OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mosher, Robert E. (robert.mosher_at_cmet.af.mil)
Date: Mon Sep 16 2002 - 14:01:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There was a presentation on this subject at the 2002 Black Hat Briefings.
    The presenter was a U.S. Department of Justice attorney specializing in
    network law and computer crime. That might make him a authoratative source.
    He explained everything in everyday English, not legalese. His Powerpoint
    slides can be found at
    http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Mark%20Eckenw
    iler

    -----Original Message-----
    From: Fred Cohen [mailto:fcall.net]
    Sent: Monday, September 16, 2002 10:52 AM
    To: honeypotssecurityfocus.com
    Subject: Acting for LE

    More misunderstandings and misinformation... I would suggest that those
    who do not have at least some real-world experience with legal issues
    and who are not lawyers stop trying to assert their points of view on
    legal issues to the list. So far, essentially all of them have been at
    odds with the written law, case law, and reality on the ground.

    Wire tapping statutes:

    The wire tapping statutes in most states in the US make it a felony to
    listin to a telephone conversation without permission (unless you are
    one of those calling or being called). There are 'one party' and 'two
    party' states in the US - in a one-party state only one party needs
    grant permission. In a two-party state, both must agree. The
    permission is associated with recording of the conversation as well as
    listening in. Notice is often required for listening in, as an example,
    'your call may be recorded for quality assurance purposes'. The notice
    means that you are now giving permission by continuing the call and the
    recordings are normal business records - thus are admissable under the
    heresay exception for normal business records.

    Whether wire tap laws apply to interstate computer communications is
    still an open question, particularly in the case of 'chat' and other
    real-time sessions between human individuals. In terms of recording
    keystrokes, auditing of other sorts, recording all packets and their
    content, etc. this has been ruled on as legal and admissible under
    various conditionsin various courts. The provision of notice, and in
    particular, the notice provided in proper employee agreements, are
    legally adequate in all US jurisdictions today for this sort of data
    collection as well as presentation in court.

    If law enforcement wishes to record such information, this is a
    different matter. It requires either a title 5 or a standard search
    warrant depending on whether you are tapping real-time communicaitons
    (title 5) or examining residual data left from prior acts (Standard
    search warrant).

    I am not a lawyer.

    FC
    --This communication is confidential to the parties it is intended to
    serve--
    Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
    fcall.net The University of New Haven.....http://www.unhca.com/
    http://all.net/ Sandia National Laboratories....tel:925-294-2087