Slashdot Mirror
Follow-up On Texas PI Law For PC Techs
boyko.at.netqos writes "Network Performance Daily has put out an in-depth series on the Texas law that requires private investigator licenses for computer repair techs, network analysts, and other IT professionals. It includes an interview with the author of the law, Texas Rep. Joe Driver, the captain of the Texas Private Security Bureau, RenEarl Bowie, and Matt Miller at the Institute for Justice, which is suing the state over the law. Finally, there's a series summary and editorial."
They haven't made it 3 again?
We can't afford universal health care because imagine the tax dollars that would be spent; but we can pay for this kind of arbitration? And how exactly is having a PI license going to better the situation at hand, which is obviously that tech people can unethically snoop through customers' files? Does having a license magically make this ok? Does it somehow imply an agreement by the customer that their files are open for review, while without a license, this agreement does not exist?
And i hope you are the first customer that gets to pay the extra amount.
There will also be bonding involved too, now that they will be liable. So tack on a few more bucks to your bill.
Oh, and since the IT guy charges more, his customers will have to charge a little more to recoup. So that hair cut goes up. ( among other small business services )
And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families.
Still feel good about having the government interfere?
---- Booth was a patriot ----
Due to the stereotype that computer people are antisocial and abrasive, calling them "private dicks" would have a dual meaning.
Feed the need: Digitaladdiction.net
"And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families."
Or they could just move out of Texas... no you're right, the ones who love Texas that much are already half-way there!
Roughly half my comments are never submitted. You may be reading the better half...
They'll change the law because it doesn't enforce the death penalty.
I kid, I kid, y'all.
If you can read this, I forgot to post anonymously.
They stole my PI! Help! ;p
That was the lamest post ever. Yes, some prices will go up.
and what the hell is this:
"And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families."
You're like a cornucopia of logical fallacy!
Not that I agree with this particular state law, but there are a lot of places I like the government legislating.
The Kruger Dunning explains most post on
Read. The. Fucking. Article. A computer tech only has to be a PI if they are searching a computer for evidence of a crime.
That was a "think positive, lemons and lemonade" kind of comment. Obviously some people are going to suffer, but considering the target audience of this site, chances are that many are going to end up profiting from this instance of unnecessary bureaucracy.
I agree the government is there to back up the public when needed but when was the last legislation that was passed that we actually _needed_?
Consumers who knowingly take computers to an unlicensed company for repair can face the same penalties.
-From one of the TFA's.
So, if I lived in Texas (fat chance, but...) and I RMA'd a busted machine purchased off a smaller OEM online (and out-of-state), I can get a big fat fine and a criminal record because the OEM would probably not have a Texas PI license?
Something is definitely brain-dead in the Texas Legislature.
Quo usque tandem abutere, Nimbus, patientia nostra?
> Something is definitely brain-dead in the Texas Legislature.
The state that gave us Dubya, brain dead? Say it ain't so!
So a computer tech that sees kiddie pr0n on a computer and doesn't report it is not breaking the law.
If they report the scum to the police they are breaking the law.
Does this mean that the Government of Texas and Texas Rep. Joe Driver are for child sexual abuse?
No he's right, some of us have decided to just ignore the law. It's jackass stupid.
PI law?
So now techs have to bake too, eh? Blasphemy!!!
Wow. That is the most ass-backwards hick thing I've ever heard- and I live in Rural Montana.
Seriously, WTF?
In Texas, do you need a PI license to fix cars? After all, someone might leave sensitive information in the glove box or trunk. Do library workers need a PI license? They have access to a lot of confidential patron records.
Wow. I just can't get over this. I knew there were some real shortbus types in Texas (G.W.) but this takes the cake.
Wally, PI
rewriting history since 2109
It's simple. If you are investigating a network problem and run across a criminal act, then you are not an investigator. If you are suspecting that there is a virus (a criminal act) and are trying to track down who has the virus, you are not an investigator. If you suspect a virus and you are trying to track down the person who created it in order to testify against them in court, then you are an investigator. What is confusing is what we do all the time. We play with words that have specific meanings for us that don't mean the same to all people. "Hacker" vs "cracker" or any of the other examples where the definition and common use don't match up. They mean "investigator" in the sense not of someone who investigates things, but in the sense of investigating suspected criminal activity in order to aid in the prosecution of a person. From the statements of those that made and enforce the law, even sending in your child's computer to have it "investigated" for porn, chat records, browser cache, whatever isn't an investigation. For one, there is no suspected criminal activity. For another, even if found, there is no desire to use that to prosecute them. The person going through the hard drive is not "investigating" the computer, but is instead gathering and passing along data.
However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations. In fact, it could be taken to be as absurd as viewing the "private" page of someone on Myspace would be an investigation and thus a criminal offense. So, there is nothing controversial about the law as currently clarified by those involved in writing and enforcing it, however, with only the change in the definition of a single word to a more common usage of it, it becomes something that makes a large number of regular activities (not even just repair, but just use) illegal without a PI license.
Learn to love Alaska
Follow the links and read the law yourself. The context is PC Techs in the Forensics or Private Security business domains, NOT PC Techs in general. The Geek Squad at Best Buy isn't going to have to get PI Licenses nor is Joe Coder but the techs at Joes PI and Divorce Lawyer Shack would if he ever wants to do any work involving electronic media containing private info. For instance if your wife wants to know the details of your Porn collection as part of the divorce her PI or lawyer would need licensed techs. That's not a bad thing. But it's just going to drive legal costs up which will have an effect (small) on other prices. Reading the law I'm not sure if a corporate internal fraud or forensic techs (to find out about your MP3 collection on the work SAN) or those performing consulting services will need licenses or not. Probaby not as one clause in the license allows work to be supervised by a license holder so that may be the loophole. Just make sure your Chief Security Officer has a PI license. I agree the law needs some clarification but that can be left to the discretion of the court as to what the intent was (risky move) or someone can lobby the Texas legislature to update the law. In the meantime I seriously doubt anyone is going to be rushing to apply the law to everyone who MAY do PC work.
If I'm supporting someone's website, and they call me and say their ISP says they're running a phishing website, and I look and find that someone's found a hole in an old CGI script and off in an obscure subdirectory there's a page that looks like the Bank of America's home page and it's set up to forward people's account information to a drop box, then it sounds like I pretty much need a PI license to do my job because that's evidence of a crime right there.
Need is a tricky thing.
SOme people believe we need anti- drug laws, others don't.
Some people think the change to allow women to vote was wrong.
I think your question is wrong,, and will always cause a debate.
We need to look at specific legislation and think about it, and debate on that. Even if we disagree with it, if the majority of people want it, then they are correct to legislate it.
The Kruger Dunning explains most post on
I wonder if it covers car computers and auto mechanics.
Magnum, PC.
I see your informative link, and raise you a pithy comment.
Please.
drew
FreeMusicPush If you want to see more Free Music made, listen to Free
It is about time some state stood up and took the initiative for issuing standards amongst the people responsible for fixing, administering and maintaining computer equipment. This has been a long time coming.
Texas has traditionally been very progressive in this area. They also require food safety handling licenses for grocery clerks, beverage licenses for neghborhood lemonade stands, contractor licenses for anyone owning a shovel and pilot licenses for amusement park ride operators on rides that elevate beyond 6 inches. There is legislation requiring fireworks handling licensure for anyone possessing snappers before their legislature right now.
It just makes sense to license these people, dang it.
M
We are all familiar with the axioms ... ...
"You ca judge a society by the way it treats its [criminals | children | aged | (insert demographic here)]"
I propose a new one
"You can judge a society's [productivity | output | (insert KPI here)] by the level of beareaucrcy it imposees on its citizens"
It doesn't quite role off the tongue but I am working on it.
http://projectleader.wordpress.com
Follow the links and read the law yourself.
I understand that the original law was probably to only apply to certain kinds of businesses, but that's not how it's written. Even the guy who wrote the bill says it's broader than that.
The most obvious example is people supporting websites. Compromising a website is breaking the law. Requiring that a private individual maintaining a website be a PI before he can go in and remove a phishing page that some guy has dropped on his site, let alone fix the problem, seems a bit rough to me... but that's exactly the kind of activity the law covers.
Even if the law does work the way it's intended and only applies to investigative work, it's still completely retarded.
Say my company is involved in a lawsuit and is required by the court to produce email for a certain date range pertaining to a certain topic. Usually a search based on keywords. This happens in EVERY lawsuit. Now instead of the IT dept (me) querying our email archival system or exporting PSTs from users mailboxes, we now have to hire a PI who knows absolutely nothing about our network, our users or our mail system to find and produce what the courts are looking for.
I live in Texas and I am calling my rep over this.
The majority of the people don't understand the subject, for that matter neither do the legislators.
That holds true for drug laws as well btw.
And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families.
Are you seriously speculating on back alley disk defragmentation? What's next, a poster showing a PC tech laying on the ground with a busted PC next to him, and the phrase "NEVER AGAIN" underneath?
God invented whiskey so the Irish would not rule the world.
You should RTFA. I know what the context is, but the law doesn't spell it out properly. Or if you'd bother to read the damn conclusion:
If this were anything but law, I might agree with you that reasonable people wouldn't misinterpret its meaning. But this is law. It'll get enforced based on what it says not what it "means." And, ultimately, it says the wrong things because the person who wrote it doesn't understand IT.
That's not a good thing. Or an excuse. It should be fixed, no question.
On the other, other hand, with a vague law like this, I'd love to see someone use it against SafeNet (AKA MediaSentry). If anyone deserves to be on the wrong end of a bad law, it's them.
For them thar computer thangs to git working agin.
Fuck em. That works for me. Let 99% of all computers in Texass be broken until a squarebadge rentacop can fix it.
I know I've said this before, and I know a zillion others here are saying it, but I'll say it again as a way of showing how many people feel this way: This law is absurd. If someone brings me their computer to blow everything off the hard drive and reinstall Windoze from the rescue CD-ROMs, why should I need to be a private investigator? Computers go haywire all the time and need to be serviced by knowledgeable geeks. What's next? PI licenses required to service cars? To repair air conditioners? To install carpeting in homes? Oh I know! How 'bout a PI license to, oh, I don't know, be a private investigator for crying out loud?!!
McCain/Palin '08. Now THAT's hope and change!
How might this affect the *AA's lackeys scouring P2P networks/BT for pirates? Such information is used in anticipation of civil proceedings, and such an investigation seeks to discern the "transactions" of a person. Quaere whether browsing trackers is looking at computer-based data "not available to the public".
Admittedly this is at present restricted to Texas (Safenet has its headquarters in MD, a Delaware company, and does not have a branch in Texas), and I doubt that it will spread much further.
Lawyers + Lobbyists = Legislation (Favourable)
I work for one of the many telecom companies along I-75 in Dallas that develop hardware and software capable of "monitoring a user". If the Texas State Senate and the Governor are dumb enough to sign this bill into law they're going to see all the companies leave for RTP, Phonenix, etc. And despite the fact that everyone thinks Texas is a bunch of hicks... chances are better than not that your data is getting carried over a platform or software designed in Plano or Richardson Texas. /and I've put in a lot of time in San Jose, Seattle, DC, Charlotte, NYC and Vegas. The best telecom programmers (in the US) are in Dallas.
Being located in Texas working for an organization as the CSO/CISO with 24+ years experience in the computer industry doing nearly every job including CIO, earned my CISSP/ISSAP/ISSMP in 2000, pro bono work for the Dept of Homeland Security and directing a team of IS, network and infosec professionals, I am concerned about the ramifications of this new law. By one interpretation, my teams would be indemnified while doing their forensics and analysis work if I am licensed as a PI in Texas. Although a burden none of us particularly wants, I began researching what is necessary for the license. From what I have been able to find, I can apply for the license, however it requires a "Company Name and License Number"; basically requiring me to be employed by a licensed investigations company to apply. Additionally, to qualify for a "manager" PI license, I need to maintain supervisory employment with a sponsoring licensed investigations company on a "daily basis" or forfeit my license. So, to act as a manager overseeing the forensic, investigative and analysis activities of my PC techs, network engineers, developers, and certified infosec employees (many of whom are ex-military intelligence), I must hold a Texas manager PI license; however I cannot work for a non-investigative company to maintain that license or even obtain an individual PI license. A legal Mobius loop created by a clueless "insurance salesman" that repeatedly states that the issues this creates are beyond his comprehension running the Texas State committee on law enforcement as a state representative. Very frustrating.
The problem is the system. A new guy gets elected and he starts coming up with all sorts of laws. He puts keywords like "child porn", 'terrorist', 'safe', 'protect' that people won't vote against and then his friends add earmarks and riders.
This bullshit will sink us.
back alley disk defragmentation...
heh, that image cracks me up.
Hooded seller: "You disk is in order, your seektimes should be better"
Hodded buyer: "Thanks man, your a f* lifesaver"
Hodded seller: "if anyone body asks, you don't know me. You mention my name to anyone, we never do business again. Not for malware, or a browser upgrade"
.Even if we disagree with it, if the majority of people want it, then they are correct to legislate it, provided it doesn't violate the State and US Constitutions.
There - I fixed it for you. Majority rule does not mean minority subjugation.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
[Scene] Murky smoke filled office circa 1920 strewn with half repaired computers [Voice narrative] PI_Geek "It was a just another day when she walked into my office with a broken Apple macbook. Her legs were something one would expect on a poster and she had a face that men would die for but a job was a job" [Narrative end] PI_Geek "hello doll face, how can I help you" [blows cigarette smoke in the direction of the new client]
I'd say it's likely that you'd go back to a life of crime. Where's the logical fallacy? Do you even know what a logical fallacy is?
Are they ever going to fix how slashcode handles paragraph breaks in html?
P.I.'s use TOOLS to do computer investigations.
IT workers use SKILLS to do computer investigations.
I would say that disqualifies P.I.'s as experts.
I am certainly skilled enough to investigate computers successfully.
What's at stake here is an IT guy's ability to legally troubleshoot.
They're using their grammar skills there.
frightened PC client: "What are you doing?"
outlaw PC tech: "Harry Tuttle, PC tech, at your service."
client: "Are you from Central Services?"
tech: "Ha! There are plenty of Private Investigators that would like to get their hands on Harry Tuttle."
client: "Are you telling me that this is illegal?"
tech: "Yes & No.. Officially only Private Investigators are supposed to touch this stuff, but i can't stand the pay. I came in this game for the excitement. Go anywhere, travel light, get in, get out.. Where ever there's trouble, man alone..."
I can't wait!
If you lend someone $20 and never see that person again, it was probably worth it.
And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families.
Are you seriously speculating on back alley disk defragmentation? What's next, a poster showing a PC tech laying on the ground with a busted PC next to him, and the phrase "NEVER AGAIN" underneath?
I think what was implied was people running computer stores with out a license and hopping nobody notices
null
Granted somebody will probably read the letter of the clause and try to prosecute perfectly innocent repairmen, but am I the only one who sees this as a potential attack on companies like SafeNet a.k.a. MediaDefender? Looks like someone in the legislature's getting tired of the already overburdened Texas court system getting clogged with RIAA subpoenas and motions for discovery.
Ok, here's a scenario that flips it around. If a company's non-licensed PI IT department or outsourced IT investigated an employee's computer for criminal activity and found such then either the person was let go or charged with a crime. Could that person who was the subject contest the investigation in a court with the argument that the people in the IT department weren't licensed private investigators?
*It's not what you can do for the Dark Side but what the Dark Side can do for you!*
What really needs to be done is some tort reform to reduce the economic burden on doctors and hospitals getting sued and do something about the extortionate insurance industry in this country so healthcare can be affordable to everybody.
No, what needs to be done is to get rid of some laws and tax codes. For instance get rid of codes that give employers tax benefits for offering insurance, even with them some employers still can't afford to pay for health insurance for employees. These tax breaks stem from WWII. The government created price and wage control law preventing employers from paying employees more. Because employers found it hard to keep employees the government allowed employers to offer infringe benefits like health insurance, and were given tax breaks for offering them.
If however the government got rid of those tax breaks and instead allowed employers to pay employees more without raising either one's taxes it would help. Say if a person was paid $2000 more but their tax stayed the same, that person could then use the money to buy health insurance on their own. With more people able to buy health themselves insurance issuers would compeat with each other to sale insurance. One person with a family could buy full coverage whereas someone single could open a health savings account to pay for normal medical expenses then buy catastrophic health coverage to cover expenses for things like cancer, heart surgery, or something else.
As for tort reform, if there weren't bad practitioners and hospitals lawsuits would be reduced.
Falcon
Should there be a Law?
I work for one of the many telecom companies along I-75 in Dallas
Sorry but I-75 runs between Michigan and Florida and comes no where near Texas. I've lived in both states and have traveled the whole thing a number of tymes. What's in Dallas maybe something75 but not I-75 ("I" meaning Interstate and part of the interstate highway system).
Falcon
Should there be a Law?
"And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families."
You're like a cornucopia of logical fallacy!
So, you think Kevin Mitnick would be able to get bonded?
Falcon
Should there be a Law?
We need to look at specific legislation and think about it, and debate on that. Even if we disagree with it, if the majority of people want it, then they are correct to legislate it.
Tyranny of the masses?
Falcon
Should there be a Law?
...but we gotta keep tryin to keep the masses paranoid don't we? Go slashdot!
http://www.networkperformancedaily.com/2008/07/texas_law_requires_pi_licenses_1.html
This reminds me of when they started requiring HVAC personnel to be fully certified/licensed and to purchase 20K worth of gear to ensure freon did not escape into the atmosphere back in the early 90's. Much of the same speculation and fear ran through that industry, and it was one of the reasons I made the move to IT. Suddenly, things that had been done for years could not be done without a huge financial outlay by the people doing the job.
Now the end result of this (taking the environment out of the picture for the moment), was that a lot of independent and small shop HVAC techs went out of business, and the big HVAC outfits leveraged that into more business for themselves while attempting to get umbrella coverage. This umbrella would allow them to get the 20K worth of gear at better prices, get the techs certified, and pass those costs back to the public. And since they didn't have as much competition from the small shops, they could charge as much as the market would bear.
Several years later, as techs took advantage of the companies generosity in providing them with the certification, and the price of recovery systems has fallen, they have left the big boys to form independent and small shop HVAC repair shops. So it was big shake-out, in which some people got out of the business, some big companies got fat, and after a period of time the little guys got back in the picture.
If you look at this from the same perspective, you could see where some big box companies could parlay this into an opportunity to do the same thing. Independent techs can't afford the licensing? Hire them and put them through the course for certification. Hey, looks good on paper - earn while you learn, with a nice little clause that you would have to work for them for n years so they can recoup their investment.
Serves two purposes - kill off the small guys who compete for the same customers anyway, and up the bottom line for that business unit.
As for the criminal past thing - the last IT company I worked for did extensive background checks on everybody they hired. I'd wager that 4 out of 10 candidates never made it through the door because of those background checks. When, exactly, did IT become the safe-haven work environment of the criminal element? I thought most of those guys worked in the financial sector. But seriously, a lot of them would end up working for less than desirable wages at one of the big companies just to stay employed, and some would get out of IT altogether. Me, I just moved from working directly in the IT industry to doing IT work in an industry where there is still money to be made.
Reference Here
More than 60,000 Windows programs won't run on Linux.
Good. That's 60,000 more I don't have to worry about.
First of all, this law was pretty clearly intended to target specifically people doing investigative and forensic work in relation to evidence-gathering. In fact, if you read through the text of the bill, that's all it actually does. Mom and pop repair shops will not be affected.
Secondly, in this context, the bill is entirely appropriate. If someone's investigating my computer for evidence of a crime, you can bet that I want them to know what they're doing. I want them to know the proper procedures for data handling, so that there's no question of my innocence when the time comes. If someone puts an infected USB drive into my computer to create an image, thereby putting a virus on the machine, that's going to be a pain. If that virus then downloads illegal data, that could be my life.
You are right that the bill was intended that way but what people here are worried about is that there may be unintended consequences of the way in which the bill was worded.
I think this congressman who wrote this bill had very good intentions but it was obvious from TFA that he didn't do enough background homework on how this might affect some people he didn't intend for it to affect.
...quicker, easier, more seductive the darkside is...but more powerful, it is not.
There are always unintended consequences. The law is written in human language (constantly changing) in an attempt to stop specific and nonspecific actions. Programmers, geeks, and pedants don't like the ambiguity in the law because it doesn't make clear what we can and can't do, the way computers (ostensibly) do. Unfortunately, what usually happens is that the "I'll know it if I see it" test is applied, and then the law is itself is tried alongside the defendant in a court of law. I think that things could be a little bit better, but in the end, we're always going to have these sorts of problems.
The rep sounded positively reasonable in the interview. Even though he may have accidentally stepped in something along the way, he says he's ready and willing to fix it.
It's hard to fix a computer without analyzing what the problem is - that's what they need to address. If somebody wants to wipe and load an OS, no problem, but once you have to start rooting around for people's data, there's some analysis going on.
The law should probably be amended to specify situations where consent of the data owner is absent. For PC repair, let the data owner work out if the consent form at a particular shop is sufficient for his needs when he brings in a computer for repair. We can't regulate away every possible bad thing that could happen, and we shouldn't assume everybody is a moron. If somebody wants to launch an education campaign to inform people that they should look for a 3rd party clause in a consent form, fine, but that's an issue applicable to a much broader range of topics than computer repair.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
50% of all world wars occurred after Womens Suffrage was added to the constitution. 100% of all Prohibitions, 100% of all Great Depressions, and 100% of all Nuclear Bombs Dropped.
Buttle or Tuttle?
Fixer of things broken by people who really ought to know better
Probably Bollo from the Mighty Boosh.
Don't be such a dick. He was clearly referring specifically to network forensics as being "out of his comprehension".
Granted, he may also be an incompetent state senator (or whatever his title is) for not recognizing the catch 22, but don't miss-attribute his "out of my comprehension" quote.
He also seems perfectly willing to "tweak" the law as written, so maybe you should write him a letter pointing out this flaw.
There might have been some misspellings. Sorry it was late, and I was laughing. I promise I'll try harder next time. ;-)
The law does, if you aren't licensed. If a virus caused the problem, that's a crime and if you investigate but aren't a licensed PI amd live in Texas you're breaking the law.
Falcon
Should there be a Law?
No, I'd use the software myself. I'm on disability and can't afford to pay someone else to recover my data. With some of that data financial records I wouldn't want to pay anyone even if I could.
According to your argument, your car mechanic needs a PI license because he tells you that your head gasket blew because you forgot to top off the radiator fluid.
If the law applied to cars and not just computers, yes it would. And I'd be in trouble for that too as I used to work on car and trucks engines and have rebuilt them. About the only thing I couldn't do, and had to take an engine block into a machine shop for, was to bore out the cylinders. In the process of working on the engines though I did run diagnostics and analyze data.
If the investigation into the cause is incidental to the resolution of the problem, you do not 'accept employment to provide information'
Well, if it's my computer and I investigate it, then no it's not "accept employment" so in that sense I suppose it's ok for me to do it. However if I'm the geek in the family, or neighborhood, and someone takes me out to eat to fix it then it would be.
Falcon
Should there be a Law?
So would this apply to me if I tracked down the IRC channel from which a clients zombied PC was being controlled, or something similiar. I have been pushed into this situations in which this law would apply, although it was after arm twisting by the CEO and manager I was working under at the time, and I must admit I would have prefered they hired an outside PI. I have also known a tech or two that specialized in the divorce biz(doing forensics, and bugging of computers), and this would definantly nock them out of biz, but I am not so sure thats a bad thing.