[Shacs] Texas legislation - PC Techs need PI certification?

Binkley, Jeremy JMBinkle at Central.UH.EDU
Fri Jul 11 15:52:57 CDT 2008 

"Is it illegal for me to merely ignore such a finding?"
 
Actually, it could be, depending on the nature of the material you discover.  There are statutes creating duties to report certain illegal conduct, but they generally concern things such as suspected child abuse and child porn and may be limited in applicability to persons meeting certain qualifications.  It would also be prudent to report such information because if you've worked on the computer and the owner later gets caught, he is very likely to point the finger at you as much as he can which may create costly problems for you.  (remember, it can often be VERY expensive to prove your innocence)

________________________________

From: shacs-bounces at shsu.edu on behalf of Ernesto Ongaro
Sent: Thu 7/10/2008 2:55 PM
To: Joshua Garvey
Cc: shacs at shsu.edu
Subject: Re: [Shacs] Texas legislation - PC Techs need PI certification?



Interesting...?
> if you "come into contact
> with personal or sensitive data" during repair you better have someone
> on your staff who can forensically collect any evidence of illegal
> behavior

Is there some sort of civil duty that I am responsible for if I run into someones stash of illegal material on their PC while
working on it?

Is it illegal for me to merely ignore such a finding?

On Thu, 2008-07-10 at 14:09 -0500, Joshua Garvey wrote:
> >From what I have read the Texas Rangers were pushing this as a few cases
> of child porn were thrown out because people from say Geek Squad or
> Firedog found the "evidence", copied it off an gave it to police. Data
> like that has to be forensically collected to be admisable in court.
> Without the original data, computer, etc... You see were this leads.
>
> So what the law is trying to prevent is evidence being thrown out
> because the people who collect evidence were not licensed to do so. I
> read the entire bill and it looks as though if you "come into contact
> with personal or sensitive data" during repair you better have someone
> on your staff who can forensically collect any evidence of illegal
> behavior.
>
> Not sure how I feel about this bill; its intention is good, but it will
> drive PC repair through the roof, and shut down small shops.
>
> Nate Ashe wrote:
> > It strikes me, jaded as I am, that bills don't turn into laws without
> > lobbyists pushing from the legislator's pockets (or ballot boxes)... so,
> > I would ask, who has a vested interest in this?  The people selling PI
> > licenses?  A competitor with political influence?  Someone who's using
> > these exploits for their own advantage (executive branch?), that doesn't
> > want to be discovered by someone that they can't track?  ... gah!
> > where's my tinfoil hat?!?!?
> >
> > I "investigate" stuff all the time... it's what I get paid to do:  make
> > it work.
> > Does running rootkit revealer, nmap, lanshark or using a spectrum
> > analyzer count as an "investigation"?
> >
> > I guess when I start seeing folks going to court for this, I'll start to
> > worry.
> >
> > Nate
> >
> > Kevin A. Estis wrote:
> >  
> >> OK, so I'm finally catching up on all my email and news feeds and came
> >> across this blurb in the SANS newsletter:
> >>
> >>  --Texas Law Requires Computer Technicians to Have PI Licenses
> >> (June 26, 208)
> >> The Institute for Justice has filed a lawsuit against the Texas Private
> >> Security Board because of a 2007 law that requires computer repair
> >> technicians to obtain government-issued private investigators' (PI)
> >> licenses.  Technicians could face both civil and criminal penalties if
> >> they take "any action that the government deems to be an
> >> 'investigation.'"  The definition of investigation is broad and includes
> >> many commonly performed repairs.  To obtain a license, computer repair
> >> shop owners would have to obtain a criminal justice degree or complete
> >> a three-year apprenticeship with a licensed PI. Consumers who knowingly
> >> use an unlicensed operation to conduct an "investigation" would also be
> >> subject to penalties.
> >> http://www.ij.org/first_amendment/tx_computer_repair/6_26_08pr.html
> >>
> >> [Editor's Note (Guest Editor, Rob Lee): Part of this suit began when
> >> Best Buy's Geek Squad was served a cease and desist letter for stating
> >> to customers that they can perform "computer forensics" to aid clients
> >> in discovering how they were compromised. Does this PI license
> >> requirement make sense to anyone?]
> >> (Northcutt): The State of Texas is putting the Geek Squad tag line to
> >> test, "There's nothing we haven't seen. Go ahead. Use us." This
> >> legislation goes beyond dumb. The Geek Squad's "forensics" would be to
> >> help the end users understand the errors they made that caused their
> >> systems to become compromised. One would think this is something
> >> government would want to support. I would be surprised if Best Buy
> >> doesn't hand Texas its hat.
> >> (Schultz): Hopefully, reason will prevail, and this nonsensical law will
> >> be repealed. Requiring a PI license to perform a computer repair just
> >> does not make sense.]
> >>
> >>
> >>
> >> --
> >> This signature was created on a Mac...therefore it should look better than
> >> other signatures but will cost you more and doesn't really work in the
> >> enterprise.
> >> Kevin Estis
> >> macinhack at shsu.edu
> >> _______________________________________________
> >> Shacs mailing list
> >> Shacs at shsu.edu
> >> http://lists.shsu.edu/mailman/listinfo/shacs
> >>  
> >>    
> >
> > _______________________________________________
> > Shacs mailing list
> > Shacs at shsu.edu
> > http://lists.shsu.edu/mailman/listinfo/shacs
> >  
>
> _______________________________________________
> Shacs mailing list
> Shacs at shsu.edu
> http://lists.shsu.edu/mailman/listinfo/shacs
--
Ernesto Ongaro

ETSZONE, Operations
713.559.1406

_______________________________________________
Shacs mailing list
Shacs at shsu.edu
http://lists.shsu.edu/mailman/listinfo/shacs


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shsu.edu/pipermail/shacs/attachments/20080711/9dc39c5f/attachment.html

More information about the Shacs mailing list