OSINT Best Practices: Legal & Ethical Considerations


What was once the domain of highly specialized teams even half a decade ago, the collection and utilization of open-source intelligence (OSINT) as a function of security is now becoming a critical component of overall threat intelligence for both Corporate and Information Security teams. With this rise in priority has come the expansion of teams and an influx of new OSINT practitioners.

“The main qualifiers to open-source information are that it does not require any type of
clandestine collection techniques to obtain it and that it must be obtained through means that
entirely meet the copyright and commercial requirements of the vendors where applicable.”

– Mark M. Lowentha

Getting Started With Legal OSINT Collection

It can be easy to get lost in the amount of OSINT data out there and the lines of how and where you find data can start to blur. While maybe not directly clear to corporate security teams as it is to judicially-bound teams, consideration of the law drives better OSINT best practices.

For Law Enforcement: Don’t do anything that procedurally endangers the usefulness/prosecution of an investigation, and if you feel you need a warrant – get one.

For Corporate Security Teams: If your organization wishes to pursue legal action with your findings, anything that would sully a law enforcement investigation in criminal court will likely do the same to your investigation in civil or criminal courts.

Get Free Access

  • Understand the legal and ethical best practices for gathering Open-Source Intelligence (OSINT)
  • Distinguish between the laws and warrants that apply to Law Enforcement and Corporate Security teams gathering OSINT
  • Learn how to eliminate personal bias and keep ethics and civil liberties at the top of mind to maximize the effectiveness of your investigations