Policy
2.7 MB
OSINT Legal and Ethical Guidelines
A practical guide to staying lawful, proportional, and considerably less likely to create a meeting with Legal.
4.8 rating
756 extractions
Updated 4/14/2026
The part where professionalism defeats chaos
OSINT being "open source" does not mean every action is appropriate, necessary, or defensible.
Focus areas
- Scope control and documented authorization.
- Data minimization and proportionality.
- Evidence handling and auditability.
- Escalation paths when a case wanders into territory that should involve counsel or law enforcement.
Practical decision rules
Before collection
- What is the legitimate purpose?
- What information is actually necessary?
- What sources are fair game within scope?
During collection
- Avoid unnecessary sensitive data capture.
- Document why invasive-seeming steps are justified.
- Pause when the work drifts from verification into curiosity tourism.
Before reporting
- Remove irrelevant sensitive details.
- Mark confidence and limitations honestly.
- Escalate when findings imply criminal behavior, safety risk, or legal review.
Useful professional mantra
Just because data is visible does not mean collecting, storing, or redistributing it is automatically wise. Many excellent bad ideas begin with the sentence, "Technically it was public."
"But it was public" is not a legal strategy. It is a sentence people say shortly before a difficult afternoon.