States require a license to conduct data forensics

First off, I would like to apologize to Linda Musthaler and Brian Musthaler as well as IDG for not following the proper Blog etiquette on this posting by copying and pasting a entire article without providing my comments before hand. Linda brought this matter to my attention and I have edited this posting to be in “Blog Compliance”

The reason, I choose and posted this article, about 4 years ago while taking an instructor training course for AccessData in Texas, there was a discussion that Georgia was trying to implement similar requirements to conduct forensic examinations and how more and more states are passing laws that some people interpret as a requirement for Computer Forensic examiners to be licensed Private Investigators.

As more cases are performed and botched by inexperienced examiners, I feel there will be some licensing requirements for computer forensic examiners.

I have enclosed a link to a very interesting article which discusses some current issues on this topic:

Article can be accessed at: http://www.networkworld.com/newsletters/techexec/2008/071408techexec1.html

Entire Article:

Laws in place to protect the chain of custody during any type of forensic investigation

Technology Executive Alert By Linda Musthaler and Brian Musthaler , Network World , 07/14/2008

In 2007, the state of Texas updated a law called the "Private Security Act" to insert a new clause that specifies that anyone who conducts computer data forensics that could potentially be used in a legal proceeding in the state must be a licensed PI.

The basic tenet of the new stipulation in the law is the protection of the chain of custody during any type of forensic investigation. If digital forensic data is to be used for a legal proceeding, it needs to be done by a professional who is trained and licensed in the practice of securing evidence and chain of custody. Traditionally, these people are law enforcement officials, lawyers and paralegals, and licensed private investigators.

An opinion written by the State of Texas Private Security Bureau is that “Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators. The review of computer data for the purpose of investigating potential criminal or civil matters is a regulated activity under Chapter 1702 of the Texas Occupations Code, as is offering to perform such services.”

This law has broad ramifications for many people in IT professions, including hardware and software technicians and auditors. These people routinely analyze log data and other information on computers that may eventually be used in reports that could, someday, be called into question in court.

Related Content

For example, suppose the owner of a small business suspects one of his employees is creating bogus accounts and sending payments to those accounts. The business owner might ask a computer technician to study the computer logs to see what this employee is up to. The technician finds a clear digital trail of misconduct that points to the suspect employee and provides the “evidence” to the businessman in the form of a report. The business owner uses the information to dismiss the employee, who then sues his former employer for wrongful termination.

Unless the computer technician is a licensed PI, none of the information he dug up is admissible in court. Worse, both he and the business owner who used his services face misdemeanor charges for violating the Texas Private Security Act.

Several computer technicians from Houston and Austin have filed a lawsuit against the state, alleging that the law may inadvertently harm their businesses. An attorney handling the lawsuit says the law is so vaguely worded that it could be enforced broadly by the Private Security Board, the Texas agency that oversees licensing for the private security industry. The board interprets the law to cover any data retrieval for a “potential” civil or criminal matter. For all practical purposes in our litigious society, that is virtually everything.

Computer technicians aren’t the only ones concerned about the impact of this law. Auditing firms and law firms may also be ensnared by the law that requires licensing for anyone doing data retrieval and analysis for outside companies. (Companies can use their own employees to conduct internal investigations, but they cannot hire an unlicensed outsider to perform the same work.)

Texas isn’t alone in its efforts to have licensed investigators handle digital forensics. Georgia, New York, Nevada, North Carolina, South Carolina, Virginia and Washington also are pursuing digital forensic experts operating in their states without a PI license. Given the number of states with digital forensics laws and the vast extent of interstate commerce, these laws can have broad impact on IT professionals all across the country.

We don’t mean to downplay the importance of in-depth knowledge of the chain of custody of evidence. Of course it is important that evidence be properly collected and preserved if it is intended to be used in civil or criminal matters. But laws like the one in Texas could be creating a large and sharp dual edge sword for the digital forensic community  time and legitimacy.

Related Content

In Texas, a person must earn a criminology degree or undertake a three year apprenticeship with a licensed PI to attain a PI license. To specialize in an area of computer data forensics, the person also must master the intricacies of a combined Unix / Windows environment with its plethora of tools to monitor and control traffic / data, combined with all the tools required to extract digital evidence. He also must learn to analyze and interpret the data and ultimately opine on it. It can take years to understand enough about computers to be an expert.

With the Texas law, any licensed private investigator can take a class to learn how to use EnCase, a popular computer examination tool, and then declare himself to be a forensic expert. There are no further requirements for a technology-related degree or IT certification, experience or training.

To maintain legitimacy and comply with the law, large firms involved in digital forensics (e.g., law, audit, accounting and forensic firms) will hire a licensed PI that (in theory) oversees all of the digital forensic activities, and technically these firms will be following the letter of the law. Small service providers can’t afford to take this route, however, and this is the crux of the Texas lawsuit.

There are no easy answers, and we’ll just have to see how this one plays out. Meanwhile, be aware of the laws that may cover your business so you don’t run afoul of the law.

Article can be accessed at: http://www.networkworld.com/newsletters/techexec/2008/071408techexec1.html

All contents copyright 1995-2008 Network World, Inc. http://www.networkworld.com/