Honeypots: are they illegal?

Friday, 13 June 2003, 3:38 PM EST

Honeypots are a new and emerging technology for the security community. Many security professionals are just now beginning to understand what honeypots are, their different types, how they work, and their value. As with many new technologies, not only are the professionals attempting to learn about them but so is the legal community. As honeypots and their concepts have grown more popular, people have begun to ask what legal issues could apply. The purpose of this paper is to address the most commonly asked issues. The concepts covered here will be focusing on US statutes, not international, mainly because I'm only familiar with US law. However, these concepts most likely also play some role in the international community. Also, this paper assumes you are familiar with the definition of a honeypot. If you are new to honeypots, I recommend you first read the paper Honeypots: Definitions and Values.

Before we begin, I would like to start off by saying that this paper is based on my opinions. I am in no way an authority on legal issues (heck, I'm a history major who blew things up with M1A1 Main Battle Tanks). However, I feel I have a relatively good feel of honeypots and have worked extensively with several members of the legal community on honeypot legal issues. Before I go any further, I would also like to thank both Jennifer Grannick, Director of Stanford Center for Internet and Society, and Richard Salgado of the CCIPS Department of Justice, for their help in writing this paper.

[ Read more ]

Related items


How security pros deal with cybercrime extortion

1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files. 86% of security professionals believed their peers at other organizations have brokered deals with cybercriminals.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Apr 1st