PC Repair In Texas Now Requires a PI License

JohnnyNapalm writes "In some shocking news out of Texas, PC repair will now require a PI License. Surely this stands to have a substantial impact on small repair shops around the state if upheld. Never fear, however, as the first counter-suit has already been filed."

I don't think the report is accurate

[vanyel]

IANAL, but I don't think PC Mag or "CW33" read the law. Per Section 4a1 and 4b, it only applies if you're specifically snooping in the data on the computer. It says nothing about normal repair. Not that someone disgruntled couldn't try to make a case out of it...

Re:I don't think the report is accurate

[kjh1]

IANAL, but I don't think PC Mag or "CW33" read the law. Per Section 4a1 and 4b, it only applies if you're specifically snooping in the data on the computer. It says nothing about normal repair. Not that someone disgruntled couldn't try to make a case out of it...

Agree w/ vanyel. If you read the original quoted article, you'll see that the original author only wondered out aloud if this would apply to PC repair folks. From the post:

"It seems obvious that in order to provide a full range of litigation support services, including forensic examination, then you will have to become licensed. But will all vendors, even those who do not perform such examinations, need a license as well?"

Re:I don't think the report is accurate

[Obfuscant]

Imagine that doing a "find . -name file.jpg" or similar might be considered an "investigation".

Read the entire law. .

Sec. 1702.104 defines an "investigations company". A person acts as an investigations company if he engages in the business of obtaining or furnishing, or accepts employement to obtain or furnish information related to crimes or activity of a person, or location of stolen property, or cause for a fire, libel, etc.

A computer repair business in not in the business of doing any of that. They aren't in the business of obtaining information regarding crimes, they are in the computer repair business. The information they gather is "what doesn't work".

It is 1702.104(b) that seems to be troublesome because it talks about "computer-based data not available to the public."

The fact that 1702.104(b) defines what obtaining information means is irrelevant, since (a)(1) doesn't apply to a computer repair business to start with. Defining what obtaining data means doesn't change the limitations on who 1702.104(a)(1) applies to. It expands the activities of the people who are covered by (a)(1) to include computer searches.

If you start a business tailored specifically to PI's and forensic analysis, say fixing broken computers with the explicit intent of getting the data off of them to determine crimes, cause of fires, etc, then yes, you need a PI license. If you are just replacing a defective CPU or disk, no. You are not in the business of obtaining information listed in (a)(1).

In short, it all revolves around the phrase "in the business of".

This law is a good thing. It may be possible to sue a "computer repair company" that does, as a matter of regular business, "investigate" the content of your computer when you take it in for repair. They've made themselves "in the business of" by looking for information related to crimes. But Joe Technician who sticks to finding the bad bits and replacing them has nothing to worry about. And if you are stupid enough to make kiddie porn the splash logo on your boot screen, or background image after an auto-login, Joe is still able to call the cops, since his job isn't obtaining the information, YOU gave it to him by your actions.

No

[BenEnglishAtHome]

Please follow the links and see that the summary is wrong. The new law requires a PI license if you act as a private security consultant company (which can be an individual).

The relevant qualification for the Slashdot crowd are that you must

engage ... in the business of securing, or accepts employment to secure, evidence for use before a court, board, officer, or investigating committee;

and do so by

furnishing information ... obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.

IOW, you can't take into divorce court the notion that your spouse was having a cyber-affair based on having your computer looked at by the kid down the block. This doesn't appear to have much effect on most repair shops.

The text is here. Read it. The word "computer" appears in the text just once, so grep for the relevant part.

Re:No

[languagehacker]

This news story essentially came out like the telephone game. The linked story came from a Daily Texan article (the UT student newspaper) which came from an anecdote by a PC repairman. There were too many intermediaries. The Daily Texan article is available here: http://media.www.dailytexanonline.com/media/storage/paper410/news/2008/06/27/TopStories/Computer.Repair.Technicians.May.Be.Acting.Illegally-3386027.shtml And essentially, what it's suggesting here is that you only need a PI license if you're snooping through a user's data for whom you're not repairing the computer. There will be plenty of repair shops taking care of single-owner Dells and Gateways who won't even need to remember the word "forensics" even exists until CSI comes on.

Try reading the law

[analog_line]

These articles are a ridiculous over-reaction to the actual law, which I just spent a few minutes actually reading. Nothing in that law has anything to do with computer repair. It DOES have something to do with companies that offer computer forensic services for legal actions, and some repair shops do that, but you shouldn't be going to Corner Computer Repair, or Joe Computer Guy if you have a requirement for forensic work in a legal sense. If you actually think your computer was hacked, you need to get people with the kind of legal training that can get things done the way the legal system requires them to be done.

The law is in legalese, and therefore hard to read, but the only thing this applies to are people doing this for investigations of a legal nature. There is a long list of exemptions, including one for people who install and repair security devices.

For a bunch of people that claim to be rational and above superstition, you people are totally credulous when wild statements like this are made. The law is there, it's linked to, read it for yourself.

Re:Try reading the law

[analog_line]

No, it'd be illegal for you to investigate what went wrong, what entity is at fault for that going wrong, and sell me that information. It wouldn't stop you from examining the computer (even the OS) and seeing what is not functioning right, and repairing it. If I hand you my computer and tell you to "fix it" what you're selling me is the repair service, not the information. If I brought you a computer and said, " if you tell me what's wrong with this, and who did it, I'll give you 100 bucks" that would be illegal. Same if I brought you a computer and asked you to find out what my girlfriend or even my child has done on it. On top of it, it would be illegal for me to even ask you to do that if I knew you weren't licensed to. Even deep data recovery using "forensic" tools would not be illegal, unless you're selling the list of sectors that "lost" data is on. If you're actually recovering the data, you're in the clear. Copied and pasted the relevant bit from the law, note the large importance "information related to" has in all this.

                (1) engages in the business of obtaining or
            furnishing, or accepts employment to obtain or furnish, information
            related to:
                                                  (A) crime or wrongs done or threatened against a
            state or the United States;
                                                  (B) the identity, habits, business, occupation,
            knowledge, efficiency, loyalty, movement, location, affiliations,
            associations, transactions, acts, reputation, or character of a
            person;
                                                  (C) the location, disposition, or recovery of
            lost or stolen property; or
                                                  (D) the cause or responsibility for a fire,
            libel, loss, accident, damage, or injury to a person or to property;

This does have big implications for security researchers in Texas, but for small time repair shops, aside from being legally bound to say "I can't do that" when someone asks them whether their kid broke their computer, or wants you to check whether their girlfriend is cheating on them, is pretty much nil.

Calm down and read the source material

[they_call_me_quag]

Folks, calm down. The fault here seems to lie with the person who wrote the newspaper article. I read the Texas law in question and I don't see a problem.

Here's the important passage:

----
INVESTIGATIONS COMPANY. (a) A person acts
as an investigations company for the purposes of this chapter if the
person:

(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information
          related to:
      (A) crime or wrongs done or threatened against a state or the United States;
      (B) the identity, habits, business, occupation,knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person;
      (C) the location, disposition, or recovery of lost or stolen property; or
      (D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property;

(2) engages in the business of securing, or accepts employment to secure, evidence for use before a court, board, officer, or investigating committee;

(3) engages in the business of securing, or accepts employment to secure, the electronic tracking of the location of an
individual or motor vehicle other than for criminal justice purposes by or on behalf of a governmental entity; or

(4) engages in the business of protecting, or accepts employment to protect, an individual from bodily harm through the use of a personal protection officer.

(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.
----

I don't see how the applies to computer repair shops.

I searched the entire text and found only two instances of the word "repair", both in reference to the repair of "security devices" and the word "computer" is only used once in the entire document (in the last sentence of the passage above.)

The "PC Magazine" story cites as it's source a "Dallas-Ft. Worth CW Affiliate." That affiliate published a story penned by:
"Pelpina Trip, KDAF33 News at Nine Intern"

It looks like you have all been riled up into a foamy froth by AN INTERN AT A LOCAL TV NEWS OUTFIT.

Do you feel foolish yet?

Re:Slaughterhouse Cases

[afidel]

Actually many states have instituted nurse practitioners, kind of a doctor light for just such reasons. They have to be part of a doctors practice but they can see patients and write scripts (I believe cosigned by the doctor). It's actually often a more lucrative position then a GP because they don't have to carry nearly the insurance load and they share billing resources with the established practice.

Re:Slaughterhouse Cases

[DaveWick79]

The law very specifically states that it applies to companies doing work as a private security consultant. As a PC service shop, I certainly don't position or consider myself to be in the place of a private security consultant. Even if my customer asks me to do simple data recovery tasks, this does not fall under the umbrella of security consulting, or review and analysis of data. I may recommend security solutions or implement those solutions, but I am not providing the solutions, those are provided by 3rd party software companies. I may recommend security guidelines but I am not ultimately responsible for the carrying out of those guidelines.
From what I read in the law, it is meant to prevent a company from telling customers they are providing a security solution when in fact they know nothing about security. If I was in the business of doing sitewide security analysis and consulting, maybe I could see the need for some regulation, as the state doesn't want customers getting ripped off by people promising security solutions and not really making anything secure.

Re:Slaughterhouse Cases

[A+nonymous+Coward]

He said it's cheap to force them to get PI Licenses, not that it's cheap to get PI licenses.

Confusing...

[catdevnull]

I read through the primary source document listed and did not see "computer technician" specifically listed in the language. I just cruised over it and searched for "computer" and "technician" but it only referred to persons who install security equipment such as alarms and surveillance devices.

Can somebody with better eyes point out the article or section that supports the blogger's statement?

Re:Slaughterhouse Cases

[mrchaotica]

Here on Slashdot, you shouldn't expect anybody to even notice your screen name, let alone infer your gender from it. Remember, this is the Internet: men are men, women are men, and little girls are FBI agents.

Also, in English, "he" is the correct pronoun to use to refer to a singular person of unknown gender.

Re:Slaughterhouse Cases

[syousef]

No argument there. I certainly expect my doctor to have medical training

Actually, and I'm being quite serious, I've found that assumption to be dangerous. Personal experience with myself and immediate family.

- Neurologist prescribing a medication for seizures, then continually increasing the dosage when one of the contraindications for giving it is seizures. Patient went from an occasional seizure to seizing on average every 2 days. When he was shown this information he replied, "oh okay, maybe it's contributing, let's cut it out" without bothering to read that immediately cutting out this med has been known to make normal patients suicidal. Thank fuck for Google. Anyone who says you shouldn't self-diagnose can go fuck themselves.

- 2 lung specialist doctors insisting that wheezing flemy pregnant woman with bronchitis has just picked up "bad breathing techniques". The shallow breathing couldn't possibly be caused by the pregnancy. The woman couldn't possibly be emotional because she's had to sleep sitting up for weeks lest she cough and splutter. While you're at it have a dig at the patient's weight despite her recent injury (hit by a car, bulging disc and nerve damage) and pregnancy. Yeah really wonder why she might get emotional.

- Head orthopod at a large suburban hospital insisting a shoulder isn't dislocated despite an obvious bulge because he's failed to take an axial view (required to show posterior dislocations, and the patient had a long history of them).

- Hearing specialist refusing to believe there is a hearing problem and instead blaming it on being in the patient's head because he couldn't get a consistent reading asking her to listen to tones. Turns out when he did a hearing test that did not require the patient to tell him when tones sounded there was a significant hearing loss. But hey it's easier to suggest your patient sees a psychiatrist.

- Dentist doing such a poor job on a root canal that another detentist was horrified. The tooth was lost (after a couple of thousand spent on the procedures).

- Patient's first visit with a doctor. First high blood pressure reading found. Patient is overweight and has an ankle injury. Suggestion isn't blood pressure meds and exploring moderate weight loss options. No within 5 minutes of seeing this patient the doctor wants to do stomach banding.

That's just in the last 5 years. Guess what country I live in? No it's not 3rd world. It's Australia. Private health cover too in several instances above. If you complain you risk getting no care when you need it. Best bet is to not get sick. Failing that check everything you're told and make sure you're earning big money because you may end up with a few $300+ bills for a 15 minute chat and a misdiagnosis or an insult.