Re: Information Assessment Legality

[Stephen <stephen () greyhat-security com>]

Thanks Sebastien - that's quite helpful. I assumed option B would be the
one that causes the problems. Much appreciated :)

On Tue, 2010-10-12 at 01:03 +0200, Sébastien Hénarès wrote:
> Hi, option A is legal as you are contracted to do the task, option B
> on
> the other hand is kind of problematic, for once, local laws can allow
> you
> to display the "whois" information, on the other aspects of this, it
> should 
> be noted that it could be assumed as "detective" duty, and you might
> need
> to pass an exam (in france for example, you cannot exercise the
> profession
> of finding informations like that without a license, it is tolerated
> but in case
> you do that on a massive scale to do data gathering, you should be
> considering
> a lawyer advice, preferably one that has a profile of being 
>
> 1) local to the country where you are going to target (U.S if in
> states etc)
> 2) Is doing investigations legal aspects (litigious specialized should
> have a 
> good knowledge on the subject ironically)
> 3) None of the above if you redisplay already existing data (but i
> think 
> intellectual rights law sometimes tell you to ask permission for
> sourcing)
>
> I hope i did gave you enough material ;)
>
> -- 
> HSN
>
>
> 2010/10/11 Stephen <stephen () greyhat-security com>
>         Hi all, we're considering offering 2 new services at
>         Greyhat-Security,
>         but wanted to know quite simply whether they'd be legal or
>         not. I
>         imagine they would be, but I'd appreciate if anyone could
>         offer their
>         views and experiences, or preferably, reference to the
>         relevant laws.
>         
>         The services are:
>         a) A personal information integrity check. The client pays us
>         to conduct
>         a review of all their personal information on the internet,
>         where it's
>         located, and the impact that could have on them or their
>         business.
>         b) A information review on a target. The client pays us and
>         provides us
>         with a starting point (a targets email, website, etc), and we
>         find out
>         as much as we can about said target using provided
>         information, then
>         provide the client with a report.
>         
>         Now, I would assume that option A is legal, as the person is
>         requesting
>         information on themselves, and we'd be using already publicly
>         available
>         information, however, I just wanted to confirm this, and
>         whether a
>         special license would be needed. Option B I would also assume
>         would be
>         legal, as services like Intelius do a similar thing (publicly
>         available
>         information on anyone at a cost), however, I wanted to know if
>         there
>         were special licenses needed, and whether we would be
>         responsible if
>         that information were used to commit a crime, or not? Thank
>         you all for
>         your input.
>         
>         --
>         Stephen
>         CEO of Greyhat-Security.com
>         Education, Assessments, and Community
>         Phone (Skype): +618 8121 7403

-- 
Stephen
CEO of Greyhat-Security.com
Education, Assessments, and Community
Phone (Skype): +618 8121 7403

Attachment: signature.asc
Description: This is a digitally signed message part