Penetration Testing mailing list archives
Re: Information Assessment Legality
From: anthony.cicalla () gmail com
Date: Mon, 11 Oct 2010 22:17:25 +0000
I would look into a private investigators license or something to that effect since basically that's the service that a pi would normally do. I'd also do due diligence on the clients for option b to understand why they are requesting the information and what they intend to do with it as well just to cya. Sent via BlackBerry from T-Mobile -----Original Message----- From: Stephen <stephen () greyhat-security com> Sender: listbounce () securityfocus com Date: Mon, 11 Oct 2010 13:35:42 To: <pen-test () securityfocus com> Reply-To: stephen () greyhat-security com Subject: Information Assessment Legality Hi all, we're considering offering 2 new services at Greyhat-Security, but wanted to know quite simply whether they'd be legal or not. I imagine they would be, but I'd appreciate if anyone could offer their views and experiences, or preferably, reference to the relevant laws. The services are: a) A personal information integrity check. The client pays us to conduct a review of all their personal information on the internet, where it's located, and the impact that could have on them or their business. b) A information review on a target. The client pays us and provides us with a starting point (a targets email, website, etc), and we find out as much as we can about said target using provided information, then provide the client with a report. Now, I would assume that option A is legal, as the person is requesting information on themselves, and we'd be using already publicly available information, however, I just wanted to confirm this, and whether a special license would be needed. Option B I would also assume would be legal, as services like Intelius do a similar thing (publicly available information on anyone at a cost), however, I wanted to know if there were special licenses needed, and whether we would be responsible if that information were used to commit a crime, or not? Thank you all for your input. -- Stephen CEO of Greyhat-Security.com Education, Assessments, and Community Phone (Skype): +618 8121 7403
Current thread:
- Information Assessment Legality Stephen (Oct 11)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality anthony . cicalla (Oct 12)
- Message not available
- Re: Information Assessment Legality Stephen (Oct 12)
- Re: Information Assessment Legality Michal Zalewski (Oct 12)
- Message not available
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Stephen (Oct 12)
- RE: Information Assessment Legality Brad Bemis (Oct 13)
- Information Assessment Legality bala subramanian (Oct 12)
- Re: Information Assessment Legality Joe Peters (Oct 13)
- Re: Information Assessment Legality Stephen (Oct 13)