Penetration Testing mailing list archives
RE: Pen test - Attorney client Privilege?
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 20 Oct 2005 09:35:30 +1000
On another point, "work on an affidavit for a client with their counsel" would be covered, but this is different to engaging a third party to conduct a Pen test - an agreed procedures audit in effect. A Pen Test in this case would require that it was conducted in order to complete the affidavit - an unlikely situation in itself. It would also require anticipated or contemplated proceedings. Is the Pen test being solely completed as there is an expectation of being involved with litigation? Again I do not see this as a good argument as this is an improbable situation. Also it would open the opposing council to engage their own Pen Test which would be admissible and have significant weight. Craig -----Original Message----- From: Paul Robertson [mailto:compuwar () gmail com] Sent: 20 October 2005 8:08 To: Craig Wright Cc: pen-test () securityfocus com; rob havelt Subject: Re: Pen test - Attorney client Privilege? On 10/19/05, Craig Wright <cwright () bdosyd com au> wrote: [snip a buncha stuff I agree with]
Discovery could request the reports directly from the Pen Tester - thus by passing privilege any way.
Previous disclaimers apply- but here's my understanding- Who you get the information from doesn't change its protection unelss it's been disclosed outside of the necessary participants- in which case privilege is lost. For instance, when I work on an affidavit for a client with their counsel, it's generally still protected material so long as only the counsel, myself and the client are party to the work product. Once it's filed, the affidavit itself is not protected (unless it's under seal,) but the work product that got us to the final version is protected to a very large extent. My analysis of opposing counsel's affidavit is probably a better example, but I don't do that all too frequently (lack of interesting engagements.) It shouldn't matter if you go after me, the client or the attorney- privilege is extended under the correct circumstances to the communication, as it's done with counsel in preparation for a lawsuit. Paul -- www.compuwar.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pen test - Attorney client Privilege? rob havelt (Oct 15)
- Re: Pen test - Attorney client Privilege? Paul Robertson (Oct 16)
- Message not available
- Re: Pen test - Attorney client Privilege? rob havelt (Oct 16)
- Message not available
- RE: Pen test - Attorney client Privilege? Lyal Collins (Oct 19)
- Re: Pen test - Attorney client Privilege? Paul Robertson (Oct 19)
- Re: Pen test - Attorney client Privilege? ma.teo (Oct 19)
- Re: Pen test - Attorney client Privilege? Thor (Hammer of God) (Oct 19)
- Re: Pen test - Attorney client Privilege? Paul Robertson (Oct 16)
- <Possible follow-ups>
- RE: Pen test - Attorney client Privilege? Craig Wright (Oct 19)
- RE: Pen test - Attorney client Privilege? Craig Wright (Oct 19)
- RE: Pen test - Attorney client Privilege? Craig Wright (Oct 19)
- RE: Pen test - Attorney client Privilege? Craig Wright (Oct 19)
- RE: Pen test - Attorney client Privilege? Craig Wright (Oct 19)
- Re: Pen test - Attorney client Privilege? Paul Robertson (Oct 19)
- RE: Pen test - Attorney client Privilege? Craig Wright (Oct 20)