KHOU Interviews Citronix Tech Services

I did an interview with KHOU the other day for a piece on the lawsuit mentioned earlier and how it was progressing. They were at my lab for an hour or so and ended up using about 15 seconds of footage.

Like the video says, computer repair work isn’t the most glamorous work, but it’s what I love to do. Give me a call and I’ll show you!

Link to the news article: New law may require computer techs to be private investigators
Link to the video footage: KHOU Video

Here’s another quick picture someone at IJ snapped of me outside the Austin courthouse. I felt bad for everyone out there in wool suits, the linen was very nice to me that day.

David Norelid outside the Austin courthouse looking dapper

Citronix Tech Services and the Institute for Justice sue Texas

I was in Austin last week with Mike Rife of AustinPCTech and Thane Hayhurst of iTalent Consulting Group and we filed a lawsuit, with the help of the Institute for Justice (IJ), against the State of Texas for a law they recently passed requiring computer repair technicians to hold private investigator’s licenses for a lot of the computer work we do. I wrote about the law a month ago and will spare you the details here.

In short, the state of Texas passed a law that would computer repair technicians to have a private investigator’s license to perform many kinds of computer work. The license requires a criminal justice degree or a 3 year apprenticeship, and failure to comply carries a penalty of up to one year in prison and $14,000 in fines for both the repair tech and the customer. Requiring computer repair technicians to hold these licenses would put many smaller repair shops out of business.

With the help of IJ, Rife, Hayhurst, a PC repair customer, and I are suing the state of Texas to have the law repealed or have its scope restricted.

Here are some links to news and articles about this case on TV and around the web:

If you find any other coverage of this on the web, please post it in the comments. I’d love to see it. As always, I’ll be updating this blog with news as it happens, so check back regularly, or subscribe to the RSS feed!

Magnum, P.C.
“Magnum PI? More like Magnum PC, get my lawyer on the phone!”

Texas PIs Try to Legislate Themselves Out of Obsolescence, PC Techs Under Fire

In this day of MySpace, FaceBook, and GMail, digging up dirt on someone takes little more than guessing the name of their dog. Private Investigators, who long to return to the good old days of going through someone’s trash, staking out a house while leaving the tell-tale pile of cigarette butts, and wearing jackets with elbow patches, find that as more and more people move their “dirt” online, their breed of investigation is dying out.

In an attempt to regulate this obsolescence, the Texas Private Security Bureau, lobbied heavily by Private Investigator interests, has passed into law an update to the Private Security Act (HB 2833) which brings computer investigations under the umbrella of investigations that would require a private investigator license. Here is a section of bill in question, the new addition that affects computer investigations in bold:


(a) A person acts as an investigations company for the purposes of this chapter if the person:

(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to: […]

(B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; […]

(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property; […]

(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.

This text is written so broadly that it could mean just about anything. For example, if a PC Tech looks through a mother’s private computer (computer-based data not available to the public) to find out where her son has been online (the habits […] of a person), then he has performed an investigation. Very obvious non-investigatory actions like installing a wireless network, installing a hardware upgrade, performing a system tune up, or setting up a home theater system would not fall under the scope of the law; but nearly everything else is in a gray area. When approached for a clarification of the law, the Texas Private Security Bureau held up the overreaching scope of the law. This is the partial text of their opinion; the full PDF is linked here:

We understand the term “computer forensics” to refer to the analysis of computer-based data, particularly hidden, temporary, deleted, protected or encrypted files, for the purpose of discovering information related (generally) to the causes of events or the conduct of persons.

They are saying here that the above scenario of a mother attempting to find out the conduct of her son would run afoul of this law. If a PC repair customer got a virus and wanted to know why they did, the analysis of their browser history, temporary files, and hidden virus files would constitute an investigation and telling the customer how or why they got a virus infection would constitute the delivery of a report on this investigation. The TSB’s report goes on to put computer repair techs on notice and warn them and their customers of the penalties of violating this law.

Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators.


Please be aware that providing or offering to provide a regulated service without a license is a criminal offense. TEX. OCC. CODE §§1702.101, 1702.388. Employment of an unlicensed individual who is required to be licensed is also a criminal offense. TEX. OCC. CODE §1702.386.

The penalty for performing investigations without a license is up to one year in jail and $14,000 in fines and penalties. Not only would I, or any PC repair tech, be liable, the customer would also be liable and would face the same penalties.

What makes this bill even more fun is that it was lobbied for exclusively by private investigator interest groups, surely under the specious claim of “protecting consumers”, and not one computer repair technician was asked for comment. The list of “witnesses” to this bill are listed here and here. Notice anything about the makeup of the witnesses?

So, now that many actions of Texas computer repair and service companies would require a PI license, now what? Surely a PI license is a simple matter of taking a test or paying a small fee? I’m afraid not. From their registration website, the Texas Private Security Bureau states the following requirements

  • three years of investigative experience or a bachelors degree in criminal justice for investigations company license
  • two consecutive years of legally acceptable experience in the guard company business
  • successful completion of a two-hundred-question examination testing ability of the manager applicant to operate the guard company under the provisions of the statute regulating them
  • criminal background check
  • submitting fingerprints to have on file with the FBI
  • ~$500 in registration fees, subscription fees, application fees, and fingerprint fees, payable yearly

These requirements would necessitate either Texas PC repair techs to close up shop for 3 years while completing an apprenticeship or to pursue an irrelevant college degree. On top of the hefty fees, this makes licensing a tough pill to swallow.

As with any law, exceptions exist, and one loophole is that a large repair shop, like the Geek Squad, would only be required to have one “full” private investigator on staff, and the other techs can simply have PI licenses bought for them ($500 per head per year) without needing to have the degree or apprenticeship. This makes the law doubly confusing as the ones who will be doing the sensitive data work will not actually need to have the mandated training or experience.

I have been contacted by a law firm who wishes to sue the state of Texas in order to get this law repealed or its scope narrowed significantly. I will be updating this blog with the progress of this situation, and hopefully PC Techs in Texas can come out clean.

UPDATE: I am proceeding with a lawsuit against the state of Texas to have this law repealed or changed. Please see this post for more information and updates.

TECH NOTE: How to Update Your AntiVirus Software

When one talks about antivirus definition updates, one usually speaks in terms of Manual and Automatic updates. A manual update is performed by going to the antivirus vendor’s website, downloading the definitions, and then either installing them by running a program or just placing them in your antivirus software’s definition directory. Antivirus software that automatically updates would download new definitions automatically on a set schedule, once a day or once a week, for example. Most antivirus software is pretty straightforward when it comes to Automatic updating. They will almost always come preconfigured for automatic updates, so they are mostly “set and forget” sort of solutions.

This is no way to make money, however. Due to the nature of ever-evolving virus threats, virus definitions are outdated within days of their release, necessitating some sort of a constantly updating definition system. The major antivirus companies have turned antivirus protection from a software to a service. They do this by selling you “subscriptions” or “licenses” to use the software. This means that when your subscription is finished, you will stop getting updates. That is why it is so important to stay on top of your subscriptions and make sure they don’t run out.

As sort of a follow-up to last week’s post, I went around and compiled links to all the antivirus products I could find. From this comprehensive set of links, you should be able to find the updates to the program you run on your computer. Some of the products can only be updated from within the program itself, meaning that you can’t download the definitions manually. I’ve made a note of those that are only updated manually.

If I missed on that you would like me to find the update link for, then please let me know.

Anti Virus Updates

Name of Antivirus Product Update Link
avast! Professional Edition Click Here for the Update
AVG Anti-Virus Click Here for the Update
AVIRA AntiVir Personal Edition Click Here for the Update
BitDefender Professional Plus Click Here for the Update
Dr.Web for Windows Click Here for the Update
eScan Anti-Virus Click Here for the Update
ESET NOD32 Anti-Virus Only from within program*
Fortinet FortiClient Only from within program*
F-Prot for Windows Only from within program*
F-Secure Anti-Virus Click Here for the Update
G DATA AntiVirusKit (AVK) Only from within program*
Kaspersky Anti-Virus Click Here for the Update
McAfee VirusScan Click Here for the Update
Microsoft OneCare Only from within program*
Norman Virus Control Click Here for the Update
Symantec Norton Anti-Virus Click Here for the Update
TrustPort Antivirus Workstation Click Here for the Update

TECH NOTE: Is Your Antivirus Software Updating Properly?

You don’t know how sad it makes me to see things like this

Expired Norton Antivirus

This client’s copy of Norton Internet Security expired over a year ago, meaning that for a whole year it has been running with old virus definitions. Why are virus definitions important? Well, image that a virus definition is like a word definition in that it helps you identify the word/virus and what it does. Now imagine that you’re a foreign student traveling in America with a travel dictionary (our virus definitions) from the year 1654. Those word definitions (virus definitions) are terribly out of date, so there’s no chance that you’re going to be able to pick up new words (new viruses) like rollerblade and crunk. Granted, words like rollerblade and crunk may only hurt our feelings, but an undetected virus can do so much more damage!

Many modern PC makers will bundle trial versions of anti-virus products with a computer that will only last 90 days before expiring. This can be even worse than having no anti-virus at all because you might think that you are protected when you actually aren’t.

Please take a few minutes today to make sure that your anti-virus software is updated and running correctly.