Use a Honeypot, Go to Prison? 507
scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said
Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""
Err... (Score:5, Insightful)
Intercepted communications? (Score:5, Insightful)
Re:Err... (Score:4, Insightful)
And there's tons of legal precedent out there making homeowners liable for injuries incurred on their premises, regardless of the motivation of the "visitor."
If you look at all of the cases out there, one could make a very strong argument that homeowners are required by this precedent to make their homes safe for burglars.
This really isn't any different if you think about it. We have to make sure we exercise care for the safety of criminals. It's sad, but unfortunately becoming more true every day.
loopholes (Score:3, Insightful)
I mean, I know there's always the opportunity for abuse, etc., but... come on! I mean, a lawbreaker sues because something bad happened *while breaking the law*.
That's just sad. And not sad as in: 'that criminal is an idiot'... sad as in: 'that justice system needs some work'.
Re:Err... (Score:4, Insightful)
I can *sue* you for making this post if I have the money and a lawyer...I might be the laughingstock of the courtroom, but I have the right to sue you.
It's all about selective enforcement. (Score:1, Insightful)
Consider the $5,000 damage threshold [google.com]. The FBI won't even prosecute you unless there is an upstanding member of the community (usually corporate) who will attest that you have damaged them to the tune of $5,000 or more. Who would claim that a honeypot did them 5 grand in damages? That is the real question.
Keep in mind that nmap creator Fyodor managed to hack some jerk of a Slashdot user [slashdot.org] and brag about it on his website without getting prosecuted. This is because he knew the rule of selective enforcement.
Re:Err... (Score:3, Insightful)
Actually, it's nothing like it, since the law is about electronic communications.
You know, the reason Linda Tripp got in so much shit for taping Lewinski's conversations.
If someone calls you on the phone, you cant tape it to use it against them (unless they know it's being taped).
So, honeypots aside, if you apply this to computers, does not any sort of log count? Web hit logs? Cookies that you didnt know about? Email spools?
Maybe I can sue slashdot for tracking my IP to stop me from posting too much.
Of course I cant, this is basically just a bunch of "OMG big brohter is teh suck" geek whining.
It looks to me... (Score:5, Insightful)
Re:oh no! (Score:5, Insightful)
Re:Err... (Score:5, Insightful)
hmmm (Score:3, Insightful)
( Go ahead, mod me down - I can take the hit. )
Honey pots (Score:4, Insightful)
>SELECT * FROM spamers WHERE clue > 0
>0 rows returned
Re:Err... (Score:5, Insightful)
I think it's fucked up myself too. Sure if someone is entering my house, I can shoot them. But by God if they cut themselves on a steak knife I left out I might be liable for thousands.
Oh well, in the larger scheme of things our legal system is still new. It will take a while for stuff like this to get sorted out.
Jury of idiots (Score:4, Insightful)
A Modest Proposal (Score:5, Insightful)
Re:Err... (Score:1, Insightful)
Bullshit double fucking standards! (Score:4, Insightful)
And now, the law says that I, the owner of a computer system, have no right to monitor or intercept the comings and goings of an UNauthorized user on said system? In fact, I can be sued for doing so?
How is this not a ridiculous double standard? Not counting any "I understand my computer system is subject to monitoring" policy form you may sign at work. Doesn't UNAUTHORIZED computer access trump any kind of claim to privacy that the unauthorized user may make?
Furthermore, would you be covered by putting a disclaimer somewhere on that system? I would imagine that something like "ALL users of this system are subject to monitoring. By continuing to access this system you signal your willingness to be monitored. If you do not agree, disconnect now." would do the trick.
~Philly
Re:loopholes (Score:2, Insightful)
However, when a crime is occuring on personal property I do not think that the same rules that apply to law enforcement should apply to the property owner.
Consider: In some states both parties must be aware that they are being recorded on the telephone. However, say some weirdo calls me in middle of the night and makes a death threat. Should I have to tell him, hold on, I have to tell you I am recording before you attempt to threaten my life? No, that is absurd.
One note on the honey pot idea though. If someone is using a honey pot as a jump off point to launch an attack from, the honey pot might be considered aiding a criminal in the act of commmiting a crime. Since the honey pot is intentionally put out there with security holes to act as a catch spot.
Just an idea. Sort of like vigilante justice, let the law enforment enforce the law.
Re:loopholes (Score:2, Insightful)
Please calm down... (Score:4, Insightful)
Playing Chicken Little in these forums somehow means that you rack up incredible karma.
If everyone lived this cautiously, we'd never leave our houses for fear of getting sued.
Re:Prove it. (Score:3, Insightful)
have used a
Never use anything less than a
an injured animal is more dangerous than before.(hope i dont need to explain that one)Using a
Re:Heh. (Score:2, Insightful)
Is Gator Advertising illegal then?? (Score:1, Insightful)
I would think any ISP tracking/monitoring, web-tracking monitoring by a third-party (not you, and not the internet site) would be illegal by FCC regulations?
I'm not a lawyer, obviously, so what do the rest of you, more educated folks think?
Re:Prove it. (Score:2, Insightful)
In Australia the home owner would be guilty of manslaughter at least and if he had used a weapon without having first been threatened directly by the trespasser would spend some time in jail. Home owners are allowed only defensive action that is proportionate to the perceived threat. You shoot blindly into the dark and you're in trouble.
And setting man-traps (even accidental) is definately a no-no. It's plain illegal. And there was a case not long ago where a home-owner electrified a garden fishpond with mains electricity to "discourage" a local animal predator and who killed a trespasser who stumbled into the pond. They were guilty of manslaughter.
This is silly... (Score:4, Insightful)
Can't do it in Oz either... (Score:2, Insightful)
The more out-there states of the US have rules on self-defence that are a lot more unrestrictive than just about anywhere else in the Western world.
Re:Back under the bridge, (Score:3, Insightful)
Re:Err... (Score:4, Insightful)
Personally I would consider any place that honours the rights of a burglar committing an act of terrorism above the rights of a law abiding citizen in their own home far more the fascist shithole than one which allows the responsible protection of one's life, family, and property.
I really don't understand at all how anyone in one of the supposed "enlightened lands" where the reverse is true can live there, knowing that criminals can break in and kill and rape their wives and children and be protected by the state in doing so, since they have been disarmed and are given no rights of self defense. Any reasonably civilized society could not allow such a thing, as it is pure barbarism, as far as I am concerned.
Sorry to say it but... (Score:3, Insightful)
Disgusting.
Re:Moral issue (Score:2, Insightful)