[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: HBGary Mirrors?

I'm wondering along the same lines as Thor, based on intent. One of those
"don't take the piss or the judge is gonna own you" scenarios that would be
tested in court on a per trial basis. Like, if the files were known to
contain encrypted info, and if it was proved that you knew the contents of
those files, then you would be held liable.

@Charles: luckily for me, this is all academic as I've kept as far away as
possible from this hbgary thing :P

On Fri, Feb 18, 2011 at 6:57 PM, Charles Morris <cmorris@xxxxxxxxxx> wrote:

> > Sorry, when I say eligible, I mean "which server would they be allowed to
> > take down by law?".
> > I'm not too hot on the laws of encryption, but I'm sure there is
> something
> > which states that hosting encrypted files are not illegal, it's
> distributing
> > the key which allows you to gain access to those fails, which is actually
> > illegal.
> > *DISCLAIMER: I don't know if the above is true or not, so apologies if I
> got
> > this wrong*
> >
>
> Attempt A:
> Cal, I'm not sure on this point off-the-cuff, however encrypted files
> should* be
> indistinguishable from random data, so assuming that even if a given LEE
> has obtained the key and knows that your distributed data is "illegal", you
> could be held blameless as you have no feasible way to know what the data
> was.
>
> Attempt 2:
> You could also consider a key and an algorithm a "transform" for a set of
> random
> bits, such that once the transform is applied to those bits it would
> result in something
> "bad", so you aren't actually distributing "encrypted" "files" at all..
>
> just random bits :D
>
> *DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies
> if you get jailed for life
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/