Forgot your password?
typodupeerror
Government Privacy Security United States News Your Rights Online

Follow-up On Texas PI Law For PC Techs 233

Posted by samzenpus
from the are-you-licensed-to-look dept.
boyko.at.netqos writes "Network Performance Daily has put out an in-depth series on the Texas law that requires private investigator licenses for computer repair techs, network analysts, and other IT professionals. It includes an interview with the author of the law, Texas Rep. Joe Driver, the captain of the Texas Private Security Bureau, RenEarl Bowie, and Matt Miller at the Institute for Justice, which is suing the state over the law. Finally, there's a series summary and editorial."
This discussion has been archived. No new comments can be posted.

Follow-up On Texas PI Law For PC Techs

Comments Filter:
  • by Anonymous Coward on Wednesday July 09, 2008 @06:17PM (#24126801)

    They haven't made it 3 again?

  • Tax Dollars At Work (Score:3, Interesting)

    by thrashee (1066650) on Wednesday July 09, 2008 @06:22PM (#24126857)
    We can't afford universal health care because imagine the tax dollars that would be spent; but we can pay for this kind of arbitration? And how exactly is having a PI license going to better the situation at hand, which is obviously that tech people can unethically snoop through customers' files? Does having a license magically make this ok? Does it somehow imply an agreement by the customer that their files are open for review, while without a license, this agreement does not exist?
    • by nurb432 (527695) on Wednesday July 09, 2008 @06:30PM (#24126967) Homepage Journal

      Its not about making things better, its about government control of yet another industry and increased taxes.

      • by elemnt14 (1319289) on Wednesday July 09, 2008 @06:36PM (#24127065)
        So say for instance that a person who acquires this PI license, while working on a computer that has been given to him to fix because it crashed or similar, finds "illegal" material. Does this new license grant him the ability to report the material, even though that was not his first intent? Does it fall under "unreasonable search and seizure" without a warrant?
        • by dahitokiri (1113461) on Wednesday July 09, 2008 @06:42PM (#24127135)
          If it does, I'm sure he'll be given retroactive legal immunity for it.
        • Re: (Score:3, Insightful)

          In Canada, you can make illegal recordings of illegal acts (eg. crack deal in a bathroom stall), and the recordings automatically become 'legal' for the purposes of admissibility as evidence.
          • by Baricom (763970) on Wednesday July 09, 2008 @11:58PM (#24129759)

            Speaking as an American who generally hates the way things are and likes the way Canadians do things, I can't say that I like this. Wouldn't that be a great justification for an illegal blanket wiretapping program, if it eventually led to the prevention of a terrorist attack?

        • by rabbit994 (686936)

          No and normal tech could do that anyways. My current job has found kiddie porn on computers and they reported it to local cops which took their statements, went down to magistrate, swore out a warrant and seized the computer. It's no different then you reporting a drug dealers who live your house.

        • by budgenator (254554) on Thursday July 10, 2008 @06:38AM (#24131781) Journal

          I've read the "offending" section and it's clear to me that the law is aimed at requiring computer forensics investigators to have a Private Investigator's license.

          * (b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public. ...
          Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators⦠[Text of law posted above.]

          In fact this law seems to be a stake in the heart of the RIAA toady Media-Sentry or WTF they call themselves today.

        • Does it fall under "unreasonable search and seizure" without a warrant?

          Judicial rulings for search & seizure have long held that they only apply to the government & people acting as agents for the government. If you find child porn & turn it in, then it's admissible evidence, and there are no repercussions. If the police come to you & ask you to check for it when Mr. Perv brings his PC in, then you're an agent of the govt & it gets tossed.

          The likelihood of someone successfully suing you

    • by Penguinisto (415985) on Wednesday July 09, 2008 @06:39PM (#24127099) Journal

      It doesn't, but the logic is supposed to go along the lines that (just example) if Joe GeekSquad does something dumb with your data, there's bigger repercussions at stake (e.g. Joe GeekSquad loses his bond, faces losing his license and thus his livelihood, etc etc).

      Of course, it'll become a complete and utter state-sanctioned racket, just like realtor licensing and Bar (legal) licensing... you have to take certain classes, you have to pass certain tests, etc etc... all of which feeds a little cottage industry designed to teach and help certify (and here we all thought the Boot Camp was dead...)

      I'm just curious as to how the frig they're ever going to enforce against those among us who build/support machines owned by family and friends.

      /P

    • by fm6 (162816) on Wednesday July 09, 2008 @06:39PM (#24127105) Homepage Journal

      Read. The. Fucking. Article. A computer tech only has to be a PI if they are searching a computer for evidence of a crime.

      • by easyTree (1042254) on Wednesday July 09, 2008 @06:45PM (#24127159)

        Read. The. Fucking. Article.

        Never!

      • by Todd Knarr (15451) on Wednesday July 09, 2008 @06:53PM (#24127255) Homepage

        I did RTFA. And yes, the law was intended to work that way. Unfortunately, that's not what the law says. And since almost any work on a computer involves investigating data on that computer not accessible to the public (the user's firewall settings, for example, aren't available to the public), any such work falls under the "investigation" part and requires a PI license.

        And the law will be enforced based on what it says, not on what anyone thinks it should have said instead.

        • by Obfuscant (592200) on Wednesday July 09, 2008 @07:55PM (#24127837)
          I did RTFA. And yes, the law was intended to work that way. Unfortunately, that's not what the law says.

          Yes, that IS what the law says. It is reasonably clear. If you are in the BUSINESS of investigating criminal acts, you need a PI license. Computer techs, unless working for a company that is in the BUSINESS of such investigation, are NOT in the business of investigating criminal acts.

          That's what the author of the law said. That's what the licensing bureau chief said.

          And since almost any work on a computer involves investigating data on that computer not accessible to the public (the user's firewall settings, for example, aren't available to the public), any such work falls under the "investigation" part and requires a PI license.

          The section of the law that refers to "computer data not available to the public" applied only to the section of the law that defines who needs a license. It does NOT, by itself, create a new class of people who need a license. Looking at data "not available to the public" does not automatically mean you need a PI license. If you are not IN THE BUSINESS OF investigating the listed criminal or civil acts under the first section, it does not matter if what you are looking at is data "not available to the public".

          The guy who enforces this law went as far as to say that a network tech who looks for a slowdown in performance and finds a virus or "theft of intellectual property" is NOT subject to this law, even though the virus may be the result of a criminal act, or the IP theft result in civil litigation.

          The guy who wrote the law says computer techs are not required to have a PI license. The guy who enforces the law says they are not required to have a PI license. The LAW lists who is required to have a PI license, and "computer repair tech" is NOT in that list.

          This is a publicity stunt to get money for this new institute, trying to scare people into giving them money to defend against something that a simple reading of the law -- the WHOLE law and not just one sentence -- would tell them doesn't apply to them.

          And the law will be enforced based on what it says, not on what anyone thinks it should have said instead.

          The person who is responsible for enforcing the law has said how it will be enforced, and people who repair computers are NOT on the list.

          Stop spreading FUD. There are more important things to spend time on. There is no story here.

          • by muridae (966931) on Wednesday July 09, 2008 @10:54PM (#24129233)

            And the simple fact that we are expected to take their word for 'how the law will be enforced' is a problem all by it self.

            What, really, stops them from saying that it won't affect Joe Geeksquad, and then realising that there is money to be made by licensing every computer geek? I agree, that 'investigator' has a legal meaning that is not what the populus expects, and that this law probably won't be targeting repair geeks. However, if the law is only understandable to those creating it, what makes sure that the people enforcing it also understand it?

          • Re: (Score:3, Interesting)

            by Burz (138833)

            That law can easily be used to misconstrue an technician's intentions when repairing a machine.

            Depending on how the prosecution/plaintiff wants to characterize the suspect technician(s) in each case, they can effectively make techs responsible for any data on any machine they serviced... whether or not they laid eyes on the data.

            Why?

            Because techs can't go through life censoring their actions/words such that they have nothing to do with any of the data on any of the systems they repaired. And computer forens

          • Computer techs, unless working for a company that is in the BUSINESS of such investigation, are NOT in the business of investigating criminal acts.

            That's what the author of the law said. That's what the licensing bureau chief said.

            Actually if you read the interview with the author of the law that's not what he said. The interviewer asks about forensics saying networks admins and repairmen do this all the tyme and the author answers "Truthfully, you may be just a little bit out of my realm of comprehension

          • The law says even less than that, as far as I can tell the *only* time a IT person needs a PI license is when the activity is being done with the intent to present evidence before a court of law, or it involves tracking of a location. It creates an issue in that you would not be allowed to install Lowjack without a PI license, which will probably be overlooked, but other than that, unless you make a habit of going to court, the law won't affect you.

            I actually am going to be quite critical of the law though

        • by n dot l (1099033)

          And the law will be enforced based on what it says, not on what anyone thinks it should have said instead.

          Which is ironic, given the way the Constitution is treated...

        • The U.S government executive branch would disagree, they like reinterpreting laws to fit their goals.

      • Re: (Score:3, Insightful)

        by Penguinisto (415985)

        Err, TFA only consists of interviews. If I were a Texan and repaired computers, I don't think I'd want to stake my business on what the legislator said in a news interview, as opposed to the actual letter of the law, [state.tx.us] which quite frankly is very poorly written.

      • The article says every interaction an IT person has with a computer involves some sort of "analysis and investigation" into "computer-based non-public data," i.e. examination of the state of your computer to see if it contains a virus infestation (the viruses YOU HAVE are computer-based, and not public; not to mention I'm looking at the programs you have installed because they're in my face).

      • If I'm supporting someone's website, and they call me and say their ISP says they're running a phishing website, and I look and find that someone's found a hole in an old CGI script and off in an obscure subdirectory there's a page that looks like the Bank of America's home page and it's set up to forward people's account information to a drop box, then it sounds like I pretty much need a PI license to do my job because that's evidence of a crime right there.

        • by geekoid (135745)

          yes, but your not specifically looking for a crime.

          • Re: (Score:3, Interesting)

            by argent (18001)

            I guess you don't know what the term "phishing" refers to, because what I described finding is exactly what I described looking for: a phishing web page.

            According to this bill, if you believe that your website or a website you support has been compromised, you are not legally allowed to investigate that compromise because the compromise itself is a crime, and even looking to see how it happened so you can prevent it from happening again requires a PI license under the bill.

      • by geekoid (135745)

        Read. The. Fucking. Article.

        Ha! nice try to foist facts onto us.

      • âoeComputer repair or support services should be aware that if they offer to perform investigative services⦠they must be licensed as investigatorsâ â" Texas Private Security Bureau Opinion Summary.

        Worst case scenario:

        I'm sorry ma'am, I can't fix your computer because that would require that I investigate the actual problem. Without a license, I'm not allowed to figure anything out.

        or

        Completely normal investigative scenario

        I'm sorry ma'am, I can't retrieve your husbands browser history because that falls under the category of investigation, and I'm not licensed to do that.

        or

        Normal repair scenario

        I'm sorry ma'am, your computer has a virus and I'm unable to determine which one it is because I'm not lic

    • We can't afford universal health care because imagine the tax dollars that would be spent; but we can pay for this kind of arbitration? And how exactly is having a PI license going to better the situation at hand, which is obviously that tech people can unethically snoop through customers' files? Does having a license magically make this ok? Does it somehow imply an agreement by the customer that their files are open for review, while without a license, this agreement does not exist?

      Did you bother to read

  • Due to the stereotype that computer people are antisocial and abrasive, calling them "private dicks" would have a dual meaning.

  • They'll change the law because it doesn't enforce the death penalty.

    I kid, I kid, y'all.

  • Consumers who knowingly take computers to an unlicensed company for repair can face the same penalties.

    -From one of the TFA's.

    So, if I lived in Texas (fat chance, but...) and I RMA'd a busted machine purchased off a smaller OEM online (and out-of-state), I can get a big fat fine and a criminal record because the OEM would probably not have a Texas PI license?

    Something is definitely brain-dead in the Texas Legislature.

  • by AK Marc (707885) on Wednesday July 09, 2008 @07:08PM (#24127431)
    It's simple. If you are investigating a network problem and run across a criminal act, then you are not an investigator. If you are suspecting that there is a virus (a criminal act) and are trying to track down who has the virus, you are not an investigator. If you suspect a virus and you are trying to track down the person who created it in order to testify against them in court, then you are an investigator. What is confusing is what we do all the time. We play with words that have specific meanings for us that don't mean the same to all people. "Hacker" vs "cracker" or any of the other examples where the definition and common use don't match up. They mean "investigator" in the sense not of someone who investigates things, but in the sense of investigating suspected criminal activity in order to aid in the prosecution of a person. From the statements of those that made and enforce the law, even sending in your child's computer to have it "investigated" for porn, chat records, browser cache, whatever isn't an investigation. For one, there is no suspected criminal activity. For another, even if found, there is no desire to use that to prosecute them. The person going through the hard drive is not "investigating" the computer, but is instead gathering and passing along data.

    However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations. In fact, it could be taken to be as absurd as viewing the "private" page of someone on Myspace would be an investigation and thus a criminal offense. So, there is nothing controversial about the law as currently clarified by those involved in writing and enforcing it, however, with only the change in the definition of a single word to a more common usage of it, it becomes something that makes a large number of regular activities (not even just repair, but just use) illegal without a PI license.
    • However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations.

      In other words, we won't know how "investigation" will be defined until a prosecuting attorney tries to use this law against someone in court.

    • by DeanFox (729620) * <spam,myname&gmail,com> on Thursday July 10, 2008 @06:34AM (#24131767)

      However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations. In fact, it could be taken to be as absurd as viewing the "private" page of someone on Myspace would be an investigation and thus a criminal offense.

      Therein lies the rub. If it only takes the re-interpretation of a single word to turn this the law into a clusterfusk then it's a bad law IMHO. And, it will happen. Some high profile case involving protecting a child will re-interpret the original meaning of this law and the worst will happen.

      Today the law is relatively harmless. How about 10 years from now? Was the DMCA ever meant to be used the way it is now? Who ever intended drug forfeiture laws to be used to confiscate a persons inheritance because they're traveling home from the funeral with it in cash?

      Most laws are probably well intended. However, it only takes one zealous prosecutor to "interpret" the law to his advantage when he wants to make an example of someone. How about facing a felony computer trespassing / hacking charges because you broke the TOS of a website like MySpace by using a fake name as in the Meier's suicide case?

      It's become that a person can't wake, go about their day and retire for the evening without comiting at least one felony throughout the day. And that's scares me.

      -[d]-

  • Over Reaction (Score:5, Informative)

    by twiddlingbits (707452) on Wednesday July 09, 2008 @07:11PM (#24127461)
    Follow the links and read the law yourself. The context is PC Techs in the Forensics or Private Security business domains, NOT PC Techs in general. The Geek Squad at Best Buy isn't going to have to get PI Licenses nor is Joe Coder but the techs at Joes PI and Divorce Lawyer Shack would if he ever wants to do any work involving electronic media containing private info. For instance if your wife wants to know the details of your Porn collection as part of the divorce her PI or lawyer would need licensed techs. That's not a bad thing. But it's just going to drive legal costs up which will have an effect (small) on other prices. Reading the law I'm not sure if a corporate internal fraud or forensic techs (to find out about your MP3 collection on the work SAN) or those performing consulting services will need licenses or not. Probaby not as one clause in the license allows work to be supervised by a license holder so that may be the loophole. Just make sure your Chief Security Officer has a PI license. I agree the law needs some clarification but that can be left to the discretion of the court as to what the intent was (risky move) or someone can lobby the Texas legislature to update the law. In the meantime I seriously doubt anyone is going to be rushing to apply the law to everyone who MAY do PC work.
    • Follow the links and read the law yourself.

      I understand that the original law was probably to only apply to certain kinds of businesses, but that's not how it's written. Even the guy who wrote the bill [networkper...edaily.com] says it's broader than that.

      The most obvious example is people supporting websites. Compromising a website is breaking the law. Requiring that a private individual maintaining a website be a PI before he can go in and remove a phishing page that some guy has dropped on his site, let alone fix the problem, see

      • by Obfuscant (592200)
        Requiring that a private individual maintaining a website be a PI before he can go in and remove a phishing page that some guy has dropped on his site, let alone fix the problem, seems a bit rough to me... but that's exactly the kind of activity the law covers.

        No, it doesn't. A private individual maintaining a website is not one of the occupations listed in the law as requiring a PI license.

        I've quoted the relevant sections of the law enough times now, so now I'm going to ask that people who think they n

    • You know what, you are right, this really only applies to a small segment of the population that is going to be involved in forensics work.

      For right now, that is exactly correct, and sounds like a good idea.

      The thing about the law and technology is neither stays the same very long, and judges are not famous for getting the facts right with regards to technology issues. The first time evidence seized from a computer is dismissed because a person did not have a PI license (such as one involving someone from

      • Forensic procedures for technology in law enforcement are well established, have nothing to do with those of private investigation, and are better administered at a national level where standards can be imposed across jurisdictions.

        Yeap, over reacting. Can you show me where in the Constitution of the USA it gives the federal government any power to set national standards for this?

        Falcon

        • The federal government only exists for the regulation of interstate trade, per the Constitution. It is a well established legal principle that law enforcement authority is a necessary derivative of that mandate, which would be the basis of an argument to respond to your specific question.

          But the broader point is one of utility and fair governance, that having individual jurisdictions set standards for law enforcement, the collection of evidence, etc. on matters that are impacted by forces outside their doma

          • The federal government only exists for the regulation of interstate trade, per the Constitution.

            And for the defense of the nation as well as to safe guard rights.

            Certainly criminal investigations into activities connected to the Internet can be considered a world wide matter, thus the need for a more universal set of standards pertaining to the proper procedures and licensure for those connected to the process.

            Who's law, Texas's, the US's, or China's should be followed? What's legal in one place may be ill

  • It is about time some state stood up and took the initiative for issuing standards amongst the people responsible for fixing, administering and maintaining computer equipment. This has been a long time coming.

    Texas has traditionally been very progressive in this area. They also require food safety handling licenses for grocery clerks, beverage licenses for neghborhood lemonade stands, contractor licenses for anyone owning a shovel and pilot licenses for amusement park ride operators on rides that elevate be

  • For them thar computer thangs to git working agin.

    Fuck em. That works for me. Let 99% of all computers in Texass be broken until a squarebadge rentacop can fix it.

  • I work for one of the many telecom companies along I-75 in Dallas that develop hardware and software capable of "monitoring a user". If the Texas State Senate and the Governor are dumb enough to sign this bill into law they're going to see all the companies leave for RTP, Phonenix, etc. And despite the fact that everyone thinks Texas is a bunch of hicks... chances are better than not that your data is getting carried over a platform or software designed in Plano or Richardson Texas. /and I've put in a lot
    • I-75 (Score:4, Informative)

      by falconwolf (725481) <falconsoaring_2000.yahoo@com> on Thursday July 10, 2008 @04:18AM (#24131237)

      I work for one of the many telecom companies along I-75 in Dallas

      Sorry but I-75 [i75exitguide.com] runs between Michigan and Florida and comes no where near Texas. I've lived in both states and have traveled the whole thing a number of tymes. What's in Dallas maybe something75 but not I-75 ("I" meaning Interstate and part of the interstate highway system).

      Falcon

  • by Ruthless Evolution (1315101) on Wednesday July 09, 2008 @08:58PM (#24128345)
    Being located in Texas working for an organization as the CSO/CISO with 24+ years experience in the computer industry doing nearly every job including CIO, earned my CISSP/ISSAP/ISSMP in 2000, pro bono work for the Dept of Homeland Security and directing a team of IS, network and infosec professionals, I am concerned about the ramifications of this new law. By one interpretation, my teams would be indemnified while doing their forensics and analysis work if I am licensed as a PI in Texas. Although a burden none of us particularly wants, I began researching what is necessary for the license. From what I have been able to find, I can apply for the license, however it requires a "Company Name and License Number"; basically requiring me to be employed by a licensed investigations company to apply. Additionally, to qualify for a "manager" PI license, I need to maintain supervisory employment with a sponsoring licensed investigations company on a "daily basis" or forfeit my license. So, to act as a manager overseeing the forensic, investigative and analysis activities of my PC techs, network engineers, developers, and certified infosec employees (many of whom are ex-military intelligence), I must hold a Texas manager PI license; however I cannot work for a non-investigative company to maintain that license or even obtain an individual PI license. A legal Mobius loop created by a clueless "insurance salesman" that repeatedly states that the issues this creates are beyond his comprehension running the Texas State committee on law enforcement as a state representative. Very frustrating.
  • [Scene] Murky smoke filled office circa 1920 strewn with half repaired computers [Voice narrative] PI_Geek "It was a just another day when she walked into my office with a broken Apple macbook. Her legs were something one would expect on a poster and she had a face that men would die for but a job was a job" [Narrative end] PI_Geek "hello doll face, how can I help you" [blows cigarette smoke in the direction of the new client]
  • P.I.'s use TOOLS to do computer investigations.

    IT workers use SKILLS to do computer investigations.

    I would say that disqualifies P.I.'s as experts.

    I am certainly skilled enough to investigate computers successfully.

    What's at stake here is an IT guy's ability to legally troubleshoot.

  • Ok, here's a scenario that flips it around. If a company's non-licensed PI IT department or outsourced IT investigated an employee's computer for criminal activity and found such then either the person was let go or charged with a crime. Could that person who was the subject contest the investigation in a court with the argument that the people in the IT department weren't licensed private investigators?
  • ...but we gotta keep tryin to keep the masses paranoid don't we? Go slashdot!

    http://www.networkperformancedaily.com/2008/07/texas_law_requires_pi_licenses_1.html [networkper...edaily.com]

Innovation is hard to schedule. -- Dan Fylstra

Working...