Use a Honeypot, Go to Prison? 507
scubacuda writes "Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, according this (old) Security Focus article. Honeypots could be federal criminal law calls "interception of communications", a felony that carries up to five years in prison. Because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row. "It would take chutzpah," said
Richard Salgado, senior counsel for the Department of Justice's computer crime unit, "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won.""
oh no! (Score:5, Funny)
Who knew that honeypots would lead to jail? I bet even Owl and Rabbit didn't know that!
Re:oh no! (Score:4, Funny)
Yeah, you can tell that to my cellmate, Bubba!
Re:oh no! (Score:5, Insightful)
Re:oh no! (Score:3, Funny)
Re:oh no! (Score:5, Funny)
"Oh, bother," said Pooh (Score:5, Funny)
"Oh, bother," said Pooh (Score:5, Funny)
Re:oh no! (Score:4, Funny)
but it bounced!
Err... (Score:5, Insightful)
Re:Err... (Score:3, Funny)
Ah but the burglar CAN sue you for cutting himself on your knife. Welcome to the good old US of A.
Re:Err... (Score:4, Insightful)
I can *sue* you for making this post if I have the money and a lawyer...I might be the laughingstock of the courtroom, but I have the right to sue you.
Re:Err... (Score:5, Interesting)
He won't win though
He might. Burglars have successfully sued homeowners for falling through a roof and injuring themselves whilst breaking into said house.
Re:Err... (Score:5, Funny)
Re:Prove it. (Score:5, Informative)
Second Story Burglar Sues Homeowner [aol.com]
Danbury, CT - An admitted second story burglar is suing a homeowner. Michael Malone attempted to enter a three-story residence by climbing a tree to gain admittance through an open third floor window. Unfortunately for Malone, the tree limb broke and the 275 pound burglar crashed to the ground. When the homeowner heard the commotion, he went outside to investigate. In the dark, he spied a figure moving toward the rear of his five acre lot and fired one round from a
I thought I had seen a story more along the lines you suggest, but I think I'm remembering the scene from Liar Liar. I googled for a bit and didn't find any "real" stories (snopes didn't have anything either).
I did find this -- Check this out:
New Twists on Occupiers Liability [rbs.com]
Can a Burglar Sue a Homeowner for Injuries Sustained During a Break-in?
Anyone who trespasses on land to commit a criminal act is deemed to have willingly accepted all risks of injury while on the land. For example, if a burglar slips and falls down a dimly lit staircase while breaking and entering into your home, there is no liability imposed on the homeowner.
Even a criminal trespasser, however, has some rights. A homeowner will be liable for creating "a danger with intent to do harm" or for acting "with reckless disregard for the safety" of a trespasser. If you have seen the movie "Home Alone" then I am sure that you can think of several examples which would fall into this category. A trip wire attached to the trigger of a shotgun clearly creates danger intended to harm the trespasser. In British Columbia, the Occupiers Liability Act tries to differentiate between accidental injuries to trespassers and deliberate attempts to cause harm or injury to trespassers. Generally speaking, there will be no liability for the accidental injury to a trespasser but there will be liability for the deliberately caused injury.
I think it's an urban legend. I don't think you can be sued unless you do something like set up a booby-trap or shoot him or something.
Re:Prove it. (Score:3, Insightful)
have used a
Never use anything less than a
an injured animal is more dangerous than before.(hope i dont need to explain that one)Using a
Obligatory Blazing Saddles Quote (Score:3, Funny)
Re:Prove it. (Score:5, Interesting)
If the story on this case is correct, all it shows is that when homeowners go blindly shooting into the night, they are likely to be responsible for their bad acts, even if they injure a person who was also engaged in bad acts. Those who would suggest that this case gives carte blanche to burglars are just engaging in legal FUD.
Re:Prove it. (Score:4, Funny)
Re:Err... (Score:5, Insightful)
I think it's fucked up myself too. Sure if someone is entering my house, I can shoot them. But by God if they cut themselves on a steak knife I left out I might be liable for thousands.
Oh well, in the larger scheme of things our legal system is still new. It will take a while for stuff like this to get sorted out.
Re:Err... (Score:2)
As antis0c said:
Obviously, the solution is to leave a gun out that the
Re:Err... (Score:5, Funny)
Burglar enters my house through a window.
Window breaks, burglar cuts arm.
I hear it, grab my gun, and see the burglar bleeding on my oriental throw rug.
I say, "Sorry man, I don't really want to kill you, but I won't be liable for it and there's less paperwork that way."
BAM!
Re:Err... (Score:5, Informative)
Both of these have to do with building/safety/fire codes, and you're liable for anything that happens to anyone if you dont meet code.
Of course, the burglar still goes to jail.
Its a case of two wrongs not making a right, it makes for two punishmens.
Re:Err... (Score:5, Funny)
Stupidity always manages to get its way...
Re:Err... (Score:2)
Dumb frickin' laws. Just goes to prove that the population is rising at logarithmic levels while the universal IQ is a constant.
Re:Err... (Score:4, Insightful)
And there's tons of legal precedent out there making homeowners liable for injuries incurred on their premises, regardless of the motivation of the "visitor."
If you look at all of the cases out there, one could make a very strong argument that homeowners are required by this precedent to make their homes safe for burglars.
This really isn't any different if you think about it. We have to make sure we exercise care for the safety of criminals. It's sad, but unfortunately becoming more true every day.
Re:Err... (Score:3, Interesting)
not really. if you put an expensive jewel in your front yard, display it prominently, tell others that there are no security measures preventing theft, blah.... and then put a trap which would kill intruder. well, you will go to jail for doing that.
Re:Err... (Score:2)
Re:Err... (Score:2)
The chief difference between a honeypot and a man-trap is that the honeypot doesn't kill intruders. Duh.
Re:Err... (Score:5, Interesting)
not really. if you put an expensive jewel in your front yard, display it prominently, tell others that there are no security measures preventing theft, blah.... and then put a trap which would kill intruder. well, you will go to jail for doing that.
That's an interesting analogy, but the "trap which would kill intruder" part is silly. A honeypot does not kill a cracker, it does not trojan their system(s), it doesn't do anything except act like a generic and (usually) unsecured box. If I have an expensive jewel in my front yard, and I have a security camera (heh) that records some guy stealing it, can he sue me for video taping him on _MY_ property stealing _MY_ possession?
Re:Err... (Score:3, Informative)
"Premises subject to video monitoring"
Or one of them like that. There are even laws that say how big that sticker is supposed to be.
Re:Err... (Score:4, Insightful)
Personally I would consider any place that honours the rights of a burglar committing an act of terrorism above the rights of a law abiding citizen in their own home far more the fascist shithole than one which allows the responsible protection of one's life, family, and property.
I really don't understand at all how anyone in one of the supposed "enlightened lands" where the reverse is true can live there, knowing that criminals can break in and kill and rape their wives and children and be protected by the state in doing so, since they have been disarmed and are given no rights of self defense. Any reasonably civilized society could not allow such a thing, as it is pure barbarism, as far as I am concerned.
Re:Err... (Score:3, Insightful)
Actually, it's nothing like it, since the law is about electronic communications.
You know, the reason Linda Tripp got in so much shit for taping Lewinski's conversations.
If someone calls you on the phone, you cant tape it to use it against them (unless they know it's being taped).
So, honeypots aside, if you apply this to computers, does not any sort of log count? Web hit logs? Cookies that you didnt know abo
Re:Err... (Score:5, Informative)
Yes, you can...depending on the state.
It just happened that Ms. Tripp's taping occurred in Maryland, where both parties must consent to taping. Many states only require one party's consent, however.
Re:Err... (Score:2)
I think it would only count if your system was acting as a relay between two end-points. Then, it would also only count if you didn't publicize what you are doing. I think that I am going to add that onto my systems... "Any information passed through this system may be logged and used as the operator sees fit or under court subpeona. If you do not agreee, di
Re:Err... (Score:4, Interesting)
The FCC has ruled ( taping telephone conversations [consumer-action.org] ) regulations do not apply to law enforcement investigations, emergency situations or patently unlawful conversations .
So, since a breakin into a honeypot is an "illegal conversation" between your server and some hacker, started by the hacker, FCC rules don't apply.
Re:Err... (Score:5, Insightful)
Jury of idiots (Score:4, Insightful)
Not so far fetched (Score:3, Interesting)
Not what I meant (Score:2)
Re:Err... (Score:2)
You obviously don't live in the USA. I'm sure it's happened, and maybe the burglar didn't win but I bet (s)he had their day in court.
Re:Err... (Score:2)
Re:Err... (Score:3, Informative)
I'd say that your analogy is quite accurate. But it may not even matter. What you said reminds me of this apparently true story, from here. [ebaumsworld.com] It goes as follows:
"Terrence Dickson of Bristol, Pennsylvania, was leaving a house he had just finished robbing b
Re: Urban Ledgend "Stella's" (Score:2, Informative)
Re:Err... (Score:5, Informative)
http://www.snopes.com/legal/lawsuits.asp [snopes.com]
And since you almost certainly believe all the crap about that McDonalds coffee lawsuit (and probably won't read through the entire page I referenced above) here's the important details left out in most tellings of it:
http://www.atlanet.org/consumermediaresources/tie
Re:Err... (Score:2)
Kinda, but to extent the analogy, I can shoot the burglar dead if my life is being threatened, so there is a line there where my liability ends and my right of self defense begins. Where is that line when it comes to a computer system?
I don't think anyone knows the answer to that right now, since the courts are still wrestling with it. Hopefully there will be a few luc
Like Bees to... (Score:4, Funny)
Intercepted communications? (Score:5, Insightful)
Re:Intercepted communications? (Score:2)
I remember reading this article when it came out on SF, so give me a break if I'm shaky on the details. That said, the point was that if a cracker breaks into your honeypot and launches an attack from there (or just uses it to check his email and chat on IRC) which you log, you have intercepted communications in which you were not participating.
Obviously
What about home security cameras? (Score:4, Interesting)
Re:What about home security cameras? (Score:2)
Not to mention that the most common attacks will be automated and the bad guy will never see your notification.
Heh. (Score:5, Funny)
Re:Heh. (Score:2)
what about it?
Re:Heh. (Score:4, Informative)
Obligatory Coffee Lawsuit Facts link [google.com]. I wish people would stop bringing up this example incorrectly.
Re:Heh. (Score:3, Interesting)
Somebody please elect some legislators who actually understand that information technology invol
Re:Back under the bridge, (Score:3, Insightful)
Eh, I wouldn't worry (Score:4, Interesting)
Re:Eh, I wouldn't worry (Score:2)
Exploit (Score:5, Funny)
1) Find Open Windoze SMB share (or any open, insecure systems)
2) "Hack" into it
3) Try to get caught (log files, whatever)
4) Claim that was a honeypot
5) Sue for profit
It does seem this easy.
WANTED... (Score:2, Funny)
Suspect goes by the name of "Winnie the Pooh" which he received because he smears feces all over his victims after he murders them. Suspect keeps company with the likes of a bouncing self proclaimed "thug" named "Tigger" and a small yet crafty mastermind of evil "Piglet".
Suspects should be conidered armed and dangerous. If seen, please contact Detective Christopher Robinson.
We advise the public to keep all Honeypots safely out of sight and or smell.
hmm (Score:2)
Better unlock my door for the Feds!
Well then make it useful (Score:5, Interesting)
loopholes (Score:3, Insightful)
I mean, I know there's always the opportunity for abuse, etc., but... come on! I mean, a lawbreaker sues because something bad happened *while breaking the law*.
That's just sad. And not sad as in: 'that criminal is an idiot'... sad as in: 'that justice system needs some work'.
It looks to me... (Score:5, Insightful)
They're selling, but I'm not buying (Score:3, Interesting)
but something that hurts that cause is overly reactionary or
alarmist agruments. This articles strikes me that way.
Anyone who has spent some time in a court room realizes that
judges are not the completely inept morons they are often made
out to be. Sure someone could "sue" you for breaking a
wiretapping law, that doesn't however mean they would win.
People seldom appreciate the difference between those two
things, anyone can sue for just about anything. Whether or not
they win the case is an entirely different thing.
Saying that monitoring a honey pot is a violation of the federal
wiretapping act is a huge legal stretch IMO. Even though a
honeypot is designed to be hacked, it still has to be hacked.
They still have to commit a felony to get into it, that's the
equivalent of saying that if someone hacks into your workstation
and you happen to be monitoring it at the time you are then in
violation of the federal wiretapping act. That is just patently
absurd.
The one example they use isn't very compelling to me either.
They are as usual light on the details, but "tapping" a cell
phone that isn't yours is an entirely different story than
monitoring a computer that you own and operate.
Every once in a while we get crazy laws on the books, and off
the wall judges pushing their own agenda's, but when things make
it to the supreme court or the higher courts, things usually
shake out in a logical and reasonable fashion. The first time
someone get's *successfully* prosecuted under this, then I'll
buy it.
Just changed my MOTD (Score:5, Funny)
Honey Pot? (Score:4, Funny)
Does it get you a better buzz?
Implications in piracy (Score:2, Interesting)
I wonder what this would mean for other "red herring" type of defense measures....
Something doesn't add up here (Score:5, Funny)
No anti-MS sentiment... posted by Taco... not a dupe...
This story is a honeypot! Whatever you do, don't post any comments! It's a trick! It's a tri^&T3ATZ
NO CARRIER
unfair (Score:2)
hmmm (Score:3, Insightful)
( Go ahead, mod me down - I can take the hit. )
Re:hmmm (Score:2)
Ok, venturing way OT, but yes, there is a site where you can vote on stories. K5 [kuro5hin.org]. However, here on /., no way.
Honey pots (Score:4, Insightful)
>SELECT * FROM spamers WHERE clue > 0
>0 rows returned
FUD in summary (Score:5, Informative)
RTFA. The use of a honeypot won't get you in trouble. The prosecution of someone hacking your honeypot won't get you in trouble. The prosecution of someone hacking your fileserver based solely on the honeypot's logs has the *potential* to get you in trouble.
Kidnapper (Score:2)
This specific case seems VERY different than using a honeypot for computer security, and it sounds like the alleged kidnapper may have actually had a case. I'd like to see more information about that case before making comparisons, unfortunately I was unable to find any.
VITTU OLEN 30 KYMPPINEN! (Score:2)
a translation (Score:2, Informative)
I'm curious (Score:2)
Let's say you're somebody (maybe Fyodor [insecure.org]) and you break into someone's system and subsequently monitor it through screenshots [slashdot.org]. This is a rather clearcut case, is it not? The wiretapping is bad no matter which sides you place the two parties on.
Furthermore, this smacks of vigilan
USA? How about other countries? (Score:2)
Re:USA? How about other countries? (Score:2)
It's not just us (US), it's endemic to all bureacracies. It's quite possibly caused by the toxic side effects of Administratium [liv.ac.uk].
RIAA & Honey Pots (Score:4, Interesting)
This could be a great way to annoy the RIAA when they try and sue or fine someone that actually doesn't have illegal material on their hard drive.
Has anyone done this yet? Any storys? Could the honey pot project be used to simulate a FTP server with mp3 goodies?
DP
Re:RIAA & Honey Pots (Score:3, Interesting)
Sure can. The RIAA already does it to downloader's with bogus mp3's and crippled music files. Just serve up the crap you downloaded from them. Then if they try to sue or hack your box then countersue under the allegation that they were already sharing these files and did not provide with any "fair use" instructions when you d'loaded them from the myriad of fake users/servers they have dishing this junk out to the public. Wh
Local issues involved (Score:4, Informative)
Now, normally Federal law usurps State law, so this wouldn't matter. However, in a case where it is dubious as to whether the Federal law applies, it's perfectly possible that it could be ruled that State law takes precedence in this case.
The second thing to consider is that you can't profit by someone's crime. Thus, it would be illegal for a cracker to attack a honeypot for the purpose of making money via the Federal law. The cracker would then be placed in the position of needing to prove that their attack was for unprofitably malicious purposes.
A Modest Proposal (Score:5, Insightful)
Re:A Modest Proposal (Score:5, Funny)
Re:A Modest Proposal (Score:3, Informative)
Bullshit double fucking standards! (Score:4, Insightful)
And now, the law says that I, the owner of a computer system, have no right to monitor or intercept the comings and goings of an UNauthorized user on said system? In fact, I can be sued for doing so?
How is this not a ridiculous double standard? Not counting any "I understand my computer system is subject to monitoring" policy form you may sign at work. Doesn't UNAUTHORIZED computer access trump any kind of claim to privacy that the unauthorized user may make?
Furthermore, would you be covered by putting a disclaimer somewhere on that system? I would imagine that something like "ALL users of this system are subject to monitoring. By continuing to access this system you signal your willingness to be monitored. If you do not agree, disconnect now." would do the trick.
~Philly
A burglar alarm is not a wiretap (Score:5, Interesting)
On the Honey Pot issue, what differentiates it from a Online game? You put it there, people come and there are rules to get in. It would seem that the argument that putting up a Honeypot is an invitation to enter (the Honeypot only). While a SysAdmin could learn valuable lessons from observation, the defense of the Alleged hacker could be that they 'KNEW' it was a Honeypot and that the price of entry was cleverness not cash. Therefore they are playing a game, one in nature much like Ultima online or Neverwinter Nights.
Don't worry about this, it's for the most part a groundless fear. If you did actually come under attack by some foolish District Attorney, likely You would be getting calls from the likes of Johnny Cochran and Alan Dershowitz offering free legal.
This article is fearmongering a distant cousin of trolling.
Re:A burglar alarm is not a wiretap (Score:3, Interesting)
It must be nice to live someplace high-profile enough that someone like Johnny C. would be interested in helping you. I live in a small town in the upper Midwest; do you really think any big-name lawyer would provide me with a pro bono defense?
Anybody notice? (Score:5, Funny)
An online Starcraft RPG? Free, only at [netnexus.com]
In soviet russia, all your us are belong to base!
Karma: Redundant!
Please calm down... (Score:4, Insightful)
Playing Chicken Little in these forums somehow means that you rack up incredible karma.
If everyone lived this cautiously, we'd never leave our houses for fear of getting sued.
Also lock me for.... (Score:3, Interesting)
Intrusion Prevention Systems do the same thing, except they have the ability to actaully interfere with the conversation and drop packets or block hosts. Imagine a wire tap that could mute one of the callers to interfere with meaningful conversation.
Firewalls too. Lets also lock up everyone using a firewall. A firewall, or cluster of firewalls monitor all the traffic (eamil, web, ftp, etc.) in and out of almost every business network on the internet. ALL of these devices are looking at and selectivly recording traffic on those networks.
Nearly every network security tool can be compared to a wire tap....however, its my damn wire!
The real question to ask is:
Can I legally tap my own wires?
As a business owner, is it legal for me to record and be aware of the incoming and outgoing communications from my business?
A Honeypot is Not Entrapment (Score:4, Interesting)
Federal wiretap laws prohibit interception of electronic communications, including traffic monitoring across a network. There are exceptions for network protection, but Salgado said that is an "uneasy fit" for honeypots, because they are set up with the expectation of being attacked.
This isn't entirely correct. If you are the owner of the network, you can monitor what happens on it. You can doubly protect yourself by putting a banner on your login page that says that any use of the network is subject to monitoring, but the key thing that courts have looked at with regard to such monitoring is whether the person had a legitimate expectation of privacy in the communication. I think a judge would have a tough time accepting an argument that someone attacking your network had a legitimate expectation of privacy in his/her attack.
Even if you were only allowed to monitor your network for defensive purposes, I think the honeypot could arguably qualify as a defensive tool. For example, I have limited budget for physical security at my home. I recognize that there are a number of ways that someone could break in, and I take steps to secure or prevent those. However, if someone is determined to break in, I must recognize that they will find a way. To deal with that possibility, I try to recognize where an intruder might be able to break in, and I have cameras in those areas. If I could only afford a certain number of cameras, I might make one path a little easier or attractive than the others so that the intruder would take that path and thereby pass in front of the camera allowing me to gather evidence of the crime. The intruder has already committed the crime by being inside the house, the camera simply collects the evidence. By placing a honeypot and monitoring it, you are simply putting an intrusion detector on a place where unauthorized individuals are likely to go, if they are already committing the crime of being inside your network without authorization.
An operator might be held liable for damages if a compromised honeypot is used to launch an attack against a third party. "We don't know" if such liability would hold up in court, Salgado said.
This is theoretically possible, and I actually wrote another article for USENIX's magazine ";login:" on this subject called, "You've Been Cracked...And Now You're Sued."[1] But, if you're setting up a honeypot, you ought to be sophisticated enough to isolate it and prevent outbound attacks on other networks (or at least either notify those networks that they are being attacked or shut down the attack as soon as it starts). There's really no excuse for setting up a honeypot and then allowing it to be used as a zombie.
A hacker charged with illegal activities involving a honeypot could argue entrapment, which Salgado said is a difficult defense. He said it might not apply to so-called passive honeypots.
Salgado is correct that entrapment is a very difficult defense. The article doesn't point out, however, that the defense of entrapment is also only available to someone who is being prosecuted as the result of activity by a government agent (like the DOJ, FBI or some state or local law enforcement agency). If your company (or client), as a non-governmental entity, sets up a honeypot and a cracker gets prosecuted because of it, the defense of entrapment is not available. See the legal definition of entrapment at http://dictionary.lp.findlaw.com/
Furthermore, as Salgado also notes, because a honeypot is a purely passive thing, even if you were a government agent, you are not really inducing or encouraging a potential cracker to go attack it. If you were a government agent and set up a honeypot and then anonymously went to hacker sites and talked about this fantastic server with all kinds of really cool stuff on it and how easy it was to own, etc., etc., then you might be setting yourself up for the defense of entrapment.
John
[1]
Sigh... nothing to see here (Score:4, Informative)
Here is how I have been trained in regards to wire tap (I am a security analyst):
The wiretap act is broad and prohibits intentional interception (use, etc) of someone else's electronic communications. This Act (see 18 U.S.C. p2511(1)) has a bunch of exceptions two of which are relevant to this discussion:
1. The provider exception may apply if the communications were intercepted during active monitoring for the purposes of system defense,
2. The consent of party exception may apply if you have banners declaring that you monitor all traffic.
From what I have been instructed, I only need to really take care with #1 which is what I'm exactly doing when I fire up a honey pot. (#2 is a part of company policy so it is not optional.)
If I deploy a honey pot for the purpose of monitoring and protecting my network, then I should be able to claim exemption from the Wiretap Act via #1 above. Of course the honeypot damn well better be deployed for the purposes of defense and not something I just threw on the corporate network without authorization.
That's the theory anyway; as far as I know, this has not been tested in the courts yet.
Bogus Article by Poulson (Score:5, Interesting)
First, if a person runs a honeypot on their network, a network they control, or a device that they control, then it is not interception of communications. It is _logging_ responses and action taking place _within_ that device, not _intercepting_ communications. There have to be three parties to intercept - the sender, the receiver, and the interceptor.
Second, even if it were interception of communications (which it is not), then not only would all of the system logs in Unix/Windows be illegal, but so would every web server log in the US. Even worse, that caller ID display that you have would also be illegal - it intercepts information to display on your phone.
Finally, if monitoring a honeypot is illegal, then monitoring a hacked server would be as well. So, if your machine were infected by a virus that talked to an IRC channel, the you would be guilty of an illegal interception of communication.
If anyone ever loses a lawsuit because of this, appeal, and also sue your own lawyer for incompetence!!!
Read the source email (http://www.securityfocus.com/archive/119/293431/
Salgado does not have a good grasp of this. This can be shown simply. If he were correct, then the phone companies would require a wirtetap order to even _view_ their phone logs for any suspected phreaking on their network. Somehow, I doubt that Ma Bell gets a wiretap order for to look at their phone logs.
Mark Radulovich, CISSP
This is silly... (Score:4, Insightful)
It's an IDS!! (Score:4, Interesting)
Sorry to say it but... (Score:3, Insightful)
Disgusting.
Another question: Is spam a "communication"? (Score:4, Informative)
These are 100% accurate aginst spam - filters and blacklists are not. Will they be outlawed?
Check out the bubblegum proxypot. It's a neat way to hurt spammers:
http://world.std.com/~pacman/proxypot.html
Don't forget the relay spam honeypot (Jackpot):
http://jackpot.uk.net
See Wiretap Act, 18 U.S.C Sec. 2511 (Score:5, Informative)
First of all, Richard Salgado has got to tell people to be very careful. He's a prosecutor for the government. He's got to say things that err on the side of safety, and of never condoning possible violations of the law. (He's a nice guy, and a good speaker. He's just very obviously in one corner, and has the party line to hew to).
Secondly, read 18 U.S.C. Section 2511 [usdoj.gov]. That lays out the _exceptions_ to the Wiretap Act, which includes the Provider exception, which boils down to: if you own the machine, and have appropriate banners, and the wiretap is done "while engaged in any activity which is a necessary incident to the rendition of [the rightful adminstrator's] service or to the protection of the rights or property of the provider of that service...". The reason the gov't is goosey about honeypots is, if it is a property laid out to be broken into, then is the wiretapping justfied? If you're doing it as part of the defense of your network, consensus tends to be yes. If you're doing it for shits and giggles, there tends to be less consensus. The gov't needs to be able to prosecute anyone, so without court cases telling them otherwise they're leaning to the stricter interpretation.
Thirdly, if you're interested, read the posted practical assignments for the SANS GCFA (Forensics) [giac.org] course/certification. The original assignment (the only one posted currently) has three parts, the third of which is Describe in detail your authority as a system administrator with regards to this statute. [giac.org] Keep in mind that none of those people are lawyers, but most of them sat through a course including Richard Salgado talking on this issue, and all of them worked their butt off to write the paper and pass the course. More work than goes into, say, a /. post 8).
Re:This is all false information (no, it's not) (Score:5, Interesting)
I did a little research to see if I could validate or invalidate A Proud American's claims. While he is marginally correct on the facts, his interpretation is very far off.
First and foremost, I learned that the FBI and other similar anti-crime organizations of the U.S. government will not (I repeat, will not) prosecute or even attempt to investigate computer-related security crimes that involve less than $5,000 in liabilities.
Semi-true. There is a technical $5,000 threshold in order for the FBI to have federal jurisdiction over cybercrimes. State law still applies. Additionally, the FBI can probably gain jurisdiction to charge with other laws (they've mentioned RICO) if the crimes cross state lines (and there is judicial precedent that sets the bar merely at passing through an out-of-state router, in the case of a threat delivered over AIM with both perpetrator and victim in the same state).
Also, the $5,000 threshold is not particularly strict under new guidelines in the USA PATRIOT Act, so that they encompass summed damages from different attacks, damages in downtime and time responding, etc. In other words, the bar is very low and easily met with semi-probably damages; $5,000 is more of a requirement to prevent people from being charged for, say, portscanning. See here: http://www.astalavista.com/technologies/library/cr ime/usa.shtml [astalavista.com].
And civil suits are always an available alternative.
Prison is actually fairly easily awarded; often we complain just as much about the strict jail time for such minor crimes as the lack of jail time.
Other measures of prosecution are becoming much harsher and stricter now, too, especially with all our terror enforcement (er, I mean anti-terror, Mr. Ashcroft, sir) measures. I mentioned RICO above (see here: http://lists.insecure.org/lists/isn/2000/Feb/0029. html [insecure.org].
So prison is a real possibility; federal prosecution is pretty easy to get; but you should all still make sure you keep up to date with security. Just don't rely on A Proud American for your information.
Oh, yah. And befriend me. Please? Pretty please? I'll be your friend!