> -----Original Message-----
> From: Lance Spitzner [mailto:lancehoneynet.org]
(...)
> If you are confused about what the legal issues are,
> do not be frustrated. No one is exactly sure, as there
> is little, if any legal precedence concerning honeypot
> technologies. The Honeynet Project has a team working with
> the Department of Justice to identify issues at the Federal level.
(...)

Anybody else outside US doing the same? Like in Europe ...

(...)
> Our initial findings are that entrapment is not a large
> concern. Entrapment applies only to law enforcment, or its
> agents. That most likely eliminates most people on this
> list. Even for law enforcement, entrapment may not be an
> issue, as most honeypot technology do not induce an attacker
> to do something they would normally not do.
(...)

As far as I know, at least here in Portugal, I suppose entrapment at a
honeypot/net level is not illegal. Anybody else in other european
countries can say the same?

(...)
> What is most likely a legal concern is privacy. Honeypot
> technologies, especially Honeynets, can capture extensive
> amounts of information, including IRC chats, emails, and
> keystrokes. Is that information legal? It may not be, we do
> not know at this time. There is a tremendous amount of
> variables involved, such as how you gathered the information,
> what county you are in, what country the attacker is in, what
> you intend to do with the information, etc. To complicate
> the matter even more, local or state laws can supersede
> Federal laws. For more information on the Project's current
> findings, check out the Legal section in
(...)

Yeah, privacy can be a legal issue, for example here if that info is an
organized database with personal data. Any UE country will have the same
law (or should have), because this cames from a law of the UE Parlement
and apply to all UE.

I don't know if this can be an issue for the honeynet.org, but it would
be nice a document/page at the site with a list of countries/TLD with
the correspondent legal issue (entrapment; databases with personal info;
<insert legal issue here>; ...)checked or not, and if possible with a
link to a page where the related national law can be available to read.

For Portugal, these are major links (all in portuguese):
http://www.pj.pt/htm/noticias/criminalidade_informatica.htm
(categorization of cyber/IT crimes)
http://www.pj.pt/htm/legislacao/dr_informatica/Lei109_91.htm (law for
the IT crimes)
http://www.pj.pt/htm/legislacao/dr_informatica/Lei67_98.htm (law for the
protection of personal data)

BTW, in a honeynet where IRC chats are included, do/can honeynets
capture DCC chats?

F.M.

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]