Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

PI License May Soon Be Required for Computer Forensics 282

buzzardsbay writes "The good folks over at Baseline Magazine have an intriguing — and worrisome — report on a movement to limit computer forensics work to those who have a Private Investigator license or those who work for licensed PI agencies. According to the story, pending legislation would limit the specialized task of probing deep into computer hard drives, network and server logs for telltale signs of hacking and data theft to the same people who advertise in the Yellow Pages for surveillance on cheating spouses, workers' compensation fraud and missing persons. Those caught practicing computer forensics without a license could face criminal prosecution."
This discussion has been archived. No new comments can be posted.

PI License May Soon Be Required for Computer Forensics

Comments Filter:
  • by Anonymous Coward on Friday January 04, 2008 @08:23PM (#21917888)
    Am I breaking the law for this? 3.14159268
  • 3.141..... (Score:4, Funny)

    by celardore ( 844933 ) on Friday January 04, 2008 @08:24PM (#21917892)
    I thought this article was about the irrational number at first.
    • So did I. Now I just pissed its not a story about Pi. I just don't care about what ever it is that this is about. But I haven't composed a program for Pi in Erlang yet. Distributed computation of PI. Now, if anyone knows who build Erlang or has seen the movie named for the digits, you'll know what the two possible conclusions to this is. Either way, it will be news I'd want to read about it.
  • Worrisome? (Score:5, Insightful)

    by Shadow Wrought ( 586631 ) * <.moc.liamg. .ta. .thguorw.wodahs.> on Friday January 04, 2008 @08:24PM (#21917896) Homepage Journal
    I would think that requiring an Investigative license for doing invetigative work would be a good thing.
    • Re:Worrisome? (Score:5, Insightful)

      by eht ( 8912 ) on Friday January 04, 2008 @08:28PM (#21917924)
      Depends on how vague it ends up being. Easy to imagine that your home machine gets hacked and then you "investigate" your own machine and give the info over to the FBI or Police, hey look you did forensic work without a license, go directly to jail do *not* pass go.
      • Re:Worrisome? (Score:5, Insightful)

        by Stripe7 ( 571267 ) on Friday January 04, 2008 @08:43PM (#21918084)
        Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files for login information, or tracing back history files to see what led to critical system files being corrupted. If these simple daily administrative tasks are classified as forensic it would make it illegal for a system administrator to do his job. With congress's track record of overly broad definitions and over generalizations, odds are good that this legislation will make a PI license a requirement for all system administrators. Hmm, does this mean I get to carry a gun too?
        • by Anonymous Coward on Friday January 04, 2008 @08:53PM (#21918162)
          Dude, if all sys admins had a gun, the 'net would be a better place. Far less crowded too!
          • I Wish I had mod points
        • Re:Worrisome? RTFA (Score:5, Informative)

          by Watson Ladd ( 955755 ) on Friday January 04, 2008 @09:03PM (#21918268)
          The bills being considered are only about forensic evidence presented in court.
          • by BarryJacobsen ( 526926 ) on Friday January 04, 2008 @09:06PM (#21918294) Homepage

            The bills being considered are only about forensic evidence presented in court.
            Darn you with your "facts" and "reading the article"! Where's the hearsay and made up statistics, dammit!
          • Re:Worrisome? RTFA (Score:4, Informative)

            by schon ( 31600 ) on Friday January 04, 2008 @11:50PM (#21919428)

            The bills being considered are only about forensic evidence presented in court.
            *sigh* Forensic evidence is by definition [wikipedia.org] presented in court. That's what forensic means.

            I guess it's too much to expect /.'ers to actually know the definition of a word before they begin railing on it.
            • Re:Worrisome? RTFA (Score:4, Informative)

              by unlametheweak ( 1102159 ) on Saturday January 05, 2008 @12:22AM (#21919652)

              *sigh* Forensic evidence is by definition [wikipedia.org] presented in court.
              Forensic evidence does not NEED to be presented in court. Forensics is merely gathering evidence that MAY be used in court. More specifically the article is talking about computer forensics (http://en.wikipedia.org/wiki/Computer_forensics).

              Various definitions:
              http://www.google.com/search?q=define%3Aforensic&submit2=Google [google.com]

              More colloquially one could describe forensics as merely data gathering evidence (whether it be used in a formal court of law or not). A parent using forensics software on a child's computer may not be considered forensics to the FBI, but it probably would be to the parent or child. Much the same for internal company forensics. Strict definitions need to keep up with colloquial usage.
          • Still ridiculous. Are they going to require a PI license for any other profession to give expert testimony?
        • Re:Worrisome? (Score:5, Insightful)

          by blueg3 ( 192743 ) on Friday January 04, 2008 @09:04PM (#21918274)
          Typically investigation is defined as for hire and examining other peoples' data, not your own. So investigating your own logs, and even a company having permanent staff to investigate their own logs could constitute "security", but hiring someone from another firm to examine your logs after the fact could be "investigation".
          • Re:Worrisome? (Score:5, Insightful)

            by ocbwilg ( 259828 ) on Saturday January 05, 2008 @01:41AM (#21920024)
            Typically investigation is defined as for hire and examining other peoples' data, not your own. So investigating your own logs, and even a company having permanent staff to investigate their own logs could constitute "security", but hiring someone from another firm to examine your logs after the fact could be "investigation".

            Yes, but where do you draw the line? It's easy to say that you can investigate anything from within your company. But what if an attack originates from outside your network, comes across the Internet, and compromises machines on your network. Do you start investigating it internally as "security", and then hand it off to someone else once (presumably licensed) you get outside of your network? If that's the case, then won't the perpetrator have a built-in defense in court by claiming that the "internal" part of the investigation that generated the data that was fed to the "outside" investigator wasn't held to the same forensic standards?

            I do see some serious problems with this. Firstly, most PIs are not what I would consider computer forensic experts, computer security experts, or even technology experts. So allowing them to collect forensic data from computers while excluding legitimate computer forensic experts (computer science types) actually lowers the standards. That doesn't make sense. The second problem is that in some states it is not easy to get a PI license, especially if your only investigative training is in computer forensics. Thirdly, because of the global nature of the Internet it means that a forensic investigator who is investigating a compromise in New York may also need to have a PI license in all 49 other states just in case they might have to collect evidence from a system in one of those states. It just doesn't make sense.

            Then there's the fact that this law will dramatically reduce the number of people legally allowed to practice computer forensics and testify in court. How does that affect expert witnesses? If you're charged with a computer-related crime and the only 7 firms licensed as PI/Computer Forensic Experts in the state all work with police departments, how do you find an expert witness to rebut their testimony? I can forsee circumstances where a traditional PI with a "point and click" forensics program provides the police with allegedly ironclad evidence that is more full of holes than swiss cheese, and the defendant not being able to discredit/rebut the evidence because their own expert witness isn't licensed in the state.
        • I this is for 3rd party work not stuff done by people who work for the same people who own the systems that are being worked on. If you need one a up side a PHB who clueless about computers may not pass the test.

          any ways some like that may get in the way of the Geek squad and others like them that do the same kind of work doing there job and I don't see best buy and others going for PI Licenses.

          Ontrack Data Recovery , drive savers, and other do have Facilities that meet even U.S. Department of Defense speci
        • Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files...

          To the extent administration is Daily Shit Everyone Does(TM), the above should be reworded with s/system administrator/anyone/, and should include Windows users who click past the "Show Files" warning when viewing the contents of the Program Files directory.

          The issue (and the legislation being discussed) isn't the above, however. While the writer of the fine article does make use of unwarr
        • Depending on the how they define forensic work, a system administrator could be prosecuted for reading the log files for login information, or tracing back history files to see what led to critical system files being corrupted.

          From the article:

          Computer forensics is more often used as an internal investigatory tool. In other words, probes and evidence collected inside the firewall stay inside the firewall. In these cases, none of the proposed or existing state laws requiring PI licenses apply.

          Also, as some-one else already said (also from the article), this only applies for evidence gathered for a court case.

          In the end, I don't think it should be a criminal matter, but more of a point of being professionally certified so that one can prove competence in both the laws of the state (regarding evidence, etc) and computer forensic competence. (The one thing the US doesn't need is MORE criminals as a result of over-zealous law-makers.)

          • by happyslayer ( 750738 ) <david@isisltd.com> on Saturday January 05, 2008 @01:13AM (#21919892)

            The usual, IANAL, this isn't legal advice, etc. etc...

            However, I am a current, licensed private investigator in Ohio who happens to do digital forensics from time to time. So, I believe that I can shed some experience (or spread some BS) on this subject.

            Private Investigation in Ohio is governed by Ohio Revised Code Chapter 4749. [ohio.gov] To summarize:

            • You have to be a licensed investigator to perform investigations for hire. (Meaning you get paid.)
            • The exceptions (and there are specific ones listed) boil down to a) insurance adjustors, arson inspectors, forensic accountants, etc., and b) it's part of your normal job (such as a network administrator tracking down a break-in. My example, not the law's.)
            • Anything you do for yourself is, well, for yourself, and doesn't require a license.
            A lot of other states have a similar setup.

            Now, without having read the actual proposed law in South Carolina (this is /., after all), I would say that it sounds like a bad idea. An investigator license is not a magic wand to say that you are an expert, and the summary makes it sound like having a PI license gives you almost automatic "expert witness" status. (From my IANAL point of view, that is a specific determination that the court has to make, and normally they don't take it lightly.

            PI licenses are used to regulate who goes around snooping into other people's information. There are specific criminal penalties for performing investigation services, for hire, without a license; I believe that it keeps the people honest (in Ohio, Homeland Security oversees the licensing!), and prevents a lot of wasted time and money on some Magnum wannabe who ends up doing more damage to his clients cases/circumstances than good.

            As far as I can tell, those who do purely "digital forensics" are the equivalent of DNA lab techs or fingerprint analysts: They perform a technical function whose methods and findings are narrow, reviewable, and (should be) reproducible. The aspect of "investigation" only comes in when you begin to track down names, background, places, and faces relevant to the process. Despite what CSI: Miami tries to put out, lab guys are not normally the folks interviewing the suspects and poking holes in alibis; they deal with facts and findings. (More like Abbie on NCIS.)

            Which leads to the counter-proposal from the Nevada situation: If the courts already have a tried-and-true method of determining what an "expert witness" is, there really isn't a need for another licensing agency. Yes, courts can and do rely on licensing for some determinations, but again, they use experience, knowledge, reproducibility, and accepted methodology as real determining factors. That way, a medical license isn't an automatic "my opinion is indisputable" stamp.

            I think South Carolina is either overreacting or trying to pay off a party contributor....but hey, what do I know? (Or, how could I find out? :-)

            And yes, I realize that I said I "do computer forensics." Being a geek with a license, it's easier (and much faster and cheaper for the client) to do a forensic run-through myself than to hire it out to a lab every time. But I also know my own limitations, and quickly admit when/if I ever get over my head and need to call in the hard-core experts.

    • by plopez ( 54068 )
      I agree. Maybe it will get rid of some of the charlatans.
      • Re:Worrisome? (Score:5, Insightful)

        by Jah-Wren Ryel ( 80510 ) on Friday January 04, 2008 @08:35PM (#21918006)

        I agree. Maybe it will get rid of some of the charlatans.
        The same way driver's licenses keep bad drivers off the road.
        • Re:Worrisome? (Score:5, Insightful)

          by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Friday January 04, 2008 @09:37PM (#21918546) Homepage

          It does. It keeps quite a lot of bad drivers off the road. It just doesn't stop all of them.

          If anyone, with no prior knowledge, was allowed on public roads and highways... don't you think things would be much worse than they are now with licenses?

          • Any one can get on the highways without a driver's license. Just like anyone can get in a car drunk and start driving. And if you don't believe so, check out the newspaper (online of course) for the arrests in the past week. Even the arrests don't keep them off the road.
      • Re:Worrisome? (Score:4, Interesting)

        by torkus ( 1133985 ) on Friday January 04, 2008 @08:58PM (#21918218)
        Sorry, but I don't see how another inane 'licensing' will do more good than bad. Just because someone is licensed does not mean they're honest. Heck, all care repair shops in NY have to be licensed. Do you REALLY thing that keeps them honest?

        A license if just a scrap of paper that means you paid someone for it. Perhaps you passed a test too. That means about as much as that 10th grade biology final that you crammed for the night before and then erased from your brain after the next morning. I'm much more interested in holding people ACCOUNTABLE for their actions than having the government "protect" me.

        • Re:Worrisome? (Score:5, Insightful)

          by Zeinfeld ( 263942 ) on Friday January 04, 2008 @09:46PM (#21918604) Homepage
          If I did full time forensics I would be much less worried about having to get a license than the ambiguous legal landscape that existed when I did some cases in the mid 90s. You can't preserve the rule of law by breaking it. And even if you do keep to legal methods you have to be sure that you can prove that is what you did or else you can find the criminal you are trying to stop suddenly turns the tables on you.

          I don't think anyone should have to worry about investigating their own machine. But what if you are going to trace the attack to the source? At what point does that become hacking? What if you have someone hand you information that has maybe been obtained by dubious methods? In the 1990s nobody knew where the line was drawn.

          What happens if you hire someone to do that type of work? Are you going to be liable if they use pretexting or the like?

          If Clifford Stoll was using the same techniques today he might well have had some legal issues. Even if you don't break the law you can still ruin the chances of a successful prosecution by contaminating evidence.

          I don't want to have people who are working for me acting as vigilantes. I don't want them to collect information in ways that disrupts Law Enforcement efforts. This is a professional business now and we have to act like professionals. People need to understand that there is a line and consequences for crossing it.

        • Stop overreacting (Score:4, Insightful)

          by MillionthMonkey ( 240664 ) on Saturday January 05, 2008 @12:51AM (#21919782)
          Sorry, but I don't see how another inane 'licensing' will do more good than bad. Just because someone is licensed does not mean they're honest. Heck, all care repair shops in NY have to be licensed. Do you REALLY thing that keeps them honest?

          Whether "all car repair shops in NY are honest" or not, the licenses do present a mechanism that can hold them accountable and close them down if sufficient effort is put into enforcement. Licensure can often atrophy into a simple tax collected by a licensing authority that doesn't perform proper enforcement procedures for the licenses it issues, but that's not the idea.

          Since a private investigator has a license, he's on the hook if he presents incorrect or bullshit evidence to the court. Ordinarily I can't go to a PI with pictures of my wife and my neighbor taken through open windows, and have him photoshop them into obscene pictures that I can take to court for a divorce proceeding, presented as evidence bearing the imprimatur of a licensed investigation. The court would indeed take that type of evidence more seriously than if you just had some friend of yours photoshop his dick into her mouth himself. That wouldn't be admitted as evidence. The PI has got a license; your friend doesn't. If the PI is indeed found to have violated the terms of his license by doing that, he'll lose his license, and may be subject to fines and jail time in addition to those he'd get for falsification of evidence.

          "The problems in South Carolina occur when folks from national [law] firms come into South Carolina, seize digital evidence, have that evidence analyzed in a lab in some other state, and then send it back to South Carolina for litigation," Abrams says. "The state has no mechanism to hold them accountable if they screw up, which I see all the time in cases."

          A license if just a scrap of paper that means you paid someone for it. Perhaps you passed a test too. That means about as much as that 10th grade biology final that you crammed for the night before and then erased from your brain after the next morning. I'm much more interested in holding people ACCOUNTABLE for their actions than having the government "protect" me.

          A license is not just "a scrap of paper" that required a fee for a licensing authority. After your 12th grade finals are over you may find that scraps of paper can do surprising things. They can imbue you with certain legal responsibilities. If you practice medicine, or practice law, or conduct private investigations, you can do certain things the rest of us can't, and you are on the hook for doing them correctly- you're held ACCOUNTABLE for your actions. Doctors, lawyers, and private investigators each bear their own types of accountability. If you make a legal promise to conduct yourself in some way, and the promise you made then gets "erased from your brain after the next morning", you're going to find yourself in a world of hurt. You'll find it's not like studying for finals at all.

          A forensic investigator is gathering information that might certainly be used to put someone in jail. "Oh no, I need a license to do that? Waaah!" Well, duh! What if you're incompetent, or a liar, or the darling of law enforcement because you find child porn on every machine that comes in? Do you really think that type of behavior should be legal, or that evidence from your lab should be admissible in courts?

          "It's an ambush," says Phipps, a 31-year FBI veteran now with Norcross Group, a digital e-discovery business. "Under the South Carolina statute, only a handful of licensed PIs across that state have the years of information system and tools experience needed to do true digital forensics with repeatable processes of documentation and chain of custody. This is the only group that stands to gain."

          I don't know what he's complaining about; he stands to gain too. They're trying to make everyone imagine that a handful of film-noir private eyes are planning to take over the computer

        • Right, we'll do away with Pilot's liscences too. Oh, and Surgeons. What could possibly go wrong? I've got a few liscences. Not one of them came from cramming for a test and forgetting everything the next day. Instead they came from years of study and application. I guess the people who modded you +1 interesting feel they didn't really earn their professional credentials, but I sure as hell earned mine.
    • Re: (Score:3, Insightful)

      by MBCook ( 132727 )

      That was my thought. Given the "experts" that groups like the RIAA use, having a license on someone that could be pulled to prevent them from continuing to work in that field seems like a good thing.

      Maybe it should be a separate license. Maybe it should be a special add on class (PI + C for Private Investigator + Computer Specialty). But it's good it's SOMETHING. Someone who doesn't know what they are doing can not only cause big problems (enrage a spouse leading to anything from unnecessary worry to viole

      • That was my thinking. This would likely limit who could testify as an expert witness. Thinking of it as a government certification program might be more appropriate.
    • Why? Is there a professional body that oversees stands of ethics and practices for PIs? I think you could make a better case for requiring licensing of software programmers than for PIs.
    • Re:Worrisome? (Score:5, Insightful)

      by lcoughey ( 975892 ) on Friday January 04, 2008 @09:20PM (#21918414) Homepage
      Being one who has a data recovery company [recoveryforce.com] that provides digital forensic services [recoveryforce.com], it is quite frustrating to say the least. To expect a digital forensics expert to have a PI license is as absurd as expecting a PI to have a computer science degree.

      We have been trying to figure out how we can become Private Investigators, but we cannot get answers. Instead, we keep getting passed around the government's phone systems. Some say we have to write an exam that doesn't exist, others say that we should be grandfathered in and others simply shrug their shoulders.

      From what I can tell, this is just another case of where someone has decided that they want all the market to themselves and think they have found a way to make it happen.
      • I don't think you know what it means to have a PI licence. It simply means that you have gone to the police station, paid a small fee, got finger printed and certified that you don't have a criminal record. Which I think isn't altogether a bad thing.
      • Um, your analogy is crap. A PI may not even need to access a computer, depending on the type of work they do. However, a digital forensics expert may very well have to do investigative work in order to provide courtroom testimony. Not to mention, the difference in outlay for the two is quite striking.

        For someone in the data business, you're pretty inept at knowing how to start.

        Google "Private investigator" license obtaining -- The second link shown is:

        http://www.oregonpi.com/licensing.htm [oregonpi.com]

        It's
    • Courts have rules (Score:4, Insightful)

      by bill_mcgonigle ( 4333 ) * on Friday January 04, 2008 @09:38PM (#21918548) Homepage Journal
      I would think that requiring an Investigative license for doing invetigative work would be a good thing.

      Yes, especially if you want to get paid. Imagine being hired by a company to do some forensic work, and you've found out all kinds of interesting things, and then it makes it to court, and it's all thrown out because you didn't understand and follow basic rules on how to handle evidence, and what's legal and not legal to do.

      Good luck getting paid by the employer after losing the case for them. In some jurisdictions you might even face liability or criminal charges.

      I've looked into the process, and in some states it's not too bad - IIRC some states require a period of apprenticeship, you can't just take a test.

    • by tcgroat ( 666085 )

      "Because they are already licensed by their industry-specific agencies, [...] engineers are exempt from state PI requirements, Abrams explains."

      And there's the key. Anyone who is producing legal evidence on technical matters should have a license. A PE license, not a PI license!

    • Yeah, this'd be great. "Hey baby, I'm a private dick. I pack a Samsung 5gig loaded with Ophcrack, and I'm licensed to use it."
    • Re: (Score:3, Interesting)

      by crotherm ( 160925 )

      What a load of crap. My job requires us to perform such checks on a regular basis. These requirements are required by Government agencies in order to work on specific projects. Requiring some ridiculous license to read log files will only create a glut of "so called" experts much like all those Windows experts a few years back.

      Don't be fooled by this. This is yet another attempt of our Government wanting to control access to knowledge.

       
  • Why? (Score:2, Interesting)

    by Eco-Mono ( 978899 )
    Nerd rage aside here, the programs in question aren't dangerous, nor do the operators necessarily have to have expertise to use them. What purpose could this legislation possibly serve?
    • Re: (Score:3, Insightful)

      by peragrin ( 659227 )
      well for one thing it would curb the RIAA who's media sentry company doens't have a PI's license so their investigations in several states are falling short of being prosecutable.
    • Well, assuming that the State in question charges a fee for PI licensing, it will make some extra money. Seriously though, I think this is more about politicians in "do something!" mode. Really, if they don't have any real work left to do, they should just be sent home early so they don't have time to come up with stupid ideas.
  • by Anonymous Coward on Friday January 04, 2008 @08:29PM (#21917934)
    Texas already requires that computer forensics investigators be licensed PIs. The requirement isn't just window dressing, either. Getting a PI license is tough there. That's why there are only about a dozen licensed computer forensics investigators in entire state. Um, and Media Sentry sure as hell ain't one of them...
    • Re: (Score:2, Informative)

      by Anonymous Coward
      Texas law is also explicitly designed to prohibit individuals from becoming private investigators too. If you are an individual and wish to become a P.I., you must first form an investigations company as a sole proprietorship or LLC, then designate yourself as the security manager of that company, then prove you have the required minimum experience to qualify (e.g. 3 years documented work employed for a licenced investigator in the state, or a 4-yr criminal justice college degree, or be a licensed peace off
    • Re: (Score:3, Insightful)

      only having 12 people allowed to do computer forensics for a living is probably more of a bad thing than a good thing...
  • by revengebomber ( 1080189 ) on Friday January 04, 2008 @08:29PM (#21917944)
    New snoop-proofing: chmod -R 000 / Anyone who tries to access your drive is obviously trying to perform computer forensics.
  • This is good!? (Score:4, Insightful)

    by NFN_NLN ( 633283 ) on Friday January 04, 2008 @08:30PM (#21917958)
    How is this a bad thing? Requiring a PI license would imply some level of legitimacy.

    "So long as computer forensic specialist implies a PI license" AND NOT "a PI license implies a computer forensic specialist".
    • Re:This is good!? (Score:4, Insightful)

      by FooAtWFU ( 699187 ) on Friday January 04, 2008 @08:42PM (#21918074) Homepage
      Why not have a voluntary certification program, and require people not certified to disclaim that they aren't? You could easily have the best of both worlds.

      What if I want to go set up a little computer forensics business and employ my own genius employees that I know and trust? Why should I have to submit to a board comprised of my competitors, deal with licensing requirements which seriously may (now or in the future) risk being outdated, not applicable to many specialized sorts of work, or which provide a false sense of security by being utterly trivial? What happens when the board requires you use Microsoft-certified tools only and bans grep et cetera?

      Some economists hold that labor market regulations such as these are among the primary long-term threats that hamper economic growth. (Some places require you to get a license to arrange flowers.)

    • Re: (Score:3, Insightful)

      Well, one problem is that the skills required for a PI have little to do with forensics skills, so this makes as much sense as requiring a hazardous waste transporting licensing would. If there is a need for regulation of forensics, then make a new license for that.
  • by Urger ( 817972 ) on Friday January 04, 2008 @08:35PM (#21918002) Homepage
    After all PI's get to drive around in their employer's red Ferrari and have witty repartee with the English Estate manager (who may or may not be ghostwriting the employer's books) while having casual sexual relationships with clients. In Hawaii. Am I right here folks?
  • by the_humeister ( 922869 ) on Friday January 04, 2008 @08:37PM (#21918020)
    Although I don't think the license should be a PI license. Rather, it should be computer forensics license. Someone with a PI license doesn't necessarily know jack about computers.
    • by Anonymous Coward
      Let me give you an example of South Carolina professional licenses. I am an engineer, a PE, licensed as an engineer by the state. My degree is in Chemical Engineering, yet my PE license says nothing about chemical engineering... it is no different from a mechanical engineer, electrical engineer, or structural engineer, or any other engineer. I can officially stamp the blueprints for your house, despite the fact I have absolutely no experience in construction or building practice whatsoever. Tne only thi
      • Yes I do agree that state licensing is rather abysmal. I see where you're coming from. I'm a pathologist. Yet my state medical license states that I can legally practice medicine and surgery (which is rather insane if you ask any reasonable person). On the other hand, there must be some way to say that a particular computer forensics lab is not just some shady operation, especially if the evidence provided is going to be presented in court. Although it shouldn't be a PI license that provides this evidence.
        • On the other hand, there must be some way to say that a particular computer forensics lab is not just some shady operation, especially if the evidence provided is going to be presented in court.

          There are a couple of ways. First, courts certify expert witnesses. If you use a certified expert witness, his testimony is presumed accurate.

          Second, and much stronger, is the process itself. Our legal system operates on the adversarial system: each side opposes the other, bringing its own evidence and analysi

          • First, courts certify expert witnesses.

            I have to call BS here. During a court case, the "expert witness" was testifying concerning medical & dental practice software packages.

            When asked what made him so experienced in the field, the guy answered, and I kid you not:

            "Oh, I browsed the web for 4 hours on the topic."

            If you blinked there, join the club. Even worse, the judge BOUGHT that line.

            To quote Daffy Duck: "You call this a close-up?!?!?"

  • by Tmack ( 593755 ) on Friday January 04, 2008 @08:39PM (#21918038) Homepage Journal
    So I can keep my job as SysAdmin... After all, forensic investigation and digging through logs and monitoring for intrusion and such is basically what a SysAdmin is for (aside from making that part of the job unnecessary or as limited/automated as possible). Imagine all the /.'s that would be able to claim themselves as PIs (though Im sure some already reference 3.14159 alot).

    Tm

    • Re: (Score:3, Informative)

      by Feanturi ( 99866 )
      Your job is quite safe without getting a PI license. You can dig around and uncover evidence in your network all you like, and you can take normal actions upon that evidence, such as tracing IPs and contacting authorities etc, all the usual stuff. What you can't do is provide what you find in your network as evidence in a court case, that is all. Someone else has to check your place out and then do the testifying themselves. Basically the court does not consider you an accredited expert witness under this l
  • by Kazoo the Clown ( 644526 ) on Friday January 04, 2008 @08:40PM (#21918050)
    Doesn't this simply say that you have to be licenced to do computer forensic work for hire? What does it really say about doing it on your own PC just to learn about it? I suspect there's some mislead impressions being taken here...
    • it doesn't say a damn thing. if you're playing around with your own box, you're not doing forensics.

      as for the forensics experts, why don't they just get licensed? seriously, how hard can it be? any bozo can be a PI.
      • by Justus ( 18814 )

        Well, I was going to comment on all the other posts relating horror stories of the requirements in other states, but in Wisconsin it's actually quite reasonable. According to the Department of Regulation and Licensing, you must:

        • pass a 100-question exam on Wisconsin statues and codes relevant to private investigation
        • be employed by a private detective agency (presumably you could form your own)
        • be insured or bonded
        • be over 18 years old
        • submit to a background check (fingerprinting) and have no criminal rec
  • Over hyped (Score:4, Informative)

    by silas_moeckel ( 234313 ) <silas AT dsminc-corp DOT com> on Friday January 04, 2008 @08:40PM (#21918056) Homepage
    I know I'm not supposed to read the article but this is about needing a PI license work for a licensed firm to testify is court. First thing I would tack on would be they should also have there PE licensed firm or not. Yes it's a bit of a slippery slope it might also get the Secret Service and the FBI to get there agents some decent skills since every time I had interaction with it a tar.gz file was unfathomable to them and everything involves lot of baby steps and spoon feeding. Unfortunately most of these investigators are just using some pretty badly written applications and get stumped by anything with real encryption or not running windows, on the good side encase and similar is a good first step in the evidence chain.
    • Unfortunately most of these investigators are just using some pretty badly written applications and get stumped by anything with real encryption or not running windows,
      Some people might say that's not a bug, it's a feature.
      • It all depends on context when you get a request from the FBI because one of your clients is hosting kiddie porn we were motivated to help. Keeping those guys online to gather more evidence was a bit abhorrent. Lucky I never got a request without something signed by a judge and it was allways for something that I found morally wrong at least from the feds. Local cops love sending mere letters its like there to lazy or just fishing. My favorite was a state cop from Georgia that wanted all email to and fr
  • by rindeee ( 530084 ) on Friday January 04, 2008 @08:42PM (#21918072)
    Considering that in some states becoming a licensed PI requires paying a fee and nothing else, I'm not sure the significance of this (other than there will be a lot more wannabe cops running around). Considering the median salary for a PI in the US is ~$32K (wikipedia), if all the CF folks out there have to get PI licensed it should certainly push that up a bit. Man this is idiotic.
  • by Gordonjcp ( 186804 ) on Friday January 04, 2008 @08:49PM (#21918130) Homepage
    ... does it mean I need to grow a big moustache, and do I get a Ferrari with it?
  • This... (Score:3, Funny)

    by danwesnor ( 896499 ) on Friday January 04, 2008 @08:51PM (#21918144)
    ...would stop the RIAA dead in their tracks.
  • Some states -- Alabama, Colorado and Idaho for examples -- don't even require a Private Investigator license for Private Investigators. (They may of course require a business license if you're doing it as a business.) Some of the places that do require a license don't have any kind of test for it, you just fill out the paperwork.

    That said, some of the organizations of PI businesses in above states are pushing for licensing requirements -- as is common with trade guilds everywhere.

  • protectionism... (Score:5, Insightful)

    by j0nb0y ( 107699 ) <(jonboy300) (at) (yahoo.com)> on Friday January 04, 2008 @08:56PM (#21918200) Homepage
    This is just protectionism...

    Most states have ridiculous requirements for getting a PI license. You basically can't get one in many states unless you've been a police officer. There is no public interest reason to do this. Requiring the PI license for this is just a gift to all the people who already have PI licenses.

    I haven't looked at computer forensics recently, but when I did (roughly five years ago), there were some problems with it. Basically, because of the way that courts certify experts to testify in court, it was impossible to hire a computer forensic expert to work for the defense. It went something like this:

    1. To testify as an expert in court, you have to be a member of the leading professional body for your field.
    2. The leading professional body of computer forensic experts forbade its members from working for the defense.

    Obviously that's problematic. Hopefully it's changed by now.

    The other thing I thought was really funny was the way that most computer crime labs staff up with "experts". Rather than hiring people with computer science degrees and training them on how to do police work, they tend to hire police officers and then train them on computer forensics. The good ole boy system at work.
    • Re: (Score:2, Informative)

      by OSPolicy ( 1154923 )
      Rule of evidence 702: "If scientific, technical, or other specialized knowledge will assist... a witness qualified as an expert by knowledge, skill, experience, training, or education may testify thereto..."

      There is no requirement to be a member of the leading professional body for the field. This rule, which came about from Daubert [v. Dow Merrill Pharmaceuticals], Kumho Tire, Joiner, and others has generally been interpreted broadly by the courts because judges do not want to exclude valuable evidence a
    • Re:protectionism... (Score:4, Informative)

      by cdrguru ( 88047 ) on Saturday January 05, 2008 @12:54AM (#21919806) Homepage
      Nonsense. The HTCIA is the organization that you are referring to and in no way does membership qualify you to testify in court. Most forensic examiners are not members of HTCIA in any way - it is a very heavy law enforcement membership that does require its members not to work for the defense.

      There are a number of certifications, such as CCE, EnCE and CFCE that are pretty much required for practicing as a forensic examiner. You just aren't going to get anywhere without these. While the certifications seem like BS, what they are useful for is establishing to a non-technical court that you have been both educated and tested in the field. Part of being qualified as an expert witness in court is having your credentials questioned, so if you do not have certifications you will need lots and lots of other information that will need to be as convincing. I've see one person defend their qualifications without much in the way of certifications but it wasn't pretty.

      Membership in HTCIA is restricted to law enforcement and law enforcement sponsored people. It does not qualify anyone as a forensic examiner because you do not have to be a forensic examiner to belong - anyone in law enforcement or associated with law enforcement can be a member. They just can't work for the defense. A court that used HTCIA membership as a qualification would be equivalent to a court requiring someone to have contributed to Bill Clinton's legal defense fund to be accepted as a legal expert.
  • blame the realtors (Score:3, Insightful)

    by acvh ( 120205 ) <geek@msci[ ]s.com ['gar' in gap]> on Friday January 04, 2008 @08:56PM (#21918208) Homepage
    They started it with mandatory licensing. I mean, come on, a license to sell a house? What advanced training does that require? But each group, when it gets big enough, lobbies for this protection of its turf. In NJ you need a license to be an interior decorator.
    • Do you realize the damage that an unlicensed real estate professional can do to a home buyer or home seller?

      Let's say you buy a house - a $400,000 investment - and you find out later that the home has
      inside wiring problems
      dry rot and other water damage
      termites
      **a mountain of casino debt attached to the property**

      oh and the unlicensed jerk who brokered this sale - and the former homeowner - have disappeared.

      This, and 10,000 other issues, are why you never buy a house without a licensed realtor.
  • by muridae ( 966931 ) on Friday January 04, 2008 @09:00PM (#21918236)
    I don't see a problem here. The law is pretty simple, if you want to collect evidence for use in court, you need to have a license to prove you are doing things right.

    A guy who comes home and finds his door kicked in does not get to collect finger prints from his house to prove who did it. Frankly, there is no reason why the CEO's nephew should be allowed to pick through a log file like he picks his nose and, upon seeing an IP address with 66.6 in it be allowed to declare 'This is who hacked our computer.'

    Yes, it's another unneeded tax, but it's not as bad as the summary makes it sound. Right now, any one can claim to be a computer forensics specialist.

    • by Remik ( 412425 )
      Yes, anyone can claim their a forensics expert. That's why it's up to the courts to determine whether a certain person is qualified to testify as an expert witness. And, that's why it's up to that person to document and justify the steps they took in obtaining and analyzing the data in question. Certain professional certifications (CCE, ISFCE) exist for forensic computer examiners. Adding the PI requirement is unnecessary, nanny-state BS. I work for a law firm, I could be considered an expert in legal
  • Anyone else read this as a "pi" license and wonder WTF the headline was about?
  • So yeah. (Score:2, Insightful)

    So...I know it's against the whole Slashdot mindset to read the article, but I at least skimmed it, and here's what I got out of it.
    1. It's a South Carolina thing (And who lives in S.C., anyways? Seriously.)
    2. It's only in the case of evidence in court cases. (i.e., you'd have to have a PI license to submit evidence gleaned from a computer HD).

    So all you people freaking out, even kiddingly, about not being able to tag -a at the end of your ls commands, you can calm down.
  • I don't mean to offend anybody, but law enforcement, and private investigating, are not the most accedemically demanding professions. Yet many in those fields feel vastly more qualified than any techno-weenie.

    I think it would be great fun for PIs to have an idea of what the techies really have to know. I would be willing to bet, a lot of them couldn't handle it.
  • Any PI who engages in (or has engaged in on their behalf) computer forensics should have a certification or degree in that field.

    Considering the boneheads who manage to obtain the former, there will be damn few who get the latter, and the whole thing falls apart
  • You won't need a license to go digging through your own hard drive. What you do need a license for is to go digging through other people's hard drives. That seems like a good thing. Among other things, it probably means that Best Buy can't go on fishing expeditions through your hard drives anymore.
  • Hardly. Why should someone be required to get a license to follow someone or take pictures, but not to examine the contents of their hard drive which could contain more personal information than they would ever glean from a normal investigation?
  • by ydra2 ( 821713 ) on Friday January 04, 2008 @11:50PM (#21919436)
    It was a cold blustery winter day in Chicago, the kind of cold that chills
    McDonalds coffee from "blistering shreds of dangling skin" hot to merely
    blistering hot. I downed the last gulp of coffee in my office on the 39th
    floor of the Acme building when she walked in the door. A sultry gorgeous
    dame, with long billowing blonde hair, and deep green eyes that burned with
    angst, and a figure that could pop out eyeballs in a gay bar. I tried to look
    her in the eyes but she had a mystique about her, something that told a man
    to lower his gaze. I complied with my gut feeling and I wasn't disappointed.
    She was to cleavage what Mount Rushmore is to monuments, and in that
    second before she spoke, I forgot all about lab reports, stake-out schedules,
    and my lost suit at Kim Speedee Dry Cleaning. Her dress was so tight I could
    read the J.C. Penny's label on her underware, and I was damned glad for that.

    After an awkward moment she spoke. "Mr. Noir, I have a laptop here. I think
    my husband has been using the built in web cam to spy on me when he's out
    of town...." I had to stop her there. "Just a minute Miss, I don't even know
    who you are." And she had the perfect answer when she replied with "I'm
    the widow of the late Johann Marstad, owner of Marstad Industries LTD.
    I'm Elenor Marstad. Will you look at this computer and tell me what you
    find?"

    Of course I had to know more. "Where and when do you normally use this
    computer?" I asked inquiringly, and once again she didn't disappoint.
    "Mostly late at night, in my bedroom." she unhesitatingly answered. My
    mission was rather clear. Find the pictures of a stunning beauty, on a
    laptop, showing her using it late at night in her bedroom. I'm a licensed
    PI so I have the right to do that. It's right there on the license, just
    after the part that gives us the right to spy on ordinary Americans, just
    before the section that reads "License to argue with Chief of Police."

    I was about to take the laptop when my secretary Sally came in...

  • Worrisome! (Score:4, Interesting)

    by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Saturday January 05, 2008 @12:16AM (#21919606) Homepage Journal

    So, when a copyright violator gets away (or tries to) with unauthorized reproduction of other people's artwork by claiming, she was investigated by an unlicensed investigator [slashdot.org], the entire Slashdot is [slashdot.org] cheering [slashdot.org] for [slashdot.org] her [slashdot.org]. And I only picked the posts moderated at 5...

    Other times, we are capable of looking at the requirement with a cooler head and recognize it as worrisome. Even if one accepts, that the classic gun-wielding detectives of the Dr. Watson kind should be licensed (and Dr. Watson was not), it should not be necessary for a computer forensics experts.

    Licenses in general are a terrible idea, because they are issued (and revoked!) by the Executive branch with very little recourse from the Courts — in fact, this is why the (Executive) government likes them so much. They allow them to twist the businessmen's arms without the troubles of lawsuits. In the city of New York, for example, a driver can not even appeal a driving citation to the real courts — one's only venue is "Traffic Court", where the "judge" is, in fact, a city employee and part of the Executive branch... (That's right — the separation of powers will not help you, if the government of New York City decides to ban you from the "public" roads.)

    Making yet another activity require a license is, indeed, a worrisome development.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...