A little-known law passed by the Texas Legislature last year affecting computer repair technicians is stirring up a fresh wave of controversy.

Late last month, the Texas Private Security Board, the state agency that regulates private investigators and security guards, refused for a second time to adopt language that proponents say would make clear that technicians who perform routine repair and maintenance on computers do not need a private investigator’s license.

The law requiring the license is the subject of a lawsuit filed in June by the Institute for Justice-Texas Chapter for a group of plaintiffs that includes Houston computer repair company Citronix Tech Services.

As it stands, computer repair technicians and consumers who knowingly use a tech who doesn’t have a PI license are at risk of violating the law, which carries criminal penalties of up to one year in jail, a $4,000 fine and civil penalties up to $10,000 per violation.

“It’s making me a lot more cautious abut the work I take,” says David Norelid, who owns Citronix Tech Services. “Mostly what we do is cleaning up computers, removing viruses — but that gets tricky. Just to remove it is fine, but if I note the Web sites the owner visited before he got the virus to find out where he got it, I would then be producing a report which is defined under this law as an investigation requiring a PI license. And not only would I be liable, but the client would be also.”

But Randy Kildow, owner of Randy Kildow Investigations in Dallas and a member of the Texas Association of Licensed Investigators — which proposed the legislation along with the Association of Security Services and Investigators of the State of Texas — doesn’t see what all the fuss is about.

“This is not new,” Kildow says. “When you look into somebody’s background, character or movements, you’ve always had to have a license to do that. If you’re doing it on a computer, that matches the test.”

But updating the law to accommodate 21st century technology has not been quite so straightforward.

State Rep. Joe Driver of Garland, who first introduced the bill, did not intend for it to be interpreted the way it has been by some people, says Betty Horton, an aide to the legislator.

Horton says the law was intended to apply primarily to the special area of computer forensics, which is a law enforcement or litigation-related investigation performed on a computer to gather evidence of a possible crime or information to be used in a civil lawsuit.

“It was intended to apply only to investigations involving the rules of evidence in the law,” she says. “It was never intended that enforcement action be taken against computer techs doing ordinary work like looking for spyware or viruses.”

Some followers of the issue worry about provisions in the law that also make reporting on information found in a computer a violation unless done with a PI license. That could affect any tech who tells a customer what they found — as well as network administrators or computer techs who report to a company or an employer after investigating a network security breach or Web sites visited on employees’ computers.

But Horton says the law is not applicable to company network administrators because the computer system belongs to the company, whose own employee or contractor did the work and made the report.

Kildow agrees that the intent of the law was primarily for computer forensics, but he concedes there are “some gray areas” in interpreting just who or what activities are covered.

Mark Kerzner, president of Top 8 Corp., a Houston company that performs computer forensic investigations and other tech work, says his company obtained a PI license about a year ago — before this bill came up — because they thought it might become necessary for some of the work they do.

And getting the PI license was not easy, he says.

“Our security manager had to go to Austin and take a tough exam. … and we also have to have insurance,” Kerzner says. “There’s lots of money involved in doing this.”

According to the Institute for Justice, there is a $441 fee to apply for a PI license and a $416 annual renewal fee, plus a requirement to carry $200,000 in professional liability insurance.

But, Kerzner says, the license requirement as it stands “has nothing to do with forensics. It’s irrelevant. It’s very confused. And most computer repair people have no idea about it.”
NO CLARITY

Right now, those following the issue say the Private Security Board seems to be laying fairly low in terms of taking any action to enforce the new law, although the board did send a cease and desist letter to a Best Buy Geek Squad in Houston after a customer brought in a computer to have the drive checked, says Matt Miller, executive director of Institute for Justice-Texas and lead attorney in the lawsuit.

Meanwhile, the board has twice declined to enact clarifying language into the law.

In July and again on Oct. 30, the Private Security Board tabled a proposal to issue a rule that the repair or maintenance of a computer does not require licensing under the Private Security Act “even if during the course of the repair or maintenance the person discovers information” that is described under the act as constituting an investigation or investigative report.

Horton says the issue will be taken up for amendment and clarification in the upcoming session of the Legislature. She expects legislators to take a broader look at what might constitute the best public policy in relation to the law.

“There may be other licenses that could stand in the place of a PI license for investigations involving rules of evidence in the law, and anyone not involved in computer forensics doesn’t need to be licensed,” she says.