A.1.2. Human Rights Act

In 1998, the UK incorporated the European Convention on Human Rights into its own legislature and this came into effect mostly in 2000. The majority of the Human Rights Act is not terribly interesting to us, but Article 8 is profoundly relevant.

Article 8 of the Human Rights Act

Right to respect for private and family life

  1. Everyone has the right to respect for his private and family life, his home and his correspondence.

  2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

An example of how this can be a problem for a penetration tester is this: It might be necessary as part of a penetration test to perform network-level snooping or 'sniffing' (in order to gather passwords, for example). This can be a fairly indiscriminate activity and it's very easy to pick up on things that you shouldn't see. If you happen to intercept an email from a member of staff to her husband, for example, then you have clearly violated the first clause of Article 8 – the right to privacy in correspondence. The fact that the security policy might dictate that company systems are not to be used for private correspondence is totally ...

Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial