From: Craig Wright (cwright@bdosyd.com.au)
Date: Wed Oct 19 2005 - 19:35:30 EDT
On another point, "work on an affidavit for a client with their counsel"
would be covered, but this is different to engaging a third party to
conduct a Pen test - an agreed procedures audit in effect.
A Pen Test in this case would require that it was conducted in order to
complete the affidavit - an unlikely situation in itself. It would also
require anticipated or contemplated proceedings. Is the Pen test being
solely completed as there is an expectation of being involved with
litigation?
Again I do not see this as a good argument as this is an improbable
situation. Also it would open the opposing council to engage their own
Pen Test which would be admissible and have significant weight.
Craig
-----Original Message-----
From: Paul Robertson [mailto:compuwar@gmail.com]
Sent: 20 October 2005 8:08
To: Craig Wright
Cc: pen-test@securityfocus.com; rob havelt
Subject: Re: Pen test - Attorney client Privilege?
On 10/19/05, Craig Wright <cwright@bdosyd.com.au> wrote:
[snip a buncha stuff I agree with]
> Discovery could request the reports directly from the Pen Tester -
> thus by passing privilege any way.
Previous disclaimers apply- but here's my understanding-
Who you get the information from doesn't change its protection unelss
it's been disclosed outside of the necessary participants- in which case
privilege is lost.
For instance, when I work on an affidavit for a client with their
counsel, it's generally still protected material so long as only the
counsel, myself and the client are party to the work product. Once it's
filed, the affidavit itself is not protected (unless it's under
seal,) but the work product that got us to the final version is
protected to a very large extent.
My analysis of opposing counsel's affidavit is probably a better
example, but I don't do that all too frequently (lack of interesting
engagements.)
It shouldn't matter if you go after me, the client or the attorney-
privilege is extended under the correct circumstances to the
communication, as it's done with counsel in preparation for a lawsuit.
Paul
-- www.compuwar.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:04 EDT