Here is the issue. YOU CAN NOT TAKE STATUE IN ISOLATION!
You need to look at laws of agency, other occupations code and the interaction
of the common law. The US legal system is based on common law. You need to take
case law into account.
Issue 1 - "Long Arm Statutes"
Most US States have a "long arm" statute.
Gibbons v Brown (1998) 1998 716 So. 2d 868; A car accident resulted following
bad directions; the plaintiff sought to assert jurisdiction over non-resident
on the grounds that the defendant had filed a lawsuit in the forum two years
earlier stemming from the same incident (the plaintiff was not a party to that
suit). The FL long arm-statute permitted jurisdiction over those "engaged in
substantial and not isolated activity" within the state. It was held, bringing
an action in the state two years earlier does not qualify as substantial
activity, no personal jurisdiction. In the case of Dealing with a website (as
was expressly not decided in Trintec Indus. v. Pedre Promotional Products) it
is likely that a website would have to be shown to operate extensively or
particularly target the location for jurisdiction to be applied. As an example,
a site in the UK that operates a US page and sells product stating that they
deliver to the US could be covered by the US long-arm statutes.
The sale of goods using an intermediary can create personal jurisdiction for
patent infringement over the Internet. In Trintec v. Pedre Promotional Products
, Trintec initiated action against Pedre for an infringement of their patent in
the District of Columbia. Trintec accused Pedre of contravening Trintec's
patents for the automation of printed faces used in watches. Pedre moved for
dismissal due to a lack of personal jurisdiction and improper venue. Pedre
attested it operated exclusively in a single office in NY and was without
facilities or representatives in Washington D.C. The district court granted
Pedre's motion and discharged the action for a lack of personal jurisdiction.
The case was appealed. The Federal Circuit reconsidered the issues surrounding
general and specific jurisdiction:
"Specific jurisdiction 'arises out of' or 'relates to' the cause of action even
if those contacts are 'isolated and sporadic.' . . . General jurisdiction
arises when a defendant maintains 'continuous and systematic' contacts with the
forum state even when the cause of action has no relation to those contacts.
The court noted that they were "left totally in the dark about the reasons for
the district court's action." The dismissal was vacated. As a consequence,
jurisdiction may be found under D.C.'s long-arm statute in the event that
Pedre's merchandise was offered for sale in DC. The court considered the extent
that an interactive website would create jurisdiction but expressly determined
not to decide that issue, leaving this matter open. In matters of Patient law,
the process of selling over the Internet from a site not covered by Patient
protections to one that the patient is protected could lead to legal action.
The argument of jurisdictional assignment will come to the determination of
terms such as substantial. The FUD surrounding this topic is immense, but it is
FUD. One of the key issues is that most of the people quoting law are NOT as
they state at time lawyers in any sense of the word. In the SC code, the
context of the words used will be interpreted on case law, not that of use on
this list. No mention of the exclusions or other provisions of the code was
made in the reply.
As for the interpretation of substantial, forget it. The work of analysis in
the state is substantially outside the state. The analyst is not doing this in
the state and the extent will also need to be addressed in context of agency
law.
More to follow...
Regards,
Dr Craig Wright (GSE-Compliance)
Craig Wright
Manager of Information Systems
Direct : +61 2 9286 5497
Craig.Wright@bdo.com.au
+61 417 683 914
BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/
Liability limited by a scheme approved under Professional Standards Legislation
in respect of matters arising within those States and Territories of Australia
where such legislation exists.
The information in this email and any attachments is confidential. If you are
not the named addressee you must not read, print, copy, distribute, or use in
any way this transmission or any information it contains. If you have received
this message in error, please notify the sender by return email, destroy all
copies and delete it from your system.
Any views expressed in this message are those of the individual sender and not
necessarily endorsed by BDO Kendalls. You may not rely on this message as
advice unless subsequently confirmed by fax or letter signed by a Partner or
Director of BDO Kendalls. It is your responsibility to scan this communication
and any files attached for computer viruses and other defects. BDO Kendalls
does not accept liability for any loss or damage however caused which may
result from this communication or any files attached. A full version of the BDO
Kendalls disclaimer, and our Privacy statement, can be found on the BDO
Kendalls website at http://www.bdo.com.au/ or by emailing
mailto:administrator@bdo.com.au.
BDO Kendalls is a national association of separate partnerships and entities.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Jon R. Kibler
Sent: Wednesday, 27 February 2008 8:49 AM
To: security basics
Cc: Scott Moulton; Bert Knabe
Subject: Re: PI to do Forensics? WAS: Re: Two questions
Okay,
I AM NOT A LAWYER, but...
I just found time to break down and read the SC PI statute.
It says that you must be a PI to "... to obtain or furnish
information with reference to the: identity, habits, conduct,
business, occupation, honesty, integrity, credibility, knowledge,
trustworthiness, efficiency, loyalty, activity, movement,
whereabouts, affiliations, associations, transactions, acts,
reputation, or character of a person; (or) ... securing of evidence
to be used in a criminal or civil proceeding, or before a board, an
administrative agency, an officer, or investigating committee..."
Computer forensics is not explicitly mentioned, but I would think
that the 'securing of evidence' probably includes that too. What
worries me is that IDSes, network monitoring, maybe even log
capture and analysis could fall into that category.
I am not a lawyer. However, I can see where it could be twisted
such that if I worked for a company, and I got caught violating
company policy through someone in IT looking for evidence of a
policy violation, and that person was a PI, they either could
not use that evidence to punish me, of if they did and I was to
turn around a sue them, that evidence could not be used in court.
You can check your own state's laws at:
http://www.law.cornell.edu/states/listing.html
IMHO, if you are doing incident response or computer/network
forensics -- including intrusion detection -- you should get
legal advice!
Jon
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
m: 843-224-2494
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
