Yesterday on the GCFA mailing list, Rob Lee forwarded a message about a Texas House Bill that would amend the language in the Private Investigator Licensing statute that will affect computer forensic examiners. Some discussion ensued on the list as the language of the statute is not completely clear to mere mortals more comfortable converting hex values in master boot records than they are reading the law.
In the event you're in Austin and concerned, you can hurry down to the Technology, Economic Development and Workforce Committee meeting today and participate or listen in. Here are the details about the Committee meeting and sponsor of the Bill:
COMMITTEE: Technology, Economic Development & Workforce
TIME & DATE: 10:30 AM or upon final adjourn./recess, Tuesday, April 14, 2009
PLACE: E1.026
CHAIR: Rep. Mark Strama
The bill sponsor is: Rep. Ruth McClendon
Web email
Capitol Address
Room 4N.4, Capitol Building
Austin, TX 78701
(512) 463-0708
(512) 463-7071 Fax
District Address
403 South WW White Road
San Antonio, TX 78219
(210) 225-2107
(210) 333-7700 Fax
The Bill itself can be found here: http://www.legis.state.tx.us/tlodocs/81R/billtext/pdf/HB02564I.pdf.
In summary, Section 107.001 defines a Computer forensic analyst as "a person who acquires, reviews, makes images of, or analyzes digital or computer-based information for the purpose of obtaining or furnishing the information for evidentiary purposes in an actual or potential civil or criminal proceeding."
Section 107.002 states that a "statement of ownership" is required. Essentially, computer forensic analysts (and others defined in the bill) are required to obtain a statement of ownership from the owners of the systems they are examining or that the analysis has been authorized by a court or law enforcement agency. An exception is made for forensic analysts working on systems owned by their employers, so if you're on an internal forensics team and investigating a company owned machine, you won't need the statement of ownership.
Section 107.003 says these statements have to be kept on file for one year and made available to law enforcement with a court-ordered subpeona or search warrant. Violation of these sections is a misdemeanor.
Up to this point, the bill is fairly clear, at least to this untrained reader of the law. After this point, things are much less clear. Here is the remaining text of the Bill:
SECTION 2. Section 1702.104, Occupations Code, is amended
by amending Subsection (b) and adding Subsections (c) and (d) to
read as follows:
(b) Except as provided by Subsection (c) or (d), for [For]
purposes of Subsection (a)(1), obtaining or furnishing information
includes information obtained or furnished through the review and
analysis of, and the investigation into the content of,
computer-based data not available to the public.
(c) "Obtaining or furnishing information" does not include
obtaining or furnishing computer-based data by a computer forensic
analyst, as defined by Section 107.001, Business & Commerce Code,
which does not constitute an investigation for purposes of this
section and does not require licensing under this chapter.
(d) The repair or maintenance of a computer does not
constitute an investigation for purposes of this section and does
not require licensing under this chapter if the person performing
the repair or maintenance:
(1) is installing or repairing computer equipment or
diagnosing a computer or software problem; and
(2) is not furnishing information or securing evidence
described by Subsection (a)(1) or (2).
SECTION 3. This Act takes effect September 1, 2009.
The current "Occupation Code Chapter 1702. Private Security" law is available online at http://tlo2.tlc.state.tx.us/statutes/docs/OC/content/pdf/oc.010.00.001702.00.pdf. If someone out there can put the current law together with the proposed Bill and clearly spell out what the intention is, please chime in on the comments section.
.png "Finding_Evil_WMI_Event_Consumers_with_Disk_Forensics_-Blog_(1).png")
.png "Blog_teaser_images_(19).png")
