Diary of a Network Geek

The Houston Chronicle has an update on the law I mentioned the on Tuesday.

The Austin office of the Houston Chronicle did some more digging about the new law that would seem to require PC Techs in Texas to also become Private Investigators. According to the bill’s author, state Rep. Joe Driver, R-Garland, we’re all misinterpreting his new law. He claims that the law means “…anyone who retrieves data from a computer, analyzes it and makes a report to a third party must obtain a private investigator’s license.” To me, it’s almost the same thing.

As I read it, the law would require anyone performing computer security duties in *any* setting in Texas to get a PI License. That means that a corporate computer security officer, who’s job may include computer forensics, would be required to also be a PI.
Frankly, I’m torn between thinking that maybe this is a good thing and maybe it’s excessive. On the one hand, for someone who does independent security work, that background check and finger printing might be a good idea! On the other hand, it might make it impossible for someone in a small company to *legally* do their job.

I’ll give an example…
A small company may have a one or two person IT department who cover everything, like, for instance, me. If there’s a break-in to one of their systems, they would then have to be a licensed PI to investigate that, or they’d have to spend a similar amount of money on a consultant who was. In this case, I’d bet the law just would get ignored.

But, for the independent operator, who might not have any other controls or credentials which a consumer or consulting client can use as a measure of relative security, it might actually be a good thing. Again, I doubt that criminal background checks are being done on all independent computer security consultants right now and maybe they should be.

In any case, like many laws of this nature, they seem like a good idea on paper, but often have much further reach than their author intended.