RE: Pen test - Attorney client Privilege?
From: Craig Wright (cwright_at_bdosyd.com.au)
Date: 10/20/05
- Previous message: Craig Wright: "RE: Pen test - Attorney client Privilege?"
- Maybe in reply to: rob havelt: "Pen test - Attorney client Privilege?"
- Next in thread: Craig Wright: "RE: Pen test - Attorney client Privilege?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 09:28:30 +1000 To: "Paul Robertson" <compuwar@gmail.com>
A simpler answer on client legal privilege would be
Privilege protects the confidentiality of communication between a
solicitor and the client when those communications are made for the
dominant purpose of providing or obtaining;
1 Legal advice; or
2 Legal services in anticipated or contemplated
proceedings.
Communication which meets the criteria of legal professional privilege
cannot be required to be produced to the court and used as evidence in
legal proceedings.
A Pen test is generally not conducted as point 1), and using point 2)
could open other avenues for civil proceedings.
The question becomes, "Is the Pen Test done in preparation for a legal
proceeding?" I fail to see how this would apply. In some strange
situation this may be the case - but it will not cover general Pen Test
situations - MAYBE it could cover exceptional circumstances involved
with a case, but I do not believe that the original query reflected this
set of circumstances.
Craig
-----Original Message-----
From: Paul Robertson [mailto:compuwar@gmail.com]
Sent: 20 October 2005 8:08
To: Craig Wright
Cc: pen-test@securityfocus.com; rob havelt
Subject: Re: Pen test - Attorney client Privilege?
On 10/19/05, Craig Wright <cwright@bdosyd.com.au> wrote:
[snip a buncha stuff I agree with]
> Discovery could request the reports directly from the Pen Tester -
> thus by passing privilege any way.
Previous disclaimers apply- but here's my understanding-
Who you get the information from doesn't change its protection unelss
it's been disclosed outside of the necessary participants- in which case
privilege is lost.
For instance, when I work on an affidavit for a client with their
counsel, it's generally still protected material so long as only the
counsel, myself and the client are party to the work product. Once it's
filed, the affidavit itself is not protected (unless it's under
seal,) but the work product that got us to the final version is
protected to a very large extent.
My analysis of opposing counsel's affidavit is probably a better
example, but I don't do that all too frequently (lack of interesting
engagements.)
It shouldn't matter if you go after me, the client or the attorney-
privilege is extended under the correct circumstances to the
communication, as it's done with counsel in preparation for a lawsuit.
Paul
-- www.compuwar.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
- Previous message: Craig Wright: "RE: Pen test - Attorney client Privilege?"
- Maybe in reply to: rob havelt: "Pen test - Attorney client Privilege?"
- Next in thread: Craig Wright: "RE: Pen test - Attorney client Privilege?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
