[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] redefining research: vulnerability journalism
From: Christopher Gilbert <motoma () gmail ! com>
Date: 2010-04-28 3:43:13
Message-ID: i2k2f0f8aa21004272043z1edcb608mf559fa85a2a6d064 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
As Chen found out, simply stating "I'm a journalist" will not save your
computer when armed men come knocking on your door to execute a search
warrant.
I'm not sure your interpretation holds up; the protections that Wired
alluded to states an exception if "there is probable cause to believe that
the person possessing such materials has committed or is committing the
criminal offense to which the materials relate..." [1]
But I'm no lawyer.
[1] http://www.law.cornell.edu/uscode/42/2000aa.html
<http://www.law.cornell.edu/uscode/42/2000aa.html>
On Tue, Apr 27, 2010 at 6:31 PM, J Roger <securityhocus@gmail.com> wrote:
> Discovered a security flaw in a production system you had no authority or
> permission to audit? Afraid to disclose the information for fear of
> prosecution? Don't stress too much, you have some protection if you redef=
ine
> yourself as a "vulnerability journalist"
>
> According to a recent Wired article on the "stolen" Apple iphone fiasco,
>
> The federal Privacy Protection Act prohibits the government from seizing
>> materials from journalists and others who possess material for the purpo=
se
>> of communicating to the public. The government cannot seize material fro=
m
>> the journalist even if it=92s investigating whether the person who posse=
sses
>> the material committed a crime.
>>
>> Instead, investigators need to obtain a subpoena, which would allow the
>> reporter or media outlet to challenge the request and segregate informat=
ion
>> that is not relevant to the investigation.
>>
> Perhaps the "journalist" title isn't even necessary thanks to the "and
> others" bit there but it also couldn't hurt, besides it sounds kind of co=
ol
> right. Now this of course doesn't imply that you can't be prosecuted for =
a
> crime, just that they can only use subpoenas and not warrants. Naturally,
> being a ethical and moral vulnerability journalist you would never rm any
> incriminating evidence as part of the process to "segregate information t=
hat
> is not relevant to the investigation."
>
> Out: Narcissistic Vulnerability Pimp
> In: Vulnerability Journalist
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
[Attachment #5 (text/html)]
<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; \
border-collapse: collapse; ">As Chen found out, simply stating "I'm a journalist" \
will not save your computer when armed men come knocking on your door to execute a search \
warrant.<br> <br>I'm not sure your interpretation holds up; the protections that Wired \
alluded to states an exception if "<span>there is probable cause to believe that the \
person possessing such materials has committed or is committing the criminal offense to which \
the materials relate..." </span>[1]<br> <br>But I'm no lawyer.<br><br>[1] <a \
href="http://www.law.cornell.edu/uscode/42/2000aa.html" target="_blank" style="color: rgb(0, 0, \
204); ">http://www.law.cornell.edu/uscode/42/2000aa.html</a></span><div><a \
href="http://www.law.cornell.edu/uscode/42/2000aa.html" target="_blank" style="color: rgb(0, 0, \
204); "></a><font class="Apple-style-span" face="arial, sans-serif"><span \
class="Apple-style-span" style="border-collapse: collapse;"><br> </span></font><br><div \
class="gmail_quote">On Tue, Apr 27, 2010 at 6:31 PM, J Roger <span dir="ltr"><<a \
href="mailto:securityhocus@gmail.com">securityhocus@gmail.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;"> Discovered a security flaw in a production system you had no \
authority or permission to audit? Afraid to disclose the information for fear of prosecution? \
Don't stress too much, you have some protection if you redefine yourself as a \
"vulnerability journalist"<br>
<br>According to a recent Wired article on the "stolen" Apple iphone \
fiasco,<br><br><blockquote style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, \
204);padding-left:1ex" class="gmail_quote"> <p>The federal Privacy Protection Act prohibits the \
government from seizing materials from journalists and others who possess material for
the purpose of communicating to the public. The government cannot seize
material from the journalist even if it’s investigating whether the
person who possesses the material committed a crime.</p>
<p>Instead, investigators need to obtain a subpoena, which would allow
the reporter or media outlet to challenge the request and segregate
information that is not relevant to the investigation.</p></blockquote><div>Perhaps the \
"journalist" title isn't even necessary thanks to the "and others" bit \
there but it also couldn't hurt, besides it sounds kind of cool right. Now this of course \
doesn't imply that you can't be prosecuted for a crime, just that they can only use \
subpoenas and not warrants. Naturally, being a ethical and moral vulnerability journalist you \
would never rm any incriminating evidence as part of the process to "segregate information \
that is not relevant to the investigation."<br>
<br>Out: Narcissistic Vulnerability Pimp<br>In: Vulnerability Journalist <br></div>
<br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div><br> </div>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic