According to a story in the New York Post, a repair store in Delaware snooped through the contents of an abandoned MacBook Pro and allegedly unearthed video, photos, and emails belonging to Joe Biden's son Hunter Biden. The New York Post pitches it as a "smoking gun" for a narrative promoted by Donald Trump about Hunter Biden's dealings with a Ukrainian energy company, but a closer look at the story, and at the etiquette of the vast majority of repair stores, reveals a lot of red flags. On Wednesday afternoon, Twitter stopped users from sharing the article because, Twitter claimed, it contained hacked material.
“The computer was dropped off at a repair shop in Biden’s home state of Delaware in April 2019, according to the store’s owner,” the New York Post said. “The customer who brought in the water-damaged MacBook Pro for repair never paid for the service or retrieved it or a hard drive on which its contents were stored, according to the shop owner, who said he tried repeatedly to contact the client.”
"The shop owner couldn’t positively identify the customer as Hunter Biden, but said the laptop bore a sticker from the Beau Biden Foundation, named after Hunter’s late brother and former Delaware attorney general," the article notes.
Computer repair experts say this story doesn’t make a lot of sense, and that it is incredibly hard to believe that a repair shop owner couldn't identify exactly who dropped off the computer.
“Lots of holes in the chain of events that don't make sense from the perspective of a repair shop,” Gay Gordon-Byrne, the executive director of the Repair Association, told Motherboard in an email. “In the real world, repair shops need to know the name of the customer in order to get paid. The equipment doesn't just get dropped off in the night like a foundling on the steps of the nunnery.”
Taking the narrative in the NY Post at face value, the Delaware repair shop behaved horribly by not protecting its customer's data. It is a nightmare for the perception of independent repair shops, who are supposed to fix their customers' computers, or perhaps recover data for a customer, not snoop on their hard drives. To be clear, this sort of behavior is rejected by every serious repair shop in the industry.
According to The New York Post, the Delaware repair store contacted the FBI and made a copy of the hard drive which he turned over to Rudy Giuliani’s lawyer. Independent repair stores live and die by their reputation. Copying a laptop or snooping through a customer’s data could lead to the destruction of that reputation and the end of the business. It’s not only unethical, it’s bad business.
The New York Post story included photographs of the subpoena the FBI used to obtain the MacBook Pro. Those photographs contained metadata which revealed the longitude and latitude where the photo was taken and pointed to an independent repair store in Delaware. The store did not respond to our request for comment, and Motherboard was unable to independently verify that this is actually the store where the laptop was dropped off at, so we are not naming the store.
Customers should always take precautions when taking in a laptop, phone, or other personal electronics device in for repair. Dealing with an authorized repair shop is no guarantee of privacy. Best Buy’s Geek Squad works closely with the FBI, for example.
One expert Motherboard spoke with said that accessing the MacBook’s hard drive would have been difficult because of Apple’s basic security features.
Matt Zieminski, the director of Partnerships at RepairQ—a company that provides software services to repair stores—also expressed concerns about the ethical breach.“If this did occur it would be a serious breach of customer privacy and not something that most repair shops, most reputable repair shops anyways, would even consider doing,” he told Motherboard in an email. “I know many in the industry who have fired employees for much less when it comes to customer data and privacy.”
This was a sentiment echoed by every repair expert Motherboard spoke with. “Repair professionals are entrusted with their client’s personal data. It is harmful to the industry, and short-sighted for this repair shop, to share information from a client’s computer in any situation, even non-payment,” Kyle Wiens, the CEO of iFixit, told Motherboard in an email. “People should not fear their information will be held hostage in a payment dispute."
“The repair shop behaved horribly,” Gordon-Byrne said. “They should never have peeked at the data (most shop managers would fire anyone that did this on the spot), and definitely should never have copied the hard drive. These are ethical violations.”
Update: This story has been updated to note that Twitter has stopped users from sharing the New York Post article.