Computer Forensics Examiners and Private Investigation Licensing
It may come as a complete surprise to some of you, but to be a computer forensics examiner in the state of Texas, one must also be a private investigator. It may also surprise you to find out that Texas is not the only state requiring this licensing. Rather, this is a state-specific requirement, and the law is broad in most states that do require licensing. If you are asking yourself why a computer forensics examiner must have a private investigator’s license, you are not alone.
Private investigators are the subject of many novels and television shows. Some of our favorite characters on screen and in print are members of this very profession. Laws and licensing regarding the PI profession were created long before there was anything known as computer forensics. The commonality between the verbiage in most states requiring licensure basically points out that there needs to be some regulation of the integrity and accountability of the person collecting data from the public. That regulation has been delegated to each state’s bureau or board in charge of licensing private investigations.
Even more confusing is figuring out each state’s PI licensing requirements and reciprocity. Some states recognize a PI license from other states, while others do not. Each state has different requirements, frequently regulated by different entities. Sometimes collection of data can be conducted without a PI license if the specific case is federal rather than civil. Sometimes following the broad interpretation comes down to the judge’s discretion. Sometimes the scope of work starts out within one state that does not require a PI license, but the evidence trail ends up in a state that does require licensing. What a conundrum!
And it is no small endeavor to get a license. The mass of paperwork involves a lot of people within the company and a lot of time spent trying to accommodate each state’s requirement. Then once the license is obtained, there are continuing education and insurance requirements to keep up with for each state in order to maintain the license. Depending on a company’s footprint, this task could quite rapidly become very time-consuming.
Requiring PI licenses for digital forensics examiners adds nothing to the quality of the work. Traditional PIs are not qualified to do digital forensics any more than a forensic examiner is qualified to conduct surveillance, but the same license is needed for both in many states. In my licensing experience, I can tell you that I need to know how often I should water my guard dog and how tall my fence must be to keep him from escaping but no questions are asked about my ability as a digital forensics examiner.
On the other side of the coin, many in law enforcement believe that computer forensics was created as a law enforcement tool. Recovery of data is only one part of the computer forensics process. Investigation is really the primary focus. These people believe that forming an opinion as to any user activity or relevant information connected to an incident is investigative in nature and should be licensed as such. The licensing entities require insurance to cover acts and omissions to guarantee confidentiality and accurate documentation to clients. Computer forensics examiners are using their knowledge and expertise to “poke around” in the lives of people who may face criminal charges. As such, these individuals should be duly certified and vetted.
The majority of computer forensics examiners work hard to get the certifications of the profession. No one disputes that those doing the work should be certified and licensed in some capacity. However, most believe that the PI route is the wrong path. This has been an ongoing battle for many, many years and will continue to be controversial until standards are put in place. Most want a national licensing protocol which protects the examiners, the companies they work for and the clients they represent.