PI License May Soon Be Required for Computer Forensics

buzzardsbay writes "The good folks over at Baseline Magazine have an intriguing — and worrisome — report on a movement to limit computer forensics work to those who have a Private Investigator license or those who work for licensed PI agencies. According to the story, pending legislation would limit the specialized task of probing deep into computer hard drives, network and server logs for telltale signs of hacking and data theft to the same people who advertise in the Yellow Pages for surveillance on cheating spouses, workers' compensation fraud and missing persons. Those caught practicing computer forensics without a license could face criminal prosecution."

License required for PI

Am I breaking the law for this? 3.14159268

Re:License required for PI

That's only blasphemy which is allowed under current US law.

Re:License required for PI

Yes, because you have the wrong value. 3.14159268 should be 3.14159265 From memory: 3.1415926535897932385

Re:License required for PI

I noticed you rounded the last digit up. ;-) ...but you'd have to know the next digit to do that intentionally.

Re:License required for PI

Am I breaking the law for this? 3.14159268

No, because that's only a crude approximation. Now, if you really want to break the law, try this for a change: i×ln(-1-i0)

Re:License required for PI

[solitas]

I just use 355/113 and I'm good to .000008490916214% (1/11,777,292.05)

Re:License required for PI

No, because you got pi wrong.
See http://3.141592653589793238462643383279502884197169399375105820974944592.com/

Posting as AC for obvious reasons

Re:License required for PI

Yes you are. PI=3.14159265...

Re:License required for PI

[Rakarra]

You might be. I predict that very soon you will see shirts printed with that number as a protest for criminalizing it. Some forward-thinking entrepreneurs may already have these out...

3.141.....

[celardore]

I thought this article was about the irrational number at first.

Re:3.141.....

[skeftomai]

I was wondering whether you'd think that...

Re:3.141.....

Close! Actually, an irrational policy.

Re:3.141.....

[Bill,+Shooter+of+Bul]

So did I. Now I just pissed its not a story about Pi. I just don't care about what ever it is that this is about. But I haven't composed a program for Pi in Erlang yet. Distributed computation of PI. Now, if anyone knows who build Erlang or has seen the movie named for the digits, you'll know what the two possible conclusions to this is. Either way, it will be news I'd want to read about it.

Re:3.141.....

[NASA+NERD]

You mean it isnt! I thought that it meant you needed a license to investigate PI!

Re:3.141.....

[xactuary]

Oh it's irrational alright.

Re:3.141.....

[Ciggy]

If you think long (and hard?) enough about it, you'll be into Transcendental Meditation.

Re:3.141.....

[lpq]

"I thought this article was about the irrational number at first."

It's related: It's about irrational legislation...

Worrisome?

[Shadow+Wrought]

I would think that requiring an Investigative license for doing invetigative work would be a good thing.

Re:Worrisome?

[eht]

Depends on how vague it ends up being. Easy to imagine that your home machine gets hacked and then you "investigate" your own machine and give the info over to the FBI or Police, hey look you did forensic work without a license, go directly to jail do *not* pass go.

Re:Worrisome?

[plopez]

I agree. Maybe it will get rid of some of the charlatans.

Re:Worrisome?

[Jah-Wren+Ryel]

I agree. Maybe it will get rid of some of the charlatans. The same way driver's licenses keep bad drivers off the road.

Re:Worrisome?

[MBCook]

That was my thought. Given the "experts" that groups like the RIAA use, having a license on someone that could be pulled to prevent them from continuing to work in that field seems like a good thing.

Maybe it should be a separate license. Maybe it should be a special add on class (PI + C for Private Investigator + Computer Specialty). But it's good it's SOMETHING. Someone who doesn't know what they are doing can not only cause big problems (enrage a spouse leading to anything from unnecessary worry to violence), but they could easily destroy evidence for someone who does know what they are doing making it useless in court.

Re:Worrisome?

[Stripe7]

Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files for login information, or tracing back history files to see what led to critical system files being corrupted. If these simple daily administrative tasks are classified as forensic it would make it illegal for a system administrator to do his job. With congress's track record of overly broad definitions and over generalizations, odds are good that this legislation will make a PI license a requirement for all system administrators. Hmm, does this mean I get to carry a gun too?

Re:Worrisome?

[Phanatic1a]

Why? Is there a professional body that oversees stands of ethics and practices for PIs? I think you could make a better case for requiring licensing of software programmers than for PIs.

Re:Worrisome?

[brechindo]

First problem - what part of "liberty and the pursuit of happiness" dont you understand? Seems Bush was right - it really is just a goddamn piece of paper anymore. And so another un-Constitutional Taking of basic human liberty begins. Second problem - anyone charged with a crime is supposed to be tried on the evidence - not the (highly subjective) credibility of the person gathering the evidence. Third - you trust the govt to guarantee the credibility of.. well, ANYTHING? Fourth - if courts want to PREFER evidence from credible sources, that's one thing. But to pre-judging exclude any evidence - and punish the gatherer! - that isnt gathered by a licensed gatherer? If there's evidence that proves my innocence, I dont care if Bozo the Clown gathered it. Fifth - hello, conflict of interest in any matter where the govt is a party to the case (criminal, many civil). Would you want your opponent having serious professional influence over WHO can provide evidence on your behalf? Sixth - great, now all the "licensed digital forensics professionals" can jack up their rates because of an artificial lack of competition, and in 10 years we'll all be paying annual premiums on "investigative insurance" because none of us can afford the cost of a "professional" from the govt's latest elite club listing. Just because you dont want to think for yourself, doesnt give you the right to force others to submit to your "regulatory" nonsense to protect you from your own damn mistakes. Americans, I swear.

Re:Worrisome?

Dude, if all sys admins had a gun, the 'net would be a better place. Far less crowded too!

Re:Worrisome?

[torkus]

Sorry, but I don't see how another inane 'licensing' will do more good than bad. Just because someone is licensed does not mean they're honest. Heck, all care repair shops in NY have to be licensed. Do you REALLY thing that keeps them honest?

A license if just a scrap of paper that means you paid someone for it. Perhaps you passed a test too. That means about as much as that 10th grade biology final that you crammed for the night before and then erased from your brain after the next morning. I'm much more interested in holding people ACCOUNTABLE for their actions than having the government "protect" me.

Re:Worrisome?

Would you like some dressing for that word salad?

Re:Worrisome?

[blueg3]

Typically investigation is defined as for hire and examining other peoples' data, not your own. So investigating your own logs, and even a company having permanent staff to investigate their own logs could constitute "security", but hiring someone from another firm to examine your logs after the fact could be "investigation".

Re:Worrisome?

[Joe+The+Dragon]

I this is for 3rd party work not stuff done by people who work for the same people who own the systems that are being worked on. If you need one a up side a PHB who clueless about computers may not pass the test.

any ways some like that may get in the way of the Geek squad and others like them that do the same kind of work doing there job and I don't see best buy and others going for PI Licenses.

Ontrack Data Recovery , drive savers, and other do have Facilities that meet even U.S. Department of Defense specifications and they do work for law enforcement agencies.

Re:Worrisome?

[AuMatar]

There probably wouldn't be any users either.

Re:Worrisome?

[Clay+Pigeon+-TPF-VS-]

It's NY. NO ONE is honest there. Just look at all the corporate headquarters there...

Re:Worrisome?

[lcoughey]

Being one who has a data recovery company that provides digital forensic services, it is quite frustrating to say the least. To expect a digital forensics expert to have a PI license is as absurd as expecting a PI to have a computer science degree.

We have been trying to figure out how we can become Private Investigators, but we cannot get answers. Instead, we keep getting passed around the government's phone systems. Some say we have to write an exam that doesn't exist, others say that we should be grandfathered in and others simply shrug their shoulders.

From what I can tell, this is just another case of where someone has decided that they want all the market to themselves and think they have found a way to make it happen.

Re:Worrisome?

[Feyr]

so you're saying we'd be free them too?

how much does a PI license costs again?

Re:Worrisome?

[value_added]

Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files...

To the extent administration is Daily Shit Everyone Does(TM), the above should be reworded with s/system administrator/anyone/, and should include Windows users who click past the "Show Files" warning when viewing the contents of the Program Files directory.

The issue (and the legislation being discussed) isn't the above, however. While the writer of the fine article does make use of unwarranted and exaggerated language like probing deep, the following section is most relevant:

Under pending legislation in South Carolina, digital forensic evidence gathered for use in a court in that state must be collected by a person with a PI license or through a PI licensed agency.

Seems to me this is probably a Legal Stuff(TM) issue only, and as far as that goes, it is an interesting development. But I fail to see how such legislation would preclude a user, administrator, or compsci professor from being able to testify as an expert witness (or otherwise), let alone interfere someone (not subject to a court order) using a computer.

Re:Worrisome?

[MBCook]

It does. It keeps quite a lot of bad drivers off the road. It just doesn't stop all of them.

If anyone, with no prior knowledge, was allowed on public roads and highways... don't you think things would be much worse than they are now with licenses?

Re:Worrisome?

[tcgroat]

"Because they are already licensed by their industry-specific agencies, [...] engineers are exempt from state PI requirements, Abrams explains."

And there's the key. Anyone who is producing legal evidence on technical matters should have a license. A PE license, not a PI license!

Re:Worrisome?

[Zeinfeld]

If I did full time forensics I would be much less worried about having to get a license than the ambiguous legal landscape that existed when I did some cases in the mid 90s. You can't preserve the rule of law by breaking it. And even if you do keep to legal methods you have to be sure that you can prove that is what you did or else you can find the criminal you are trying to stop suddenly turns the tables on you.

I don't think anyone should have to worry about investigating their own machine. But what if you are going to trace the attack to the source? At what point does that become hacking? What if you have someone hand you information that has maybe been obtained by dubious methods? In the 1990s nobody knew where the line was drawn.

What happens if you hire someone to do that type of work? Are you going to be liable if they use pretexting or the like?

If Clifford Stoll was using the same techniques today he might well have had some legal issues. Even if you don't break the law you can still ruin the chances of a successful prosecution by contaminating evidence.

I don't want to have people who are working for me acting as vigilantes. I don't want them to collect information in ways that disrupts Law Enforcement efforts. This is a professional business now and we have to act like professionals. People need to understand that there is a line and consequences for crossing it.

Re:Worrisome?

[STrinity]

Yeah, this'd be great. "Hey baby, I'm a private dick. I pack a Samsung 5gig loaded with Ophcrack, and I'm licensed to use it."

Re:Worrisome?

Yeah, all the sys admins would either be in jail for 2nd degree murder, or in treatment under an insanity plea.

Now, if the sys admins also had the right to claim justifiable homicide in egregious circumstances (i.e. the mythical Texas "He needed killin'" defense), you might have a point, but I don't think that's likely to happen.

Re:Worrisome?

[crotherm]

What a load of crap. My job requires us to perform such checks on a regular basis. These requirements are required by Government agencies in order to work on specific projects. Requiring some ridiculous license to read log files will only create a glut of "so called" experts much like all those Windows experts a few years back.

Don't be fooled by this. This is yet another attempt of our Government wanting to control access to knowledge.

Re:Worrisome?

Clearly you have never been to Arizona.

Re:Worrisome?

[mortonda]

There probably wouldn't be any users either. ... and the downside would be... ??? ;)

Re:Worrisome?

[wizardforce]

yes there would, the learning curve would just be *a lot* higher than it is now. Not only that but the spammer species would go extinct quite quickly.

Re:Worrisome?

[angus_rg]

But prisons would be real crowded. Hopefully they'll have FTC(Fiber to the Cell).

Re:Worrisome?

[Firethorn]

As a gun-toting network administrator, I endorse this service! ;)

Though generally speaking you're allowed to investigate your own equipment without any problems.

The license would be required if you're going to be snooping in other people's systems, especially without their knowledge.

Call it the difference between a having a photographer taking pictures of your wedding(with your permission) vs hiring a PI to take pictures of your wife cheating(without her permission or knowledge).

Re:Worrisome?

[angus_rg]

Very, very true. I'm very mixed as to whether this is good or not.

Much of the tax payers dollars are wasted in courts by some yahoo who has no clue what they are doing, how to store the data. Not to mention, most jurrers, and even judges probably have eyes that glaze over when computers are spoken about. You could tell them that Mrs. Plumb did it in Windows with the Flux Capacitor on her 1.21 Gigawatt computer and they'd probably nod their head as if they understood. Ensuring that the investigator is competent is a must. We are probably seeing more Forensic investigators getting sued for botching up evidence, and or law engorcement investigations.

On the other hand, this will be difficult for small companies or individuals because I believe PI requirements vary from state to state(I may be wrong, feel free to flame). I think a lot of very talented investigators will get screwed, or forced to work in a smaller domain.

My biggest concern is that this will become a guage like the average certification did. We've all seen how well that worked out. If my mail man pulls up with his PI in forensic badge, I'm going postal.

Re:Worrisome?

[flyingfsck]

I don't think you know what it means to have a PI licence. It simply means that you have gone to the police station, paid a small fee, got finger printed and certified that you don't have a criminal record. Which I think isn't altogether a bad thing.

Re:Worrisome?

[Jah-Wren+Ryel]

If anyone, with no prior knowledge, was allowed on public roads and highways... don't you think things would be much worse than they are now with licenses? No I don't. If someone is foolish enough to try driving without any training to begin with, I don't think that a license or lack thereof would hold them back in the slightest.

I think the one and only reason things aren't much worse than they are now is that the majority of people are sensible. A piece of paper and after-the-fact enforcement don't make much difference.

Re:Worrisome?

[unlametheweak]

Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files for login information, or tracing back history files to see what led to critical system files being corrupted. From the article:

Computer forensics is more often used as an internal investigatory tool. In other words, probes and evidence collected inside the firewall stay inside the firewall. In these cases, none of the proposed or existing state laws requiring PI licenses apply. Also, as some-one else already said (also from the article), this only applies for evidence gathered for a court case.

In the end, I don't think it should be a criminal matter, but more of a point of being professionally certified so that one can prove competence in both the laws of the state (regarding evidence, etc) and computer forensic competence. (The one thing the US doesn't need is MORE criminals as a result of over-zealous law-makers.)

Re:Worrisome?

[wcb4]

about $3.14

Re:Worrisome?

Hmm, does this mean I get to carry a gun too?

Might reduce the amont of SPAM.

That or at least keep some of the more annoying end users at bay.

Sounds like a good idea......

Re:Worrisome?

Each state has different rules. When I was looking at it (for a job in Washington), it was $200 for unarmed, $100 more for armed, and some training. I don't remember the training cost, but it wasn't unreasonable. There's a good list of links and info for each state at http://www.crimetime.com/licensing.htm

Re:Worrisome?

[Oligonicella]

Um, your analogy is crap. A PI may not even need to access a computer, depending on the type of work they do. However, a digital forensics expert may very well have to do investigative work in order to provide courtroom testimony. Not to mention, the difference in outlay for the two is quite striking.

For someone in the data business, you're pretty inept at knowing how to start.

Google "Private investigator" license obtaining -- The second link shown is:

http://www.oregonpi.com/licensing.htm

It's a reasonable place to start. There you will learn it's a state by state thing.

Re:Worrisome?

[MurphyZero]

Any one can get on the highways without a driver's license. Just like anyone can get in a car drunk and start driving. And if you don't believe so, check out the newspaper (online of course) for the arrests in the past week. Even the arrests don't keep them off the road.

Re:Worrisome?

[ben(zen)]

I second the earlier sentiment, and wish that I had mod points also.

Re:Worrisome?

[Artifakt]

Right, we'll do away with Pilot's liscences too. Oh, and Surgeons. What could possibly go wrong? I've got a few liscences. Not one of them came from cramming for a test and forgetting everything the next day. Instead they came from years of study and application. I guess the people who modded you +1 interesting feel they didn't really earn their professional credentials, but I sure as hell earned mine.

Re:Worrisome?

What purpose does a license serve? Does it actually prove somebody knows an area or that they can take tests? If they can bluff their way past the person hiring them, they can probably bluff their way into getting a license. The cost is the major factor, so it's simply another tax and required registration.

Re:Worrisome?

[gambolt]

That was my thinking. This would likely limit who could testify as an expert witness. Thinking of it as a government certification program might be more appropriate.

Re:Worrisome?

[torkus]

In theory, you could. See, there are lots of people who *could* fly a plane. There are LOTS of people who could remove an appendix or deliver a baby that aren't "doctors". Could all of them do it as well as "real" pilots or doctors? No. Could some? Yes. Doctors from other countries come to the US and, despite having 10+ years experience get to do their residency and chase "real" doctors around for a few years. "Real" doctors they very well might have MORE experience than.

Accreditation is, in general, a good thing.

Making it ILLEGAL to do something you're not 'government aproved' (i.e. licensed) to do is a scam if you ask me. Requiring someone to disclose their accrediation status makes sense.

If I knowingly go to a unlicensed doctor that's my choice. Guess who would be cheaper? Yeah. Well hey, maybe poor people (above the hand-out level of poor) could actually see a doctor they could afford that way. Sure, you don't get the same service. But the whole 'all or nothing' doesn't actually serve the public good.

I'm glad you have a few licenses. Kudos for actually studying. You'd still have accredidations in my hypothetical world. You'd still clearly be 'above' those with just a shingle nailed to the side of their house announcing their services. The difference is - those people wouldn't be breaking the law! Someone looking for high quality service would probably go through you. Someone with enough experience would prove so, and get accredited.

Re:Worrisome?

[nguy]

I think you are a good example for why this is a good requirement: you really should not be providing forensic services without being familiar without satisfying at least the requirements for a PI.

Re:Worrisome?

[ocbwilg]

Typically investigation is defined as for hire and examining other peoples' data, not your own. So investigating your own logs, and even a company having permanent staff to investigate their own logs could constitute "security", but hiring someone from another firm to examine your logs after the fact could be "investigation".

Yes, but where do you draw the line? It's easy to say that you can investigate anything from within your company. But what if an attack originates from outside your network, comes across the Internet, and compromises machines on your network. Do you start investigating it internally as "security", and then hand it off to someone else once (presumably licensed) you get outside of your network? If that's the case, then won't the perpetrator have a built-in defense in court by claiming that the "internal" part of the investigation that generated the data that was fed to the "outside" investigator wasn't held to the same forensic standards?

I do see some serious problems with this. Firstly, most PIs are not what I would consider computer forensic experts, computer security experts, or even technology experts. So allowing them to collect forensic data from computers while excluding legitimate computer forensic experts (computer science types) actually lowers the standards. That doesn't make sense. The second problem is that in some states it is not easy to get a PI license, especially if your only investigative training is in computer forensics. Thirdly, because of the global nature of the Internet it means that a forensic investigator who is investigating a compromise in New York may also need to have a PI license in all 49 other states just in case they might have to collect evidence from a system in one of those states. It just doesn't make sense.

Then there's the fact that this law will dramatically reduce the number of people legally allowed to practice computer forensics and testify in court. How does that affect expert witnesses? If you're charged with a computer-related crime and the only 7 firms licensed as PI/Computer Forensic Experts in the state all work with police departments, how do you find an expert witness to rebut their testimony? I can forsee circumstances where a traditional PI with a "point and click" forensics program provides the police with allegedly ironclad evidence that is more full of holes than swiss cheese, and the defendant not being able to discredit/rebut the evidence because their own expert witness isn't licensed in the state.

Re:Worrisome?

[torkus]

HAHA. Actually a lot of companies locate their headquarters elsewhere to AVOID some of the laws in NY.

For example: Many companies that do rebates or gift cards have a 'legally separate but wholly owned' entity based in some choice states. Virginia is one example. Why? Because VA has laws that let them take unclaimed money and put it right on their own income books. That rebate you didn't cash? Yep, in 90 days or a year (whatever) they add all those up and keep the money. Other states preserve your right to go after that money for longer or prevent a company for considering it income.

But anyhow, I just used NY as an example since I live here and know all our repair shops are "licensed". Heck, the street meat food carts in NYC are have licenses and permits. That doesn't seem to do much about their quality, pricing, or hold them accountable. Try getting a refund for a bad sandwich :)

Re:Worrisome?

[afidel]

How about as a consultant I'm called in to troubleshoot a broken web application and during my troubleshooting I come across what I believe may be the problem but it appears to be a breakin, should I be forced to end my work simply because I don't have a PI license? To me that is asinine and big government regulation run amuck.

Re:Worrisome?

[ehrichweiss]

Doesn't matter. Not every state requires a license so one could already be a "licensed" PI in their area, and the feds don't have jurisdiction to require it.

Re:Worrisome?

[arivanov]

Well, this means your company will be paying for it. That's all.

Re:Worrisome?

[Allnighterking]

No not less crowded just harder to find a working monitor, or an end user with a question/problem.

Re:Worrisome?

[Nullav]

But would it even be enforceable if it had such a broad definition? Just look at the laws regarding 'strong encryption' and the rise of the Internet.
(And even if it did end up written in such a half-assed manner, I'd like to think it would be thrown out the moment it was brought up in court; all but the most senile/corrupt of judges should be able to see the implications of an overgeneralized law regarding 'investigation'.)

Re:Worrisome?

[Prof.Phreak]

I was thinking it would be great for criminals. The people who are likely to have PI licenses aren't likely to be the same people who are any good at IT.

Re:Worrisome?

[mad_minstrel]

It is, unless that requirement eliminates 99% of the people competent of doing such work.

Re:Worrisome?

[Sirra45]

You are being funny. A sysadmin WOULD NOT BE PROSECUTED since his investigation would be within the course and scope of his employment. I don't think you understand professional licensing law including the PI License concept. Professional licensing is job specific, and investigative licensing does not cover "investigating" things within the work place by the employee. Licensing computer forensics is just a sound and reasonable way to protect the consumer against a "free for all" computer forensics community that will not police themselves. Incompetence and fraud are increasing in computer forensics and the license free ride is coming to an end. The client/consumer deserve no less. Licensing will clean up and professionalize things.

Re:Worrisome?

[Sirra45]

What's the big deal? Computer Forensics Examiners/Investigators need to get licensed. They can pass the test and criminal background check can't they? How about liability insurance and bonding, as required in some states for a PI license? The client deserves nothing less, and needs the protections against a growing unlicensed free-for-all computer forensics community that has produced some fraud lately. You knew it was coming. The license free ride was eventually going to stop since the computer forensics case work was getting way too important not to be licensed and regulated by the state. Geez, almost everyone else in the criminal and civil justice system is regulated to protect the consumer. What makes the computer forensics investigator so special? It's obvious the computer forensics community is not policing themselves, so someone has to control the fraud and incompetence that I am seeing. Again, the client/consumer deserves nothing less, and that is the goal of licensing.....to protect the consumer. There's a famous Fresno, CA case where a fraudulent unlicensed computer forensics investigator was caught while qualifying as an expert witness with false credentials and a 1996 prior felony conviction. He has since been sentenced. Me and others know this topic is "old" and we have done the research and case law studies months ago. It's no longer a debate, just the implementation of the licensing. I have personally been involved in cases where I have watched clever lawyers use rather simple code-based tactics to remove an unlicensed opposition computer forensics investigator. It's a career changing event for the ones that I saw caught and removed from cases. The last one was two months ago on an online stalking case where the computer forensics examiner with his very important computer evidence was not going to be allowed to testify until he produced a license.

Re:Worrisome?

This is already the case in some other countries (like the Netherlands).

I don't think it is a bad thing. Especially since their are a lot of privacy related issues that are handled and regulated by a PI course, exam and certification and aren't by a computer science one!..

Re:Worrisome?

Don't be fooled by this. This is yet another attempt of our Government wanting to control access to knowledge. And don't be fooled by the noise and smoke, you'll notice there is a little man behind the curtain with a satchel of money: is it the Big Bad Gubmint or is it some unsupervised multinational with some pet congress critters? It's the 21st century already. "Gubmint" is the least of your problems, large corporations are walking all over you and, being exempt from the Bill of Rights, are doing so with impunity.

Re:Worrisome?

[lcoughey]

I wish it was that easy here in Ontario...but, it doesn't seem to be the case. I only have minimal involvement on the forensic side our company and know that we've been trying to get an explanation on how to become licensed. Even our MPP is having troubles getting answers.

Re:Worrisome?

[Kyojin]

Then again, think how bad it would be if people were allowed to drive without licenses. Ever heard of people failing their driving tests several times over? People losing their licenses for reckless driving? Licenses do keep many of the worst drivers off the road. Perhaps the standard could be set higher, but it would be inaccurate, or at least , to say they have no effect.

As for PI licenses for computer forensics, if they applied only to computers that you do not own, especially if you took payment for such services, that would be acceptable. But requiring it for your own computers is as bad as requiring a PI license for claiming you found the perpetrator's wallet in your house after a burglary.

Re:Worrisome?

[lcoughey]

I think the idea of regulation is not a bad one. The key concern is that digital forensics should be treated as a field of its own. I suggest that a title of Digital Forensic Investigator be created.

To suggest that one who simply registers as a PI is now qualified to do digital forensics is absurd. Just as absurd to think that a digital forensics expert knows or needs to know all the ins and outs of PI work. They are two distinct fields with some overlap.

Re:Worrisome?

[budgenator]

Understand in Texas, they can put you in prison for shooting your unfaithful spouse and their lover dead if either manage to fall out of the bed before dying, I wonder what the computer metaphor fort that would be?

Re:Worrisome?

[0racle]

a system administrator could be prosecuted for reading the log files for login information, or tracing back history files to see what led to critical system files being corrupted.

Reading is a wonderful thing.
From the Article:

digital forensic evidence gathered for use in a court in that state must be collected by a person with a PI license or through a PI licensed agency.

Lets also not forget that reading logs at your place of business is not forensics work (as much as you might want to think of yourself as a CSI), it's your job. If your company was electronically broken into, even now the companies sys admin isn't going to be the one examining the logs for the court record. They would be handed over to a forensics company, and now that company would have to be licensed in South Carolina if that is where the litigation is taking place.

Re:Worrisome?

[smellotron]

If anyone, with no prior knowledge, was allowed on public roads and highways... don't you think things would be much worse than they are now with licenses?

Sometimes I think I would prefer to be surrounded by people who don't know how to drive right, instead of people who know (or think they do) but don't care. I'd expect a little more caution from the former—and no amount of licensing will prevent the danger presented by the latter.

Re:Worrisome?

[winkydink]

Maybe in your state. In California, from http://www.dca.ca.gov/bsis/customer_service/faqs/pi.shtml

What are the licensing requirements for a Private Investigator?

The general requirements for a Private Investigator are:

        * Be at least 18 years old.
        * Three years of compensated experience totaling not less than 6,000 hours in investigative work, while employed by law enforcement agencies, collection agencies, insurance agencies, banks, courts, and other private investigation agencies, etc.
        * A college degree in criminal law, criminal justice or police science can be substituted for part of the experience.
        * Pass a written exam.
        * Undergo a criminal history review.

Re:Worrisome?

[pclminion]

What the fuck are you talking about? Nothing about what you do has anything to do with forensic evidence in the legal sense. Unless you're presenting before a court this has nothing to do with you. And if you are presenting before a court, I sure as hell want you to have a license.

Re:Worrisome?

[ehrichweiss]

"Call it the difference between a having a photographer taking pictures of your wedding(with your permission) vs hiring a PI to take pictures of your wife cheating(without her permission or knowledge)."

Both of those are perfectly legit regardless as long as you're not breaking privacy laws which aren't a concern if the cheating couple is caught kissing in public, going into a motel, etc.

Re:Worrisome?

And there would be a lot more tiger attacks without this tiger repelling rock.

Re:Worrisome?

[Paul+server+guy]

In seven states, (Alabama, Alaska, Colorado, Idaho, Mississippi, Missouri, and South Dakota) there isn't even a license requirement. http://en.wikipedia.org/wiki/Private_Investigator#Training.2C_other_qualifications.2C_and_advancement

Further reading shows that many states have very limited requirements, but most of the training required has absolutely NOTHING to do with any computer science/engineering of any sort. (Although there are many more conventional requirements.) The first most easy answer? If you can't easily jump through their hoops, go find a PI that will hire you part time. Work up some sort of an agreement that means you do his work for him (for a reduced rate), and you use his license for yours (For a small cut if you have to testify). Everyone wins, and you may even get some additional work out of the deal.

Some people may complain about the PI not wanting to put their license on the line, but there will be plenty that will, just to have the new service available to them...

What there really ought to be is a Computer Forensics license. In any case, having the training in chain of custody and proper evidence handling would be worth it...

Re:Worrisome?

[Crudely_Indecent]

You would think so, but it's surprisingly easy to get a PI license (assuming you have a clean record) and computer forensics is an extremely difficult field.

This hasn't become law yet, and it's unclear in Texas how to apply PI license requirements to IT professionals. Personally, I think this will weed out some of the less desirable from the industry as they won't be able to get past the background check. On the flip side, this will be worse for the industry, as any Tom, Dick or Harry who has a PI license will try his hand at destroying electronic evidence....

Ultimately, it really doesn't matter to me anymore. I've left that industry with a bad taste in my mouth. It turns out that lawyers cannot be trusted. I have never been cheated out of more money in my life. It's extremely difficult to sue a large law firm.

Now, a good law that needs to be written, would allow contractors to include a "baseball bat" clause in their contracts. If the contractor isn't paid, he gets 1 hour with a baseball bat per $1000 owed. If that law existed, I'd have 4 or 5 days of beatings to administer.

Remember, lawyers cannot be trusted.

Re:Worrisome?

[mrchaotica]

Yeah, me too -- weren't we all just complaining in previous stories about Geek Squad-types digging into people's personal files when they didn't need to be? This is exactly the kind of law we wanted!

Re:Worrisome?

[Deanalator]

It worked for paris hilton right? Doing forensics right is actually pretty hard. You need paper trails and reasonable proof that no evidence was tampered with in the process of bringing it from the victim machine to a court case. I think the point of this law is that if someone screws up, or they don't know what they are doing, they can get their licence revoked. I personally think the fact that anyone can pull data off hard drives and introduce it in court without having to prove any credentials is pretty scary. I think it's also lame that someone looking for a forensic investigator has no way to determine how qualified a given individual is, except for word of mouth.

Yes, if they screw this law up it could be really bad, but I think there is also a lot of good that can come from it.

Re:Worrisome?

I would think that requiring an Investigative license for doing invetigative work would be a good thing.

You would, then, be stoned. Helping a friend, family member, spouse, or employer dive into the contents and records of a computer should not require a specialized license. In fact, the only purpose for requiring a license is to create an artificial, state-sanctioned monopoly over an activity done by normal folks for decades. And create a new criminal class. That serves merely to give additional powers to government which benefit the few at the expense of the people.

Re:Worrisome?

[tftp]

See, there are lots of people who *could* fly a plane.

Flying a plane is not difficult. Safe landing of it is.

There are LOTS of people who could remove an appendix [...] that aren't "doctors".

Pure BS. Even if one out of 10,000 untrained people can *find* an appendix, the chance of removing it without causing peritonitis or any other infection is about zero. How many people regularly practice stitches with catgut, using curved needles held with tools, on a living tissue that will heal afterward?

Doctors from other countries come to the US and, despite having 10+ years experience get to do their residency and chase "real" doctors around for a few years.

Many foreign doctors are just as good, if not better, than locally trained physicians. But they are all doctors - trained for many years in knowing every single bone in human body, every single nerve, every single blood or lymph vessel. They can remove an appendix without opening all your belly up because they *know* where they need to work, and they saw it done by teachers, and then they did it themselves, under careful supervision.

If you have the option of having your buddy, a car mechanic, operate on your appendix, vs. the option of just overdosing on morphine and passing away in peace, the latter is probably better for both of you.

Re:Worrisome?

[TapeCutter]

"The same way driver's licenses keep bad drivers off the road."

Anarchy in goverment is one thing, but on our roads?

Re:Worrisome?

[webweave]

Except it will just push the work overseas and India will become the capital of computer forensics.

Re:Worrisome?

[blueg3]

It's analagous to not allowing a hired security guard to (insert any of many investigative tasks). But as I haven't read the suggested law, I don't know what distinctions it chooses to make -- which is clearly an important part.

Re:Worrisome?

[blueg3]

Like many, unfortunately, you're misinterpreting the requirement of having a PI license to do computer forensics to mean that licensed PIs will be able to do computer forensics. Note that right now there are no restrictions, right? So that means anyone can claim they can do the forensics -- PIs and non-PIs. Requiring that you have a PI license won't give current PIs any capabilities they didn't already have. It would require all non-PI-licensed forensic experts to get a PI license. Whether or not that makes any sense depends on what the PI license is all about. If someone's going to gather evidence for later use in court, a registration certifying that you're familiar with evidence-gathering procedures isn't a completely crazy idea.

Re:Worrisome?

[Firethorn]

s long as you're not breaking privacy laws which aren't a concern if the cheating couple is caught kissing in public, going into a motel, etc.

Depending upon the region, this could indeed violate privacy laws.

And I was picturing rather more than the public stuff...

Re:Worrisome?

[Artifakt]

Using something other than the government can be a good idea. Look at how functional Underwriter's Laboratories is. And I grant you, restrictive liscensing can go far beyond any public good. For examples, there's no real reason to have a full doctor evaluate the average cold or flue case, delivering babies has worked well with midwives in the past, the military regularly turns over medical care decisions to PA's (4 year degree) and RNs (2 year or better), that are doctors only decisions in the civilian world, with very good success rates (the problems at military hospitals aren't related to having PA's, etc, in fact the numbers show the opposite).
      But in the original discussion, posters were mentioning how a lot of people evade the requirement for a driver's liscense as proof the government can't get it right. I'd point out that there are very few people if any managing to fly a commercial aircraft without a commercial pilot's full set of certifications, liscences and records. There are pretty few cases of unliscenced brain surgery out there as well. It's a pretty safe bet that anyone who can fly a 747 safely either has all those, or has come very close to completing the set and lost out on some small factor. There just isn't anybody who has never logged any flight hours for record in any jet aircraft but who could safely do that job. Yes, there may be people who have practiced with smaller jets and have lots of natural talent and drive and could theoretically do better than the bottom few percent of those others who have that last bit of paper. But the cut off there is way, way above not having anything on record at all.
      Sometimes, a government program gets 95% or better success at controlling unqualified practitioners, so pointing out that one area, such as regular car drivers, isn't working that well is either a wrong generalization (that is, we have counter examples where the government does much better), or it reduces to saying that "government is bad, because it doesn't achieve an absolute 100% success." (in which case, I'd like the 'free market' alternatives judged by that same standard).

Re:Worrisome?

[torkus]

I didn't say have joe barber hack out your appendix with his hair buzzer. I also PERSONALLY know several PA's that COULD do an emergency apendectomy. "lots" is a relative term. Relative to those with substantial medical knowledge vs. general population. Just like lots of people could make a forensic backup of a hard drive doesn't imply that my dad who wasn't even fond of typewriters could.

Along the same lines, those foregn "doctors" had training yes. They very well might be as good as our MDs but they're not licensed so they'd get shit if they did anythign medically related without getting their paperwork in order first. I'm not against accredidation, just the scam of government sponsored licensing.

Re:Worrisome?

[torkus]

Give the free market a chance. Unfortunately, our society (USA in particular) refuses to accept anything other than "government approved" as genuine in so many cases.

If you did away with commercial pilots licenses, don't you think airlines or some consortium would offer similar without the mis-mash hoo-ha of the governemnt nonsense? Airlines would use that as a standard. Maybe test-qualify pilots in some sim hours first. Pick your method. You can get the same effectiveness - or better - without gov't involvement and eliminate the $trillions wasted on the related nonsense.

Your point with milatary medicine is perfect. In fact I dated a PA who quite redily proved she was as educated as most doctors and just required some time as an intern to 'get her feet wet'. She now effectively DOES the job of a doctor. Anything above her head the MD in her office signs off on after the fact 90% of the time. My grandmother could tell me if i had the flu, strep, or was faking it just as easily as the retard doctor who saw me long enough to scribble his signature on the pad when i was younger. Unfortunately without him i couldn't get antibiotics.

Remind me again why antibiotics are controlled substances? Other than the posibility of reducing their potency (which our MDs are doing well enough at) ... i've never heard of antibiotic abuse. I can look up the drug interactions online (and my pharmacist is SUPPOSED TO do the same).

Re:Worrisome?

[crotherm]

What the fuck are you talking about? Nothing about what you do has anything to do with forensic evidence in the legal sense. Unless you're presenting before a court this has nothing to do with you. And if you are presenting before a court, I sure as hell want you to have a license. My biggest issue is who decides who gets a license. My government right now is in full paranoid mode right now. I don't trust them making that decision. If you are presenting evidence in a court of law, you need to be able to prove that you are an expert in your field. This restriction goes beyond that. This restriction at its heart restricts access to knowledge and information.

Re:Worrisome?

[stry_cat]

What's worrisome is that someone would think that requiring an Investigative license for doing investigative work would be a good thing. It's fine if you want to have some professional association certify that a person knows what they're doing. However I should be free to hire someone with or without that certification and I certainly shouldn't be require to hire someone with a license. If I'm too poor to pay for someone with all that jazz and satisfied with another's qualifications (or lack thereof) that should be enough.

Why?

[Eco-Mono]

Nerd rage aside here, the programs in question aren't dangerous, nor do the operators necessarily have to have expertise to use them. What purpose could this legislation possibly serve?

Re:Why?

[peragrin]

well for one thing it would curb the RIAA who's media sentry company doens't have a PI's license so their investigations in several states are falling short of being prosecutable.

Re:Why?

[ScrewMaster]

Well, assuming that the State in question charges a fee for PI licensing, it will make some extra money. Seriously though, I think this is more about politicians in "do something!" mode. Really, if they don't have any real work left to do, they should just be sent home early so they don't have time to come up with stupid ideas.

Re:Why?

[mrchaotica]

What purpose could this legislation possibly serve?

Stopping the likes of Geek Squad from snooping around in peoples' hard drives, just like we wanted!

what's the problem?

[uchihalush]

Could I be reminded as to why this is a problem?

Re:what's the problem?

[Trailwalker]

Licensing removes investigations and results from the hands of experts to government approved license holders and government "experts". The many stories of mishandled testing by the FBI and other agencies labs come to mind.

Re:what's the problem?

Not having a PI license, I'm making this all up.

But a lot of the licensing process for many professions is not so much licensing and testing their skill AT the profession (certainly there is some aspect of that in some case), rather it's ensuring that the practitioner is aware of the legal and procedural environment within which they practice.

Understanding what they can look at, what the limitations they are under in performing their practice, what obligations they have in terms of working with State agencies, what their liabilities are, etc.

As a perfect example, consider a Notary Public. Here's a profession that, at least at the knowledge and technical level, requires little skill. It is almost solely a beauraucratic invention. How to takes signatures, how to validate ID's, the laws and procedures surrounding witness and notarizing signatures. But it's all very formalized to ensure integrity of the process, because of the weight and ramifications the actual signatures carry legally. It's one thing to "sign" something, but getting it notarized is "signing it right" and carries extra weight.

Since computer forensics starts encroaching in to the legal arena, a lot of the "legal mumbo jumbo" surrounding how the evidence is gathered, handled, and processed comes in to play, and licensing the "evidence gatherer" is a mechanism to ensure that the investigator is aware of their limitations and responsibilities under the law to perform their task.

Re:what's the problem?

[hashish]

No it doesn't. There is nothing stopping a IT security 'investigator' gaining a PI license, what is being proposed is using existing laws to ensure that the IT security invegtigator are controlled in the same way PI are. The existing PI laws were created to weed out the rouge PIs and how would weeding out the rouge IT investigator be a problem?

Re:what's the problem?

[terrymr]

The problem I'm finding is this ... if such a law were passed in my state (WA) I would need a private investigators license to perform certain kinds of work for clients. In order to obtain the PI license I would need to either work for a PI agency or form my own. In order to get a PI agency license I must provide proof of 3 years work as a PI.

Re:what's the problem?

Who are these red PI's?? And red IT investigaters too? Oh my!

Say... you're not a goddamcommie, are you?

Re:what's the problem?

Rouge PI's? I actually prefer blue while I'm sloeuathing.

Re:what's the problem?

[Oligonicella]

And you are investigating data systems that are not your client's, why? That's what PI's do. They investigate the doings of others and show up in court.

Re:what's the problem?

[terrymr]

Where are the lines? let's say I'm investigating a break in on their server from the internet.

Re:what's the problem?

[nonumnos]

Is it your intent or that of your client that the case go before a judge in a court of law? If so, then pony up and get licensed.

If it is your intent to merely "investigate" the root cause and help a customer recover to a pre-intrusion state, then you likely would not need to be licensed. (At least that is how VA law reads to me, in my case).

Re:what's the problem?

[ocbwilg]

No it doesn't. There is nothing stopping a IT security 'investigator' gaining a PI license,

Isn't there? Call me crazy, but I don't think that holding the typical PI and the computer forensics specialist to the same licensing standard is reasonable. How many PI's do you think have the proper training and experience to conduct computer forensics? I've worked in IT for almost 10 years and I know that I don't, so how someone can say that a former beat cop/detective with access to Lexis-Nexis is qualified to perform computer forensics is beyond me. Likewise, someone with a computer science degree who has done computer forensics work for years most likely doesn't have the knowledge and skill necessary to do traditional PI work.

So, if we assume that the licensing process means anything at all (i.e., it is a reasonable test of required knowledge of techniques) then it is unreasonable to assume that a PI can do forensics or a computer forensics expert can do PI work. Therefore the license requirement is unreasonable. Of course, there's always the possibility that in your state all you have to do is sign a form and pay a license fee to get licensed, in which case there is absolutely no value in requiring computer forensics experts to become licensed PIs. Either way it's a bad law.

Re:what's the problem?

[SoupIsGoodFood_42]

Wow. There are calm, thoughtful, rational people on Slashdot.

Re:what's the problem?

[mysidia]

The intent of investigating the cause is obviously to both recover and close the hole in the system so it doesn't happen again. AND to gather information about the attack, sufficient to identify the attacker to report the abuse to attacker's ISP, to stop the attack, AND to be turned over to law enforcement.

The trouble is they can't get licensed b/c to do so, they have to work for a PI firm and has at least 3 years history as a PI firm.

It sounds like the states are trying to make a cartel out of the computer security consulting business by making it illegal for most of the market.

Re:what's the problem?

[nonumnos]

Demonstrate to me that a large majority of companies out there actually have the intent to report to law enforcement with regard to intrusions.

As I stated in another thread, most of the existing laws on this matter (esp. Virginia) have a carve-out exception for "proprietary employees" -- those that are direct, W2 employees. Such persons can generally engage in an otherwise regulated activity so long as it is within the confines of their job for that employer. If you decide you want to make a little side money doing this work for other companies as well, then you are a contractor and need to conform to the full scope of the law and regulations.

I know there are a number of states that require apprenticeships prior to obtaining an individual license. I also recognize that there are a couple "support retired law enforcement through protectionism" states that hold that only former LEs can become PIs. In those states where the regulatory overhead is that high, it may very well make sense to create a parallel registration and licensing scheme, but be careful what you are asking for! I can envision a well-intentioned state legislator seeing "forensics" and thinking it belongs in the same part of the regulations covering people doing DNA analysis and ballistics.

Re:what's the problem?

[mysidia]

As I stated in another thread, most of the existing laws on this matter (esp. Virginia) have a carve-out exception for "proprietary employees" -- those that are direct, W2 employees. Such persons can generally engage in an otherwise regulated activity so long as it is within the confines of their job for that employer.

That exception's nice, but totally useless for security consultants, individual proprietors who are not W-2 employees of some fortune 1000 company, who are called specifically to solve a problem, because the company's full-time "system administrator" is still struggling to understand the difference between a left click and a double click, let alone properly securing a network, or examining firewall logs to determine their vulnerabilities, and how they were attacked.

If important proprietary information has been stolen, there's a good chance stakeholders will want law enforcement involved, since for every moment a criminal has a copy of proprietary information, there's increased risk of an embarassing incident, like their secret formula getting posted on the web, and all their competitors getting a copy, or like having to tell their customers that their social security number and credit card details have been downloaded by an unknown hacker sourced from an ip address somewhere in China.

Contacting Law enforcement may not be the first priority but there's a good chance it can be on the list. Presumibly, law enforcement will still have to perform their own investigation, but someone on the system administration will stillhave to dig and find the relevant information to pass along, from a sea of log data, that includes confidential info about normal operations....

Already Required in Texas

Texas already requires that computer forensics investigators be licensed PIs. The requirement isn't just window dressing, either. Getting a PI license is tough there. That's why there are only about a dozen licensed computer forensics investigators in entire state. Um, and Media Sentry sure as hell ain't one of them...

Re:Already Required in Texas

Texas law is also explicitly designed to prohibit individuals from becoming private investigators too. If you are an individual and wish to become a P.I., you must first form an investigations company as a sole proprietorship or LLC, then designate yourself as the security manager of that company, then prove you have the required minimum experience to qualify (e.g. 3 years documented work employed for a licenced investigator in the state, or a 4-yr criminal justice college degree, or be a licensed peace officer in Texas), then pass the tests and background checks, then pay exorbitant recurring fees, and maintain very expensive and hard to obtain liability insurance just to get your company licensed. Once you've done that, you can then repeat most all the above to get yourself licensed as a P.I. employed by your own company.

Re:Already Required in Texas

Dang, getting my Texas P.E. doesn't seem so intimidating now.

Weird how it sounds like it's easier to get a Professional Engineer license than a Private Investigator license...

Re:Already Required in Texas

That's because the Texas laws governing private investigator licensing were designed for creating and protecting a lucrative career market for retired cops, and the PE licensing laws were created by PEs for keeping the riff-raff out of their profession.

Re:Already Required in Texas

[Unlikely_Hero]

only having 12 people allowed to do computer forensics for a living is probably more of a bad thing than a good thing...

A new security measure

[revengebomber]

New snoop-proofing: chmod -R 000 / Anyone who tries to access your drive is obviously trying to perform computer forensics.

Re:A new security measure

[wizardforce]

even better:
rm -rf /

A Koan

In the east there is a shark which is larger than all other fish. It changes into a bird whose wings are like clouds filling the sky. When this bird moves across the land, it brings a message from Washington, DC. This message it drops into the midst of the hackers, like a seagull making its mark upon the beach. Then the bird mounts on the wind and, with the blue sky at its back, returns home.

The larval hacker stares in wonder at the bird, for he understands it not. The average hacker dreads the coming of the bird, for he fears its message. The master hacker continues to poke at the drive's file allocation table with a sector editor, for he does not know that the bird has come and gone.

Re:A Koan

Whoever moderated this Offtopic should be shot in the ass. At least it's not another dumb joke about "ls -a". I bet you don't even know what a koan is, niggs.

This is good!?

[NFN_NLN]

How is this a bad thing? Requiring a PI license would imply some level of legitimacy.

"So long as computer forensic specialist implies a PI license" AND NOT "a PI license implies a computer forensic specialist".

Re:This is good!?

[Naturalis+Philosopho]

Mod UP. Couldn't put it better myself. Move along people, nothing more to see here.

Re:This is good!?

[FooAtWFU]

Why not have a voluntary certification program, and require people not certified to disclaim that they aren't? You could easily have the best of both worlds.

What if I want to go set up a little computer forensics business and employ my own genius employees that I know and trust? Why should I have to submit to a board comprised of my competitors, deal with licensing requirements which seriously may (now or in the future) risk being outdated, not applicable to many specialized sorts of work, or which provide a false sense of security by being utterly trivial? What happens when the board requires you use Microsoft-certified tools only and bans grep et cetera?

Some economists hold that labor market regulations such as these are among the primary long-term threats that hamper economic growth. (Some places require you to get a license to arrange flowers.)

Re:This is good!?

computer forensic specialist

I don't think the law will apply to people who call themselves "specialists", the law will likely be written so that anyone doing "computer forensic-y" stuff will require a license. Of course, the law won't be applied to anyone not advertising that they're doing this for money, except in those cases where you cut Someone Important off in traffic, and they discover that you're a sysadmin, and surely you've looked in your webserver logs without a license.

Re:This is good!?

[harlows_monkeys]

Well, one problem is that the skills required for a PI have little to do with forensics skills, so this makes as much sense as requiring a hazardous waste transporting licensing would. If there is a need for regulation of forensics, then make a new license for that.

Re:This is good!?

[GNUALMAFUERTE]

Considering we are in 2007, I think you need a hazardous waste transporting license to access my spamassassin logs.

Re:This is good!?

[whoever57]

Considering we are in 2007

Are we? That's news to me. Here I was, thinking that it is 2008. I'll have to put my old calendar back up.

Re:This is good!?

[GNUALMAFUERTE]

That's because I have a /. Calendar. After December 2007, there is a dupe.

Re:This is good!?

[nonumnos]

Good lord! In just about every state the licensing requirement does not prove you have a specific skillset.

There are PIs that specialize in TSCM (Technical Surveilance CounterMeasures -- electronic bug hunters that sweep rooms, etc...), workers comp cases, divorce/infidelity, competitive intelligence (thinking of buying a company?), background investigations, skip tracing, and yes, computer forensics.

The license is a means to gate who can operate on a for-hire basis to introduce evidence into a court or other similar body. That's it.

Read the existing laws. The article cites at least six states with some laws already on the books. Go read them and understand what they really require.

Re:This is good!?

[Jeff+DeMaagd]

I see little problem with requiring that computer forensics specialists prove that they understand what the law is before they can practice it for money.

I would bet that making it voluntary wouldn't make a difference at all. If there's any chance that a case would go to court, any information gleaned by an uncertified person wouldn't be admissible, weakening their case and negating any point in hiring them.

The regulation example on arranging flowers is a totally different beast. Of course that's stupid.

Re:This is good!?

I just tried to find out what it requires to get a PI license in Texas and no one wants to make it easy to learn that much. This is just a barrier to competition. There may be some justifications, but they aren't the reason for these laws.

Re:This is good!?

[__aajwxe560]

Now hiring: Looking for experienced LINIX Administrator with at least 5 years of UNIX or LINUX experience to administer a 100% Red Hat shop of 100+ servers. Day-to-day will include managing Apache httpd servers, yum repository updates, and maintaining uptime of said Linux systems. MCSE Required.

A good incentive to use OpenBSD or Trusted Solaris

This is actually a really good incentive to get people and businesses to start using secure operating systems like OpenBSD and Trusted Solaris. Both of those projects put a major emphasis on providing the most secure operating system possible.

Of the two, I personally prefer OpenBSD. It's a rock-solid UNIX-style system coded by some of the greatest software developers of our time. Their strenuous security audits have resulted in a system that is near impenetrable by those who wish for malice. They even maintain their own hyper-secure versions of some other major open source projects, like Apache's http daemon.

If it becomes costly to resort to computer forensics, it may just be best to use software that is very secure in the first place, to avoid the need for a licensed PI.

I don't see the problem

[Urger]

After all PI's get to drive around in their employer's red Ferrari and have witty repartee with the English Estate manager (who may or may not be ghostwriting the employer's books) while having casual sexual relationships with clients. In Hawaii. Am I right here folks?

Re:I don't see the problem

[Neutari]

Don't forget having a best friend who has ties to the maffia!

Re:I don't see the problem

[j79zlr]

I didn't think TC was Italian?

Re:I don't see the problem

[thatskinnyguy]

Damn! And I thought I would be the first to make a Tom Selleck/Magnum joke! Don't forget the lads... cookie...

Not necessarily a bad thing

[the_humeister]

Although I don't think the license should be a PI license. Rather, it should be computer forensics license. Someone with a PI license doesn't necessarily know jack about computers.

Wonder if my Employer would pay for this cert...

[Tmack]

So I can keep my job as SysAdmin... After all, forensic investigation and digging through logs and monitoring for intrusion and such is basically what a SysAdmin is for (aside from making that part of the job unnecessary or as limited/automated as possible). Imagine all the /.'s that would be able to claim themselves as PIs (though Im sure some already reference 3.14159 alot).

Tm

Forensic "work" vs forensic "hobby"?

[Kazoo+the+Clown]

Doesn't this simply say that you have to be licenced to do computer forensic work for hire? What does it really say about doing it on your own PC just to learn about it? I suspect there's some mislead impressions being taken here...

Re:Forensic "work" vs forensic "hobby"?

The government does not want... and desires to eliminate computer forensics "hobbyists". Just like they want to eliminate the concept of hobbyist chemistry, hobbyist rocketry, hobbyist electronics, etc.

Re:Forensic "work" vs forensic "hobby"?

[Ignis+Flatus]

it doesn't say a damn thing. if you're playing around with your own box, you're not doing forensics.

as for the forensics experts, why don't they just get licensed? seriously, how hard can it be? any bozo can be a PI.

Re:Forensic "work" vs forensic "hobby"?

[Clay+Pigeon+-TPF-VS-]

Only "terrorists" have hobbies involving rocketry or chemistry. Big Brother is watching you.

Re:Forensic "work" vs forensic "hobby"?

[Justus]

Well, I was going to comment on all the other posts relating horror stories of the requirements in other states, but in Wisconsin it's actually quite reasonable. According to the Department of Regulation and Licensing, you must:

• pass a 100-question exam on Wisconsin statues and codes relevant to private investigation
• be employed by a private detective agency (presumably you could form your own)
• be insured or bonded
• be over 18 years old
• submit to a background check (fingerprinting) and have no criminal record

This doesn't seem to be too much of a burden for interested computer forensics specialists. Your mileage may vary in other states, naturally.

Re:Forensic "work" vs forensic "hobby"?

[Justus]

Blah, statutes, not statues. I even previewed the damn thing and missed that.

Over hyped

[silas_moeckel]

I know I'm not supposed to read the article but this is about needing a PI license work for a licensed firm to testify is court. First thing I would tack on would be they should also have there PE licensed firm or not. Yes it's a bit of a slippery slope it might also get the Secret Service and the FBI to get there agents some decent skills since every time I had interaction with it a tar.gz file was unfathomable to them and everything involves lot of baby steps and spoon feeding. Unfortunately most of these investigators are just using some pretty badly written applications and get stumped by anything with real encryption or not running windows, on the good side encase and similar is a good first step in the evidence chain.

Re:Over hyped

[martin-boundary]

Unfortunately most of these investigators are just using some pretty badly written applications and get stumped by anything with real encryption or not running windows,

Some people might say that's not a bug, it's a feature.

Re:Over hyped

[silas_moeckel]

It all depends on context when you get a request from the FBI because one of your clients is hosting kiddie porn we were motivated to help. Keeping those guys online to gather more evidence was a bit abhorrent. Lucky I never got a request without something signed by a judge and it was allways for something that I found morally wrong at least from the feds. Local cops love sending mere letters its like there to lazy or just fishing. My favorite was a state cop from Georgia that wanted all email to and from somebody forwarded to him just because he asked nice and then insisted to our legal dept that since we could read customers emails for technical and TOS compliance purposes he could have a copy, strangely he never got a judge to sign anything. In case your wondering we fed outbound emails through spam filters to keep the spammers from buying a 5 buck a month web hosting account and abusing our smtp relays.

Back on point there are some smart people in the Secret Service at least as it relates to computer forensics they only seem to get called in if they first level guys get stumped or it's a big todo, and they were smart enough to break encrypted passwords quickly (rainbow tables I would assume).

Hahahah....wooooo, that's a killer

[rindeee]

Considering that in some states becoming a licensed PI requires paying a fee and nothing else, I'm not sure the significance of this (other than there will be a lot more wannabe cops running around). Considering the median salary for a PI in the US is ~$32K (wikipedia), if all the CF folks out there have to get PI licensed it should certainly push that up a bit. Man this is idiotic.

Re:Hahahah....wooooo, that's a killer

[blind+monkey+3]

I suspect the idea is to make it easier in court cases to trust the computer forensics evidence and to stop trusted employees "accidentally altering" evidence. It should also give people some sort of protection from the backyard boys.

The only problem I see with it is it has to be administered by bureaucrats - bureaucracy tends to be like an alimentary canal - no matter what you put in, you end up with shit.

Re:A good incentive to use OpenBSD or Trusted Sola

I think I speak on behalf of anyone who reads your post when I say...

What?!

But most importantly...

[Gordonjcp]

... does it mean I need to grow a big moustache, and do I get a Ferrari with it?

This...

[danwesnor]

...would stop the RIAA dead in their tracks.

Re:This...

Would it?

Or would it confer supposed legitimacy on their investigations, so long as their investigators hold this somewhat otherwise name-only license?

"ls -a" will be illegal?

[G4from128k]

Afterall, it shows "hidden" files and directories. I wonder how many standard Unix file system commands this law will cover.

Licensing is about power

[MikeRT]

I think the case of one of the doctors that prosecutor Mary Beth Buchanan went after illustrates a problem with the whole idea of licensing professions. The defense found that all of Buchanan's little hoochies who had testified against him, lying and saying he had traded sex for pain killers, had committed massive perjury, but he's still lost his license. Even if he gets totally exonerated he's not going to be able to legally work in his own profession until he gets the license back. Who the fuck is the state to tell people that they cannot pursue a peaceful profession while they are not sitting in prison? So what if you have incompetent doctors and such. I have news for you, do you know what they call the guy who graduates with the lowest possible passing score in medical school after he leaves medical school? That's right, doctor. We still grant licenses to people who are barely worth their alma mater's acreditation.

This won't do a thing for forensic services' professionalism. It doesn't even make sense. PI work is very different from forensics. Comparing PI work to forensics is as asinine as comparing a field agent or cop to a forensic examiner.

Besides, the state is always free to hire total whackjobs who just so happen to have a degree and some sort of license. Just do a search on theagitator.com for the stories about Dr. Hayne. Lovely character, and system that supports him. Guess what. He has a license.

Re:Licensing is about power

[neochubbz]

Would you want a plumber to come over to fix your toilet if he didn't know what he was doing?
How about an electrician who doesn't know the difference between AC and DC? How about a "doctor" who is going to give you an operation, say a vasectomy? You surely wouldn't want that operation to be in question.
What about a lawyer who hadn't the first inkling of judicial procedure?
Even, we the general public must obtain licenses for certain things such as driving or flying a plane or fishing.

The point of a license isn't to prohibit us from doing what we do, its a statement saying that we are capable of performing said ability to a certain standard.

Re:Licensing is about power

It would be perfectly possible to write licensing laws that just certified that this person was a bona fide professional, a good person to hire for this job, but that's not what our licensing laws do.

Actually, what they do is make it illegal to do the thing unless you have the license - even if someone would prefer to use their own judgment as to whether you're any good or not, they can't legally do that - they have to rely on the government's judgment instead.

That may be good (it prevents a lot of quacks from practicing medicine), but it's not what you said it was.

Re:A good incentive to use OpenBSD or Trusted Sola

If you're any sort of a system administrator and you haven't heard about OpenBSD or Trusted Solaris, then you're incompetent, plain and simple. You can read up about them at the sites below.

OpenBSD: http://openbsd.org/
Trusted Solaris: http://www.sun.com/software/solaris/trustedsolaris/

No PI license needed

[AJWM]

Some states -- Alabama, Colorado and Idaho for examples -- don't even require a Private Investigator license for Private Investigators. (They may of course require a business license if you're doing it as a business.) Some of the places that do require a license don't have any kind of test for it, you just fill out the paperwork.

That said, some of the organizations of PI businesses in above states are pushing for licensing requirements -- as is common with trade guilds everywhere.

protectionism...

[j0nb0y]

This is just protectionism...

Most states have ridiculous requirements for getting a PI license. You basically can't get one in many states unless you've been a police officer. There is no public interest reason to do this. Requiring the PI license for this is just a gift to all the people who already have PI licenses.

I haven't looked at computer forensics recently, but when I did (roughly five years ago), there were some problems with it. Basically, because of the way that courts certify experts to testify in court, it was impossible to hire a computer forensic expert to work for the defense. It went something like this:

1. To testify as an expert in court, you have to be a member of the leading professional body for your field.
2. The leading professional body of computer forensic experts forbade its members from working for the defense.

Obviously that's problematic. Hopefully it's changed by now.

The other thing I thought was really funny was the way that most computer crime labs staff up with "experts". Rather than hiring people with computer science degrees and training them on how to do police work, they tend to hire police officers and then train them on computer forensics. The good ole boy system at work.

Re:protectionism...

[OSPolicy]

Rule of evidence 702: "If scientific, technical, or other specialized knowledge will assist... a witness qualified as an expert by knowledge, skill, experience, training, or education may testify thereto..."

There is no requirement to be a member of the leading professional body for the field. This rule, which came about from Daubert [v. Dow Merrill Pharmaceuticals], Kumho Tire, Joiner, and others has generally been interpreted broadly by the courts because judges do not want to exclude valuable evidence and because they are too stupid to understand the falsifiability language in Daubert.

Judges are guided in their admissibility decision by the requirement of rule 702 that "the testimony is based on sufficient facts or data, the testimony is the product of reliable principles and methods, and the witness has applied the principles and methods reliably to the facts of the case."

For states in which there are meaningful qualifications to becoming a PI, one could reasonably argue that the PI license provides a (rebuttable) presumption that the holder of the license knows reliable methods and how to apply them. The question of whether a particular PI actually did correctly apply the proper methods is a fact-specific determination to be made at trial.

Re:protectionism...

[cdrguru]

Nonsense. The HTCIA is the organization that you are referring to and in no way does membership qualify you to testify in court. Most forensic examiners are not members of HTCIA in any way - it is a very heavy law enforcement membership that does require its members not to work for the defense.

There are a number of certifications, such as CCE, EnCE and CFCE that are pretty much required for practicing as a forensic examiner. You just aren't going to get anywhere without these. While the certifications seem like BS, what they are useful for is establishing to a non-technical court that you have been both educated and tested in the field. Part of being qualified as an expert witness in court is having your credentials questioned, so if you do not have certifications you will need lots and lots of other information that will need to be as convincing. I've see one person defend their qualifications without much in the way of certifications but it wasn't pretty.

Membership in HTCIA is restricted to law enforcement and law enforcement sponsored people. It does not qualify anyone as a forensic examiner because you do not have to be a forensic examiner to belong - anyone in law enforcement or associated with law enforcement can be a member. They just can't work for the defense. A court that used HTCIA membership as a qualification would be equivalent to a court requiring someone to have contributed to Bill Clinton's legal defense fund to be accepted as a legal expert.

Re:protectionism...

[Scudsucker]

That's just stupid. What if the defendant is a cop?

blame the realtors

[acvh]

They started it with mandatory licensing. I mean, come on, a license to sell a house? What advanced training does that require? But each group, when it gets big enough, lobbies for this protection of its turf. In NJ you need a license to be an interior decorator.

This could be a good thing

As someone who works in the computer forensics training field, I see all types. There are thousands of people knocking down the door now trying to get into computer forensics. Many are former law enforcement, but with absolutely no computer experience at all. They figure forensics work is just like dusting for fingerprints - you take a one week course and you're done. And they flunk out of IACIS exams left and right. With the new E-Discovery laws in place, and a greater public awareness of this job field, the problem is getting worse over time.

Requiring a PI may be good to keep the field small, to people that really want to pursue this work. I've just seen too many receptionists and desk jockeys enter computer forensics for the money, then forget to use a write blocker and overwrite evidence - whoops!

Posting anonymously... because... yea!

Re:This could be a good thing

[Scannerman]

Surely This in principle is a good thing, (practice may be a different issue.)

If CF is going to be done at all it has to be done well, otherwise it is worthless.

Almost anything could in principle end up in court, only if its just the guy you fired for porn surfing who sues you for it. so even if licensing is not required, the basic principles need to be understood a lot better - in any case technicians working under the supervision of someone with a license, who is accountable for what they do, is fine.

As I see it there are three basic areas that are required

* Understanding the technical issues (computer geek stuff)

* Understanding what is required to make a solid legal case. and laws of evidence etc (legal/PI stuff)

* Signing up to, and adhering to a professional / ethical code of conduct (often the most important part in any profession) - Key point here is that if you don't act honestly and ethically (Think RIAA etc..) you lose your license and find a different profession to work in.

Take out any part of this and it is worthless. But if this is done sensibly it can only be good.

license requirements?

[shadylookin]

so are they going to make the computer nerds also learn how to stalk people's significant other's, that they think are boning other people on the side, to get the license? Now not only will system admins know what you're looking at online they'll know who you're seeing on the side. Just seems like Bureaucratic waste to me by representatives that don't have the slightest idea what they are legislating about.

Re:license requirements?

[blueg3]

Few nerds gather evidence of hacking or data theft for later use in legal proceedings.

Re:license requirements?

We already know how to do this and we're sorry to say she's been unfaithful. Regards.

Cost/Time Is The Only Issue

[milsoRgen]

It seems to me that a license for such work isn't wholly undesirable. I'm sure the main issue would be the cost and time it takes to obtain such a license.

License required for use in court

[muridae]

I don't see a problem here. The law is pretty simple, if you want to collect evidence for use in court, you need to have a license to prove you are doing things right.

A guy who comes home and finds his door kicked in does not get to collect finger prints from his house to prove who did it. Frankly, there is no reason why the CEO's nephew should be allowed to pick through a log file like he picks his nose and, upon seeing an IP address with 66.6 in it be allowed to declare 'This is who hacked our computer.'

Yes, it's another unneeded tax, but it's not as bad as the summary makes it sound. Right now, any one can claim to be a computer forensics specialist.

Re:License required for use in court

[Remik]

Yes, anyone can claim their a forensics expert. That's why it's up to the courts to determine whether a certain person is qualified to testify as an expert witness. And, that's why it's up to that person to document and justify the steps they took in obtaining and analyzing the data in question. Certain professional certifications (CCE, ISFCE) exist for forensic computer examiners. Adding the PI requirement is unnecessary, nanny-state BS. I work for a law firm, I could be considered an expert in legal technology and I have my CCE. I shouldn't have to go jump through hoops to get a PI license to do my job which I am fully qualified to do. At the same time, most PIs are not in the least bit qualified to do what I do.

-R

Re:License required for use in court

[muridae]

At the same time, most PIs are not in the least bit qualified to do what I do.

I agree with you there.

I'm completely against handing any and every PI out there carte blanche permission to handle computer evidence. The average one would be shredded on the stand when asked about their computer skills and documentation of what, exactly, they did. I'm also against the State licensing professions, personally. A CCE is a much better display of skill then a PI license would probably be. However, the State already requires a license for physical forensics, why shouldn't it be extended to computer forensics? This is one of the few cases where the law is trying to keep up with technology, and it's being railed against as 'more nanny state' laws. The option is not to keep this law off the books, it's to either accept it or get rid of the requirement to be a PI in order to perform physical forensics.

I could argue that I've been able to pick locks since I was 9, and know how to both use and install digital cameras, why should I need a PI license to do a job I am qualified to do. I would be making most of that up, but the point is still there.

Re:License required for use in court

"A guy who comes home and finds his door kicked in does not get to collect finger prints from his house to prove who did it" I guess you missed out on those Hardy Boys books as a kid. More on topic... I don't understand the necessity of a PI license for handling legally accessible evidence. I mean, sure, there need to be licenses for storming a building, but if someone brings you a DVD and says "Can you recover the corrupt video files..." Why not? The court system is set up specifically to support this--it's called a rebuttal witness. Basically, if a specific piece of evidence is challenged on account of its authenticity or validity, an expert witness can be summoned. So, if you present some mined evidence and explain your methods, there is already a legal mechanism in place to allow that information to be challenged, if it needs to be. I understand how a PI license for this would put a heavier burden on the prosecution to ensure that they've got all their ducks in a row, but it hurts the defense--Can you imagine defendants having to hire PIs just to help them present their own digital data?

Re:License required for use in court

[wikinerd]

you need to have a license to prove you are doing things right.

How can a licence *prove* competence?

Re:Worrisome? RTFA

[Watson+Ladd]

The bills being considered are only about forensic evidence presented in court.

This state has a bad track record with licensing

Let me give you an example of South Carolina professional licenses. I am an engineer, a PE, licensed as an engineer by the state. My degree is in Chemical Engineering, yet my PE license says nothing about chemical engineering... it is no different from a mechanical engineer, electrical engineer, or structural engineer, or any other engineer. I can officially stamp the blueprints for your house, despite the fact I have absolutely no experience in construction or building practice whatsoever. Tne only thing that stops me is ethical guidelines and my own conscience -- neither of which stop a PI.

BEST.COMMENT.EVER.

[GNUALMAFUERTE]

I Wish I had mod points

Re:Worrisome? RTFA

[BarryJacobsen]

The bills being considered are only about forensic evidence presented in court. Darn you with your "facts" and "reading the article"! Where's the hearsay and made up statistics, dammit!

3.14159...

[Kuciwalker]

Anyone else read this as a "pi" license and wonder WTF the headline was about?

How it *should* be...

IMHO, they should only require the license if you perform investigations (but NOT merely incidental to a repair!) for hire or before you present evidence to a court.

Restricted to that, I don't think I'd have much of a problem with it. But you're right, if it means that we have to be licensed to do basic administrative duties, screw that.

So yeah.

[Damocles+the+Elder]

So...I know it's against the whole Slashdot mindset to read the article, but I at least skimmed it, and here's what I got out of it.
1. It's a South Carolina thing (And who lives in S.C., anyways? Seriously.)
2. It's only in the case of evidence in court cases. (i.e., you'd have to have a PI license to submit evidence gleaned from a computer HD).

So all you people freaking out, even kiddingly, about not being able to tag -a at the end of your ls commands, you can calm down.

Re:Wonder if my Employer would pay for this cert..

[Feanturi]

Your job is quite safe without getting a PI license. You can dig around and uncover evidence in your network all you like, and you can take normal actions upon that evidence, such as tracing IPs and contacting authorities etc, all the usual stuff. What you can't do is provide what you find in your network as evidence in a court case, that is all. Someone else has to check your place out and then do the testifying themselves. Basically the court does not consider you an accredited expert witness under this legislation. If that is required, a temp PI computer forensic guy can be brought in, collect what is needed, and then he goes somewhere else (he's not into being a network admin, he's got more places to investigate), leaving your position intact.

Courts have rules

[bill_mcgonigle]

I would think that requiring an Investigative license for doing invetigative work would be a good thing.

Yes, especially if you want to get paid. Imagine being hired by a company to do some forensic work, and you've found out all kinds of interesting things, and then it makes it to court, and it's all thrown out because you didn't understand and follow basic rules on how to handle evidence, and what's legal and not legal to do.

Good luck getting paid by the employer after losing the case for them. In some jurisdictions you might even face liability or criminal charges.

I've looked into the process, and in some states it's not too bad - IIRC some states require a period of apprenticeship, you can't just take a test.

Re:This state has a bad track record with licensin

[the_humeister]

Yes I do agree that state licensing is rather abysmal. I see where you're coming from. I'm a pathologist. Yet my state medical license states that I can legally practice medicine and surgery (which is rather insane if you ask any reasonable person). On the other hand, there must be some way to say that a particular computer forensics lab is not just some shady operation, especially if the evidence provided is going to be presented in court. Although it shouldn't be a PI license that provides this evidence.

Re:Worrisome? RTFA

Darn you

Why, does he have a hole in his ankle? The old sew-and-sew.

Pi License?

[Cooliocopter]

I misread the headline as being licensed to state pi to a certain number of decimal places...

I find you troubling.

omg, you're retarded right?

GO BACK INSIDE!

In Colorado, there is no PI license

[walterbyrd]

Anybody in Colorado can be PI. I think there are few states that don't require a license.

Re:A good incentive to use OpenBSD or Trusted Sola

I think he's basically saying that you should avoid having to go back and search through your logs for evidence of an intrusion by using software that was designed to avoid such intrusions in the first place.

No surprise

[iminplaya]

The government can't permit any kind of balance of power between it and the citizens. It's trying to protect its scandals from being exposed. And in this post 9/11 hysteria, it should be a pretty easy pull.

PIs should be required to be forensics certified

[walterbyrd]

I don't mean to offend anybody, but law enforcement, and private investigating, are not the most accedemically demanding professions. Yet many in those fields feel vastly more qualified than any techno-weenie.

I think it would be great fun for PIs to have an idea of what the techies really have to know. I would be willing to bet, a lot of them couldn't handle it.

No mention of specifically which country affected!

[sycotic]

There are more or less 193 countries out there (http://en.wikipedia.org/wiki/List_of_countries) ...

le sigh.

And so...

[DynaSoar]

Any PI who engages in (or has engaged in on their behalf) computer forensics should have a certification or degree in that field.

Considering the boneheads who manage to obtain the former, there will be damn few who get the latter, and the whole thing falls apart

sounds good to me

[nguy]

You won't need a license to go digging through your own hard drive. What you do need a license for is to go digging through other people's hard drives. That seems like a good thing. Among other things, it probably means that Best Buy can't go on fishing expeditions through your hard drives anymore.

Re:sounds good to me

[Ian+Alexander]

You won't need a license to go digging through your own hard drive. What you do need a license for is to go digging through other people's hard drives. That seems like a good thing. Among other things, it probably means that Best Buy can't go on fishing expeditions through your hard drives anymore. Given the particular law being reported on, it doesn't even prevent you from digging through other people's hard drives.

It does, however, prevent you from presenting what you find in a court of law in South Carolina unless you're also a licensed PI, or are collecting through a licensed PI agency.

I'm not really sure what concern this legislation addresses, honestly. If there's a question as to the reliability and relevance of an expert witness and/or their testimony, you can initiate a Daubert motion to have the evidence thrown out before the trial even starts. Problem solved.

http://en.wikipedia.org/wiki/Daubert_standard

Chain of custody

[Menoche]

I bet it won't even help maintaining a proper chain of custody. When they see the PI fail in court as much as the techno-dudes, it'll fail.....

Magnum IT

[angus_rg]

I'm so getting a buttler named Higgins......

Worrisome?

[jgoemat]

Hardly. Why should someone be required to get a license to follow someone or take pictures, but not to examine the contents of their hard drive which could contain more personal information than they would ever glean from a normal investigation?

Re:This state has a bad track record with licensin

[Maxwell'sSilverLART]

On the other hand, there must be some way to say that a particular computer forensics lab is not just some shady operation, especially if the evidence provided is going to be presented in court.

There are a couple of ways. First, courts certify expert witnesses. If you use a certified expert witness, his testimony is presumed accurate.

Second, and much stronger, is the process itself. Our legal system operates on the adversarial system: each side opposes the other, bringing its own evidence and analysis before the judge and/or jury. Either can bring in experts, and either can refute the testimony of the other. If the forensics lab is questionable, a competent attorney (and most are at least competent) will challenge the labs methods and results. It works surprisingly well.

Gun hell, I want an RPG.

Gun hell, I want an RPG.

Re:Gun hell, I want an RPG.

[deniable]

RPG? I prefer perl.

Re:This state has a bad track record with licensin

[UncleTogie]

First, courts certify expert witnesses.

I have to call BS here. During a court case, the "expert witness" was testifying concerning medical & dental practice software packages.

When asked what made him so experienced in the field, the guy answered, and I kid you not:

"Oh, I browsed the web for 4 hours on the topic."

If you blinked there, join the club. Even worse, the judge BOUGHT that line.

To quote Daffy Duck: "You call this a close-up?!?!?"

Re:Worrisome? RTFA

[schon]

The bills being considered are only about forensic evidence presented in court. *sigh* Forensic evidence is by definition presented in court. That's what forensic means.

I guess it's too much to expect /.'ers to actually know the definition of a word before they begin railing on it.

Right. I can see Guy Noir investigating now.

[ydra2]

It was a cold blustery winter day in Chicago, the kind of cold that chills
McDonalds coffee from "blistering shreds of dangling skin" hot to merely
blistering hot. I downed the last gulp of coffee in my office on the 39th
floor of the Acme building when she walked in the door. A sultry gorgeous
dame, with long billowing blonde hair, and deep green eyes that burned with
angst, and a figure that could pop out eyeballs in a gay bar. I tried to look
her in the eyes but she had a mystique about her, something that told a man
to lower his gaze. I complied with my gut feeling and I wasn't disappointed.
She was to cleavage what Mount Rushmore is to monuments, and in that
second before she spoke, I forgot all about lab reports, stake-out schedules,
and my lost suit at Kim Speedee Dry Cleaning. Her dress was so tight I could
read the J.C. Penny's label on her underware, and I was damned glad for that.

After an awkward moment she spoke. "Mr. Noir, I have a laptop here. I think
my husband has been using the built in web cam to spy on me when he's out
of town...." I had to stop her there. "Just a minute Miss, I don't even know
who you are." And she had the perfect answer when she replied with "I'm
the widow of the late Johann Marstad, owner of Marstad Industries LTD.
I'm Elenor Marstad. Will you look at this computer and tell me what you
find?"

Of course I had to know more. "Where and when do you normally use this
computer?" I asked inquiringly, and once again she didn't disappoint.
"Mostly late at night, in my bedroom." she unhesitatingly answered. My
mission was rather clear. Find the pictures of a stunning beauty, on a
laptop, showing her using it late at night in her bedroom. I'm a licensed
PI so I have the right to do that. It's right there on the license, just
after the part that gives us the right to spy on ordinary Americans, just
before the section that reads "License to argue with Chief of Police."

I was about to take the laptop when my secretary Sally came in...

So this is how legitimacy is established now.

[grilled-cheese]

So what this means is that every RIAA "investigator" in court will have to have a PI license and possibly have to understand what level of investigation is legal in each state before going to court. In the end, won't this just devalue the PI license if even tech savvy 13 yr olds have one? Even worse, would you really want a 13 yr old with a PI license?

How is that post modded up?

[Travoltus]

Do you realize the damage that an unlicensed real estate professional can do to a home buyer or home seller?

Let's say you buy a house - a $400,000 investment - and you find out later that the home has
inside wiring problems
dry rot and other water damage
termites
**a mountain of casino debt attached to the property**

oh and the unlicensed jerk who brokered this sale - and the former homeowner - have disappeared.

This, and 10,000 other issues, are why you never buy a house without a licensed realtor.

Re:How is that post modded up?

[Jonathan+C.+Patschke]

This, and 10,000 other issues, are why you never buy a house without a licensed realtor.

No, it's why you get a home inspection and title insurance, both of which are usually required by the mortgage company, anyhow.

Re:How is that post modded up?

[vsync64]

This, and 10,000 other issues, are why you never buy a house without a licensed realtor.

I think you meant, without a licensed real estate agent. "Realtor" is a term trademarked by a mob cartel.

Re:How is that post modded up?

[tengu1sd]

>>>Do you realize the damage that an unlicensed real estate professional can do to a home buyer or home seller?

Someone who doesn't own a house? None of these problems would be the Realtor's problem. He refers you to a home inspector who may or may not be worth the fee. The title company insures the lender, if you're borrowing for the purchase. If you're bright enough to ask, you can also get a second title policy covering your interests.

What does the realor do? He brokers the sale, that means getting an owner and together. His motivation is to close the sale and collect his cut. Any licensing and regulation exists to minimize your option to sue him.

Worrisome!

[mi]

So, when a copyright violator gets away (or tries to) with unauthorized reproduction of other people's artwork by claiming, she was investigated by an unlicensed investigator, the entire Slashdot is cheering for her. And I only picked the posts moderated at 5...

Other times, we are capable of looking at the requirement with a cooler head and recognize it as worrisome. Even if one accepts, that the classic gun-wielding detectives of the Dr. Watson kind should be licensed (and Dr. Watson was not), it should not be necessary for a computer forensics experts.

Licenses in general are a terrible idea, because they are issued (and revoked!) by the Executive branch with very little recourse from the Courts — in fact, this is why the (Executive) government likes them so much. They allow them to twist the businessmen's arms without the troubles of lawsuits. In the city of New York, for example, a driver can not even appeal a driving citation to the real courts — one's only venue is "Traffic Court", where the "judge" is, in fact, a city employee and part of the Executive branch... (That's right — the separation of powers will not help you, if the government of New York City decides to ban you from the "public" roads.)

Making yet another activity require a license is, indeed, a worrisome development.

Re:Worrisome? RTFA

[unlametheweak]

*sigh* Forensic evidence is by definition [wikipedia.org] presented in court. Forensic evidence does not NEED to be presented in court. Forensics is merely gathering evidence that MAY be used in court. More specifically the article is talking about computer forensics (http://en.wikipedia.org/wiki/Computer_forensics).

Various definitions:
http://www.google.com/search?q=define%3Aforensic&submit2=Google

More colloquially one could describe forensics as merely data gathering evidence (whether it be used in a formal court of law or not). A parent using forensics software on a child's computer may not be considered forensics to the FBI, but it probably would be to the parent or child. Much the same for internal company forensics. Strict definitions need to keep up with colloquial usage.

Great! One more thing to make my job harder....

I sell Sniffer (the original) for a living. I guess that means I'll need to get a copy of the end-users PI License before I can accept an order......

Re:Worrisome? RTFA

[Max+Threshold]

Still ridiculous. Are they going to require a PI license for any other profession to give expert testimony?

Stop overreacting

[MillionthMonkey]

Sorry, but I don't see how another inane 'licensing' will do more good than bad. Just because someone is licensed does not mean they're honest. Heck, all care repair shops in NY have to be licensed. Do you REALLY thing that keeps them honest?

Whether "all car repair shops in NY are honest" or not, the licenses do present a mechanism that can hold them accountable and close them down if sufficient effort is put into enforcement. Licensure can often atrophy into a simple tax collected by a licensing authority that doesn't perform proper enforcement procedures for the licenses it issues, but that's not the idea.

Since a private investigator has a license, he's on the hook if he presents incorrect or bullshit evidence to the court. Ordinarily I can't go to a PI with pictures of my wife and my neighbor taken through open windows, and have him photoshop them into obscene pictures that I can take to court for a divorce proceeding, presented as evidence bearing the imprimatur of a licensed investigation. The court would indeed take that type of evidence more seriously than if you just had some friend of yours photoshop his dick into her mouth himself. That wouldn't be admitted as evidence. The PI has got a license; your friend doesn't. If the PI is indeed found to have violated the terms of his license by doing that, he'll lose his license, and may be subject to fines and jail time in addition to those he'd get for falsification of evidence.

"The problems in South Carolina occur when folks from national [law] firms come into South Carolina, seize digital evidence, have that evidence analyzed in a lab in some other state, and then send it back to South Carolina for litigation," Abrams says. "The state has no mechanism to hold them accountable if they screw up, which I see all the time in cases."

A license if just a scrap of paper that means you paid someone for it. Perhaps you passed a test too. That means about as much as that 10th grade biology final that you crammed for the night before and then erased from your brain after the next morning. I'm much more interested in holding people ACCOUNTABLE for their actions than having the government "protect" me.

A license is not just "a scrap of paper" that required a fee for a licensing authority. After your 12th grade finals are over you may find that scraps of paper can do surprising things. They can imbue you with certain legal responsibilities. If you practice medicine, or practice law, or conduct private investigations, you can do certain things the rest of us can't, and you are on the hook for doing them correctly- you're held ACCOUNTABLE for your actions. Doctors, lawyers, and private investigators each bear their own types of accountability. If you make a legal promise to conduct yourself in some way, and the promise you made then gets "erased from your brain after the next morning", you're going to find yourself in a world of hurt. You'll find it's not like studying for finals at all.

A forensic investigator is gathering information that might certainly be used to put someone in jail. "Oh no, I need a license to do that? Waaah!" Well, duh! What if you're incompetent, or a liar, or the darling of law enforcement because you find child porn on every machine that comes in? Do you really think that type of behavior should be legal, or that evidence from your lab should be admissible in courts?

"It's an ambush," says Phipps, a 31-year FBI veteran now with Norcross Group, a digital e-discovery business. "Under the South Carolina statute, only a handful of licensed PIs across that state have the years of information system and tools experience needed to do true digital forensics with repeatable processes of documentation and chain of custody. This is the only group that stands to gain."

I don't know what he's complaining about; he stands to gain too. They're trying to make everyone imagine that a handful of film-noir private eyes are planning to take over the computer

Re:Stop overreacting

[torkus]

Whether "all car repair shops in NY are honest" or not, the licenses do present a mechanism that can hold them accountable and close them down if sufficient effort is put into enforcement. Licensure can often atrophy into a simple tax collected by a licensing authority that doesn't perform proper enforcement procedures for the licenses it issues, but that's not the idea.

But see...that license doesn't actualy make that shop accountable. Our twisted and pathetic court system - IN THEORY - does. How about you just make people RESPONSIBLE for what they do. You "fix" my car for $3000 and it falls apart - i take you to a court where facts are more important than who's lawyer did 18 holes with the judge over the weekend.

Much of the licensing done today *IS* just a tax. Heck, in seattle you get your yearly "business license" for $75. Any company, any size. Oh, EXCEPT "erotic dancers". Theirs is $300 last I checked. I'm not sure how that license (either one) actually addresses the suitability for a person or entity to do business.

Since a private investigator has a license, he's on the hook if he presents incorrect or bullshit evidence to the court......If the PI is indeed found to have violated the terms of his license by doing that, he'll lose his license, and may be subject to fines and jail time in addition to those he'd get for falsification of evidence

Why does he need a license to he held accountable for perjury? Everyone is equal in this country right? /sarcasm

If you practice medicine, or practice law, or conduct private investigations, you can do certain things the rest of us can't, and you are on the hook for doing them correctly- you're held ACCOUNTABLE for your actions. Doctors, lawyers, and private investigators each bear their own types of accountability

That's my point. It's ILLEGAL for me to do many things i'm not 'licensed' to do. Regardless of my ability. In my opinion, if i CLAIM to be able to do something then i'm responsible for sucessfully doing it. Simple really. If i fsck up, my ass is on the hook. Period. Disclosure of my experience and/or accreditation, sure. Stop asking the government to protect you from your own decisions.
 
...the darling of law enforcement because you find child porn on every machine that comes in? Do you really think that type of behavior should be legal...

No. That's fraud, perjury, falsly incriminating someone...heck, it's possession of kiddie pron too. That is illegal. Period. License or not, if you do something like that you should be held accountable. Would someone go out on a limb and plant/hide evidence? Sure. Does that already happen today? Constantly, and people often are NOT held accountable for their actions.
 
...Existing forensics outfits will quickly send their geeks through the seminars, have them sign the papers promising they'll behave themselves, pay the fees, get their damn licenses, and move on, with full knowledge that they're responsible for their fuckups

Oh wait, so we agree. Because that sounds an awful lot like getting a scrap of paper and paying a license tax for no reason other than to have it. They're accountable now, they would be after. How does this serve the public interest other than making she sheep feel safer through an obscure license they will never understand?

Re:Stop overreacting

[MillionthMonkey]

But see...that license doesn't actualy make that shop accountable. Our twisted and pathetic court system - IN THEORY - does.
Yes it does make it accountable. It just isn't holding it to account on its license- it's not using a tool it's been given. That's a big difference you're not seeing. If this system doesn't work, "in theory" and in practice it can be fixed. It's been done many times in history. Once upon a time car repair did work as you suggest with your fantasyland idea below, and the predictable result was abandoned cars littering the streets:

How about you just make people RESPONSIBLE for what they do. You "fix" my car for $3000 and it falls apart - i take you to a court where facts are more important than who's lawyer did 18 holes with the judge over the weekend.
Sounds like a great idea. Why hasn't anyone thought of this already? Just like we fixed TV news, we'll just use the "facts". We'll not allow our personal biases or conflicts of interest to influence our decisions. We can get judges, attorneys, and juries from planet Vulcan. In fact, why have cops at all? Just let crimes happen, and use prosecutors and courts for everything!

Why does he need a license to he held accountable for perjury? Everyone is equal in this country right? /sarcasm
Everyone is accountable for perjury if they testify. Everyone is accountable for falsification of evidence, if the evidence is admitted into court, which it may not be, if the guy who produced it doesn't have a license to investigate crimes. Maybe he doesn't do competent job at forensics. Innocent people may be languishing in jail for years because of him. Do you want his work to show up at your trial in the meantime, while you're waiting for his comeuppance? Maybe he gets it years later, and your conviction is then tossed, maybe. I guess that's justice?

That's my point. It's ILLEGAL for me to do many things i'm not 'licensed' to do. Regardless of my ability. In my opinion, if i CLAIM to be able to do something then i'm responsible for sucessfully doing it. Simple really.
"Simple really" is the universal suffix attached to a bad idea. I can't address the deficits of this thinking fully, since I have a flight to catch, but if I see you in the cockpit I'll trade seats with you because I can claim to be a pilot too.

No. That's fraud, perjury, falsly incriminating someone...heck, it's possession of kiddie pron too. That is illegal. Period.
Not if you're successfully prevented from doing it, so cops aren't bringing any hard drives with kiddies to you in the first place.

Would someone go out on a limb and plant/hide evidence? Sure. Does that already happen today? Constantly, and people often are NOT held accountable for their actions.
You make your mistake when you jump from "people often are NOT held accountable for their actions" to "let's just let anyone do what they want and hold them accountable if they mess up". Holding someone accountable for doing work badly is more difficult than preventing them from doing it at all until they have met certain requirements. We don't let witch doctors practice medicine, for example, figuring his gullible victims will sue him.

How does this serve the public interest other than making she sheep feel safer through an obscure license they will never understand?
Of course they're not familiar with the license! Geez! This isn't to make "the sheep feel safer", it's to keep "the sheep" from languishing in jail for years waiting for some incompetent or prosecutor-friendly computer forensics expert to be exposed!

Oh wait,
Oh wait seems to be the universal prefix attached to inaccurate observations.

Re:Stop overreacting

[torkus]

But see...that license doesn't actualy make that shop accountable. Our twisted and pathetic court system - IN THEORY - does.
Yes it does make it accountable. It just isn't holding it to account on its license- it's not using a tool it's been given. That's a big difference you're not seeing. If this system doesn't work, "in theory" and in practice it can be fixed. It's been done many times in history. Once upon a time car repair did work as you suggest with your fantasyland idea below, and the predictable result was abandoned cars littering the streets:

The license itself does NOT OFFER ANY PROTECTION. The court system, perhaps. Forcing repair shops to obtain a license isn't what's providing the protection. And i'd LOVE to see your reference to cars littering the streets before repair shops were licensed.

How about you just make people RESPONSIBLE for what they do. You "fix" my car for $3000 and it falls apart - i take you to a court where facts are more important than who's lawyer did 18 holes with the judge over the weekend.
Sounds like a great idea. Why hasn't anyone thought of this already? Just like we fixed TV news, we'll just use the "facts". We'll not allow our personal biases or conflicts of interest to influence our decisions. We can get judges, attorneys, and juries from planet Vulcan. In fact, why have cops at all? Just let crimes happen, and use prosecutors and courts for everything!

Erm what? Remind me what the accuracy of TV news has to do with providing a vaugely honest court system or what star trek has to do with any of this. Try to stay vaugely on topic, m'kay?

Why does he need a license to he held accountable for perjury? Everyone is equal in this country right? /sarcasm
Everyone is accountable for perjury if they testify. Everyone is accountable for falsification of evidence, if the evidence is admitted into court, which it may not be, if the guy who produced it doesn't have a license to investigate crimes. Maybe he doesn't do competent job at forensics. Innocent people may be languishing in jail for years because of him. Do you want his work to show up at your trial in the meantime, while you're waiting for his comeuppance? Maybe he gets it years later, and your conviction is then tossed, maybe. I guess that's justice?

Hey, if my "non-licensed" investigator never testifies or submits evidence how is that even relevant?! Again, try to stay on topic. If his testimony puts someone away for 3 years wrongfully, hold him responsible for those 3 years and the loss/disruption to that person. Oh, and if you don't make a brotherhood of licensed idiots out of the, then a NORMAL PERSON will be able to afford their own investigator to refute evidence if it's not accurate. You won't need a $300/hr lawyer to jerk off in a court room.



That's my point. It's ILLEGAL for me to do many things i'm not 'licensed' to do. Regardless of my ability. In my opinion, if i CLAIM to be able to do something then i'm responsible for sucessfully doing it. Simple really.
"Simple really" is the universal suffix attached to a bad idea. I can't address the deficits of this thinking fully, since I have a flight to catch, but if I see you in the cockpit I'll trade seats with you because I can claim to be a pilot too.

So instead of addressing my POINT you poke at a simple phrase. Why not call out the grammer nazis? Simple is relative. I think responsibility is an awful lot simpler that the nonsense license turns into.

And the rest is just you rambling on and on making no useful point. I'm not 'making the jump' as you say. I'm suggesting we fix the underlying problem (accountability) rather than add another bandage (license) on the bloody wound. If i don't understand what or why someone is licensed, then how does that actually help me? It actually facilitates those people with taking advantage of me since they "must" know what they're doing they'll just b

Déjà vu

[avatar4d]

This sounds like it is the first step heading in the direction of topic recently discussed here:

http://yro.slashdot.org/article.pl?sid=08/01/03/2056223

Which itself seems to be heading in the direction of this:

http://it.slashdot.org/article.pl?sid=07/08/13/0218246&tid=172

It is really an indirect way of doing the above. The first step towards it anyway. I think that lawmakers should stay out of situations they don't understand or have the power to control anyway. Just like the other aspects of the computer industry it, itself, has created "licenses" in the form of certifications. Should those not be enough to test competence?

To me this sound much like a need for control (most likely because of fear of not understanding).

A current private investigator geek

[happyslayer]

The usual, IANAL, this isn't legal advice, etc. etc...

However, I am a current, licensed private investigator in Ohio who happens to do digital forensics from time to time. So, I believe that I can shed some experience (or spread some BS) on this subject.

Private Investigation in Ohio is governed by Ohio Revised Code Chapter 4749. To summarize:

• You have to be a licensed investigator to perform investigations for hire. (Meaning you get paid.)
• The exceptions (and there are specific ones listed) boil down to a) insurance adjustors, arson inspectors, forensic accountants, etc., and b) it's part of your normal job (such as a network administrator tracking down a break-in. My example, not the law's.)
• Anything you do for yourself is, well, for yourself, and doesn't require a license.

A lot of other states have a similar setup.

Now, without having read the actual proposed law in South Carolina (this is /., after all), I would say that it sounds like a bad idea. An investigator license is not a magic wand to say that you are an expert, and the summary makes it sound like having a PI license gives you almost automatic "expert witness" status. (From my IANAL point of view, that is a specific determination that the court has to make, and normally they don't take it lightly.

PI licenses are used to regulate who goes around snooping into other people's information. There are specific criminal penalties for performing investigation services, for hire, without a license; I believe that it keeps the people honest (in Ohio, Homeland Security oversees the licensing!), and prevents a lot of wasted time and money on some Magnum wannabe who ends up doing more damage to his clients cases/circumstances than good.

As far as I can tell, those who do purely "digital forensics" are the equivalent of DNA lab techs or fingerprint analysts: They perform a technical function whose methods and findings are narrow, reviewable, and (should be) reproducible. The aspect of "investigation" only comes in when you begin to track down names, background, places, and faces relevant to the process. Despite what CSI: Miami tries to put out, lab guys are not normally the folks interviewing the suspects and poking holes in alibis; they deal with facts and findings. (More like Abbie on NCIS.)

Which leads to the counter-proposal from the Nevada situation: If the courts already have a tried-and-true method of determining what an "expert witness" is, there really isn't a need for another licensing agency. Yes, courts can and do rely on licensing for some determinations, but again, they use experience, knowledge, reproducibility, and accepted methodology as real determining factors. That way, a medical license isn't an automatic "my opinion is indisputable" stamp.

I think South Carolina is either overreacting or trying to pay off a party contributor....but hey, what do I know? (Or, how could I find out? :-)

And yes, I realize that I said I "do computer forensics." Being a geek with a license, it's easier (and much faster and cheaper for the client) to do a forensic run-through myself than to hire it out to a lab every time. But I also know my own limitations, and quickly admit when/if I ever get over my head and need to call in the hard-core experts.

Re:A current private investigator geek

[st0rmshad0w]

So what if your "normal job" is a for-hire network administrator who has to do forensi work?

Re:A current private investigator geek

[happyslayer]

If by "forensic work" you mean autopsying a computer to figure out why/how/when it died or was compromised, then that could fall into your normal work. (Again, I'm talking from Ohio statutes; they leave that exception open. I think this was a reasonable exception, because lots of jobs require some "investigation" to find out what happened.)

If your client/company decides that they even might be filing criminal charges or a civil complaint, then they should, early on, consciously decide how they are going to proceed. If they want an airtight case, or prevent opposing counsel from ripping them and their evidence to tattered little pieces, they have to decide if an in-house investigation is sufficient.

Again, in my opinion (IANAL, blah-blah-blah), figuring out what's on a computer, what happened to it, and even how to prevent it could be considered "digital forensics" but also doesn't require an special licensing. If you start trying to track the people responsible, that's where you start to get into the realm of private investigation, and you should be aware of what your laws require.

As I said, IMHO, "digital forensics" is just like any other lab tech: Specialized knowledge and analysis capability, and an ability to prove your findings to an opposing expert, an attorney, or a court. Beyond that, the South Carolina law/bill seems to be creating an issue where there really shouldn't be one.

Re:A current private investigator geek

[nomadic]

the summary makes it sound like having a PI license gives you almost automatic "expert witness" status. (From my IANAL point of view, that is a specific determination that the court has to make, and normally they don't take it lightly.

They don't take it lightly, and honestly official status or certification doesn't make it automatic. A judge will have no problem disqualifying a well-credentialed expert because the basis of his or her specific testimony in that case is insufficient.

Re:A current private investigator geek

[happyslayer]

Good point...which is why I believe that there is a mechanism in place, and that the proposed restriction is pointless, or even damaging.

Crock of shit

[Unlikely_Hero]

This is about as poorly thought through as Germany's "hacker tools" law (and the pending bill in the UK).
US Legislators, fuck off. Fuck off and die.
Have you checked your approval ratings lately? I wonder if spending your time on bullshit like this is why your approval ratings are so low.
Here's a little plan.
1. Impeach bush/cheney and basically most of the executive branch.
2. repeal the PATRIOT act, military commissions act et al
3. stop the NSA spying
Where to go from there (ie, increasing social programs, ridding the nation of the IRS) is widely dependent on one's particular views
However, at least imho, until 1-3 above are accomplished, no one will see you as anything but a bunch of idiot shmucks.
If you're not going to get on 1-3, please hurry up with the fucking off and dying.

Re:Crock of shit

[EdIII]

What magical utopia of a country do you live in?

Seriously, I know we have problems, and I scream loud enough already... but we are not alone with this kind of bullshit.

Just which country do you hail from that is the cyber rights promised land and what immigration policy does it have?

It's easy to bash on Americans and wish for us to die, but the fact is at the public level we are fighting very hard. I would leave the UK and Australia with the bullshit they have passed.

Apparently the grass is always more dead and polluted on the other side......

P.S - Silly little licensing laws are NOTHING compared to constitutional amendments, FEDERAL laws, etc. I find it interesting that something this small pisses you off that much :) You must have blown blood vessels when they passed the Patriot Act.

Re:Crock of shit

[Unlikely_Hero]

Heh. it's very true that things like various amendments/federal laws are head and shoulders worse than licensing. I think it's moreso that the level of bullshit has just gotten to a point where it all pisses me off equally. It's very true that we're not alone in this bullshit, I wish we were, at least then others wouldn't have to deal with it. Heh, I live in a place similar to the UK/Australia. It's just as bad, worse in some ways. I definitely don't hate Americans. Most Americans I met are some of the most thoughtful interesting people I have ever encountered. I hate that it seems that the fire in their hearts is almost gone, flickering and just about to go out. The founders of the United States would be turning in their graves so much if they could see the current state of the US that they could solve the energy problem. You mention that at the public level the people of the United States are fighting very hard. I do hope that is true and if so I would join you and help you in this fight. Heh....let's not discuss the words that came out of my mouth when various laws such as patriot/military commissions act were passed. Thank you for the response, it was tempering and filled me with hope that people still do care.

Already is the law in Virginia

[nonumnos]

From the Code of Virginia:

9.1-138. Definitions.

""Private investigator" means any individual who engages in the business of, or accepts employment to make, investigations to obtain information on (i) crimes or civil wrongs; (ii) the location, disposition, or recovery of stolen property; (iii) the cause of accidents, fires, damages, or injuries to persons or to property; or (iv) evidence to be used before any court, board, officer, or investigative committee. "

and

9.1-139. Licensing, certification, and registration required; qualifications; temporary licenses.

"C. No person shall be employed by a licensed private security services business in the Commonwealth as armored car personnel, courier, armed security officer, detector canine handler, unarmed security officer, security canine handler, private investigator, personal protection specialist, alarm respondent, central station dispatcher, electronic security sales representative, electronic security technician's assistant, or electronic security technician without possessing a valid registration issued by the Department, except as provided in this article."


Note, there is very similar language under New York State laws as well. In fact it's all damn near boiler plate, they are so similar. I would suspect several other states therefore have comparable laws on the books already (No, I have not yet bothered to RTFA). Just because lots of people have been doing it for a while because they were/are ignorant of the law does not excuse it. They are committing a Class 1 misdemeanor. Any decent opposing council will move to exclude any evidence produced by an unlicensed/unregistered company or person.

9.1-149. Unlicensed activity prohibited; penalty.
"C. Any person convicted of a violation of subsections A or B shall be guilty of a Class 1 misdemeanor. "

MOD PARENT UP

[Unlikely_Hero]

The last sentence says it all.

Re:Wonder if my Employer would pay for this cert..

[nonumnos]

Generally speaking, you would be considered a "proprietary employee". You are not offering that primary skillset on a for-hire basis to more than your primary employer.

The Real Question?

I think the real question here should be what business does the government have in determining who can fill a job and who can not? Should it not be up to the employer/court/defense/prosecution/police department who is hiring such a person. In my experience certifications all to often mean next to nothing, besides you can pass a test or have enough money to pay the licensing fees (which most often vanish into completely unrelated branches of the government). And I think all to often "licensing" "permits" and most other pre action permissions from government are either used to discriminate agents a one party or another or are the equivalent of treating the individual as if they "guilty" of something and have to prove their "innocence" before they are allowed to proceed. In my opinion government should always be the one forced to prove they need to disallow someone from doing as they wish, the alternative often leads down a dark path with ever increasing restrictions on the individual. States should of course where they feel appropriate put in place COMPLETELY VOLUNTARY/NO STRINGS ATTACHED systems of certification for added credentials, but never mandatory systems. Otherwise we may all be eventually forced to take certifications for the most simplistic of things to remain "legal", such as repairing our own car, or installing our own tub/sink. Don't joke, I bet if you told someone about half of the licenses and permits that exist today (Residence Permits, Building Permits, zoning permits, electrical permits, elctrician licences, Pesticide licenses, truck, bike, chauffer licenses (some of which by the way REQUIRE drug testing)) they would have gotten quite a chuckle out of such "insanity".

Re:The Real Question?

[pclminion]

I think the real question here should be what business does the government have in determining who can fill a job and who can not?

I know! I mean, the idea of needing governmental approval to become a judge, what insanity. Anybody should be able to walk into a courtroom and be judge for a day. EVERYBODY IS HEREBY SENTENCED TO DEATH! Also, anybody should be allowed to act as a public defender. If you ever end up as a defendent, I offer to defend you pro bono. I have some very... "interesting" legal strategies I'd like to try out. Or, I could be on the other side, supplying electronic evidence against you which I collected completely illegally (I just won't mention the details).

(Oh, and if you are ever in an accident, I offer to supply my professional medical services to you free of charge! I'm just a nice guy like that.)

Sarcasm aside, sometimes it pisses me off too. The idea of needing a specialized permit just to install cat-5 cabling in my house is pretty upsetting. But if you think we don't need government oversight of the fundamental workings of the justice system you must be an anarchist. The government was created to solve a very specific, limited set of problems and this is one of those problems. Just because government has ballooned over time doesn't make this one part of it perfectly right.

Re:Worrisome? RTFA

[Z00L00K]

That's a relief - but does that mean that if evidence that I as a sysadmin has extracted is going to be dismissed in court since I'm unlicensed?

This can have really bad effects when trying to follow up on computer crime and essentially make it hopeless to take cases to prosecution.

I can on one hand understand that there is some need for procedures and chain of evidence, but there can be really tough side-effects.

Hey, wait a minute!

[Gazzonyx]

[...] 9.1-149. Unlicensed activity prohibited; penalty. "C. Any person convicted of a violation of subsections A or B shall be guilty of a Class 1 misdemeanor. " So... we still get to keep our guns then?

hope this happens soon!

this is a desireable development, considering data theft and such, it'll make it a hell lot easier to sue the shits out of those pesky anal ysts.
sleep well suckers =)

Re:PIs should be required to be forensics certifie

Is it ironic that you can't spell academically correct? Maybe we should have a spelling license!

Depends whether you want the patient to live

"I'm a pathologist. Yet my state medical license states that I can legally practice medicine and surgery (which is rather insane if you ask any reasonable person"

Are you available to operate on my mother in law?

Re:Worrisome? RTFA

[Lord+Kano]

"Your Honor, I looked at the access logs on my server and saw that I was attacked by the IP address that was assigned to the defendant at the time."

You need a PI license for that? It's bullshit. A PI license isn't about competency or ethics, it's about getting more money out of people.

LK

Grandfather?

"Grandfather" is a verb? What does it mean?

Re:Grandfather?

[lcoughey]

Grandfathered is used as a verb to describe the process of including someone into the new system because of their past experience and not on the new requirements. An example might be someone who has been teaching for 30 years and only has a teacher's college diploma has been grandfathered to teach even though the new requirements requires a university degree.

Why require a license?

[Registered+Coward+v2]

Texas already requires that computer forensics investigators be licensed PIs. The requirement isn't just window dressing, either. Getting a PI license is tough there. That's why there are only about a dozen licensed computer forensics investigators in entire state. Um, and Media Sentry sure as hell ain't one of them...

One key outcome from requiring a license is it limits competition by putting up a barrier to entry - which helps those with licenses keep their rates higher. As someone who has held a license (not PI) it is a good deal; despite the hassle of taking an annual exam it enabled me to get a bonus every year.

Of course, licenses don't always make sense - look at barbers for instance. I can walk into any barber shop and watch them cut hair and see teh results. If they are incompent I can walk out; and even if I don't discover that until to late a week later and my hair is back; yet we license barbers.

Fire the Lawyerpult

[EdIII]

I am not amused sir! Consider this a warning.

I am the legal owner of the tznvy.pbz domain and I don't take kindly to people advertising fake users on it. I mean really, who is rpbzbab anyways? I put out enough 550 user unknown messages as it is.

Is ROT13 your real name or something?

Try signing your posts with your real email address out there like a man dammit!

Re:Worrisome? - not really

[nothermark]

I see it as more of a push to force more computer forensic folks to learn the legal requirements, and possibly some of the technical requirements, of what they are doing. Anyone following the Groklaw request for input on the Lindor case should see just how poorly the "forensic expert" for the RIAA did his job.

Re:Licensing is about power, new sex license

Amen, and prepare yourself for a license to have sex. My new booty camp will train you in one week to pass the "I'm good enough to have sex with" exam. Only US$43K per person for all the sex that you can handle for one week in order to ensure that you can pass the exam. An online training camp is soon to be released with live video instructors and group chat discussion.

Re:Worrisome? RTFA

[schon]

Forensic evidence does not NEED to be presented in court. Yes, yes - and a lawsuit doesn't have to be presented in court either, because the parties could settle.

Various definitions: You mean definitions like "of, relating to, or used in courts of law", "Of or used in a court of law.", "something for court use", or "relating to the use of science or technology in the investigation and establishment of facts or evidence in a court of law."?

More colloquially one could describe forensics as merely data gathering evidence s/colloquial/incorrect/g

A parent using forensics software on a child's computer may not be considered forensics to the FBI, but it probably would be to the parent or child. But it *still* wouldn't be forensics.

When a piece of (proposed) legislation uses a term, it's not the "colloquial" interpretation.

Strict definitions need to keep up with colloquial usage. So you're saying that computer geeks should henceforth refer to their PCs "hard drives", that they should call a hard drive "memory", and that we should start referring to their desktop wallpaper as a "screensaver"? Because those are *all* terms that are colloquially mis-used.

Sorry, I don't buy it.

Coming Soon

[flyneye]

Only those with professional motorsport experience will be issued drivers licenses.
Only dentists will be able to brush your teeth.
Only TV doctors can prescribe ibuprofin.
Only penguins will be allowed to use Linux.
And so the logic goes...

Re:Coming Soon

[lcoughey]

That is funny. I was thinking more in the lines:

- Nurses need to be Doctors
- RNAs need to be Nurses
- First responders need to be RNAs
...and we all become doctors.

Re:Worrisome? RTFA

[Jerry+Beasters]

This post shows that have literally no knowledge of linguistic theory whatsoever. Stop commenting on something you don't understand.

Re:PIs should be required to be forensics certifie

Ha! Another nerdinho thinking his stuff is hard and worthy of consideration.

Hate to kick your puppy, kid, but computer science is not rocket science. We're not in the late '80s anymore. Anyone can master it.

Face it, your "skills" are on the same par with the garbage man's.

very very very interesting

[Grampaw+Willie]

the article is very interesting because it invites us to consider whether the Shadow wants us to exterminate hacking or not...

Hacking could be exterminated. why has that not be done?

this is a line of thought that we should pursue

I have felt for some time that all these "vulnerabilities" we most likely intentional but intended for prefered customers only, the idea being that select, priviliged parties have the right to access anything and update programming as needed to facilitate that activity

tat would explain why no amount of patching has ever slowed up the hackers; 2007 has been a banner year for the bad boys

I've said it before but it bears repeating: if our commercial interests want to do business over the net the hacking has to come to a stop.

it will take a while to convince us that hacking has been stopped even after it is in fact stopped.

all executable programming should be signed by the responsible party.

NO SIGNATURE? NO EXECUTE.

Re:Worrisome? RTFA

[budgenator]

It's also about going to the Bahamas for a CE seminar in January and having it be tax deductible because CE is required for professional certification.

Re:Worrisome? RTFA

[unlametheweak]

Forensic evidence does not NEED to be presented in court. Yes, yes - and a lawsuit doesn't have to be presented in court either, because the parties could settle. Gathering evidence in NO WAY presumes that there will be a court case, or even that a crime has been committed. And yes, disputes can be settled out of court. So I am, as usual, correct. And you are incorrect as I stated. I am glad you admit this.

You mean definitions like "of, relating to, or used in courts of law", "Of or used in a court of law.", "something for court use", or "relating to the use of science or technology in the investigation and establishment of facts or evidence in a court of law."? Exactly. I am once again glad that you realized your mistake; as you've originally said:

Forensic evidence is by definition [wikipedia.org] presented in court. That's what forensic means. is obviously incorrect. It is "relating to, or used in courts of law", and it is NOT (as you've stated) "by definition... presented in court. That's what forensic evidence means"

When a piece of (proposed) legislation uses a term, it's not the "colloquial" interpretation. I haven't seen the legislation so I cannot comment on what the legislation says. I just read some journalism, and you got your definitions from Wikipedia and not a legal dictionary.

So you're saying that computer geeks should henceforth refer to their PCs "hard drives", that they should call a hard drive "memory", and that we should start referring to their desktop wallpaper as a "screensaver"? Because those are *all* terms that are colloquially mis-used. No. I do not agree that all those terms are misused (that would be an extremist over-exaggeration), and I do not believe that people should "mis-use" anything (whatever it is you mean by "mis-used").

To use the more authoritative Concise Oxford English Dictionary:

[adjective]
- Relating to or denoting the application of scientific methods and techniques to the investigation of crime
- relating to courts of law
[noun:]
- forensic tests or techniques At any rate your nit-picking a point that is pointless to nitpick (what some people would call being a grammar-Nazi). And you sounded quite arrogant and self-aggrandizing about it. The grandparent was merely stating the obvious: that ordinary people doing there jobs don't need to worry about getting a PI license. I think everybody seems to understand this. You made obvious mistakes in your original rebuttal, and even more mistakes in your defense. Sometimes it's better just to admit you are wrong than to "show your tonsils" as people colloquially say. Yep, as you said, "I guess it's too much to expect /.'ers..."

Harrison Bergeron

[quibbler]

I've got a better idea; lets just make it illegal for anyone to be smarter than anyone else, that way we can protect StupidPeople from anyone who could do anything remotely intelligent and take advantage of their pea brains. Oh wait, I think Kurt Vonnegut already sketched this out. Way to go FUD-mongering luddite sheeple. If you haven't read Harrison Bergeron, I highly recommend it, its the eventual conclusion of this kind of thinking. One round of lobotomies, coming up!

Re:Worrisome? RTFA

[Crudely_Indecent]

From someone who is in the industry, the requirements extend far beyond the courtroom. The collection process is considered a "forensic collection procedure". Password cracking and general processing is considered "forensic processing". There is a chain of custody that must be maintained throughout the life of the data (from collection to presentation in court to storage afterwards).

And, by the way, forensic evidence is not always presented in court. Several cases I worked on never made it to court as the evidence was too damning....it was useless to fight against the obvious.

Now, to help your argument, you might say that forensic evidence has been prepared for presentation to the court. It is, however, still forensic evidence even if it hasn't made it to court yet. To expand your incomplete and misinterpreted definition above, the term "forensic" means "legal", so the process of collecting forensic evidence provides that the evidence maintains its integrity until it reaches court in a legally presentable form.

My advise though, is to stay out of the industry. Lawyers cannot be trusted.

Its only a matter of time now

[dave562]

I will be driving a Ferrari and living in Hawaii in no time!!

"It's an ambush."

[steelfood]

It's a trap!

Re:Worrisome? RTFA

[jc42]

More colloquially one could describe forensics as merely data gathering evidence

s/colloquial/incorrect/g

Nah; don't bother. Those two terms are generally considered synonyms.

(Of course, they aren't really. That is, it's possible to be incorrect without being colloquial. What that substitution really does is lose information, since "colloquial" is a proper subset of "incorrect". ;-)

Re:Worrisome? RTFA

[jc42]

I can on one hand understand that there is some need for procedures and chain of evidence, but there can be really tough side-effects.

Think of yourself as the defendant. Would you want a court to accept evidence against you that didn't have a legally verifiable chain of evidence?

To put it another way, would you want a court to accept evidence against you that the prosecution could have created with a text editor?

I have seen people fired on the basis of evidence that the sysadmin admitted (during private bragging) he had faked. And yes, I was really sorry that I didn't have a tape recorder in my pocket at the moment.

Georgia challenged on the STAND in COURT

[scottamoulton]

I have already faced this problem here in Georgia, and I was challenged on the STAND while testifying in a case I did the computer forensic work on. I have been doing forensics for almost 7 years, but here in Georgia they had initially passed the law and was only waiting for the governor to sign it or veto it. Well it took a lot of work to get it vetoed and everyone I know called into the governor. However, they have since fixed the wording that was the reason for the veto. There is a great chance it will pass in Georgia this year. There is a body of the PI's that are moving together on this issue in every state. Any state that this has not been submitted yet, they are planning to submit it. Michigan just submitted it and it has passed one of the bodies it needs to so far. Look out for this to change the world of forensics. The issue is that most of the laws are making it a criminal felony with penalty of jail time if you get caught or if you are called to the stand for evidence you did collect without a PI license. Since this happened, I have done everything I could to prevent this law from passing, but since then I have become a PI to protect myself and to have business. It will be coming for all of you.

This is the article about my adventure.
http://www.securityfocus.com/columnists/399

Scott Moulton
www.ForensicStrategy.com
Phone:770-926-5588

It is the case here already.

[ghostcorps]

In Oz we must have a PI license for, basically, anything that involves looking at a persons private details without their knowledge. And for good reason. Do you want anyone to just hack your stuff cos they 'suspect' something?

As for forensics, it's one of the things keeping a handle on, and retaining some respectability for, an industry that is still niche here. Rather than letting it devolve to a situation where any shmo with an encase certificate can claim to be forensically sound.

Re:Worrisome? RTFA

[lucifuge31337]

To give expert testimony you have to be accepted by the jurisdiction you are testifying in as an expert first. This is a very old concept. Please learn something about court procedure before excitedly exclaiming injustice.

the problem is ...

[vuffi_raa]

I do metadata extraction and database integration of corporate documents (though in california), I do not analyze or qualify logs or such- I analyze corporate dumps for retention and review- would this be covered under the pending legislation? what if our client were from SC? what if our offices in india did some of the work where there is no such thing as a PI license?
also I have been working in this field for almost 15 years now and it would be completely ridiculous if some moron who chases cheating wives with a camera were told by the state that he was more qualified to do my job than I am- and here in SF they only issue a limited # of PI licenses as PI's are allowed to carry a firearm.

more government regulation

[jaydanie]

just what we need. one day you may need a license to wipe your own ass with certified charmin.

Re:Worrisome? RTFA

[vuffi_raa]

actually forensics is more narrowly defined than that for insurance purposes. Forensics involves the the investigation and delivery of electronic data from the source material vs. the analysis and extraction of the said data. I do the latter clients or licensed companies deliver the data to us following the 'forensic' collection process for analysis , categorization and review- this law doesn't seem to differentiate between the two processes, but there is a distinct line between the two- though I have done some forensic work, I prefer not as it is a lot slower and drier than the extraction and integration.
FTA:

"Forensics is a very new field. And now, anyone with a PI license can take an EnCase class [a popular computer examination tool] and declare themselves a forensic expert," this is a load of crap- I can tell you, having used encase that if you don't know your way around the innards of an OS or what the registry values mean you are going to screw up what you deliver and it will make the process of my job far worse- the last thing I want to do is have to be making more requests for re deliveries and having more useless and corrupt data that I need to sift through as my job is to extract and analyze forensic data because some stupid ambulance chasing PI who doesn't know what they are doing screwed up.

And the RIAA...?

[bwcbwc]

This whole thing sounds like it's in response to the irresponsible investigative techniques used by the RIAA, and the counterclaims filed by one of the defendants. I would've thought that /.ers would be jumping on this bandwagon right quick.

Re:And the RIAA...?

[happyslayer]

That is a good point, if true. (And, while TFA doesn't say, that could be an argument for it.)

For me, though, even that kind of reasoning can lead to flawed legislation. How many times on /. do you hear comments that can be boiled down to "Think of the children!", "Or the terrorists will win!", "It's for everyone's protection!", and so on?

These types of statements are often used to point out (intentionally or not) how an emotional urgency to "do the right thing" can lead to very, very regrettable results.

Like you said, this is /. "Cynicism" should be in the motto somewhere.

Re:Worrisome? RTFA

[Max+Threshold]

And will a computer forensics expert be able to gain that acceptance without a P.I. license? See the point now?

Re:Worrisome? RTFA

[lucifuge31337]

That's quite a leap. Make sure you have a double layer tin foil hat on when you make it.

Re:Worrisome? RTFA

[Max+Threshold]

How is it a leap to say that if you can't legally practice computer forensics without a P.I. license, you won't be able to testify in court about it without a license? And, more importantly, why has computer forensics been singled out for this licensing requirement?

Re:Worrisome? RTFA

[lucifuge31337]

1.) Testifying about the data collected by credentialed forensic experts doesn't necessarily, and probably will not be construed as to require, being credentialed to actually collect such evidence.
2.) Computer forensics is NOT being singled out. This is obviously something that is poorly worded and too general/being taken too genreally - but one should understand basic legal concepts related to evidence if they are going to be collecting it - and creating credentials probably isn't a bad idea. Lack of a discernible chain of custody and spoliation are rampant in computer crimes/civil cases.

But what do I know? I'm just a sworn law enforcement officer (fire marshal) as a part time job, certified to collect evidence and with court experience behind me. And my DA brings in experts to testify about what my evidence means - experts who typically are not people who could actually collect the evidence themselves (because of skill sets, authority, etc.)