[cap-talk] bundling designation and authority

Ian G iang at systemics.com
Sat Oct 15 09:38:39 EDT 2005

David Hopwood wrote:

> Whether the site was a phishing site -- which is information that he was
> (implicitly) authorized to obtain.

I agree.  I see this as an implicit permission
to do due diligence.  I'd go even further and
suggest there is a general duty of care, and
if Cuthbert had not conducted DD he would have
failed in his duty to protect the card issuer.

But Adam Shostack raised an interesting dismissal
when he said "due diligence is done with permission."


Is it?  Isn't an invitation to do business
accompanied by a general permission to do
due diligence?

I know in specific cases, such as employment,
there are exceptions where a company gets
releases signed, but those are generally more
serious investigations involving the release
of confidential info.

I suspect this is a question that only a lawyer
can answer.


More information about the cap-talk mailing list