Post Process

Everything to do with E-discovery & ESI

Archive for the ‘Legislation’ Category

The Right to Broadband

Posted by rjbiii on November 22, 2009

Spain and Finland are implementing laws that will guarantee a citizen’s right to purchase broadband of at least one megabyte per second. The article on Finland notes that France has made internet access a human right. Of course, France has also passed the controversial three-strikes law, which would forcibly disconnect users from internet access without legal resource.

H/T: Slashdot

Advertisements

Posted in Articles, Laws, Legislation, Technology, Trends | Leave a Comment »

EU Working Group Releases Proposal for Reconciling EU Data Privacy Laws with US Discovery Rules

Posted by rjbiii on February 22, 2009

An EU “working group” has released a proposed set of guidelines (warning: PDF document) for companies who are subject to EU Privacy Directives to follow when complying with discovery rules in U.S. matters. The document’s purpose is described thusly:

The working party sees the need for reconciling the requirements of the US litigation rules and the EU data protection provisions. It acknowledges that the Directive does not prevent transfers for litigation purposes and that there are often conflicting demands on companies carrying on international business in the different jurisdictions with the company feeling obliged to transfer the information required in the foreign litigation process. However where
data controllers seek to transfer personal data for litigation purposes there must be compliance with certain data protection requirements. In order to reconcile the data protection obligations
with the requirements of the foreign litigation, the Working Party proposes the following guidelines for EU data controllers.

The document is an excellent primer for EU-US cross-border discovery matters. It also discusses the differences in discovery between common law and civil code systems, and those of the U.S. with other common law nations.

Posted in Discovery, European Union, International Issues, Legislation, Privacy | Leave a Comment »

House passes Proposed FRE 502

Posted by rjbiii on September 15, 2008

Last Monday, the House passed the proposed rule, which is designed to protect parties against the inadvertent disclosure of privileged material, and the waiver of the privilege because of the disclosure.

The rule takes effect on any new matters, and to the extent that is “just and practicable,” on any matters currently pending. The text of the rule can be found here (pdf), and the congressional record, containing legislative intent, is here (also pdf).

Posted in FRE 502, Legislation, Waiver of Privilege | Leave a Comment »

New Law Strengthening Attorney Client Privilege Gains Traction in Congress

Posted by rjbiii on July 3, 2008

The American Lawyer online has posted an article explaining that attorney client privilege is the focus of new federal legislation:

The bill would make it illegal for federal prosecutors to order companies to turn over privileged documents as a condition of a cooperating agreement. That has been a popular tactic to get access to the juicy stuff, but it’s already happening less because of the disastrous KPMG tax shelter case, says William Sullivan, a Winston & Strawn partner and former federal prosecutor who spoke at a panel discussion during ALM’s Corporate Counsel Conference earlier this month [ALM is the parent company of The Am Law Daily and The American Lawyer].

In the KPMG case, a federal judge tossed out indictments against several individual defendants after learning that prosecutors banned KPMG from paying their legal fees — a condition the judge considered onerous.

The article mentions that some are surprised by the bill’s momentum in the post-Enron and Worldcom environment, but notes that a broad and unlikely coalition of organizations came together to express support. Supporters include the ACLU, the Association of Corporate Counsel, and 32 former federal prosecutors.

Posted in Articles, Attorney Client Privilege, Legislation, Trends | Tagged: | Leave a Comment »

More details on PI Licensing and Forensics Technicians

Posted by rjbiii on July 1, 2008

An update on the licensing issues discussed here, here, and here, with a couple of helpful links.

First, Kessler International, a company that engages in forensics accounting, computer forensics and corporate investigations, has posted the results of a survey concerning state licensing laws with respect to forensics accounting and computer forensics companies and employees. The results are posted in map form. Click on the state that interests you, and that state’s response pops up in pdf format.

Now, with respect specifically to Texas, you may click here [PDF] to find a series of opinions made by the Private Security Bureau with respect to licensing issues and technical tasks associated with computers. Scroll down and look at those opinions from August 21 to October 18.

Some relevant excerpts (keeping in mind that these are the board’s opinions, and not judicial rulings):

Computer Forensics August 21, 2007
The computer forensics industry has requested clarification of the Private Security Bureau’s position regarding whether the services commonly associated with computer forensics constitute those of an “investigations company” and are therefore services regulated under the Private Security Act (Chapter 1702 of the Occupations Code). It is hoped that the following will be of assistance.
First, the distinction between “computer forensics” and “data acquisition” is significant. We understand the term “computer forensics” to refer to the analysis of computer-based data, particularly hidden, temporary, deleted, protected or encrypted files, for the purpose of discovering information related (generally) to the causes of events or the conduct of persons. We would distinguish such a content-based analysis from the mere scanning, retrieval and reproduction of data associated with electronic discovery or litigation support services.
For example, when the service provider is charged with reviewing the client’s computer-based data for evidence of employee malfeasance, and a report is produced that describes the computer-related activities of an employee, it has conducted an investigation and has therefore provided a regulated service. On the other hand, if the company simply collects and processes electronic data (whether in the form of hidden, deleted, encrypted files, or otherwise), and provides it to the client in a form that can then be reviewed and analyzed for content by others (such as by an attorney or an investigator), then no regulated service has been provided.
The Private Security Act construes an investigator as one who obtains information related to the “identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person; the location, disposition, or recovery of lost or stolen property; the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property; or for the purpose of securing evidence for use in court. Tex. Occ. Code §1702.104. Consequently, we would conclude that the provider of computer forensic services must be licensed as an investigator, insofar as the service involves the analysis of the data for the purposes described above.
With respect to the statutory reference to “securing evidence for use in court,” we would suggest that the mere accumulation of data, or even the organization and cataloging of data for discovery purposes, is not a regulated service. Rather, in this context, the Bureau would interpret the reference to “evidence” as referring to the report of the computer forensic examiner, not the data itself. The acquisition of the data, for evidentiary purposes, precedes the analysis by the computer forensic examiner, insofar as it is raw and unanalyzed. FN1 The mere collection and organization of the evidence into a form that can be reviewed and analyzed by others is not the “securing of evidence” contemplated by the statute.
This analysis is consistent with the language of HB 2833 (Tex. Leg. 80th Session), which amends Section 1702.104. The amendment confirms that the “information” referred to in the statute “includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.”

FN1 It may well be that the hardware on which the data exists is itself the product of an investigation, but that is a separate question.

Computer Network Vulnerability Testing Firms — AMENDED January 15, 2008
This opinion amends the previous opinion issued in June of 2007. The question posed was whether network vulnerability testing firms must be licensed under the Private Security Act, Chapter 1702 of the Texas Occupations Code (“the Act”). Such companies typically conduct:
(1) Scans of a computer networks to determine whether there is internet vulnerability or other external risk to the internal network;
(2) Sequential “dial ups” of internal phone numbers to assess potential access;
(3) Risk assessment and analysis on all desktop computers connected to the network;
(4) Notification of any new security threats and required action.
Section 1702.226 of the Occupations Code provides in relevant part, that “[a]n individual acts as a private security consultant for purposes of this chapter if the individual consults, advises, trains, or specifies or recommends products, services, methods, or procedures in the security loss prevention industry.” TEX. OCC. CODE §1702.226 (1).
However, while the Bureau regulates consultants in the “security industry or loss prevention industry,” these latter phrase is not explicitly defined in the statute. It is therefore necessary to look to the rest of the statute in order to understand to which services the private security consultant’s licensure requirement applies.
It is reasonable to consider those industries otherwise regulated by the Private Security Act as reflecting the scope of the phrase “security industry or loss prevention industry.” In other words, the definitions are implied by those services that are regulated by the statute, viz., security guards, locksmiths, alarm system installers and monitors, and private investigators, and not software designers, installers or suppliers.
Thus, the industries that are directly regulated are the same industries about which one cannot consult without a license. Because the Private Security Bureau does not regulate software designers, installers, or suppliers, it also does not regulate those who provide consulting services related to computer network security.
Computer Repair & Technical Assistance Services October 18, 2007
Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators. The review of computer data for the purpose of investigating potential criminal or civil matters is a regulated activity under Chapter 1702 of the Texas Occupations Code, as is offering to perform such services. Section 1702.102 provides as follows:
§1702.104. Investigations Company
(a) A person acts as an investigations company for the purposes of this chapter if the person:
(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to:

(A) crime or wrongs done or threatened against a state or the United States;
(B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person;
(C) the location, disposition, or recovery of lost or stolen property; or
(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property;
(2) engages in the business of securing, or accepts employment to secure, evidence for use before a court, board, officer, or investigating committee;
(3) engages in the business of securing, or accepts employment to secure, the electronic tracking of the location of an individual or motor vehicle other than for criminal justice purposes by or on behalf of a governmental entity; or
(4) engages in the business of protecting, or accepts employment to protect, an individual from bodily harm through the use of a personal protection officer.
(b) For purposes of subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.
Please be aware that providing or offering to provide a regulated service without a license is a criminal offense. TEX. OCC. CODE §§1702.101, 1702.388. Employment of an unlicensed individual who is required to be licensed is also a criminal offense. TEX. OCC. CODE §1702.386.

Posted in Computer Forensics, Computer Security, Laws, Legislation | 2 Comments »

Legal Challenge to Texas’ PI Law emerges: Standing up for the Computer Technician

Posted by rjbiii on June 28, 2008

The Institute for Justice, with a newly opened Austin chapter, has decided to challenge the new Texas statute that appears to mandate that some computer techs must obtain a private investigator’s license:

Under the new law enacted in 2007, Texas has put computer repair shops on notice that they had better watch their backs any time they work on a computer. If a computer repair technician without a government-issued private investigator’s license takes any actions that the government deems to be an “investigation,” they may be subject to criminal penalties of up to one year in jail and a $4,000 fine, as well as civil penalties of up to $10,000. The definition of “investigation” is very broad and encompasses many common computer repair tasks.

Interestingly, the article doesn’t mention anyone in this industry, which is also greatly threatened by the statute’s impact. Think I’ll talk to the attorneys involved, perhaps providing them with this information. If I get hold of them, I’ll let you know what they say.

Post Process will follow the progress of the lawsuit and blog what we hear. You’ll recall that we’ve discussed the Texas law (here) and the Michigan law (here).

Another approach is for the industry to take an active role in discussing these proposed laws as they begin to surface in the state legislature. I haven’t heard of any activity on that front, yet.

Posted in Articles, Legislation, Texas, Trends | 5 Comments »

Trend in Licensing for Computer Forensics Continues with New Michigan Law

Posted by rjbiii on June 18, 2008

Post Process has already remarked on a Texas law that implies that computer forensics experts must have a private investigator’s license. Now it’s Michigan’s turn.

Joe Howrie has written an article on a new Michigan law that requires people engaging in “computer forensics” to acquire a license as a private investigator:

“According to the state of Michigan Web site, Michigan House Bill 5274, “the professional investigator licensure act,” was signed into law by Gov. Jennifer Granholm on May 28.

According to the terms of the act, it becomes effective immediately (Sec. 29) and it is now a felony punishable by up to a four-year prison term and a $25,000 fine for a person to engage in computer forensics in Michigan unless that person is licensed under the act or falls within one of its exemptions (Sec. 3(3)).”

The exemptions mentions attorneys, but not staff working under a lawyer’s supervision, although Howrie feels that staff would be exempted:

Presumably, the attorney exemption extends to staff employed to assist an attorney as attorneys have historically used support personnel for litigation. If the legislature had intended that lawyers could only use support staff with whom the lawyers had employer-employee relationships, the employer-employee language from 4(e) would also appear in the 4(a) lawyer exemption section.

This particular law, driven evidently from privacy concerns, seems broader and harsher than others we’ve seen recently, including the Texas law. Questions abound: if I am in Houston, and I use an application to pull data from a server in Michigan, for the purposes of preparing some of that data for submission to a court as evidence, am I in violation of the statute? If I merely hold myself out as a computer forensics professional, do no business in Michigan directly, but engage in “forensics” elsewhere, are there any consequences (minimum contacts and the web?).

While protecting the public and privacy is important…is a Private Investigator’s license really the best vehicle for this sort of regulation? Stay tuned…

Posted in Articles, Data Collection, Forensics, Laws, Legislation, Privacy, Trends, Uncategorized | Tagged: , , | 1 Comment »

Will Lit Support Vendors need a PI License in Texas?

Posted by rjbiii on July 17, 2007

NB: Updates can be found on Post Process here, here, and here.

There has been much discussion in the litsupport groups concerning a new law set to take effect on September 1, which, among other things, expands the definition of an “investigations company.”

From 80(R) HB 2388, Here is the full text of this section (the bold font is the newly amended text):

Sec. 1702.104. INVESTIGATIONS COMPANY. (a) A person acts
as an investigations company for the purposes of this chapter if the
person:
(1) engages in the business of obtaining or
furnishing, or accepts employment to obtain or furnish, information
related to:
(A) crime or wrongs done or threatened against a
state or the United States;
(B) the identity, habits, business, occupation,
knowledge, efficiency, loyalty, movement, location, affiliations,
associations, transactions, acts, reputation, or character of a
person;
(C) the location, disposition, or recovery of
lost or stolen property; or
(D) the cause or responsibility for a fire,
libel, loss, accident, damage, or injury to a person or to property;
(2) engages in the business of securing, or accepts
employment to secure, evidence for use before a court, board,
officer, or investigating committee;
(3) engages in the business of securing, or accepts
employment to secure, the electronic tracking of the location of an
individual or motor vehicle other than for criminal justice
purposes by or on behalf of a governmental entity; or
(4) engages in the business of protecting, or accepts
employment to protect, an individual from bodily harm through the
use of a personal protection officer.
(b) For purposes of Subsection (a)(1), obtaining or
furnishing information includes information obtained or furnished
through the review and analysis of, and the investigation into the
content of, computer-based data not available to the public.

To parse the language then, the existence of new section (b) means that if you are in the business of: obtaining or furnishing information related to four areas listed above:
A Crimes or wrongs against the US;
B The identity, habits, business, occupation,
knowledge, efficiency, loyalty, movement, location, affiliations,
associations, transactions, acts, reputation, or character of a
person
C The location or disposition of stolen property; or
D An investigation into a fire
Then you are an investigations company.

This is true if the information is obtained through the “review and analysis of, and the investigation into the content of, computer-based data not available to the public.”

So the question for vendors becomes: what operational tasks meet the definition of the new section? There seems little doubt that a forensics examination of a network or pc system is covered by the new definition, because forensic examiners deliver a report based on an analysis of and investigation into the content of computer-based data” on private systems.
But what about other tasks, such as the collection of data, the processing of data for review and production, and the storing and display of data for attorney review?

We should not an exception is noted in section Section 1702.324:

This chapter does not apply to:
…(10) a person who obtains a document for use in
litigation under an authorization or subpoena issued for a written
or oral deposition…

Yet that exception seems rather narrow, as it only applies to a particular deposition, and not to a possible trial in general. Furthermore, the exception is narrowed still by text in section 1702.324 (c), which states:

The exemptions do not apply to activities or services that are independent of the service or profession that is the basis for the exemption.

It seems obvious that in order to provide a full range of litigation support services, including forensic examination, then you will have to become licensed. But will all vendors, even those who do not perform such examinations, need a license as well? Stay tuned…

Posted in Laws, Legislation, states, Texas | 5 Comments »