"Commercial Repair Shops Caught Snooping on Customer Data by Canny Canadian Research Crew"
Computer scientists at the University of Guelph in Canada discovered that electronics repair services lack effective privacy protocols. In addition, the researchers found that technicians often snoop on customers' data. The team describes how they tested the privacy policies and practices of electronics repair shops in a four-part research study titled "No Privacy in the Electronics Repair Industry." The study included a field survey of 18 North American repair service providers, including three national, three regional, and five local providers, as well as two national smartphone repair service providers and five device manufacturers. Representatives from these companies were questioned about whether they have privacy policies and how they treat customer data. Then, repair personnel were instructed to replace the batteries in Asus UX330U laptops running Microsoft Windows 10, a fix that should not require the use of login credentials or operating system access. However, all but one of the firms requested login information. According to the paper, none of the service providers posted any notice informing customers about their privacy policies. Similarly, no researcher was informed about a privacy policy, their rights as a customer, or how to protect their data until the devices were handed over. Only three national and three regional service providers offered a terms and conditions document to be signed when the laptops were provided. These agreements disclaimed liability for any data loss. After evaluating the privacy policies of these repair shops, the researchers put the technicians' actual privacy practices to the test by providing them with rigged Windows laptops loaded with dummy data that secretly recorded how the repair staff used the devices. The findings were not encouraging, as six of the sixteen technicians snooped on customers' data. Technicians copied customer data to external devices in two of the sixteen tests. One of the six snoopers tried to avoid generating evidence, while the three took steps to conceal their activities. The device logs show that the offending technicians attempted to hide their tracks by deleting items from Microsoft Windows' "Quick Access" or "Recently Accessed Files" folders. This article continues to discuss findings from the study on electronics repair services' privacy policies and practices.