Part two of a series.

by Brian Boyko
Editor, Network Performance Daily

Recently, a posting on Slashdot linked to a story from PC Magazine called “Texas PC Repair Now Requires PI License.” Obviously, this story has gathered tons of attention, and if strictly true, would have a major impact on IT departments across the state, if not the nation.

Earlier, we posted a summary of the controversial law, HB 2833, along with an interview with State Rep. Joe Driver, who authored HB 2833.

Today we present an interview with Matt Miller of the Texas branch of the Institute for Justice, which is suing the Texas State Private Security Bureau. (We plan to conclude our series with an interview with RonEarl Bowie at the Texas State Private Security Bureau tomorrow. )

Matt Miller, Executive Director of the Texas State Chapter, Institute for Justice:

Editor Brian Boyko, at NPD: So, could you tell me a little bit about your organization?

Executive Director Matt Miller: Sure. We are a public interest law firm; we're based in Arlington, Virginia. We have offices now in Minnesota, Washington (state), Arizona, and now in Texas, and we file public interest litigation on behalf of individuals whose Constitutional liberties are taken away from them by government.

NPD: How many cases have you filed?

Miller: The Institute for Justice, in total?

NPD: Yeah.

Miller: Probably close to a hundred. "IJ" has been in business since 1992, and we work in four areas. We work in property rights - you may have heard of our "Kelo vs. New London" decision that came out of the U.S. Supreme Court, we work in free-speech in the areas of commercial speech and campaign finance reform, we work in economic liberty - which is what the case that we'll be discussing today is about - which challenges licensing restrictions. And then we're also the lawyers for the school choice movement.

NPD: So, could you tell me a little bit about who you are and what your position with the organization is?

Miller: Sure. I'm the executive director of the Texas State Chapter, so I run the office here in Austin. I have a staff attorney that works with me, and then we have an office manager and some law clerks from the University of Texas Law School.

NPD: So, could you tell me a little bit about this bill that has been passed into law - House Bill 2833?

Miller: Well, last Thursday [June 26, 2008], we filed suit against the [Texas] State Private Security Board on behalf of the owners of some computer repair shops here in Texas and their customers. Last year, the state of Texas passed a law that basically said that to perform a lot of types of data analysis; you have to have a private investigator's license. And, if you perform that analysis without a license, or if you are a customer and you seek to have that analysis performed by somebody without a license, it is punishable by up to one year in jail and up to $14,000 in fines.

NPD: Could you tell me a little bit about the language of the bill, where exactly it says that in the bill?

Miller: Well, what was changed in the bill - they amended the Texas Occupations Code, Chapter 1702, Section 104 of the Texas Occupations Code. And they added one little line - and it was done in subsection B, and they that for the purpose of subsection A, "obtaining or furnishing information" includes "information obtained or furnished through the review and analysis of any investigation into the content of computer-based data not available to the public."

This case got on our radar screen because the Private Security Board has issued a series of interpretations saying flat-out that this law applies to computer repair shops and a lot of people who analyze computer data in certain ways.

NPD: Sorry, what board was that again?

Miller: The Texas Private Security Board. They're basically charged with licensing private investigators, security guards, guard dog trainers - people of that type.

NPD: Alright, is that a government agency, or private function?

Miller: It is a State Agency. They are a sub-agency of the Texas Department of Public Safety.

NPD: The Lawsuit names them as the defendant?

Miller: It does. We have sued the members of the board in their individual capacity - excuse me, I'm sorry, let me correct that. In their official capacity. Which is what you're required to do when you file a lawsuit of this type against a state agency. And we are asking the Judge to declare that the law violates our clients' constitutional rights to practice their occupation free from unreasonable governmental interference.

NPD: Is the problem with the law or the interpretation of the law that the Texas Private Security Board has taken?

Miller: Well, it's with both. Laws can be interpreted in a lot of different ways, and the private security board has chosen to interpret this law very aggressively. Since the law can be interpreted in that way, there are problems with the law itself. The interpretations that the board has issues, is the reason that this case has come to our attention, because they say specifically that computer repair shops should be aware that if they offer to provide these services they've committed a crime. And that kind of caught our attention, so we started looking into it, and the law itself is problematic because it is subject to such a broad and aggressive interpretation.

NPD: Would it also affect network engineers performing network analysis on their own companies' computers?

Miller: Sure, and let's talk about that because, it is complicated and there is quite a bit of nuance. It kind of leads to how this applies to these guys. We've gotten calls from people who say, "Well, if somebody's switching out a hard drive, then that doesn't apply to them, right?" And the answer to that is, yes. It doesn't apply to them. But anyone who is analyzing data in a situation where that data points back to the actions of a third party - so, somebody who is not the computer's owner, or someone who is not the owner of the company - anytime a third party is implicated by data analysis, this law is potentially triggered.

What the board came back and did was, they said that any analysis of non-public computer data to determine the causes of events or the conduct of persons is what they're calling a regulated service. Of course, that is extremely broad. You know, for instance, if an employer went to a company and wanted to know how their employees were using the computer - that constitutes an investigation. The Board has said that when the service provider is charged with reviewing the client's computer-based data, for evidence of employee malfeasance and a report is produced that describes the computer related activities of an employee, it has conducted an investigation and has therefore provided a regulated service.

NPD: So, other than the lawsuit, is your organization taking any other actions?

Miller: We've obviously tried to bring this issue to light in the media. Because it is somewhat technical, we've had to educate the media on how this works. And they've been very responsive. But the primary vehicle we're taking here is this lawsuit and our goal is just to change the law. We're not seeking monetary damages, this is not a personal lawsuit - we're going to a judge and saying: "Judge, this is a bad law, and it stops our guys from practicing their profession - it stops a lot of people from potentially doing the things they do on a daily basis, and the law needs to be changed." So we're asking the judge to strike the law down.

NPD: Have you spoken to the author of the law? Rep. Driver?

Miller: We have not. We will do that in the due course of a part of our litigation, but we've not talked to him prior to filing this litigation.

NPD: What would happen if the judge does not find that the law is a bad law, but rather that the interpretation of the Texas Private Security Board was overly broad?

Miller: Well, in that event, then the board would be limited in the future in how they can enforce the law. And that would be a partial victory for our clients, because, if they were prohibited from enforcing the law against people who were just basically analyzing computer data in a way that was legal and that someone had asked them to analyze it, then obviously that would be a partial victory. The problem is that the law is still hanging out there, and it's going to be difficult for a judge to say that the interpretation is a problem without also saying that the law in which that interpretation is based is also a problem.

NPD: Well, is there anything else you wanted to add, anything that you think I've left out?

Miller: Well, again, I appreciate you interviewing me for this. The law is tricky, and the computer community just needs to be aware that anything they're doing that implicates third-party data or any reports they're producing for customers or for employers that says something about how a third party has used a computer is potentially regulated by this law. And they just need to be careful. We are working hard to have the law struck down in court, and we're moving as fast as possible on that, but in the meantime, people just need to keep an eye out and be aware of the issue.

NPD: Alright, well, thank you very much.

Miller: Certainly, thank you for your time.