Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: You shady bastards.

Re: You shady bastards.

From: J. Oquendo <sil_at_infiltrated.net>
Date: Wed, 06 Jun 2007 11:57:52 -0400

Tim wrote:
> As mentioned multiple times by multiple posters, but apparently eluded
> your reading, the recipient's consent:
>
> A) May have never been given
> B) May have expired with the employment contracts
> C) May not apply at all if the monitoring party was not given
>
>
> authorization by the company

You're basing your arguments on assumption...

A) I don't know ... Do you?
B) Most contracts have expiry dates on NDA's if signed. More then likely
with a security company.
C) You don't know. I don't know.

We can infer from B) and C) that 1) recipient worked for a security
company. 2) More than likely
signed an NDA or contractual agreement 3) Because they are a security
company in place, they
*should have* had some form of policy in place detailing things.

So if 2 and 3 are correct, there is no law broken period. So re-posting:

/ *SNIPPET * /

"Courts have held that the wiretap law required interception in
transmission before - finding that
seizing of a computer gaming company's email, perusing a secure website
under false pretenses,
reading an independent insurance agent's corporate email, installing and
using tracking cookies,
and even hacking into a computer and retrieving email does not violate
the wiretap law.
/ * STOP FOR A SECOND * /

See the last sentence?

/* SNIPPET * /
The courts have observed that to "intercept" something, according to the
dictionary, is "to stop,
seize, or interrupt in progress or course before arrival" and therefore
that "a contemporaneous
interception - i.e., an acquisition during flight - is required to
implicate the Wiretap Act.
/* STOP AGAIN */

See this last sentence?

/* SNIPPET */
Several court cases have upheld that checking email after transmission
is legal (i.e. email auditing),
since it is viewed as no different than searching through a file in an
employee's drawer.
/* END SNIPPET */

So before I go on... May I ask you how many times have you dealt with
these issues or
anything like them in court? Care to ask me the same?

See: "The Ordinary Course of Business Exception"
http://www.law.duke.edu/journals/dltr/articles/2001dltr0026.html
http://www.theregister.co.uk/2004/07/05/close_email_wiretap_loophole/
http://thomas.loc.gov/cgi-bin/query/z?c109:S.936: 

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g' 
"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Received on Jun 06 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]