Follow-up On Texas PI Law For PC Techs

boyko.at.netqos writes "Network Performance Daily has put out an in-depth series on the Texas law that requires private investigator licenses for computer repair techs, network analysts, and other IT professionals. It includes an interview with the author of the law, Texas Rep. Joe Driver, the captain of the Texas Private Security Bureau, RenEarl Bowie, and Matt Miller at the Institute for Justice, which is suing the state over the law. Finally, there's a series summary and editorial."

Follow-up On Texas PI Law

They haven't made it 3 again?

Re:Follow-up On Texas PI Law

It would be 3.2, because everything is bigger in Texas.

Re:Follow-up On Texas PI Law

[ibbey]

To bad you can't mod "-1 didn't get the joke".

Tax Dollars At Work

[thrashee]

We can't afford universal health care because imagine the tax dollars that would be spent; but we can pay for this kind of arbitration? And how exactly is having a PI license going to better the situation at hand, which is obviously that tech people can unethically snoop through customers' files? Does having a license magically make this ok? Does it somehow imply an agreement by the customer that their files are open for review, while without a license, this agreement does not exist?

Re:Tax Dollars At Work

[nurb432]

Its not about making things better, its about government control of yet another industry and increased taxes.

Re:Tax Dollars At Work

[elemnt14]

So say for instance that a person who acquires this PI license, while working on a computer that has been given to him to fix because it crashed or similar, finds "illegal" material. Does this new license grant him the ability to report the material, even though that was not his first intent? Does it fall under "unreasonable search and seizure" without a warrant?

Re:Tax Dollars At Work

[Penguinisto]

It doesn't, but the logic is supposed to go along the lines that (just example) if Joe GeekSquad does something dumb with your data, there's bigger repercussions at stake (e.g. Joe GeekSquad loses his bond, faces losing his license and thus his livelihood, etc etc).

Of course, it'll become a complete and utter state-sanctioned racket, just like realtor licensing and Bar (legal) licensing... you have to take certain classes, you have to pass certain tests, etc etc... all of which feeds a little cottage industry designed to teach and help certify (and here we all thought the Boot Camp was dead...)

I'm just curious as to how the frig they're ever going to enforce against those among us who build/support machines owned by family and friends.

/P

Re:Tax Dollars At Work

[dahitokiri]

If it does, I'm sure he'll be given retroactive legal immunity for it.

Re:Tax Dollars At Work

[AllIGotWasThisNick]

In Canada, you can make illegal recordings of illegal acts (eg. crack deal in a bathroom stall), and the recordings automatically become 'legal' for the purposes of admissibility as evidence.

Re:Tax Dollars At Work

[compro01]

I'm just curious as to how the frig they're ever going to enforce against those among us who build/support machines owned by family and friends.

Selectively.

Re:Tax Dollars At Work

[Amarok.Org]

Wrong. There's a concept in law whereby you can legally discover something without a warrant, if you were acting lawfully at the time.

Illegal search and seizure is a restriction placed on law enforcement. A licensed investigator is not. They are not bound by restrictions on law enforcement, nor are they bound by client/attorney privilege (unless they're working under the direction of an attorney).

If you're repairing a computer, and had a reasonable reason to look at the files, finding child porn and then reporting it is absolutely appropriate (and required by law).

You might have a case on some type of trespass law if you didn't have reason to look at the files, but it's not a violation of unlawful search.

If you're looking for a stolen document, it's perfectly permissible to find a stolen piano - it's in plain view. If you're looking for a stolen piano, you're going to have a lot of explaining to do if you find a stolen document.

Re:Tax Dollars At Work

[Baricom]

Speaking as an American who generally hates the way things are and likes the way Canadians do things, I can't say that I like this. Wouldn't that be a great justification for an illegal blanket wiretapping program, if it eventually led to the prevention of a terrorist attack?

Re:Tax Dollars At Work

[budgenator]

I've read the "offending" section and it's clear to me that the law is aimed at requiring computer forensics investigators to have a Private Investigator's license.

* (b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public. ...
Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators⦠[Text of law posted above.]

In fact this law seems to be a stake in the heart of the RIAA toady Media-Sentry or WTF they call themselves today.

Re:Tax Dollars At Work

[Amarok.Org]

Citation: http://tlo2.tlc.state.tx.us/statutes/docs/FA/content/htm/fa.005.00.000261.00.htm

Texas Family Code, Chapter 261, Subchapter B, Section 101.

Re:Should result in a nice price hike

[nurb432]

And i hope you are the first customer that gets to pay the extra amount.

There will also be bonding involved too, now that they will be liable. So tack on a few more bucks to your bill.

Oh, and since the IT guy charges more, his customers will have to charge a little more to recoup. So that hair cut goes up. ( among other small business services )

And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families.

Still feel good about having the government interfere?

Your Stupidity at Work.

[fm6]

Read. The. Fucking. Article. A computer tech only has to be a PI if they are searching a computer for evidence of a crime.

Re:Your Stupidity at Work.

[easyTree]

Read. The. Fucking. Article.

Never!

Re:Your Stupidity at Work.

[Todd+Knarr]

I did RTFA. And yes, the law was intended to work that way. Unfortunately, that's not what the law says. And since almost any work on a computer involves investigating data on that computer not accessible to the public (the user's firewall settings, for example, aren't available to the public), any such work falls under the "investigation" part and requires a PI license.

And the law will be enforced based on what it says, not on what anyone thinks it should have said instead.

Re:Your Stupidity at Work.

[Obfuscant]

I did RTFA. And yes, the law was intended to work that way. Unfortunately, that's not what the law says.

Yes, that IS what the law says. It is reasonably clear. If you are in the BUSINESS of investigating criminal acts, you need a PI license. Computer techs, unless working for a company that is in the BUSINESS of such investigation, are NOT in the business of investigating criminal acts.

That's what the author of the law said. That's what the licensing bureau chief said.

And since almost any work on a computer involves investigating data on that computer not accessible to the public (the user's firewall settings, for example, aren't available to the public), any such work falls under the "investigation" part and requires a PI license.

The section of the law that refers to "computer data not available to the public" applied only to the section of the law that defines who needs a license. It does NOT, by itself, create a new class of people who need a license. Looking at data "not available to the public" does not automatically mean you need a PI license. If you are not IN THE BUSINESS OF investigating the listed criminal or civil acts under the first section, it does not matter if what you are looking at is data "not available to the public".

The guy who enforces this law went as far as to say that a network tech who looks for a slowdown in performance and finds a virus or "theft of intellectual property" is NOT subject to this law, even though the virus may be the result of a criminal act, or the IP theft result in civil litigation.

The guy who wrote the law says computer techs are not required to have a PI license. The guy who enforces the law says they are not required to have a PI license. The LAW lists who is required to have a PI license, and "computer repair tech" is NOT in that list.

This is a publicity stunt to get money for this new institute, trying to scare people into giving them money to defend against something that a simple reading of the law -- the WHOLE law and not just one sentence -- would tell them doesn't apply to them.

And the law will be enforced based on what it says, not on what anyone thinks it should have said instead.

The person who is responsible for enforcing the law has said how it will be enforced, and people who repair computers are NOT on the list.

Stop spreading FUD. There are more important things to spend time on. There is no story here.

Re:Your Stupidity at Work.

[Obfuscant]

Actually, none of the bill you just quoted states anything about WHY the data is being reviewed or analyzed...

YES, IT DOES. Yes, I'm shouting. Stop ignoring the section of the law specifically referred to by the "data not available to the public" clause. "For the purposes of" a specific section means that applies ONLY TO THAT SECTION.

Sec. 1702.104. INVESTIGATIONS COMPANY. (a) A person acts as an investigations company for the purposes of this chapter if the person: (1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to: (A) crime or wrongs done or threatened against a state or the United States; (B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; (C) the location, disposition, or recovery of lost or stolen property; or (D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property;

THAT is a list of the reasons relevant to the collection of the data mentioned in:

(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.

The law speaks about being, first, IN THE BUSINESS OF investigating, not the business of repairing broken computers. Second, it lists the things being investigated. "Why this computer crashed" is NOT in that list. It doesn't matter if the answer is "because the owner clicked on a malware-loaded kiddie porn site", because the computer repair tech is not trying to learn if the owner clicked on a malware-loaded kiddie porn site or not, he's looking for why the computer crashed.

IF you are IN THE BUSINESS of investigating the list of crimes or civil infractions listed in the law, AND you are recovering, analyzing, AND INVESTIGATING computer data that is not available to the public towards THAT END, you need a PI license. Anything else is NOT covered by this law.

THAT is what the author says, that is what the enforcer says. End of story.

Re:Your Stupidity at Work.

[ptbarnett]

Someone took a piece of the bill, misunderstood it's meaning.

No, you read the bill incorrectly: the misunderstanding is yours.

It's a bit mis-formatted, so you missed which section (a)(1) it was referring to.

The correct reference is:

Sec. 1702.104. INVESTIGATIONS COMPANY.

(a) A person acts as an investigations company for the purposes of this chapter if the person:

(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to:

(A) crime or wrongs done or threatened against a state or the United States;

(B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person;

(C) the location, disposition, or recovery of lost or stolen property; or

(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property;

[....]

(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.

If you don't believe me, look at the statute, as amended:

http://tlo2.tlc.state.tx.us/statutes/docs/OC/content/htm/oc.010.00.001702.00.htm#1702.104.00

Subsection (a)(1)(B) casts a really wide net, when combined with the subsection (b) that was added. It's basically defining what constitutes an "investigations company", and a literal interpretation of the law as written could apply to a lot of people that aren't investigating a crime.

Yes, I know the state agency says that wasn't the intention. But, they didn't write the law. And while there are legal doctrines that provide some protection (look up "equitable estoppel"), it can be an expensive day in court to prove you were not breaking the law.

Re:Your Stupidity at Work.

[muridae]

And the simple fact that we are expected to take their word for 'how the law will be enforced' is a problem all by it self.

What, really, stops them from saying that it won't affect Joe Geeksquad, and then realising that there is money to be made by licensing every computer geek? I agree, that 'investigator' has a legal meaning that is not what the populus expects, and that this law probably won't be targeting repair geeks. However, if the law is only understandable to those creating it, what makes sure that the people enforcing it also understand it?

What is an investigation

[AK+Marc]

It's simple. If you are investigating a network problem and run across a criminal act, then you are not an investigator. If you are suspecting that there is a virus (a criminal act) and are trying to track down who has the virus, you are not an investigator. If you suspect a virus and you are trying to track down the person who created it in order to testify against them in court, then you are an investigator. What is confusing is what we do all the time. We play with words that have specific meanings for us that don't mean the same to all people. "Hacker" vs "cracker" or any of the other examples where the definition and common use don't match up. They mean "investigator" in the sense not of someone who investigates things, but in the sense of investigating suspected criminal activity in order to aid in the prosecution of a person. From the statements of those that made and enforce the law, even sending in your child's computer to have it "investigated" for porn, chat records, browser cache, whatever isn't an investigation. For one, there is no suspected criminal activity. For another, even if found, there is no desire to use that to prosecute them. The person going through the hard drive is not "investigating" the computer, but is instead gathering and passing along data.

However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations. In fact, it could be taken to be as absurd as viewing the "private" page of someone on Myspace would be an investigation and thus a criminal offense. So, there is nothing controversial about the law as currently clarified by those involved in writing and enforcing it, however, with only the change in the definition of a single word to a more common usage of it, it becomes something that makes a large number of regular activities (not even just repair, but just use) illegal without a PI license.

Re:What is an investigation

[DeanFox]

However, the law is written such that if "investigation" were to take on the vernacular, then nearly all activities computer-related could be considered investigations. In fact, it could be taken to be as absurd as viewing the "private" page of someone on Myspace would be an investigation and thus a criminal offense.

Therein lies the rub. If it only takes the re-interpretation of a single word to turn this the law into a clusterfusk then it's a bad law IMHO. And, it will happen. Some high profile case involving protecting a child will re-interpret the original meaning of this law and the worst will happen.

Today the law is relatively harmless. How about 10 years from now? Was the DMCA ever meant to be used the way it is now? Who ever intended drug forfeiture laws to be used to confiscate a persons inheritance because they're traveling home from the funeral with it in cash?

Most laws are probably well intended. However, it only takes one zealous prosecutor to "interpret" the law to his advantage when he wants to make an example of someone. How about facing a felony computer trespassing / hacking charges because you broke the TOS of a website like MySpace by using a fake name as in the Meier's suicide case?

It's become that a person can't wake, go about their day and retire for the evening without comiting at least one felony throughout the day. And that's scares me.

-[d]-

Over Reaction

[twiddlingbits]

Follow the links and read the law yourself. The context is PC Techs in the Forensics or Private Security business domains, NOT PC Techs in general. The Geek Squad at Best Buy isn't going to have to get PI Licenses nor is Joe Coder but the techs at Joes PI and Divorce Lawyer Shack would if he ever wants to do any work involving electronic media containing private info. For instance if your wife wants to know the details of your Porn collection as part of the divorce her PI or lawyer would need licensed techs. That's not a bad thing. But it's just going to drive legal costs up which will have an effect (small) on other prices. Reading the law I'm not sure if a corporate internal fraud or forensic techs (to find out about your MP3 collection on the work SAN) or those performing consulting services will need licenses or not. Probaby not as one clause in the license allows work to be supervised by a license holder so that may be the loophole. Just make sure your Chief Security Officer has a PI license. I agree the law needs some clarification but that can be left to the discretion of the court as to what the intent was (risky move) or someone can lobby the Texas legislature to update the law. In the meantime I seriously doubt anyone is going to be rushing to apply the law to everyone who MAY do PC work.

Re:Should result in a nice price hike

[corbettw]

And don't forget the IT guys that cant get bonded due to a shady past but are technically competent who will turn to crime to feed their families.

Are you seriously speculating on back alley disk defragmentation? What's next, a poster showing a PC tech laying on the ground with a busted PC next to him, and the phrase "NEVER AGAIN" underneath?

Texas PI License requirements create Mobius loop

[Ruthless+Evolution]

Being located in Texas working for an organization as the CSO/CISO with 24+ years experience in the computer industry doing nearly every job including CIO, earned my CISSP/ISSAP/ISSMP in 2000, pro bono work for the Dept of Homeland Security and directing a team of IS, network and infosec professionals, I am concerned about the ramifications of this new law. By one interpretation, my teams would be indemnified while doing their forensics and analysis work if I am licensed as a PI in Texas. Although a burden none of us particularly wants, I began researching what is necessary for the license. From what I have been able to find, I can apply for the license, however it requires a "Company Name and License Number"; basically requiring me to be employed by a licensed investigations company to apply. Additionally, to qualify for a "manager" PI license, I need to maintain supervisory employment with a sponsoring licensed investigations company on a "daily basis" or forfeit my license. So, to act as a manager overseeing the forensic, investigative and analysis activities of my PC techs, network engineers, developers, and certified infosec employees (many of whom are ex-military intelligence), I must hold a Texas manager PI license; however I cannot work for a non-investigative company to maintain that license or even obtain an individual PI license. A legal Mobius loop created by a clueless "insurance salesman" that repeatedly states that the issues this creates are beyond his comprehension running the Texas State committee on law enforcement as a state representative. Very frustrating.

Re:Should result in a nice price hike

[coolsnowmen]

back alley disk defragmentation...

heh, that image cracks me up.

Hooded seller: "You disk is in order, your seektimes should be better"

Hodded buyer: "Thanks man, your a f* lifesaver"

Hodded seller: "if anyone body asks, you don't know me. You mention my name to anyone, we never do business again. Not for malware, or a browser upgrade"

Re:Should result in a nice price hike

[Lodragandraoidh]

.Even if we disagree with it, if the majority of people want it, then they are correct to legislate it, provided it doesn't violate the State and US Constitutions.

There - I fixed it for you. Majority rule does not mean minority subjugation.

I-75

[falconwolf]

I work for one of the many telecom companies along I-75 in Dallas

Sorry but I-75 runs between Michigan and Florida and comes no where near Texas. I've lived in both states and have traveled the whole thing a number of tymes. What's in Dallas maybe something75 but not I-75 ("I" meaning Interstate and part of the interstate highway system).

Falcon