skip to top

OSINT Best Practices: Legal & Ethical Considerations

The vast landscape of OSINT data and its usefulness in enhancing your security posture is undeniable. With the increase in its demand and the evolution of its applications across the security industry, it is easy to sprint to the finish line in terms of OSINT data and miss important concepts and practices that will better ensure the success of the mission

What was once the domain of highly specialized teams even half a decade ago, the collection and utilization of OSINT data as a function of security is now becoming a critical component of overall threat intelligence for both corporate and information security teams. With this rise in priority has come the expansion of teams and an influx of new OSINT practitioners.

“[OSINT is intelligence] produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.” – U.S. Director of National Intelligence

OSINT IS NOT A BUBBLE

To meet the demands of the security landscape – whether that be corporate, law enforcement, government, intelligence, or military – a comprehensive set of tactics, techniques, and procedures (TTP) must be employed. To that point – OSINT is no magic bullet. It is but one facet of intelligence one could gather to be added to a bigger pool of investigative data from other sources in order to best complete the mission at hand.

AN OSINT INVESTIGATION IS JUST AN OSINT INVESTIGATION

OSINT investigations are just that – an investigation that collects OSINT data and that alone. It generally shouldn’t be associated with hacking, intrusion testing, physical security testing, undercover operations or any other security-related offerings. If your OSINT investigation starts to require the above, it might be time to get a warrant.

“The main qualifiers to open-source information are that it does not require any type of clandestine collection techniques to obtain it and that it must be obtained through means that entirely meet the copyright and commercial requirements of the vendors where applicable.” – Mark M. Lowenthal

osint best practices legal osint ethical osint

WHAT YOU’LL LEARN

  • Understand the legal and ethical best practices for gathering open source intelligence (OSINT).
  • Distinguish between the laws and warrants that apply to Law Enforcement and Corporate Security teams gathering OSINT.
  • Learn how to eliminate personal bias and keep ethics and civil liberties at the top of mind to maximize the effectiveness of your investigations.