Friday, January 29, 2016

Just because you can, doesn't mean it's legal

Just because you have the technical ability to do something, that doesn't make that thing legal.  I came across this text in a description for Paraben's iRecovery USB stick.  I don't think Paraben has anything to do with this horrendous description.  Software descriptions like these are bad for our industry as they make forensic professionals sound shady.

Even if (as the description claims) "sometimes you just have to know," knowing may not be strictly legal.  If you access your boyfriend's phone without  authorization, you are probably breaking the law.  If you have to shoulder surf their pin to unlock the phone, you almost certainly are.

What about accessing a backup file on a computer and parsing through that?  It probably depends on the computer.  What is the location of the computer?  Is it located in a common area?  Does everyone use the same login or are there individual logins for each user?  In general, computers with shared accounts in a shared location get less protection than those that are locked in the owners bedroom, have no shared accounts, and are always protected by a password.  But I am not a lawyer and if you are not sure you should seek advice from one.

Be careful before you decide to image a machine that doesn't explicitly belong to you.  This happens regularly with BYOD when employers overstep and think that because a device is connected to the corporate network, they have permission to do whatever they want.  Depending on your employment agreements, this might be true. But again, consulting with your legal team is ALWAYS the right thing to do.   I can't tell you the number of times Rendition Infosec has been asked to image machines that don't strictly belong to the requesting organization.  Some clients are really annoyed when we ask for questions about authorization, ownership, etc.  But remember: just because you can, doesn't mean it's legal.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.