Security Basics mailing list archives
RE: PI to do Forensics? WAS: Re: Two questions
From: Craig Wright <Craig.Wright () bdo com au>
Date: Wed, 27 Feb 2008 14:03:20 +1100
Here is the issue. YOU CAN NOT TAKE STATUE IN ISOLATION! You need to look at laws of agency, other occupations code and the interaction of the common law. The US legal system is based on common law. You need to take case law into account. Issue 1 - "Long Arm Statutes" Most US States have a "long arm" statute. Gibbons v Brown (1998) 1998 716 So. 2d 868; A car accident resulted following bad directions; the plaintiff sought to assert jurisdiction over non-resident on the grounds that the defendant had filed a lawsuit in the forum two years earlier stemming from the same incident (the plaintiff was not a party to that suit). The FL long arm-statute permitted jurisdiction over those "engaged in substantial and not isolated activity" within the state. It was held, bringing an action in the state two years earlier does not qualify as substantial activity, no personal jurisdiction. In the case of Dealing with a website (as was expressly not decided in Trintec Indus. v. Pedre Promotional Products) it is likely that a website would have to be shown to operate extensively or particularly target the location for jurisdiction to be applied. As an example, a site in the UK that operates a US page and sells product stating that they deliver to the US could be covered by the US long-arm statutes. The sale of goods using an intermediary can create personal jurisdiction for patent infringement over the Internet. In Trintec v. Pedre Promotional Products , Trintec initiated action against Pedre for an infringement of their patent in the District of Columbia. Trintec accused Pedre of contravening Trintec's patents for the automation of printed faces used in watches. Pedre moved for dismissal due to a lack of personal jurisdiction and improper venue. Pedre attested it operated exclusively in a single office in NY and was without facilities or representatives in Washington D.C. The district court granted Pedre's motion and discharged the action for a lack of personal jurisdiction. The case was appealed. The Federal Circuit reconsidered the issues surrounding general and specific jurisdiction: "Specific jurisdiction 'arises out of' or 'relates to' the cause of action even if those contacts are 'isolated and sporadic.' . . . General jurisdiction arises when a defendant maintains 'continuous and systematic' contacts with the forum state even when the cause of action has no relation to those contacts. The court noted that they were "left totally in the dark about the reasons for the district court's action." The dismissal was vacated. As a consequence, jurisdiction may be found under D.C.'s long-arm statute in the event that Pedre's merchandise was offered for sale in DC. The court considered the extent that an interactive website would create jurisdiction but expressly determined not to decide that issue, leaving this matter open. In matters of Patient law, the process of selling over the Internet from a site not covered by Patient protections to one that the patient is protected could lead to legal action. The argument of jurisdictional assignment will come to the determination of terms such as substantial. The FUD surrounding this topic is immense, but it is FUD. One of the key issues is that most of the people quoting law are NOT as they state at time lawyers in any sense of the word. In the SC code, the context of the words used will be interpreted on case law, not that of use on this list. No mention of the exclusions or other provisions of the code was made in the reply. As for the interpretation of substantial, forget it. The work of analysis in the state is substantially outside the state. The analyst is not doing this in the state and the extent will also need to be addressed in context of agency law. More to follow... Regards, Dr Craig Wright (GSE-Compliance) Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 http://www.bdo.com.au/ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jon R. Kibler Sent: Wednesday, 27 February 2008 8:49 AM To: security basics Cc: Scott Moulton; Bert Knabe Subject: Re: PI to do Forensics? WAS: Re: Two questions Okay, I AM NOT A LAWYER, but... I just found time to break down and read the SC PI statute. It says that you must be a PI to "... to obtain or furnish information with reference to the: identity, habits, conduct, business, occupation, honesty, integrity, credibility, knowledge, trustworthiness, efficiency, loyalty, activity, movement, whereabouts, affiliations, associations, transactions, acts, reputation, or character of a person; (or) ... securing of evidence to be used in a criminal or civil proceeding, or before a board, an administrative agency, an officer, or investigating committee..." Computer forensics is not explicitly mentioned, but I would think that the 'securing of evidence' probably includes that too. What worries me is that IDSes, network monitoring, maybe even log capture and analysis could fall into that category. I am not a lawyer. However, I can see where it could be twisted such that if I worked for a company, and I got caught violating company policy through someone in IT looking for evidence of a policy violation, and that person was a PI, they either could not use that evidence to punish me, of if they did and I was to turn around a sue them, that evidence could not be used in court. You can check your own state's laws at: http://www.law.cornell.edu/states/listing.html IMHO, if you are doing incident response or computer/network forensics -- including intrusion detection -- you should get legal advice! Jon -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 m: 843-224-2494 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Current thread:
- Re: PI to do Forensics? WAS: Re: Two questions, (continued)
- Re: PI to do Forensics? WAS: Re: Two questions Adam Pal (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- Re: PI to do Forensics? WAS: Re: Two questions Jon R. Kibler (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- Re: PI to do Forensics? WAS: Re: Two questions Jon R. Kibler (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Craig Wright (Feb 27)
- RE: PI to do Forensics? WAS: Re: Two questions Craig Wright (Feb 27)