Slashdot Mirror

← Back to Stories (view on slashdot.org)

PI License May Soon Be Required for Computer Forensics

Posted by ScuttleMonkey on from the geeks-licensed-to-buy-cool-surveillance-gear dept.

buzzardsbay writes "The good folks over at Baseline Magazine have an intriguing — and worrisome — report on a movement to limit computer forensics work to those who have a Private Investigator license or those who work for licensed PI agencies. According to the story, pending legislation would limit the specialized task of probing deep into computer hard drives, network and server logs for telltale signs of hacking and data theft to the same people who advertise in the Yellow Pages for surveillance on cheating spouses, workers' compensation fraud and missing persons. Those caught practicing computer forensics without a license could face criminal prosecution."

5 of 282 comments (clear)

  1. Re:Worrisome? by Jah-Wren+Ryel · · Score: 5, Insightful

    I agree. Maybe it will get rid of some of the charlatans. The same way driver's licenses keep bad drivers off the road.
    --
    When information is power, privacy is freedom.
  2. Re:Worrisome? by Stripe7 · · Score: 5, Insightful

    Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files for login information, or tracing back history files to see what led to critical system files being corrupted. If these simple daily administrative tasks are classified as forensic it would make it illegal for a system administrator to do his job. With congress's track record of overly broad definitions and over generalizations, odds are good that this legislation will make a PI license a requirement for all system administrators. Hmm, does this mean I get to carry a gun too?

  3. protectionism... by j0nb0y · · Score: 5, Insightful

    This is just protectionism...

    Most states have ridiculous requirements for getting a PI license. You basically can't get one in many states unless you've been a police officer. There is no public interest reason to do this. Requiring the PI license for this is just a gift to all the people who already have PI licenses.

    I haven't looked at computer forensics recently, but when I did (roughly five years ago), there were some problems with it. Basically, because of the way that courts certify experts to testify in court, it was impossible to hire a computer forensic expert to work for the defense. It went something like this:

    1. To testify as an expert in court, you have to be a member of the leading professional body for your field.
    2. The leading professional body of computer forensic experts forbade its members from working for the defense.

    Obviously that's problematic. Hopefully it's changed by now.

    The other thing I thought was really funny was the way that most computer crime labs staff up with "experts". Rather than hiring people with computer science degrees and training them on how to do police work, they tend to hire police officers and then train them on computer forensics. The good ole boy system at work.

    --
    If you had super powers, would you use them for good, or for awesome?
  4. Re:Worrisome? by lcoughey · · Score: 5, Insightful

    Being one who has a data recovery company that provides digital forensic services, it is quite frustrating to say the least. To expect a digital forensics expert to have a PI license is as absurd as expecting a PI to have a computer science degree.

    We have been trying to figure out how we can become Private Investigators, but we cannot get answers. Instead, we keep getting passed around the government's phone systems. Some say we have to write an exam that doesn't exist, others say that we should be grandfathered in and others simply shrug their shoulders.

    From what I can tell, this is just another case of where someone has decided that they want all the market to themselves and think they have found a way to make it happen.

  5. Re:Worrisome? by Zeinfeld · · Score: 5, Insightful
    If I did full time forensics I would be much less worried about having to get a license than the ambiguous legal landscape that existed when I did some cases in the mid 90s. You can't preserve the rule of law by breaking it. And even if you do keep to legal methods you have to be sure that you can prove that is what you did or else you can find the criminal you are trying to stop suddenly turns the tables on you.

    I don't think anyone should have to worry about investigating their own machine. But what if you are going to trace the attack to the source? At what point does that become hacking? What if you have someone hand you information that has maybe been obtained by dubious methods? In the 1990s nobody knew where the line was drawn.

    What happens if you hire someone to do that type of work? Are you going to be liable if they use pretexting or the like?

    If Clifford Stoll was using the same techniques today he might well have had some legal issues. Even if you don't break the law you can still ruin the chances of a successful prosecution by contaminating evidence.

    I don't want to have people who are working for me acting as vigilantes. I don't want them to collect information in ways that disrupts Law Enforcement efforts. This is a professional business now and we have to act like professionals. People need to understand that there is a line and consequences for crossing it.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/