lawyer, and I honestly believe that’s exactly what you need. I have to admit that $5,000 seems pretty steep, so I’d certainly consider seeing if there aren’t less expensive alternatives.

As I said, I wanted to present this story as a cautionary tale, a warning of sorts, for others who might allow themselves to fall into a similar situation.

The problem here is actually very simple: you simply cannot allow people you don’t know and trust to use your computer.

Ever.

I know that seems harsh, but as this story proves, it’s the reality of the internet today.

Particularly in a business setting, you’re opening up yourself to all kinds of problems when strangers use your computer.

I know it’s tempting. Everything from “being nice” to perhaps allowing people to use your computer briefly to make you a PayPal payment seem like they’d be simple, harmless things.

And yet, they’re not.

At one extreme you’ve allowed them access to your computer and everything on it, and as I’ve said before, if someone has physical access to your computer, they have access to anything and everything on your computer.

At the other extreme are stories like the one related here: you could be under suspicion or held liable for the actions of others while they used your machine.

Just don’t.

You may not have anything to worry about, legally (though, again, I don’t know as I’m no lawyer), but at a minimum, the cost and inconvenience could be extreme.

As internet cafe owners world-wide will tell you, if you must do it set up a dedicated machine for public use, and make sure that everyone is clear on the limits of liability when that machine is used.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

29 comments on “How should I protect myself when other people use my computer?”

  1. For the same $5000 the OP could get one
    helluva new machine.

    What’s that? What about your data?
    You do have backups of your important
    data, right?

    So, we have another cautionary tale on why
    data backups are important.

    Reply
  2. I had a similar issue, the only difference was it was not a business machine. I was allowed all of my equipment back after their investigation, and the only thing they kept were the hard drives with the illegal items on it. I did have to get ahold of the officer in charge and they allowed me to have copies of all other information from that drive. Backups in this type of situation won’t work, with me…they took EVERYTHING, even flash drives.
    I suggest you find out about the officer and contact them, it will take time, it took about 19 months for my items to be cleared for me to get them back.

    Reply
  3. When ‘authorities’ confiscate equipment as described here, there should be an exchange of information identifying the serial numbers of the equipment taken and an expected (realistic) return date set. I know this is after-the-fact in this case, but proper procedures on the part of the confiscating authority would enable extracting whatever information is available while protecting the property rights of the owner whose property is being forensically analyzed.

    I know this isn’t THE point of your article, Leo, but it IS worth considering, after all. The point that a lawyer’s fee would exceed the cost of the computer and etc. doesn’t make the loss of the property OK. In fact, that argument sort of justifies paying the fee or lose the property! Really a lose-lose proposition… so next time, or for anyone’s first time, have the authorities sign for possession of the property. It will make it a whole lot easier to recover. Won’t sign? At least document everything, serial numbers, date, circumstances, etc. and pictures would help, especially pictures of the confiscating personnel with the equipment.

    Reply
  4. It sounds like it was a hard lesson, but be VERY glad that you were not thrown in jail. Child porn laws are very strict and making an excuse of “I did not know …” is not enough to keep you out of jail.

    Take some time to read up on proper use of the Internet and have a networking company set-up your work computers with protections!

    Reply
  5. I understand they will take everything, even USB flash drives, but there are plenty of ways to make and store backups that they cannot take.

    1. Emailing yourself important files to your Yahoo or Gmail account as attachments.

    2. Backup to an online backup service, such as dropbox.

    3. Backup to DVD/CD/Flash and store in a safe deposit box. (Do they need a court order to get to that backup?)

    Making a full image backup of the disk would probably mean those backups are in peril (since they have the offending data). But it seems to me that one can easily make backups of important data files and/or subdirectories to multiple places that cannot be lost or confiscated.

    Having a backup of just your Quicken data files, for example, to a DropBox.com account, is a good idea.

    The point is the data is more important than the hardware.

    Living without the confiscated PC for 19 months sounds terrible, but living without your Quicken or TurboTax data for 19 months could be really really devastating.

    Reply
  6. I can’t think of any reason that the FBI would need anything but the hard drive(s) for forensic analysis. The keyboard, monitor, etc. are superfluous. I would take names and demand an explanation. I wonder if one can take the FBI to small claims court.

    Reply
  7. Isn’t that what user controls are for. But then again, if you don’t foresee a problem, you won’t do anything to prevent it.

    Reply
  8. Personally, I think the writer was the one downloading the kiddie porn and is trying to wiggle out by playing dumb. I simply can’t believe anybody would just let a herd of teenagers stampede into his or her place of business and use the computer. I don’t even let my son’s friends use our computer let alone a bunch of kids I don’t know. It’s meshuga.

    A lot of people seem to be falling into your camp, and suspicious of the person asking the question. Obviously I don’t know for certain, but I can say this: there are most definitely a lot of people out there who have about this person’s level of computer sophistication and knowledge – i.e. nearly none. I hear from them all the time. I think it’s at least plausible that this person is exactly as represented.

    Leo
    28-Oct-2009

    Reply
  9. What a ‘sad’ story! This person was only trying to be kind and look what happened.

    I am quite sure that this can happen to a lot of people, since too many computer users haven’t a clue about what they are doing. There are times, when I honestly think computer users should go through a ‘class’ of some sort, to help them learn about security and safety. Listen, you can’t get a Driver’s License in any state without proof that you know how to drive and take a test to show that you understand the rules. In my humble opinion, computers users should be able to demonstrate basic skills, as well.

    This person really should pay the lawyer’s fee. I know that it is high, but, they may never be able to have a computer, again. Bottom line, it was their computer that child porn was found on it. As far as the Feds are concern, they don’t have to believe the owner, too many people that love child porn, are prone to lying themselves. I am NOT saying that this person is a child porn lover, just that the Feds are highly suspicious of anyone who has child porn on their computers.

    I only allow my family on my computers. I know what they know and watch my grandkids, very carefully. They have been taught about security and safety. Yes, even I have been taken to adult websites, when I have put in a wrong address, but, that can be easily taken care of with programs like CCleaner, WindowWasher and the like. I also, STRESS the importance of NEVER clicking on Pop-Ups warnings and etc.!!!

    Reply
  10. A couple of key phrases cause me to doubt the veracity of his involvement, although the incident itself is very credible. He has apparently not been charged but, as evidence, the computer and peripherals can be kept for years if the investigation and/or trial takes that long. There is the gist of your cautionary tale.

    Also, people like the phrase that “possession is 9/10’s of the law” for claiming ownership. Really, it’s meaningless for ownership, but VERY true for culpability in violation of the law. Possession of CONTROL is the issue. A business owner, even a neophyte, would be expected to use enough sense not to loan out a company car, access to the cash register, or backroom inventory, or even the telephone for concern about unauthorized long-distance calls.

    The only family member that I allow unfettered access to my computer is my wife. Even my kids are restricted from it. I will either buy them their own computer or require them to buy their own. Sure, by my home network system, I’m not immune but it sure is easier to track which computer on the network is involved in questionable activity. Your story does serve to illustrate that it still can be very expensive and inconvenient to be innocent. It’s a lot easier to avoid trouble than trying to fight it.

    Reply
  11. I apologise in advance to the OP if what I’m suggesting is without any basis, but the whole story sounds a little disingenuous to me. It’s precisely the sort of story a child pornographer who’s been nailed by the FBI would spin, in a belated attempt to establish his “innocence”.

    Is any business owner REALLY going to let a bunch of people, most of whom he allegedly doesn’t know by name, use his company’s computers without any sort of checks or security measures in place? To play games? I don’t think so!

    Sorry; but this sounds all too much like a guilty party endeavouring to establish some sort of pre-emptive defense.

    Reply
  12. With external eSATA/USB 1TB Hard drives only $75 why not do a clean install every year on a new drive and copy over only that data you really need to keep.

    Do a full low level format and wipe on the old drive – or throw it away and keep yourself out of trouble. Most people don’t need all the baggage they store on their Hard Disks.

    Reply
  13. I think that a person who has no idea what is on his computer, especially kiddie porn, is just plain naive, or is really the one culpable. This is what guest accounts are for. Make a guest account, sandbox it, and delete it and everything in it after anyone uses the computer.

    Now, any federal, state or local investigator should have a warrant for something like this. Plus, they should require signature on an inventory sheet before removing any property. If they don’t, the person can say “oh, that’s not mine”, and no signature, their proving ownership will be harder.

    Plus, it never hurts to require the law to jump through hoops. We are too prone to give in to LEO’s because of intimidation. They need to be reminded who they work for; too many of them think they work for the cop shop and not for the people.

    Clarification: “LEO” in that context is “Law Enforcement Officer” – not your’s truly Smile

    Leo
    28-Oct-2009

    Reply
  14. As the Govt gets more intrusive and massive data accumulation for years on the general population these scenarios will become more common.

    I wonder what happened to that Sweedish service that was going to set up anonymous surfing called IPREDator. It was a network service that makes people online anonymous using a VPN and they would NOT store ANY no traffic or connection data making tracing or turning over records impossible. They were going to charge about $7/month for the service. Maybe a local operation could offer that service.

    Ever wonder why your cell provider needs to keep the list of who you called and when if you have an unlimited account? I’m certainly not interested in maintaining it. Time to emasculate Big Brother.

    Reply
  15. for legitimate use, see the “windows steady state” program. It allows creation of user boxes, and at a reboot of the system, those user boxes are reverted back to “just before prior reboot” status.
    this is different than, and better than, system restore.
    nick

    Reply
  16. Two ways of looking at this. Either he is actually the perpetrator and making excuses or he has been incredibly naive and needs taking under someone’s wing!

    Reply
  17. Sure the chump sounds naive, but not everyone is a “digitally” inclined. If the “average” user can turn the computer on and type on it that is “technical” enough for them.

    Sure the don’t “need” the monitor, but they MIGHT, so the search warrant is phrased so they can grab anything remotely computer related, just in case they might need it. And to p-off the “guilty-until-proven-guilty” perp.

    Recall the case this spring of the Boston College computer student who had all of his gear seized, right before final exams.

    Allegedly he was a “hacker” because he was seen using a black screen with green letters” (or some such). Here are links to pdf’s of the search warrant request, and warrent.

    http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-A.pdf
    http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-B.pdf
    (all case links are here: http://www.eff.org/cases/re-matter-search-warrant-boston-college)

    Note the wording “all objects capable of storing digital data … including digital cameras, modems, routers, … firewalls …printers, operating systems … app program disks, software, hardware … passwords … all manuals, books, brochures …”. Short form, anything computer related including the “digital” kitchen sink and the bolts used to hold it down.

    In this case he got his stuff back in just over a month, because the cops totally blew the case by not doing their homework. But it was too late for exams, and he was the totally the exception.

    The only possible way around the search warrant is (encrypted) off-site storage of backups. But, the cops can’t know about it, otherwise they’ll get a warrant for it too.

    Reply
  18. Like others, I don’t believe this story, but what I don’t believe is that a real FBI agent, espeicallyone investigating a computer crime, would be so ignorant of computer operations as to take the monitor and speakers. They simply can not provide evidence.

    Reply
  19. why the h..l would any person take teenagers into the back of his building to allow them use his computer , he did say he was near a school and he was leaving himself wide open for all sorts of trouble , be it a sexual nature as in underage kids or teen porn on the internet. its like a saying we have here a burglar is only as good as his last job , when he is caught he is caught.
    and then as another replier said FBI have badges, warrants and do sign off on equipment taken , If you give a computer to minors you are liable and should take responsibly for your actions, the best way to protect your self is allow no access to any 1or get a good IT company to set up a server that will auto renew the guest account and wipe it clean each time the computer starts up…

    Reply
  20. A] It could be as easy as Installing a set of Parental controls on your system … under these Controls might be a password to not allow ANYONE access to illegal areas such as Child pornography or illegal drugs and other things… when you lock the computer at night you have cut off the criminal user’s access to their area of crime because your password has not been given out…

    B] you might enlist the help of a system administrator whom you know and trust to set this up for you.

    In Windows XP and beyond there is a security level for sysadmin’s to sign in … he alone would have access to check for those illegal files and destroy them.

    C] One could also do an FDISK to wipe out the hard drive Low-level format .. peridically [if you have the time a double run of FDISK and a double run of Format [Drive-Letter]: /s – This would eliminate All the files for sure

    D] If you are really finicky go out and buy a new Terabyte hard Drive and perform the FDISK- Format the old drive and take a hammer to the old drive or burn it.. you must do a fdisk on the old drive too and use a security encryption program to mark ALL sectors with X and o’s completely through the hard drive…. Forget about the FBI they are not the problem … the real problem is the loss of your data files or someone allowing a virus to be downloaded with the porno files. I won’t guess how many computers are infected with a dormant time released virus – that will attack your system this weekend …

    If you have sensitive data you may consider a backup that can be stored away from the computer in a LOCKED closet in your house … and again you can get a lock with a combination lock …

    Reply
  21. However stupid and unbelievable the story: DO NOT, EVER, LET PEOPLE USE YOU COMPUTER WITHOUT PROTECTION!
    Be close or at least set up a password to protect against changes, installations etc..
    Do no let kids (even your own) use the computer without tracking what they do. Be especially careful with “ISP-technicians” or “helpers”, mostly young computer freaks, who will offer to “improve” your set-up or adjust it to your ISP. Watch what they are doing! If you do not understand what they are doing, ask until you do!
    After all: It is you who is responsible for the computer. If you lend a kid your car and it crashes you are also responsible!

    Reply
  22. I know this is a forum for Windows user. However, as a former Windows user I would like to comment.
    Shortly: In my present OS (Linux) it is quite easy to separate users and their files. Every user that do not have adminstrative user rights is prevented from saving files anywhere else but in the users own file area. In windows, you can pretty much save a file almost anywhere you want on the hard drive, except under Documents and Settings user directories. But that requires that one explicitly protect these directories. In Linux they are protected by default.

    Reply
  23. I really don’t know if I believe this man or not, it’s not for me to judge. How many people actually fully believe this story? Yes, some kids play around, but as the owner of the PC involved, he is at least a little guilty, if nothing else, for criminally stupidity. I have one laptop that I allow company (that are trustworthy) to use on a GUEST account. After they leave, I use CCleaner to destroy the data (using the Guttman standard). Then I use Recuva to attempt to retrieve the files, then if I find any thing, it allows me to use the Guttman method to overwrite it. The Guttman method overwrites the data 35 times (the German standard). I even use CCleaner on a nightly basis to delete my own temp files, instead of the Windows temp file deleter. But back to the point. I hope this man didn’t do wrong, but something tells me this man isn’t 100% innocent. I just cant believe that anyone with any since at all would allow unlimited access to their PC (and a businessman at that!). His finances and everything is on this PC. I don’t know about anyone else, but I wasn’t born yesterday, and I don’t believe any of Leo’s readers are, either.

    Reply
  24. Why would you pay an attorney $5,000. to regain a $1,700. computer? Don’t waste your money. You’ll get it back eventually, but it may have the value of a doorstop by the time they get around to it.

    I don’t see it as $5,000 for a computer – I see it at $5,000 to protect himself from false accusations and other potential legal entanglements and damage.

    Leo
    31-Oct-2009

    Reply
  25. I agree we must take all with a grain of salt, but I know people who pay no attention to what their kids, or their friends do on their computers. Not only do they not monitor what is being done on the computer, they don’t even know how to turn it on and off. I know one woman who lost her computer when the Feds came and got it and her daughter’s boyfriend, the kids thought they could print out money, and it was not even a good copy. If you think your teen is not looking at pornography, sending nude photos or downloading illegal music, you better be checking those fancy phones, and their computers, you just might be in for an unpleasant surprise.

    Reply
  26. “Gee, officer … that’s not MY porn … I’ve never seen that porn before, and I have no idea how it got there!!” Sounds crazy, but it happens.

    I’m pretty open about letting others use my computer. I maintain multiple backups, and I am pretty quick at performing a complete reformat/rebuild, so I am more than capable of recovering from any malware or other damage that might be inflicted by someone else.

    One day, while performing a routine check after my nine year old son and his friend had been playing games on my computer, I was surprised to find several porn sites in my IE history. I wouldn’t have been particularly upset if the boys had been looking at simple nude pictures, but these were very graphic sites. I easily cleaned up my computer, then had a calm discussion with my son. I learned that the two boys had apparently been doing the same thing at the neighbor’s house … for months. The neighbors were not sophisticated computer users (since this incident, that has changed), and they had no idea what the boys had been doing.

    I checked out the neighbor’s computer, and found a shocking IE history, lots of inappropriate downloads, and malware (although I can’t be sure that the malware was a result of the boys’ activities). The conversation with the neighbors was difficult, ant things between us were very tense for a while, partly because each family wanted to believe the other family’s child was the instigator, but we’ll never really know.

    I think both sets of parents were a bit suspicious of the other … not just suspicious that “the other boy” was the instigator, but also suspicious of the possibility that the other parents were somehow personally involved. So, as I was personally doing the cleanup of the neighbor’s machine, I searched for any indication that someone other than the kids was browsing or downloading porn. But, based on web history and file properties, I am pretty confident it was just the kids.

    I believed the neighbors, and they believed me, probably because we each believed our own child. Fortunately, neither of us had to deal with the authorities. I’m actually glad that the kids chose to look at pictures (and videos) instead of “playing doctor” [shudder]. But it could have been really bad for either or both of us.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.