Feeds

Forensic felonies

New law clamps down on PIs

High performance access to file storage

Forensic expert prosecuted and sued

The Georgia statute was brought to my attention by Scott Moulton. Frequent readers of this space may remember Scott as the person who was criminally prosecuted and civilly sued in Georgia for doing a port scan on a computer system prior to allowing that system to connect to the system he was managing. I wrote a column about it at the time.

Moulton was getting ready to testify as a computer forensics expert in a case in Superior Court of Coweta County, Georgia. This is one of the things that forensics experts do - they explain what they have found in an examination of a computer system, and the court determines whether they have the requisite level of training or expertise to render an opinion that would be helpful to the jury. All sorts of experts do this - not just computer forensic experts.

For example, there are forensic accountants, odontologists, anthropologists, document examiners, pathologists, toxicologists, and even forensic archeologists. These are people who make their living examining evidence and rendering expert opinions on what they see. The goal of their expertise is to determine facts to be presented in court, frequently on issues related to loss, damage, bodily injury, or violations of law. Indeed, under the US Supreme Court's decision on expert witnesses and science, Daubert v Merrill Dow, the court stated that:

"If scientific, technical, or other specialised knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue," an expert, "may testify thereto." The subject of an expert's testimony must be "scientific ... knowledge." The adjective "scientific" implies a grounding in the methods and procedures of science. Similarly, the word "knowledge" connotes more than subjective belief or unsupported speculation. The term "applies to any body of known facts or to any body of ideas inferred from such facts or accepted as truths on good grounds."

Thus, anybody with sufficient training and experience in a recognised scientific field can collect evidence to be presented in court and testify about it. A forensic entomologist can testify in court about bugs - and make a living doing it. A graphologist can not only testify about handwriting, but also collect evidence to support his or her conclusions. The sole tests are whether the opinions are scientifically based, the expert qualified, and the opinion relevant to some issue in the litigation. 'Nuff said.

So, Scott goes to testify as a forensic expert in early April 2006. He is greeted by an agent of the Georgia Bureau of Investigation, the Coweta County Prosecutor, and by a former Cobb County police officer and current Private Investigator. The prosecutor moved to exclude Moulton's testimony on the grounds that Scott was criminally violating the Georgia statute by conducting forensic investigations without a PI license. While the court allowed the testimony, the threat of criminal prosecution against Scott remained – something Scott was of course concerned about, especially in light of his history with criminal prosecutions by the GBI. Scott tried to clarify this point with the Georgia Association of Professional Private Investigators (the PI trade association) who took the position that if you, "conduct an examination of evidence, determine what can be used, compile a report and testify in court" you need to be a licensed PI.

Similar laws in other US states

Now, Georgia is not the only state that requires private investigators or private detectives to be licensed. Indeed, the Georgia law is in fact modeled after similar laws in California, Arizona, Utah, Nevada, Texas, Delaware, and New York, just to name a few. In each of these cases, the law requires that a person providing the defined "investigative" services for remuneration be licensed in that state as a Private Investigator.

In July of 2005, pursuant to the California statute, a company providing forensic computer software and services was prompted to write to the State Bureau of Security and Investigative Services (BSIS), the entity charged with the duty to enforce the PI licensing scheme. The enforcement manager for California at that time issued a formal opinion stating that, "if a person or entity performing a computer forensic investigation within California obtains information that will be used, or results in [anything described in the PI licensing scheme]...a private investigator license is required". But in April of 2006, the BSIS agreed not to enforce this opinion pending review by the Bureau's legal counsel.

In Delaware, State Deputy Attorney General Ralph Durstein issued a letter to the Board of Examiners of Private Investigators (the state licensing agency) in January of 2005 containing the formal legal opinion that forensic specialists, "gather data from computer media", and that "the conduct of a computer forensic specialist is no different from that of a more traditional private investigator or detective, namely seeking information for a client about another person". As such, the AG's office concluded that forensic specialists have to be licensed in Delaware, or face civil or criminal prosecution. This position is officially being challenged by the maker of computer forensic software.

SANS - Survey on application security programs

Next page: The licensing issue

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.