Create an Account
username: password:
 
  MemeStreams Logo

[ale] IT Security (Evidence Collection) and HB 1259
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
[ale] IT Security (Evidence Collection) and HB 1259
Topic: Computer Security 1:35 pm EDT, May  9, 2006

The following quotes are from a reported posted to the Atlanta Linux Enthusasts mailing list by Greg Freemyer.

First some opinions (JV = John Villanes CH = Calvin Hill)

1) (JV) As it stands any third party that collects evidence for use in a criminal/civil suit is subject to the existing PI licensing law. The penalty is a misdemeaner and a relatively small fine. ie. a few hundred dollars I believe. They are starting to get complaints about Computer Forensic professionals not having there PI license.

Some more background on this would be useful. What is the basis of the complaints? And who is making them?

2) (CH) There is intense pressure on the legislature to regulate individuals with access to sensitive data.

From who? What is considered "access to sensitive data"?

3) (JV/CH) There is pressure to stop abuse of the GA PI law that allows PI companies to face minimal sanctions if they employ felons and allow them to carry guns. This is apparently the driver that caused HB 1259 to upgrade the offense of vialoting the PI license to be a felony.

They should handle this issue in a bill separate from any attempting to regulate the information security industry. This appears to have been the main driver, so handle it on its own. We don't need issues with felons carrying guns effecting the information security industry. These are issues that don't connect.

4) (JV/CH) HB 1259 will be back next near in some way shape or form.

See my above comment...

5) (JV) The PI Board has a written regulation (IIRC) that individuals covered by other GA licensing boards will not be covered by the PI board. (I'm not sure what this means if you are arrested. i.e You are still breaking the law, it is just a regulation that says that MDs/CPAs/Engineers/etc. are not required to have their PI license.)

This is one of the core problems that needs to be addressed. If you are a CPA, doctor, engineer, or information security expert, you should not be breaking the law in the process of practicing your craft in good faith.

6) (JV) My interpretation of what he said is that a IT consultant responding to a client issue that intentionally gathers evidence for potential use at a criminal/civil trial needs to be a PI today, and needs to be regulated in some manner in the future. His question was "Why not the PI board?"

7) (JV/CH) Employees of the violated company do not need to have a license. ie. If you are part of an inhouse IT security group you don't need a PI license, it is only if you are an outside consultant or work for a 3rd party (IT) security firm that you need a PI license.

Well, now a few reasons are being presenting as to why the PI board isn't the way to go. Most of the reasons have to do with addressing practical realities of the situation. Professionals who do consulting often operate on a national basis. If we have to become a PI in every state we happen to wind up operating in, this becomes an expense that limits our ability to both work and market our services. It makes it every hard to operate independently, even to a very limited degree, without significant upfront investment and being subject to unnecessary regulations. Independent consulting and small business would lose completely. The courts should be able to handle this situation, without a large amount of undue regulation.

8) (CH) The IT Security industry is likely to be regulated as a whole by the next legislative session (Winter 07)

What is the driver for this? Who is driving it? Why?

=== Future
The HTCIA is going to form a working group to try to come up with ways
for Computer Forensic Experts to regulated by the State of GA. It may
be that:

* they simply have to get their PI licenses.
* a PI CF specialty is recommended.
* a IT Security Licensing Board is extablished and it will have responsibility for CF experts as well as the many other specialties of IT Security.

They need to define the reasons for the regulation they are proposing. What are the problems? What are causing the problems? What are some court cases that have been adversely effected by rogue information security professionals? This still just looks like a regulatory power grab. Are we going to have to start referring to the "Georgia Security Regime" when talking about doing any type of work in Georgia? Who does that actually help?

[ale] IT Security (Evidence Collection) and HB 1259

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0