OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: David McGovern (dmmcgove_at_hotmail.com)
Date: Fri Sep 13 2002 - 09:24:05 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There is no entrapment with honeypots. Entrapment is defined as inducing or
    coercing someone into committing a crime that they would otherwise not have
    committed. Honeypots are analagous to undercover narcotics agents waiting
    to be approached by buyers. Perfectly legal.

    >From: Lance Spitzner <lancehoneynet.org>
    >To: honeypotssecurityfocus.com
    >Subject: Entrapment issues
    >Date: Fri, 13 Sep 2002 09:03:55 -0500 (CDT)
    >
    >Noticed some issues about entrapment being raised. One
    >of the things I and several other members of the Honeynet
    >Project are working on is better understanding and documenting
    >the legal issues of honeypot technologies. We are currently
    >working with the US Department of Justice to identify
    >these issues. Currently we have identifed three areas dealing
    >with honeypots.
    >
    > - Privacy
    > - Liability
    > - Entrapment
    >
    >Of the three, entrapment is the least issue of honeypots,
    >yet it seems to be the one issue most people focus on.
    >Entrapment is only a defense to avoid a conviction, you cannot
    >be civily or criminally prosecuted for entrapment. Also,
    >you can only use it as a defense against law enforcement, or
    >its agents. Surprisingly, most legal professionals feel that
    >even for law enforcement, honeypots are not an entrapment
    >issue. The attacker was going to hack into some boxes either
    >way, your honeypot did not change the attackers behavior, at
    >most it just changed his intended target.
    >
    >Privacy is where things can get complicated, especially for
    >high interaction honeypots that capture emails and conversations
    >in real time. I'm not even going to try to document all those
    >issues, I leave that to greater minds then I :)
    >
    >If you are interested in learning more, chapter 15 in the
    >new honeypot book was written by Richard Salgado of the US
    >Department of Justice, Jennifer Granick of Stanford, and
    >David Dittrich of University of Washington. They documented
    >these issues in far greater detail. Its based on US Federal
    >law, but can be an interesting eye opener for anyone.
    >
    > http://www.tracking-hackers.com/book/
    >
    >--
    >Lance Spitzner
    >http://www.honeynet.org

    _________________________________________________________________
    Send and receive Hotmail on your mobile device: http://mobile.msn.com