[ale] IT Security (Evidence Collection) and HB 1259

H. A. Story adrin at bellsouth.net
Mon May 8 21:26:48 EDT 2006


Greg Freemyer wrote:

>This is a follow-up on the GA bill HB 1259 post I made last week.
>
>First it was veto'd on Friday, but per a meeting I just attended, it
>will be back next year
>
>Below is a brief summary (from memory) of a 2-hr meeting of the HTCIA
>with Calvin Hill (a state representative and a sponsor of HB1259) and
>John Villanes (the head of the GA PI Licensing Board) that likely
>applies to many computer personnel, especially those in IT security.
>
>First some opinions (JV = John Villanes  CH = Calvin Hill)
>1) (JV) As it stands any third party that collects evidence for use in
>a criminal/civil suit is subject to the existing PI licensing law. 
>The penalty is a misdemeaner and a relatively   small fine.  ie. a few
>hundred dollars I believe.  They are starting to get complaints about
>Computer Forensic professionals not having there PI license.
>
>2) (CH) There is intense pressure on the legislature to regulate
>individuals with access to sensitive data.
>
>3) (JV/CH) There is pressure to stop abuse of the GA PI law that
>allows PI companies to face minimal sanctions if they employ felons
>and allow them to carry guns.  This is apparently the driver that
>caused HB 1259 to upgrade the offense of vialoting the PI license to
>be a felony.
>
>4) (JV/CH) HB 1259 will be back next near in some way shape or form.
>
>5) (JV) The PI Board has a written regulation (IIRC) that individuals
>covered by other GA licensing boards will not be covered by the PI
>board.  (I'm not sure what this means if you are arrested.  i.e You
>are still breaking the law, it is just a regulation that says that
>MDs/CPAs/Engineers/etc. are not required to have their PI license.)
>
>6) (JV) My interpretation of what he said is that a IT consultant
>responding to a client issue that intentionally gathers evidence for
>potential use at a criminal/civil trial needs to be a PI today, and
>needs to be regulated in some manner in the future.  His question was
>"Why not the PI board?"
>
>7) (JV/CH) Employees of the violated company do not need to have a
>license.  ie. If you are part of an inhouse IT security group you
>don't need a PI license, it is only if you are an outside consultant
>or work for a 3rd party (IT) security firm that you need a PI license.
>
>8) (CH) The IT Security industry is likely to be regulated as a whole
>by the next legislative session (Winter 07)
>
>=== Future
>The HTCIA is going to form a working group to try to come up with ways
>for Computer Forensic Experts to regulated by the State of GA.  It may
>be that:
>
>     they simply have to get their PI licenses.
>
>    a PI CF specialty is recommended.
>
>    a IT Security Licensing Board is extablished and it will have
>responsibility for CF experts as well as the many other specialties of
>IT Security.
>
>If any of you are part of professional groups that will be affected by
>the above you may want your group to look into this.
>
>Greg
>--
>Greg Freemyer
>The Norcross Group
>Forensics for the 21st Century
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>  
>
Thanks for the info.   I wonder what Best Buys and the Geek Squad thinks 
of this???  

Adrin




More information about the Ale mailing list