Computer security work Illegal in Texas without PI licence?
July 4, 2008
There’s been some talk about this, and no-one really knows what it means for the security industry just yet (at least not anything I’ve seen thus far), but the just passed Texas House Bill 2833 has the following paragraph
(b) For purposes of Subsection (a)(1), obtaining or
furnishing information includes information obtained or furnished
through the review and analysis of, and the investigation into the
content of, computer-based data not available to the public.
The very basics of this law is that if someone “reviews, analyzes, or investigates” any “information”, then they need security clearance, which as a contractor/consultant, means a private investigators licence.
Now, I am not a lawyer, and an opinion piece from the legislator is available here [pdf], and there’s an interesting write-up and interview here, but it appears to my reading that network/software security testing = ok, whereas forensic work = need Texas PI licence.
There’s a really murky area in there where say you are investigating a network/webapp/etc, and you find a vulnerability, what happens about showing an exploit or data, or even if the client asks you to see if the vulnerability has been taken advantage of? I’d love to know other people interpretations of this.
In any case, the community should be aware of this new law, and the potential ramifications of it (even if it’s not specifically written for/against computer security work that isn’t forensics). Otherwise “Violators of the new law can be hit with a $4,000 dollar fine and up to a year in jail”.
Don’t mess with Texas!
Posted in 
July 7th, 2008 at 7:41 am
Ken Bowman said:Do you know if this is true for California, too?
Thanks.
July 13th, 2008 at 3:24 pm
Mike said:Nope, TX only
July 22nd, 2008 at 8:00 pm
Network Security Podcast » Blog Archive » Network Security Podcast, Episode 113 said:[...] Texas law may require PI license for PC techs. [...]