Follow-up On Texas PI Law For PC Techs

boyko.at.netqos writes "Network Performance Daily has put out an in-depth series on the Texas law that requires private investigator licenses for computer repair techs, network analysts, and other IT professionals. It includes an interview with the author of the law, Texas Rep. Joe Driver, the captain of the Texas Private Security Bureau, RenEarl Bowie, and Matt Miller at the Institute for Justice, which is suing the state over the law. Finally, there's a series summary and editorial."

Tax Dollars At Work

[thrashee]

We can't afford universal health care because imagine the tax dollars that would be spent; but we can pay for this kind of arbitration? And how exactly is having a PI license going to better the situation at hand, which is obviously that tech people can unethically snoop through customers' files? Does having a license magically make this ok? Does it somehow imply an agreement by the customer that their files are open for review, while without a license, this agreement does not exist?

Re:Tax Dollars At Work

[elemnt14]

So say for instance that a person who acquires this PI license, while working on a computer that has been given to him to fix because it crashed or similar, finds "illegal" material. Does this new license grant him the ability to report the material, even though that was not his first intent? Does it fall under "unreasonable search and seizure" without a warrant?

Re:What's a crime? Well, how about this?

[argent]

I guess you don't know what the term "phishing" refers to, because what I described finding is exactly what I described looking for: a phishing web page.

According to this bill, if you believe that your website or a website you support has been compromised, you are not legally allowed to investigate that compromise because the compromise itself is a crime, and even looking to see how it happened so you can prevent it from happening again requires a PI license under the bill.

Re:Your Stupidity at Work.

[thrashee]

Fair enough regarding simply a hard drive failure. But as others have posted, if you're taking your computer in for virus checking, or any software-related issues, guess what....you ARE reviewing, analyzing, and investigating the content of data, aren't you?

As I've clarified in my other reply to your post, doing these activities for finding criminal intent is only ONE of FOUR factors that qualify. As I stated before, I firmly believe that loss of data falls under "loss of property". You may not, and that's fine, but I think it's foolish to summarily tell me that my interpretation of "loss of property" is wildly out of line with this law.

Ask yourself this: if it's so readily apparent that tech companies don't fall under these definitions, why did every single article referenced believe otherwise? And why did every computer company they interviewed feel the same? So magazines have blatantly misinterpreted this law, and companies (surely with lawyers) have misinterpreted this law, but you know for a fact that your interpretation is right.

Re:Your Stupidity at Work.

[Burz]

That law can easily be used to misconstrue an technician's intentions when repairing a machine.

Depending on how the prosecution/plaintiff wants to characterize the suspect technician(s) in each case, they can effectively make techs responsible for any data on any machine they serviced... whether or not they laid eyes on the data.

Why?

Because techs can't go through life censoring their actions/words such that they have nothing to do with any of the data on any of the systems they repaired. And computer forensics is not up to the task of dispelling suspicion, except in the rare case where the user has encrypted their data.

By such a law, we are held accountable for privacy breach when papers are left on the passenger seat sans envelope as soon as we test drive or pop the hood on the car. Those lawmakers are incompetent and erring on the side of their socio-economic class.

"My Word docs won't open", what used to be a cakewalk and a pleasure to remedy, is now an invitation to bear ridiculous levels of liability.

Stop spreading FUD. There are more important things to spend time on.

I say the incarceration rate of the nation, esp. Texas, is proof of a runaway police state with more opportunities to go on fishing expeditions and selectively throw the little guy into jail (or bankruptcy) than anyone can shake a stick at. The law these days usually IS interpreted too widely against independents and people of modest means... the easy targets.

Maybe the Texas legislature is spreading FUD, in this case with the Fear aimed squarely at IT pros. Become a part of their enforcement culture (at great expense), or else have that sword hanging over your head.

Re:What is an investigation

[DeanFox]

However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations. In fact, it could be taken to be as absurd as viewing the "private" page of someone on Myspace would be an investigation and thus a criminal offense.

Therein lies the rub. If it only takes the re-interpretation of a single word to turn this the law into a clusterfusk then it's a bad law IMHO. And, it will happen. Some high profile case involving protecting a child will re-interpret the original meaning of this law and the worst will happen.

Today the law is relatively harmless. How about 10 years from now? Was the DMCA ever meant to be used the way it is now? Who ever intended drug forfeiture laws to be used to confiscate a persons inheritance because they're traveling home from the funeral with it in cash?

Most laws are probably well intended. However, it only takes one zealous prosecutor to "interpret" the law to his advantage when he wants to make an example of someone. How about facing a felony computer trespassing / hacking charges because you broke the TOS of a website like MySpace by using a fake name as in the Meier's suicide case?

It's become that a person can't wake, go about their day and retire for the evening without comiting at least one felony throughout the day. And that's scares me.

-[d]-

Re:Should result in a nice price hike

[dirkbaztard]

This reminds me of when they started requiring HVAC personnel to be fully certified/licensed and to purchase 20K worth of gear to ensure freon did not escape into the atmosphere back in the early 90's. Much of the same speculation and fear ran through that industry, and it was one of the reasons I made the move to IT. Suddenly, things that had been done for years could not be done without a huge financial outlay by the people doing the job.
Now the end result of this (taking the environment out of the picture for the moment), was that a lot of independent and small shop HVAC techs went out of business, and the big HVAC outfits leveraged that into more business for themselves while attempting to get umbrella coverage. This umbrella would allow them to get the 20K worth of gear at better prices, get the techs certified, and pass those costs back to the public. And since they didn't have as much competition from the small shops, they could charge as much as the market would bear.
Several years later, as techs took advantage of the companies generosity in providing them with the certification, and the price of recovery systems has fallen, they have left the big boys to form independent and small shop HVAC repair shops. So it was big shake-out, in which some people got out of the business, some big companies got fat, and after a period of time the little guys got back in the picture.

If you look at this from the same perspective, you could see where some big box companies could parlay this into an opportunity to do the same thing. Independent techs can't afford the licensing? Hire them and put them through the course for certification. Hey, looks good on paper - earn while you learn, with a nice little clause that you would have to work for them for n years so they can recoup their investment.
Serves two purposes - kill off the small guys who compete for the same customers anyway, and up the bottom line for that business unit.
As for the criminal past thing - the last IT company I worked for did extensive background checks on everybody they hired. I'd wager that 4 out of 10 candidates never made it through the door because of those background checks. When, exactly, did IT become the safe-haven work environment of the criminal element? I thought most of those guys worked in the financial sector. But seriously, a lot of them would end up working for less than desirable wages at one of the big companies just to stay employed, and some would get out of IT altogether. Me, I just moved from working directly in the IT industry to doing IT work in an industry where there is still money to be made.