In this day of MySpace, FaceBook, and GMail, digging up dirt on someone takes little more than guessing the name of their dog. Private Investigators, who long to return to the good old days of going through someone’s trash, staking out a house while leaving the tell-tale pile of cigarette butts, and wearing jackets with elbow patches, find that as more and more people move their “dirt” online, their breed of investigation is dying out.
In an attempt to regulate this obsolescence, the Texas Private Security Bureau, lobbied heavily by Private Investigator interests, has passed into law an update to the Private Security Act (HB 2833) which brings computer investigations under the umbrella of investigations that would require a private investigator license. Here is a section of bill in question, the new addition that affects computer investigations in bold:
Sec. 1702.104. INVESTIGATIONS COMPANY.
(a) A person acts as an investigations company for the purposes of this chapter if the person:
(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to: [...]
(B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; [...]
(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property; [...]
(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.
This text is written so broadly that it could mean just about anything. For example, if a PC Tech looks through a mother’s private computer (computer-based data not available to the public) to find out where her son has been online (the habits [...] of a person), then he has performed an investigation. Very obvious non-investigatory actions like installing a wireless network, installing a hardware upgrade, performing a system tune up, or setting up a home theater system would not fall under the scope of the law; but nearly everything else is in a gray area. When approached for a clarification of the law, the Texas Private Security Bureau held up the overreaching scope of the law. This is the partial text of their opinion; the full PDF is linked here:
We understand the term “computer forensics” to refer to the analysis of computer-based data, particularly hidden, temporary, deleted, protected or encrypted files, for the purpose of discovering information related (generally) to the causes of events or the conduct of persons.
They are saying here that the above scenario of a mother attempting to find out the conduct of her son would run afoul of this law. If a PC repair customer got a virus and wanted to know why they did, the analysis of their browser history, temporary files, and hidden virus files would constitute an investigation and telling the customer how or why they got a virus infection would constitute the delivery of a report on this investigation. The TSB’s report goes on to put computer repair techs on notice and warn them and their customers of the penalties of violating this law.
Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators.
Please be aware that providing or offering to provide a regulated service without a license is a criminal offense. TEX. OCC. CODE §§1702.101, 1702.388. Employment of an unlicensed individual who is required to be licensed is also a criminal offense. TEX. OCC. CODE §1702.386.
The penalty for performing investigations without a license is up to one year in jail and $14,000 in fines and penalties. Not only would I, or any PC repair tech, be liable, the customer would also be liable and would face the same penalties.
What makes this bill even more fun is that it was lobbied for exclusively by private investigator interest groups, surely under the specious claim of “protecting consumers”, and not one computer repair technician was asked for comment. The list of “witnesses” to this bill are listed here and here. Notice anything about the makeup of the witnesses?
So, now that many actions of Texas computer repair and service companies would require a PI license, now what? Surely a PI license is a simple matter of taking a test or paying a small fee? I’m afraid not. From their registration website, the Texas Private Security Bureau states the following requirements
- three years of investigative experience or a bachelors degree in criminal justice for investigations company license
- two consecutive years of legally acceptable experience in the guard company business
- successful completion of a two-hundred-question examination testing ability of the manager applicant to operate the guard company under the provisions of the statute regulating them
- criminal background check
- submitting fingerprints to have on file with the FBI
- ~$500 in registration fees, subscription fees, application fees, and fingerprint fees, payable yearly
These requirements would necessitate either Texas PC repair techs to close up shop for 3 years while completing an apprenticeship or to pursue an irrelevant college degree. On top of the hefty fees, this makes licensing a tough pill to swallow.
As with any law, exceptions exist, and one loophole is that a large repair shop, like the Geek Squad, would only be required to have one “full” private investigator on staff, and the other techs can simply have PI licenses bought for them ($500 per head per year) without needing to have the degree or apprenticeship. This makes the law doubly confusing as the ones who will be doing the sensitive data work will not actually need to have the mandated training or experience.
I have been contacted by a law firm who wishes to sue the state of Texas in order to get this law repealed or its scope narrowed significantly. I will be updating this blog with the progress of this situation, and hopefully PC Techs in Texas can come out clean.
UPDATE: I am proceeding with a lawsuit against the state of Texas to have this law repealed or changed. Please see this post for more information and updates.