SANS Digital Forensics and Incident Response Blog

Texas PI Licensing Amendment

Yesterday on the GCFAmailing list, Rob Lee forwarded a message about a Texas House Bill that would amend the language in the Private Investigator Licensing statute that will affect computer forensic examiners. Some discussion ensued on the list as the language of the statute is not completely clear to mere mortals more comfortable converting hex values in master boot records than they are reading the law.

In the event you're in Austin and concerned, you can hurry down to the Technology, Economic Development and Workforce Committee meeting today and participate or listen in. Here are the details about the Committee meeting and sponsor of the Bill:

COMMITTEE: Technology, Economic Development & Workforce
TIME & DATE: 10:30 AM or upon final adjourn./recess, Tuesday, April 14, 2009
PLACE: E1.026
CHAIR: Rep. Mark Strama

The bill sponsor is: Rep. Ruth McClendon
Web email

Capitol Address
Room 4N.4, Capitol Building
Austin, TX 78701
(512) 463-0708
(512) 463-7071 Fax

District Address
403 South WW White Road
San Antonio, TX 78219
(210) 225-2107
(210) 333-7700 Fax

The Bill itself can be found here: http://www.legis.state.tx.us/tlodocs/81R/billtext/pdf/HB02564I.pdf.

In summary, Section 107.001 defines a Computer forensic analyst as "a person who acquires, reviews, makes images of, or analyzes digital or computer-based information for the purpose of obtaining or furnishing the information for evidentiary purposes in an actual or potential civil or criminal proceeding."

Section 107.002 states that a "statement of ownership" is required. Essentially, computer forensic analysts (and others defined in the bill) are required to obtain a statement of ownership from the owners of the systems they are examining or that the analysis has been authorized by a court or law enforcement agency. An exception is made for forensic analysts working on systems owned by their employers, so if you're on an internal forensics team and investigating a company owned machine, you won't need the statement of ownership.

Section 107.003 says these statements have to be kept on file for one year and made available to law enforcement with a court-ordered subpeona or search warrant. Violation of these sections is a misdemeanor.

Up to this point, the bill is fairly clear, at least to this untrained reader of the law. After this point, things are much less clear. Here is the remaining text of the Bill:

SECTION 2. Section 1702.104, Occupations Code, is amended
by amending Subsection (b) and adding Subsections (c) and (d) to
read as follows:
(b) Except as provided by Subsection (c) or (d), for [For]
purposes of Subsection (a)(1), obtaining or furnishing information
includes information obtained or furnished through the review and
analysis of, and the investigation into the content of,
computer-based data not available to the public.
(c) "Obtaining or furnishing information" does not include
obtaining or furnishing computer-based data by a computer forensic
analyst, as defined by Section 107.001, Business & Commerce Code,
which does not constitute an investigation for purposes of this
section and does not require licensing under this chapter.
(d) The repair or maintenance of a computer does not
constitute an investigation for purposes of this section and does
not require licensing under this chapter if the person performing
the repair or maintenance:
(1) is installing or repairing computer equipment or
diagnosing a computer or software problem; and
(2) is not furnishing information or securing evidence
described by Subsection (a)(1) or (2).
SECTION 3. This Act takes effect September 1, 2009.

The current "Occupation Code Chapter 1702. Private Security" law is available online at http://tlo2.tlc.state.tx.us/statutes/docs/OC/content/pdf/oc.010.00.001702.00.pdf. If someone out there can put the current law together with the proposed Bill and clearly spell out what the intention is, please chime in on the comments section.

2 Comments

Posted April 15, 2009 at 11:46 AM | Permalink | Reply

blackfistsecurity

I think that overall this is a good change that is being proposed. I put together my argument over on my own blog. I hate to be that guy that comes to someone else's blog to pimp his own, but it's just too long to put it all in a comments box. http://www.blackfistsecurity.com/2009/04/pi-license-for-forensic-work-in-texas.html

Posted April 20, 2009 at 12:22 PM | Permalink | Reply

pschmehl

This appears to be an attempt to amend the law passed last session and insert some rationality into it. Previously no one could do forensics independently without aligning themselves with a PI firm (which appeared to be an attempt by PI industry lobbyists to capture the forensics market.) In addition, under the law as written, it was questionable whether an independent firm doing computer repair work could do so without a PI license, which is the sort of insanity that politicians routinely inflict upon our ever more enslaved populace.
With these changes, at least Pete's Prompt Computer Service doesn't have to be a license PI firm before they can clean a virus off your home computer.