Even if this information was found in the normal course of fixing the computer, this evidence would be "illegal" to have been found by anyone other than a registered PI -- and anyone reporting it would be de-facto "admitting" they'd broken the law by "conducting a search".
So, if your TV repairman sees evidence that you have a meth lab, he's not allowed to report it?
Yep...I agree completely. While I don't necessarily agree with the law itself (for example, lab techs who do DNA analysis don't need to have PI licenses), the article is overblown and alarmist.
As far as I can read, the intent and wording is so that, if you are performing investigations as defined in (a), you have to have a license, even if you "just" get it from a computer. If you're only repairing or maintaining a system, you don't have to have a license.
I'm speaking from experience with Ohio's licensing system. Texas and Ohio are confusing government-speak, but if you understand the basic intent, it's much clearer. For example, if you read Section 16 in Texas's code, you see the jobs that don't require a PI license, even though they perform similar functions.
I had an experience in one of my jobs, and it was with a co-worker/subordinate:
So here it was, me as the head of the IT department for a Navy command, and the only military officer in the shop; everyone else was a civilian contractor.
After a couple of years, I was feeling very comfortable: Things were getting done, 90% of the users were happy, and I could answer most questions and problems within 30 minutes of the subject coming up, if not right away.
Then things started going down hill. People were getting frustrated, required maintenance wasn't being done, and the head contractor had screwed up and corrupted the entire mail system (had to spend a whole weekend getting it back.)
As time went on, things got worse, and I could never figure out how or why. I started getting acid reflux, couldn't sleep, and was wondering why it all seemed to go to hell.
It all came to a head when, after a particularly thorough chewing out by an unhappy user, one of the techs came and told me that the managing contractor (she of the corrupt email) had been going around behind my back telling everyone how screwed up I was and how everything was going to hell because I didn't know my ass from a hole in the ground.
(To be fair, she was under a lot of pressure; the company she was working for was planning on firing/"downsizing" to save money, and our 5 person shop was seen as a potential target. Unfortunately, she decided to push her own importance by cutting down me. Definitely passive-aggressive.)
Anyways, after checking out the sordid tale (just to make sure what I was being told was true), I went home, had a beer, talked to my wife, and then called my boss: Since you can fire the contractor, fire me. I explained that this conflict was hurting the command, and
a) She (the managing contractor) was right and I didn't deserve to run the IT department, or
b) She was wrong, and I didn't deserve to be treated this way.
Either way, I wasn't going to take this crap any more. (And yes, I did try to talk to the higher-ups about this, but all they could do was shrug and say "Sorry, we can't get rid of her.")
Boy, within 30 seconds of getting to work the next morning, everyone had heard about it! At least to me, most people were supportive, and said, "About time!" By mid-morning, the manager in question asked to talk to me privately, and started crying about humiliating this was. She also mentioned that she could get fired if this got back to corporate. All I said was that I couldn't help it; we couldn't seem to work together, and gave my reasons above.
Well, to make a long story short (I know...too late), the Wing commander called me in, chewed me out for not working out this problem myself (and probably rightfully so...), and then said to get my a$$ back to the job because no one else can do it. I said, "Aye-aye, sir!" and went back to work.
Things got better in the shop for a good while; I volunteered for a 6-month duty during the war, and when I got back, it didn't matter because I was getting out very soon.
Moral of the story: I don't know--you tell me if it makes any sense.
Network Admin: My job is hard; I want a raise. PHB: Why? Your job is so easy, an 11-year old can handle it! Network Admin:...sputters incoherently...
Every IT manager will have to live with this nightmare, until the Jedi really start getting a headache.
Obi-Wan: I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened.
Fair question, and I'll try to give a fair answer:
While difficult to ferret out, the Section 4749 basically boils down to this: You have to have about 2 years experience (more or less) in paid investigation, paid security, or both to apply for a license. Add on liability insurance, take a test, and you too can be a private investigator ("Work from your own home!!!!":-)
The Dept. of Homeland Security reviews the application for the test, certifies that the experience counts, and sets you up for a test. Pass the test, and you're in.
As for my thoughts, it's not actually too onerous or a sizable barrier. Ideally, it is a profession where you (attorney or client) would want someone to make sure that you don't get taken or permanently damaged (financially, legally, or publicly) by the work done. A good example is the HP case; licensed or not, the clients got (deservedly) screwed by the actions of the investigators.
Cynically, there is a lot of room on both sides of the argument. Does a test and a piece of paper make you a good investigator? What about manned/monitored network security services? The requirements seem biased toward former police officers; is this fair? What about South Carolina, requiring a license to even present evidence in court?
Overall, I think having a requirement is a Good Thing(tm), and Ohio is not too bad.
This is just my opinion. I might be suffering from "beaten child syndrome" ("That's how I was brought up, so it's good enough for them!") or simple greed ("I got my license now...raise the standards! We don't need no competition.")
(B) "Business of private investigation" means, except when performed by one excluded under division (H) of this section, the conducting, for hire, in person or through a partner or employees, of any investigation relevant to any crime or wrong done or threatened, or to obtain information on the identity, habits, conduct, movements, whereabouts, affiliations, transactions, reputation, credibility, or character of any person, or to locate and recover lost or stolen property, or to determine the cause of or responsibility for any libel or slander, or any fire, accident, or damage to property, or to secure evidence for use in any legislative, administrative, or judicial investigation or proceeding.
That is directly from the Ohio Revised Code, first section. Notice that the rest of the law says that you have to have a license to perform investigation work for hire. No, you don't need a license to look into things for yourself, but you do need a license to perform this kind of work for someone else for pay.
The distinction is important, because, as others have said, you do affect the public when you perform investigative work. You affect the target of the investigation, you affect your client, and you (can) directly affect the courts. That's the reasoning behind having a license in the first place.
Disclaimer/Notice/whatever...: IANAL, but I am a licensed private investigator in Ohio. I'm familiar with the laws governing my particular profession, and I (and my investigators) always work within those laws, both spirit and letter. It's much easier than going to jail.
Not flaming, and you've got a good point. However, I'm in the same boat as the previous, and my argument is that it's too damn expensive.
It's like chasing a drug habit: You start out with an A+ certification; then you need to get an MCP; then MCSE; then (if you're big into Linux) you go after your RH certs, and if you're a Java programmer, you start paying out the nose for Sun's paper...
I like IT because
I like to learn about a lot of different technologies.
I don't like being pigeon-holed.
With the right attitude, inventiveness, and Internet connection, you can set up just about anything you want with very little money.
The road to Certification-hood pretty much flies in the face of all those reason.
That is a good point, if true. (And, while TFA doesn't say, that could be an argument for it.)
For me, though, even that kind of reasoning can lead to flawed legislation. How many times on/. do you hear comments that can be boiled down to "Think of the children!", "Or the terrorists will win!", "It's for everyone's protection!", and so on?
These types of statements are often used to point out (intentionally or not) how an emotional urgency to "do the right thing" can lead to very, very regrettable results.
Like you said, this is/. "Cynicism" should be in the motto somewhere.
If by "forensic work" you mean autopsying a computer to figure out why/how/when it died or was compromised, then that could fall into your normal work. (Again, I'm talking from Ohio statutes; they leave that exception open. I think this was a reasonable exception, because lots of jobs require some "investigation" to find out what happened.)
If your client/company decides that they even might be filing criminal charges or a civil complaint, then they should, early on, consciously decide how they are going to proceed. If they want an airtight case, or prevent opposing counsel from ripping them and their evidence to tattered little pieces, they have to decide if an in-house investigation is sufficient.
Again, in my opinion (IANAL, blah-blah-blah), figuring out what's on a computer, what happened to it, and even how to prevent it could be considered "digital forensics" but also doesn't require an special licensing. If you start trying to track the people responsible, that's where you start to get into the realm of private investigation, and you should be aware of what your laws require.
As I said, IMHO, "digital forensics" is just like any other lab tech: Specialized knowledge and analysis capability, and an ability to prove your findings to an opposing expert, an attorney, or a court. Beyond that, the South Carolina law/bill seems to be creating an issue where there really shouldn't be one.
The usual, IANAL, this isn't legal advice, etc. etc...
However, I am a current, licensed private investigator in Ohio who happens to do digital forensics from time to time. So, I believe that I can shed some experience (or spread some BS) on this subject.
Private Investigation in Ohio is governed by Ohio Revised Code Chapter 4749. To summarize:
You have to be a licensed investigator to perform investigations for hire. (Meaning you get paid.)
The exceptions (and there are specific ones listed) boil down to a) insurance adjustors, arson inspectors, forensic accountants, etc., and b) it's part of your normal job (such as a network administrator tracking down a break-in. My example, not the law's.)
Anything you do for yourself is, well, for yourself, and doesn't require a license.
A lot of other states have a similar setup.
Now, without having read the actual proposed law in South Carolina (this is/., after all), I would say that it sounds like a bad idea. An investigator license is not a magic wand to say that you are an expert, and the summary makes it sound like having a PI license gives you almost automatic "expert witness" status. (From my IANAL point of view, that is a specific determination that the court has to make, and normally they don't take it lightly.
PI licenses are used to regulate who goes around snooping into other people's information. There are specific criminal penalties for performing investigation services, for hire, without a license; I believe that it keeps the people honest (in Ohio, Homeland Security oversees the licensing!), and prevents a lot of wasted time and money on some Magnum wannabe who ends up doing more damage to his clients cases/circumstances than good.
As far as I can tell, those who do purely "digital forensics" are the equivalent of DNA lab techs or fingerprint analysts: They perform a technical function whose methods and findings are narrow, reviewable, and (should be) reproducible. The aspect of "investigation" only comes in when you begin to track down names, background, places, and faces relevant to the process. Despite what CSI: Miami tries to put out, lab guys are not normally the folks interviewing the suspects and poking holes in alibis; they deal with facts and findings. (More like Abbie on NCIS.)
Which leads to the counter-proposal from the Nevada situation: If the courts already have a tried-and-true method of determining what an "expert witness" is, there really isn't a need for another licensing agency. Yes, courts can and do rely on licensing for some determinations, but again, they use experience, knowledge, reproducibility, and accepted methodology as real determining factors. That way, a medical license isn't an automatic "my opinion is indisputable" stamp.
I think South Carolina is either overreacting or trying to pay off a party contributor....but hey, what do I know? (Or, how could I find out?:-)
And yes, I realize that I said I "do computer forensics." Being a geek with a license, it's easier (and much faster and cheaper for the client) to do a forensic run-through myself than to hire it out to a lab every time. But I also know my own limitations, and quickly admit when/if I ever get over my head and need to call in the hard-core experts.
I was in the same position: Asked to come in as a technical consultant to look over the proposals for the electronic voting system to be used.
Again, it was "least deficient" when I made my final recommendation. ES&S at least tried to look like they were supplying a system that following the boilerplate RFP (Request for Proposals, a govt term meaning "I want a system to do this; waddaya got?"). One item that particularly stood out was the following:
RFP specified a three-tier database system. (For non-geeks, it means that the database and front-end GUI were separated by a third system that "translates" between what the user wants and what the system supplies.)
ES&S stated that theirs was a three-tier database system with "blah-blah-blah".
Diebold stated that their system was a "two-tier, three-tier, or n-tier system" depending upon the customer's setup.
Now, this is a geeky point of contention, but to me, it said that Diebold's marketing folks were just throwing in crap to make it sound like they were fulfilling the requirement. I recommended that Diebold should not be used because of their marketing double-speak.
(To finish up, I was told by the Election Board that they were already bound to a solution if they wanted funding: "If we don't buy the system the state wants, we won't get the funds to do the upgrade at all, and we will not be in compliance." Being that this was on Kenneth Blackwell's watch as Secretary of State, I wasn't surprised, only mildly disappointed.)
But, bad purchase aside, Scioto County, OH now uses optical scanners at each of the polling places. The voter gets immediate feedback on problems, and this point of contention never came up. (*chuckle* Not even going to touch all the other problems...)
As an Ohioan, my first question would be "What the fsck is going on up in Cleveland?!?" But, as a voter in these times, I am, again, only mildly disappointed.
LOL...I can see it now. The next court case will be Stallman, FSF, EFF, and a million GPL-code authors suing the MAFIAA for copyright violations because they haven't released the source code. And, all the arguments that the MAFIAA have made in court previously will be dropping on them like a ton of AOL cd mailers. BWAH-HA-HA-HA-HA!!!!!
To the language nazis out there: if the MAFIAA gets hoisted on their own copyright petard, is that irony?
As a former ASW (anti-submarine warfare) pilot, I would like to point out that, in 1998-2000, the Navy decided that "we don't need ASW to be a primary mission for the carrier." So, they assigned the carrier helos additional duty as an ASW platform ("They can handle anything inside 50 miles"), P-3s to take care of the long range stuff ("They're available"), and F/A-18s to do surface search ("They're always around, anyway").
Now, don't get me wrong, a helo can be an excellent ASW platform...if its crew is given time to train, if the carrier has enough of a "heads-up", and if they aren't doing plane-guard 90% of the time (hovering near the carrier to pick up an wrecked pilots.)
F/A-18s can't spend the time down low (they use too much gas and would rather drop bombs or shoot aircraft, not to mention that's a lot of work for one guy in a cockpit), P-3s are great, but there are only so many and they have a huge area to cover, and they have a big crew with lots of run-up for a mission...plus, they are usually based far away from where the carriers actually are. ("We just spotted a sub! Get your boys out there!" "Roger that, we'll be on station in 4 hours...")
Not being a bubblehead (submarine guy), I can't speak to any limitations on subs, but there are only so many, and a kamikaze diesel sub can and will cause a lot of tight sphincters on any ships in his area.
As the parent pointed out, no one has really tried to challenge the US for a long time, and we've gotten soft in this area (think ASW during WWII, mine warfare, brown water ops in Vietnam, etc, ad nauseum.) It usually takes either a big scare or a smoking hole in the water before anyone dusts off the old books and starts to really think about how the job needs to be done.
ASW is a highly-developed skill, and when you start to dismantle that skill, you suffer for a long time. If we haven't reversed those decisions to downgrade the ASW mission, maybe this will be an early enough wakeup call to undo the damage before someone decides that we're weak enough to slap us where it hurts.
It only takes one carrier with a hole it the side to win the public affairs war.
Background/Disclaimer: My experience was as an S-3 pilot, a carrier-based ASW aircraft. I've been out of the Navy for 3 years now, so all my points may be hopelessly out of date. On the other hand, I doubt the war on "terrah" has had any admirals sweating enemy subs, and people (as a group) don't really change, do they?
I've recently installed (and I'm maintaining) a Linux Terminal Server Project (LTSP) system for a medical office. Once you get around a few peculiarities, it works great.
Patient comes in and gets vitals checked and recorded in Room X on terminal X.
Patient then gets moved to Room Y with Terminal Y, where the doctor brings up the same records.
Doctor records findings and prints out necessary prescriptions on an local or remote printer, depending on need, speed, etc.
Records are available for any patient at any terminal.
Because the needs are very straightforward, and the same data must be available at all treatment rooms, LTSP was the ideal fit. Upgrades and maintenance are as easy as working on a single machine (but I can walk into any room to do them while the staff is still seeing patients!), and backups/security are a snap.
We recently added another terminal (but it could have been 5, 10, or 20), and all I had to do was unpack the machine, add the MAC of the new terminal to the server's configuration, and give the workstation a name. Voila! Instant access to all applications.
Speaking from my experience, LTSP is ideal for situations where everyone needs access to the same data, and you don't want multiple copies of (sensitive) files floating around.
As an aside, I had to write the record maintenance software from the ground up, and the total size is only 350K to tie all the normal Linux parts together.
In the book, Small Gods, the head of the Quisition (gathering up heretics and "purifying" them) has the secret key to making it work: That there is no depravity committed by a pychotic serial killer that cannot be replicated by a man just doing his job.
Paraphrasing is mine, but the idea is pretty much on point.
A little quote from your article - "The Blade found that despite an $87,568 federal grant to the Lucas County Board of Elections for "voter education and poll worker training . .." only $1,718.65 was spent from the grant." Now, I could be wrong, but do you maybe think that it might be because the people working the machines had no flipping clue as to what they were doing?
You're probably right, although I believe that the Diebold techs have just as much problem with education and training as the workers and voters.
For example: After the Board of Elections went the other way, I kept in touch with the County IT manager. According to him, the server was set up with no security, hooked directly to the internet, and wouldn't work for several weeks because it was misconfigured.
Then, after the system was in, the Board of Elections had to fight with Diebold to get any progress on setting up for the upcoming election. Apparently, Diebold didn't think that testing and training were that important.
After several different techs and managers from Diebold marched through the office with little progress, a guy finally shows up who seems to know what he's talking about...a subcontractor to Diebold who is "just following orders" and can't really do anything about the flaws that my friend keeps bringing up. (No offense to the subcontractor--his hands were probably tied by his contract.)
When things went to hell in a hand basket, no one was really surprised.
The website I quoted is obviously biased as hell against Diebold, but the story is accurate, and it doesn't even cover the more concrete, significant problems during the election (Paper ballots that the machine couldn't read (wrong size), no security on the barrels used to transport the paper and electronic votes, inadequate manpower to support the machines, etc.)
The article talks about memory cards and their problems, but there were about a dozen or more other problems with the setup, even disregarding the possibility of hacking.
Diebold has sold voting machines to Utah. Diebold is evil. They want to bully a poor innocent election clerk.
Funny as it sounds, that's exactly how it went here in my local county, and I was involved in the contracting process (A losing battle...word from "on high" was that you either choose Diebold or get no money from the state.) I pushed for another company because the Diebold submission was a load of technical crap.
And, best of all, nothing I've seen or read about since then (North Carolina, anyone?) has done anything to change my mind.
Slashdot Mirror
Even if this information was found in the normal course of fixing the computer, this evidence would be "illegal" to have been found by anyone other than a registered PI -- and anyone reporting it would be de-facto "admitting" they'd broken the law by "conducting a search".
So, if your TV repairman sees evidence that you have a meth lab, he's not allowed to report it?
Yep...I agree completely. While I don't necessarily agree with the law itself (for example, lab techs who do DNA analysis don't need to have PI licenses), the article is overblown and alarmist.
As far as I can read, the intent and wording is so that, if you are performing investigations as defined in (a), you have to have a license, even if you "just" get it from a computer. If you're only repairing or maintaining a system, you don't have to have a license.
I'm speaking from experience with Ohio's licensing system. Texas and Ohio are confusing government-speak, but if you understand the basic intent, it's much clearer. For example, if you read Section 16 in Texas's code, you see the jobs that don't require a PI license, even though they perform similar functions.
Just my two cents.
I had an experience in one of my jobs, and it was with a co-worker/subordinate:
So here it was, me as the head of the IT department for a Navy command, and the only military officer in the shop; everyone else was a civilian contractor.
After a couple of years, I was feeling very comfortable: Things were getting done, 90% of the users were happy, and I could answer most questions and problems within 30 minutes of the subject coming up, if not right away.
Then things started going down hill. People were getting frustrated, required maintenance wasn't being done, and the head contractor had screwed up and corrupted the entire mail system (had to spend a whole weekend getting it back.)
As time went on, things got worse, and I could never figure out how or why. I started getting acid reflux, couldn't sleep, and was wondering why it all seemed to go to hell.
It all came to a head when, after a particularly thorough chewing out by an unhappy user, one of the techs came and told me that the managing contractor (she of the corrupt email) had been going around behind my back telling everyone how screwed up I was and how everything was going to hell because I didn't know my ass from a hole in the ground.
(To be fair, she was under a lot of pressure; the company she was working for was planning on firing/"downsizing" to save money, and our 5 person shop was seen as a potential target. Unfortunately, she decided to push her own importance by cutting down me. Definitely passive-aggressive.)
Anyways, after checking out the sordid tale (just to make sure what I was being told was true), I went home, had a beer, talked to my wife, and then called my boss: Since you can fire the contractor, fire me. I explained that this conflict was hurting the command, and
Either way, I wasn't going to take this crap any more. (And yes, I did try to talk to the higher-ups about this, but all they could do was shrug and say "Sorry, we can't get rid of her.")
Boy, within 30 seconds of getting to work the next morning, everyone had heard about it! At least to me, most people were supportive, and said, "About time!" By mid-morning, the manager in question asked to talk to me privately, and started crying about humiliating this was. She also mentioned that she could get fired if this got back to corporate. All I said was that I couldn't help it; we couldn't seem to work together, and gave my reasons above.
Well, to make a long story short (I know...too late), the Wing commander called me in, chewed me out for not working out this problem myself (and probably rightfully so...), and then said to get my a$$ back to the job because no one else can do it. I said, "Aye-aye, sir!" and went back to work.
Things got better in the shop for a good while; I volunteered for a 6-month duty during the war, and when I got back, it didn't matter because I was getting out very soon.
Moral of the story: I don't know--you tell me if it makes any sense.
Wait until the PHBs hear about this one.
Network Admin: My job is hard; I want a raise. ...sputters incoherently...
PHB: Why? Your job is so easy, an 11-year old can handle it!
Network Admin:
Every IT manager will have to live with this nightmare, until the Jedi really start getting a headache.
After seeing the demo video, let me be the first to say:
I, for one, welcome our jack-booted but mute-or-telepathic, robotic-translation, 3 second-delay Overlords!
Fair question, and I'll try to give a fair answer:
While difficult to ferret out, the Section 4749 basically boils down to this: You have to have about 2 years experience (more or less) in paid investigation, paid security, or both to apply for a license. Add on liability insurance, take a test, and you too can be a private investigator ("Work from your own home!!!!" :-)
The Dept. of Homeland Security reviews the application for the test, certifies that the experience counts, and sets you up for a test. Pass the test, and you're in.
As for my thoughts, it's not actually too onerous or a sizable barrier. Ideally, it is a profession where you (attorney or client) would want someone to make sure that you don't get taken or permanently damaged (financially, legally, or publicly) by the work done. A good example is the HP case; licensed or not, the clients got (deservedly) screwed by the actions of the investigators.
Cynically, there is a lot of room on both sides of the argument. Does a test and a piece of paper make you a good investigator? What about manned/monitored network security services? The requirements seem biased toward former police officers; is this fair? What about South Carolina, requiring a license to even present evidence in court?
Overall, I think having a requirement is a Good Thing(tm), and Ohio is not too bad.
This is just my opinion. I might be suffering from "beaten child syndrome" ("That's how I was brought up, so it's good enough for them!") or simple greed ("I got my license now...raise the standards! We don't need no competition.")
IANAL, your mileage may vary.
That is directly from the Ohio Revised Code, first section. Notice that the rest of the law says that you have to have a license to perform investigation work for hire. No, you don't need a license to look into things for yourself, but you do need a license to perform this kind of work for someone else for pay.
The distinction is important, because, as others have said, you do affect the public when you perform investigative work. You affect the target of the investigation, you affect your client, and you (can) directly affect the courts. That's the reasoning behind having a license in the first place.
Disclaimer/Notice/whatever...: IANAL, but I am a licensed private investigator in Ohio. I'm familiar with the laws governing my particular profession, and I (and my investigators) always work within those laws, both spirit and letter. It's much easier than going to jail.
Not flaming, and you've got a good point. However, I'm in the same boat as the previous, and my argument is that it's too damn expensive.
It's like chasing a drug habit: You start out with an A+ certification; then you need to get an MCP; then MCSE; then (if you're big into Linux) you go after your RH certs, and if you're a Java programmer, you start paying out the nose for Sun's paper...
I like IT because
The road to Certification-hood pretty much flies in the face of all those reason.
That is a good point, if true. (And, while TFA doesn't say, that could be an argument for it.)
For me, though, even that kind of reasoning can lead to flawed legislation. How many times on /. do you hear comments that can be boiled down to "Think of the children!", "Or the terrorists will win!", "It's for everyone's protection!", and so on?
These types of statements are often used to point out (intentionally or not) how an emotional urgency to "do the right thing" can lead to very, very regrettable results.
Like you said, this is /. "Cynicism" should be in the motto somewhere.
Good point...which is why I believe that there is a mechanism in place, and that the proposed restriction is pointless, or even damaging.
If by "forensic work" you mean autopsying a computer to figure out why/how/when it died or was compromised, then that could fall into your normal work. (Again, I'm talking from Ohio statutes; they leave that exception open. I think this was a reasonable exception, because lots of jobs require some "investigation" to find out what happened.)
If your client/company decides that they even might be filing criminal charges or a civil complaint, then they should, early on, consciously decide how they are going to proceed. If they want an airtight case, or prevent opposing counsel from ripping them and their evidence to tattered little pieces, they have to decide if an in-house investigation is sufficient.
Again, in my opinion (IANAL, blah-blah-blah), figuring out what's on a computer, what happened to it, and even how to prevent it could be considered "digital forensics" but also doesn't require an special licensing. If you start trying to track the people responsible, that's where you start to get into the realm of private investigation, and you should be aware of what your laws require.
As I said, IMHO, "digital forensics" is just like any other lab tech: Specialized knowledge and analysis capability, and an ability to prove your findings to an opposing expert, an attorney, or a court. Beyond that, the South Carolina law/bill seems to be creating an issue where there really shouldn't be one.
The usual, IANAL, this isn't legal advice, etc. etc...
However, I am a current, licensed private investigator in Ohio who happens to do digital forensics from time to time. So, I believe that I can shed some experience (or spread some BS) on this subject.
Private Investigation in Ohio is governed by Ohio Revised Code Chapter 4749. To summarize:
- You have to be a licensed investigator to perform investigations for hire. (Meaning you get paid.)
- The exceptions (and there are specific ones listed) boil down to a) insurance adjustors, arson inspectors, forensic accountants, etc., and b) it's part of your normal job (such as a network administrator tracking down a break-in. My example, not the law's.)
- Anything you do for yourself is, well, for yourself, and doesn't require a license.
A lot of other states have a similar setup.Now, without having read the actual proposed law in South Carolina (this is /., after all), I would say that it sounds like a bad idea. An investigator license is not a magic wand to say that you are an expert, and the summary makes it sound like having a PI license gives you almost automatic "expert witness" status. (From my IANAL point of view, that is a specific determination that the court has to make, and normally they don't take it lightly.
PI licenses are used to regulate who goes around snooping into other people's information. There are specific criminal penalties for performing investigation services, for hire, without a license; I believe that it keeps the people honest (in Ohio, Homeland Security oversees the licensing!), and prevents a lot of wasted time and money on some Magnum wannabe who ends up doing more damage to his clients cases/circumstances than good.
As far as I can tell, those who do purely "digital forensics" are the equivalent of DNA lab techs or fingerprint analysts: They perform a technical function whose methods and findings are narrow, reviewable, and (should be) reproducible. The aspect of "investigation" only comes in when you begin to track down names, background, places, and faces relevant to the process. Despite what CSI: Miami tries to put out, lab guys are not normally the folks interviewing the suspects and poking holes in alibis; they deal with facts and findings. (More like Abbie on NCIS.)
Which leads to the counter-proposal from the Nevada situation: If the courts already have a tried-and-true method of determining what an "expert witness" is, there really isn't a need for another licensing agency. Yes, courts can and do rely on licensing for some determinations, but again, they use experience, knowledge, reproducibility, and accepted methodology as real determining factors. That way, a medical license isn't an automatic "my opinion is indisputable" stamp.
I think South Carolina is either overreacting or trying to pay off a party contributor....but hey, what do I know? (Or, how could I find out? :-)
And yes, I realize that I said I "do computer forensics." Being a geek with a license, it's easier (and much faster and cheaper for the client) to do a forensic run-through myself than to hire it out to a lab every time. But I also know my own limitations, and quickly admit when/if I ever get over my head and need to call in the hard-core experts.
I was in the same position: Asked to come in as a technical consultant to look over the proposals for the electronic voting system to be used.
Again, it was "least deficient" when I made my final recommendation. ES&S at least tried to look like they were supplying a system that following the boilerplate RFP (Request for Proposals, a govt term meaning "I want a system to do this; waddaya got?"). One item that particularly stood out was the following:
Now, this is a geeky point of contention, but to me, it said that Diebold's marketing folks were just throwing in crap to make it sound like they were fulfilling the requirement. I recommended that Diebold should not be used because of their marketing double-speak.
(To finish up, I was told by the Election Board that they were already bound to a solution if they wanted funding: "If we don't buy the system the state wants, we won't get the funds to do the upgrade at all, and we will not be in compliance." Being that this was on Kenneth Blackwell's watch as Secretary of State, I wasn't surprised, only mildly disappointed.)
But, bad purchase aside, Scioto County, OH now uses optical scanners at each of the polling places. The voter gets immediate feedback on problems, and this point of contention never came up. (*chuckle* Not even going to touch all the other problems...)
As an Ohioan, my first question would be "What the fsck is going on up in Cleveland?!?" But, as a voter in these times, I am, again, only mildly disappointed.
Yes...but the irony would be absolutely unbeatable!
On a more personal note, my Magic 8-Ball(tm) wins again! MWAH-HA-HA-HA-HA...*hack*..*cough*..
LOL...I can see it now. The next court case will be Stallman, FSF, EFF, and a million GPL-code authors suing the MAFIAA for copyright violations because they haven't released the source code. And, all the arguments that the MAFIAA have made in court previously will be dropping on them like a ton of AOL cd mailers. BWAH-HA-HA-HA-HA!!!!!
To the language nazis out there: if the MAFIAA gets hoisted on their own copyright petard, is that irony?
As a former ASW (anti-submarine warfare) pilot, I would like to point out that, in 1998-2000, the Navy decided that "we don't need ASW to be a primary mission for the carrier." So, they assigned the carrier helos additional duty as an ASW platform ("They can handle anything inside 50 miles"), P-3s to take care of the long range stuff ("They're available"), and F/A-18s to do surface search ("They're always around, anyway").
Now, don't get me wrong, a helo can be an excellent ASW platform...if its crew is given time to train, if the carrier has enough of a "heads-up", and if they aren't doing plane-guard 90% of the time (hovering near the carrier to pick up an wrecked pilots.)
F/A-18s can't spend the time down low (they use too much gas and would rather drop bombs or shoot aircraft, not to mention that's a lot of work for one guy in a cockpit), P-3s are great, but there are only so many and they have a huge area to cover, and they have a big crew with lots of run-up for a mission...plus, they are usually based far away from where the carriers actually are. ("We just spotted a sub! Get your boys out there!" "Roger that, we'll be on station in 4 hours...")
Not being a bubblehead (submarine guy), I can't speak to any limitations on subs, but there are only so many, and a kamikaze diesel sub can and will cause a lot of tight sphincters on any ships in his area.
As the parent pointed out, no one has really tried to challenge the US for a long time, and we've gotten soft in this area (think ASW during WWII, mine warfare, brown water ops in Vietnam, etc, ad nauseum.) It usually takes either a big scare or a smoking hole in the water before anyone dusts off the old books and starts to really think about how the job needs to be done.
ASW is a highly-developed skill, and when you start to dismantle that skill, you suffer for a long time. If we haven't reversed those decisions to downgrade the ASW mission, maybe this will be an early enough wakeup call to undo the damage before someone decides that we're weak enough to slap us where it hurts.
It only takes one carrier with a hole it the side to win the public affairs war.
Background/Disclaimer: My experience was as an S-3 pilot, a carrier-based ASW aircraft. I've been out of the Navy for 3 years now, so all my points may be hopelessly out of date. On the other hand, I doubt the war on "terrah" has had any admirals sweating enemy subs, and people (as a group) don't really change, do they?
Wookie version of midget porn?
Or, how about an old one?
Just a thought, but worrying about little guys with little bombs may make the city more vulnerable to bigger guys with big bombs.
Satan on phone:
"Steve, I told you that monkey-dance thing was fscked up! Now quit calling me!"
I've recently installed (and I'm maintaining) a Linux Terminal Server Project (LTSP) system for a medical office. Once you get around a few peculiarities, it works great.
Because the needs are very straightforward, and the same data must be available at all treatment rooms, LTSP was the ideal fit. Upgrades and maintenance are as easy as working on a single machine (but I can walk into any room to do them while the staff is still seeing patients!), and backups/security are a snap.
We recently added another terminal (but it could have been 5, 10, or 20), and all I had to do was unpack the machine, add the MAC of the new terminal to the server's configuration, and give the workstation a name. Voila! Instant access to all applications.
Speaking from my experience, LTSP is ideal for situations where everyone needs access to the same data, and you don't want multiple copies of (sensitive) files floating around.
As an aside, I had to write the record maintenance software from the ground up, and the total size is only 350K to tie all the normal Linux parts together.
In the book, Small Gods, the head of the Quisition (gathering up heretics and "purifying" them) has the secret key to making it work: That there is no depravity committed by a pychotic serial killer that cannot be replicated by a man just doing his job.
Paraphrasing is mine, but the idea is pretty much on point.
You're probably right, although I believe that the Diebold techs have just as much problem with education and training as the workers and voters.
For example: After the Board of Elections went the other way, I kept in touch with the County IT manager. According to him, the server was set up with no security, hooked directly to the internet, and wouldn't work for several weeks because it was misconfigured.
Then, after the system was in, the Board of Elections had to fight with Diebold to get any progress on setting up for the upcoming election. Apparently, Diebold didn't think that testing and training were that important.
After several different techs and managers from Diebold marched through the office with little progress, a guy finally shows up who seems to know what he's talking about...a subcontractor to Diebold who is "just following orders" and can't really do anything about the flaws that my friend keeps bringing up. (No offense to the subcontractor--his hands were probably tied by his contract.)
When things went to hell in a hand basket, no one was really surprised.
The website I quoted is obviously biased as hell against Diebold, but the story is accurate, and it doesn't even cover the more concrete, significant problems during the election (Paper ballots that the machine couldn't read (wrong size), no security on the barrels used to transport the paper and electronic votes, inadequate manpower to support the machines, etc.)
A broad outline of what happened to our state (and my county, Scioto County) because of Diebold machines is here. http://www.freepress.org/departments/display/19/20 05/1593
The article talks about memory cards and their problems, but there were about a dozen or more other problems with the setup, even disregarding the possibility of hacking.
Diebold has sold voting machines to Utah. Diebold is evil. They want to bully a poor innocent election clerk.
Funny as it sounds, that's exactly how it went here in my local county, and I was involved in the contracting process (A losing battle...word from "on high" was that you either choose Diebold or get no money from the state.) I pushed for another company because the Diebold submission was a load of technical crap.
And, best of all, nothing I've seen or read about since then (North Carolina, anyone?) has done anything to change my mind.
Yeah...but imagine a pr0n site designed around this one!!!
(Where can I get a third hand grafted on....?