I think Ken's point is, that even if your *company* has gotten warning, that doesn't mean that *you* or *IT* will be given sufficient warning to identify the right machines or storage areas where the data is, in order to prevent them from taking more systems than is necessary to satisfy the case at hand.
Legal can agree to something that doesn't make any sense, or they can have an understanding of the situation that allows them to feel that they don't need the specific input of someone who would have realized the problem if they had been informed. I could give examples, but I've have to spend lots of time changing names and places.... *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) Harnessing the Advantages of Technology for the SMB market... On Mon, Jun 27, 2011 at 12:16 PM, Alan Davies <[email protected]>wrote: > I'm not sure I understand your point. If they turn up at any of our > premises, then we, as a company will know and have the opportunity to > examine and challenge it (even if the horse has bolted). If it's with a > third party, they can (and it happens a lot) be gagged and you won't > know that your data has potentially been compromised by LE (let's face > it - they're not perfect in terms of technical controls or people > controls; no one is!). > > To some, that's not a relevant business risk; to others it's a > significant one. > > > > a > > -----Original Message----- > From: Ken Schaefer [mailto:[email protected]] > Sent: 27 June 2011 17:07 > To: NT System Admin Issues > Subject: RE: Be Very Wary of "The Cloud"... > > If you are enterprise, then as an IT admin, you have no warning. They > could have turned up at another site for all you know. Maybe your legal > is involved, but they probably decide that they can't involve you. > > -----Original Message----- > From: Alan Davies [mailto:[email protected]] > Sent: Monday, 27 June 2011 5:08 PM > To: NT System Admin Issues > Subject: RE: Be Very Wary of "The Cloud"... > > Michael's comments are spot on - if LE turn up at your premises, they > serve the papers to you and your lawyers have *some* opportunity to > react, plus you have *some* level of control/steering as to what goes > on. If LE turn up at any other premises that you do not own or staff > (don't care what you want to call them re cloud/co-lo!), then they can > be gagged and prevented from even telling you that your data has been > seized. Regardless, you're out of the loop as the other company is > bound to obey the laws of the land and will only do what they're allowed > to do in terms of alerting you. > > This is a very important consideration for cloud if you do not entirely > own the encryption keys (most hold escrow keys ... always push to remove > that capability if you want full control!). Knowing what country your > data could be in and the laws of that/those countries becomes the > responsibility of your own lawyers - this should NOT be an IT decision! > > > > a > > -----Original Message----- > From: Michael B. Smith [mailto:[email protected]] > Sent: 23 June 2011 15:34 > To: NT System Admin Issues > Subject: RE: Be Very Wary of "The Cloud"... > > Call it a "private cloud" if you wish. But if you connect to it over the > Internet - I consider it "a cloud thing". > > The DIFFERENCE is in your last sentence. If your property is seized from > your physical location, then "you" (the corporate "you") are the one > being investigated. If your property (whether by rental, lease, or > ownership) is seized at a data-center, "you" are not necessarily the one > being investigated. I believe the term is "collateral damage". > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
