RE: PI to do Forensics? WAS: Re: Two questions

[Craig Wright <Craig.Wright () bdo com au>]

Here is the issue. YOU CAN NOT TAKE STATUE IN ISOLATION!

You need to look at laws of agency, other occupations code and the interaction of the common law. The US legal system 
is based on common law. You need to take case law into account.

Issue 1 - "Long Arm Statutes"

Most US States have a "long arm" statute.

Gibbons v Brown (1998) 1998 716 So. 2d 868; A car accident resulted following bad directions; the plaintiff sought to 
assert jurisdiction over non-resident on the grounds that the defendant had filed a lawsuit in the forum two years 
earlier stemming from the same incident (the plaintiff was not a party to that suit). The FL long arm-statute permitted 
jurisdiction over those "engaged in substantial and not isolated activity" within the state. It was held, bringing an 
action in the state two years earlier does not qualify as substantial activity, no personal jurisdiction. In the case 
of Dealing with a website (as was expressly not decided in Trintec Indus. v. Pedre Promotional Products) it is likely 
that a website would have to be shown to operate extensively or particularly target the location for jurisdiction to be 
applied. As an example, a site in the UK that operates a US page and sells product stating that they deliver to the US 
could be covered by the US long-arm statutes.

The sale of goods using an intermediary can create personal jurisdiction for patent infringement over the Internet. In 
Trintec v. Pedre Promotional Products , Trintec initiated action against Pedre for an infringement of their patent in 
the District of Columbia. Trintec accused Pedre of contravening Trintec's patents for the automation of printed faces 
used in watches.  Pedre moved for dismissal due to a lack of personal jurisdiction and improper venue.  Pedre attested 
it operated exclusively in a single office in NY and was without facilities or representatives in Washington D.C.  The 
district court granted Pedre's motion and discharged the action for a lack of personal jurisdiction.

The case was appealed. The Federal Circuit reconsidered the issues surrounding general and specific jurisdiction:
"Specific jurisdiction 'arises out of' or 'relates to' the cause of action even if those contacts are 'isolated and 
sporadic.' . . . General jurisdiction arises when a defendant maintains 'continuous and systematic' contacts with the 
forum state even when the cause of action has no relation to those contacts.

The court noted that they were "left totally in the dark about the reasons for the district court's action."  The 
dismissal was vacated. As a consequence, jurisdiction may be found under D.C.'s long-arm statute  in the event that 
Pedre's merchandise was offered for sale in DC. The court considered the extent that an interactive website would 
create jurisdiction but expressly determined not to decide that issue, leaving this matter open. In matters of Patient 
law, the process of selling over the Internet from a site not covered by Patient protections to one that the patient is 
protected could lead to legal action.

The argument of jurisdictional assignment will come to the determination of terms such as substantial. The FUD 
surrounding this topic is immense, but it is FUD. One of the key issues is that most of the people quoting law are NOT 
as they state at time lawyers in any sense of the word. In the SC code, the context of the words used will be 
interpreted on case law, not that of use on this list. No mention of the exclusions or other provisions of the code was 
made in the reply.

As for the interpretation of substantial, forget it. The work of analysis in the state is substantially outside the 
state. The analyst is not doing this in the state and the extent will also need to be addressed in context of agency 
law.

More to follow...

Regards,
Dr Craig Wright (GSE-Compliance)


Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If you are not the named addressee you must not 
read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received 
this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. 
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer 
viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy 
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator () 
bdo com au.

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jon R. Kibler
Sent: Wednesday, 27 February 2008 8:49 AM
To: security basics
Cc: Scott Moulton; Bert Knabe
Subject: Re: PI to do Forensics? WAS: Re: Two questions

Okay,

I AM NOT A LAWYER, but...

I just found time to break down and read the SC PI statute.

It says that you must be a PI to "... to obtain or furnish
information with reference to the: identity, habits, conduct,
business, occupation, honesty, integrity, credibility, knowledge,
trustworthiness, efficiency, loyalty, activity, movement,
whereabouts, affiliations, associations, transactions, acts,
reputation, or character of a person; (or) ... securing of evidence
to be used in a criminal or civil proceeding, or before a board, an
administrative agency, an officer, or investigating committee..."

Computer forensics is not explicitly mentioned, but I would think
that the 'securing of evidence' probably includes that too. What
worries me is that IDSes, network monitoring, maybe even log
capture and analysis could fall into that category.

I am not a lawyer. However, I can see where it could be twisted
such that if I worked for a company, and I got caught violating
company policy through someone in IT looking for evidence of a
policy violation, and that person was a PI, they either could
not use that evidence to punish me, of if they did and I was to
turn around a sue them, that evidence could not be used in court.

You can check your own state's laws at:
        http://www.law.cornell.edu/states/listing.html

IMHO, if you are doing incident response or computer/network
forensics -- including intrusion detection -- you should get
legal advice!

Jon
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
m: 843-224-2494




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.