Honeypots are a new and emerging technology for the security community. Many security professionals are just now beginning to understand what honeypots are, their different types, how they work, and their value. As with many new technologies, not only are the professionals attempting to learn about them but so is the legal community. As honeypots and their concepts have grown more popular, people have begun to ask what legal issues could apply. The purpose of this paper is to address the most commonly asked issues. The concepts covered here will be focusing on US statutes, not international, mainly because I'm only familiar with US law. However, these concepts most likely also play some role in the international community. Also, this paper assumes you are familiar with the definition of a honeypot. If you are new to honeypots, I recommend you first read the paper Honeypots: Definitions and Values.

Before we begin, I would like to start off by saying that this paper is based on my opinions. I am in no way an authority on legal issues (heck, I'm a history major who blew things up with M1A1 Main Battle Tanks). However, I feel I have a relatively good feel of honeypots and have worked extensively with several members of the legal community on honeypot legal issues. Before I go any further, I would also like to thank both Jennifer Grannick, Director of Stanford Center for Internet and Society, and Richard Salgado of the CCIPS Department of Justice, for their help in writing this paper.

[ Read more ]

Related items

• Software: LaBrea Honeypot
• Article: Security Year in Review: Honeypots (16 December 2002)
• Article: Interview with Lance Spitzner, Security Expert (19 November 2002)
• Review: Honeypots: Tracking Hackers (6 November 2002)