[ale] cabling and GA

Michael B. Trausch mike at trausch.us
Tue Mar 30 18:54:31 EDT 2010 

On 03/30/2010 05:40 PM, Greg Freemyer wrote:
> Mike,
>
> My understanding is that you need a GA PI license if you are
> collecting evidence or preparing reports in anticipation of their use
> in a court or law, etc.
>
> Almost 100% of what I do is in anticipation of a lawsuit, so I have a
> PI license personally and my company does corporately.

I don't really do anything in _anticipation_ of it ending up in a 
lawsuit or court generally, but I suppose that I should probably see 
what's involved in getting such a license, just in the event that I find 
myself in a situation where I would be required to have one.  I very 
often answer questions like, "What was this employee doing on this 
system" that _could_ have potential legal ramifications, though none 
have actually had such ramifications yet.

> Currently it is a misdemeanor, but a few years ago the Governor had to
> veto legislation make it a felony.  Apparently the CPA's mounted a
> large effort to see it veto'd because they did not want it to be a
> felony for them to do forensic accounting work without a PI license.
> :)

Wow.

> I also think ER docs doing rape kits etc. currently are obligated to
> have a PI license. (but I doubt any do.)
>
> Similarly I suspect any IT incident response teams that envision their
> reports ending up in court should have a PI license.
>
> To highlight how weird things can get, I know of a person that was
> arrested for port scanning a computer in GA.  I don't know the
> details, but a quick google finds:
>
> http://www.internetlibrary.com/cases/lib_case37.cfm
>
> A key sentence is "After the meeting, Cherokee County terminated its
> relationship with plaintiff, who was subsequently arrested for a
> criminal attempt to commit computer trespass against defendant."

Reading over that, I'm actually rather impressed at the sheer insanity 
in that article.  To make the claim that a rather simple port scan is 
itself an activity which can cause damage is off-the-wall, plainly and 
simply.  Now, a port scan that is done and then followed by an attempt 
to breach any of the services that are running is one thing, but if a 
system is so brittle that the mere act of a port scan causes damage, 
this is something that someone (like myself) doing a port scan would 
have no reasonable expectation of, and certainly no intent to do damage 
by the port scan itself.

It looks to me like the port scanning party was just looking to ensure 
that the subsequent things it was asked to do would be workable.  It 
seems to me that they were being responsible.

I guess I should really harden my contracts with clients.

	--- Mike

-- 
Michael B. Trausch                                    ☎ (404) 492-6475

More information about the Ale mailing list