On Tue, 4 Jan 2011, Aaron McCaleb wrote: > On Tue, Jan 4, 2011 at 12:56, Cat Okita <[email protected]> wrote: >> [0] It may be that you're thinking of situations where the standard response >> is "Do you have a search warrant"... but again, there are >> standard reasonable responses to such things... > > Yes. Case "[0]" is what I was thinking of. I realize there are > reasonable responses to such things in the US and should be reasonable > responses to such in most other countries, if a search warrant is > issued before search and/or seizure. But I have precisely NO > experience with being served with a search warrant, in the US or > anywhere else. So I don't know if a notice that "Dear $userbase, > Please be advised that our mail/database/vhost data stores have been > seized pursuant to a search warrant" is normally permitted, or if the > details of the search warrant are permitted to be disclosed, etc. So > to my mind, there could be an ethical obligation to disclose the > warrant, with a legal obligation not to disclose...
I think there are two different issues here. 1. data got comprimised in some way (inside or outside attacker). what notification should take place. in some places ther are laws requireing that users be notified, in other places queries of 'did my data get exposed' are greeted with 'do you have a search warrent to force us to answer you' 2. a govenment demands access to the data, and potentially tells you what restrictions you have on telling people about the access. This could be via a search warrent (in the US for example), of via other methods. I think it's perfectly find for LOPSA to take a position for the first case, but remain silent about the second case (other than 'follow the laws that apply in your juristiction) David Lang _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
