Re: Pen test - Attorney client Privilege?

From: Paul Robertson (compuwar@gmail.com)
Date: Wed Oct 19 2005 - 09:00:48 EDT

• Next message: jonas: "Replica Rolex - Stun your friends!"
• Previous message: Lyal Collins: "RE: Pen test - Attorney client Privilege?"
• In reply to: Lyal Collins: "RE: Pen test - Attorney client Privilege?"
• Next in thread: ma.teo: "Re: Pen test - Attorney client Privilege?"
• Reply: ma.teo: "Re: Pen test - Attorney client Privilege?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 10/19/05, Lyal Collins <lyal.collins@key2it.com.au> wrote:
> I'm not a lawyer either, but see a couple of interesting twists to this
> approach, in some situations.

I'm still not a lawyer...

>
> In the case of the credit card PCI standard, evidence of
> vulnerability/pen-test activities need to be made available to the
> accredited PCI auditor (for mid-large sites, anyway).
>
> Taking this to one possible extrapolation, will the lawyers be providing
> relevant statements regarding conduct of tests to the PCI auditor who then
> relies upon these statements for their own legal indemnity in making
> statements towards the site's PCI compliance?
>
> Are the lawyers going to make assessments as to the meanings and outcomes of
> the pen/vuln testing to PCI or other auditors?
> Does this make lawyers involved in liability to one or more third parties
> with whom the law firm (usually) has no commercial, contractual or legal
> relationship (e.g. Acquiring Bank, Card Scheme, PCI Auditor)?
> Would/could this cause the confidentiality shield to be punctured?

Yes, it would. According to my research, disclosure to any 3rd party
not directly involved in the litigation or pre-litigation process on
behalf of the client or the client's counsel invalidates privilege.

Paul

--
www.compuwar.net
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: jonas: "Replica Rolex - Stun your friends!"
• Previous message: Lyal Collins: "RE: Pen test - Attorney client Privilege?"
• In reply to: Lyal Collins: "RE: Pen test - Attorney client Privilege?"
• Next in thread: ma.teo: "Re: Pen test - Attorney client Privilege?"
• Reply: ma.teo: "Re: Pen test - Attorney client Privilege?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:04 EDT