What if child porn is encountered during research?

[jim.halfpenny at gmail.com (Jim Halfpenny)]

2009/9/10 Adrian Crenshaw <irongeek at irongeek.com>

> If the CP in question is encountered while servicing a computer with a
> known user/owner then reporting it is the ethical right thing to do.
> However, in the case of darknet research it's next to impossible to know
> where it came from, and if it was reported everytime a new image/video was
> found you would be in calling an FBI field office every 20min. This has a
> huge chilling effect on such research, or at least the publishing of such
> research. I'm asking a lawyer I know on the issue, and in the mean time
> being careful where I click.
>
> Adrian


You made the point much better than I did. I'm uncertain of the value of
submitting evidence without context. Legal council is clearly essential. Let
us not assume what law enforcement wants from the white hat community while
at the same time not assume they have a full understanding on what this
research can offer. Now would be a good time to ellicit a response from
governments as well as law enforcement on how researchers should tackle this
issue.

The child exploitation issue asside, researchers can be exposed to all sorts
of material of value to law enforcement. Suppose you obtain a copy of an
online banking trojan, you have evidence of a crime and something that the
posession of which could entail legal liability. By the same measure
shouldn't this be reported to the police? Here there is a higher probability
that the evidence could provide law enforcement with a lead but the subject
matter being far less emotive leads me to believe far fewer people would
stand up and say you absolutely must report this crime.

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090910/16650748/attachment.htm