Re: Pen test - Attorney client Privilege?

[Paul Robertson <compuwar () gmail com>]

On 10/19/05, Craig Wright <cwright () bdosyd com au> wrote:
[snip a buncha stuff I agree with]

> Discovery could request the reports directly from the Pen Tester - thus
> by passing privilege any way.

Previous disclaimers apply- but here's my understanding-

Who you get the information from doesn't change its protection unelss
it's been disclosed outside of the necessary participants- in which
case privilege is lost.

For instance, when I work on an affidavit for a client with their
counsel, it's generally still protected material so long as only the
counsel, myself and the client are party to the work product.  Once
it's filed, the affidavit itself is not protected (unless it's under
seal,) but the work product that got us to the final version is
protected to a very large extent.

My analysis of opposing counsel's affidavit is probably a better
example, but I don't do that all too frequently (lack of interesting
engagements.)

It shouldn't matter if you go after me, the client or the attorney-
privilege is extended under the correct circumstances to the
communication, as it's done with counsel in preparation for a lawsuit.

Paul
--
www.compuwar.net

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------