Honeypots mailing list archives
Re: Legal Question about privacy
From: tcleary2 () csc com au
Date: Thu, 24 Jul 2003 16:14:42 +0800
But if you break into the AT&T Phone network and then begin using their
phones and talking about how you are going to "stick it to AT&T" then they should have a >right to monitor your communication and trace your call. You broke into their equipment. It's kind of like if I had two vehicles, one of which I didn't care about, and that >one happened to get stolen. Then I contacted the police who tracked down the thief, but they told me that he could drive around in the car and do whatever he wanted >until he decided to bring it back or wreck it. Everyone would think that was crazy. Dear Josh, I was interested to read your email because I think your use of analogies from the law enforcement field is illuminating. However, as an ex-cop I can give you a counter example that might be interesting. Under U.K. law ( the type I used to enforce... ) you couldn't report a hire car stolen, or indeed if you lent your car to someone and they failed to return it ( cf. a honeypot where you permit a hacker to "drive" your system? ) The reason for this is that in order to have someone else take the wheel ( and thus the risks inherent in being a driver ) they must not have permission from the owner/keeper to drive the car away before they commit an offence. In order to prove most offences, one of the fundamental principles is that of "unauthorised" activity. One of the potential problems of trying to prove a crime with evidence of activities happening on a honeypot is that the "offender" may try to claim that because he could never affect anything outside the "playpen" and since he must have had implicit permission to get onto the box ( you did leave it insecure on purpose, right? ;-) then he has not committed any crimes. Letting people walk under such circumstances is the kind of thing courts do..... Regards, tom. __________________________________________________ Security Consultant/Analyst CSC Ph: +61 8 9429 6478 Email: tcleary2 () csc com au ---------------------------------------------------------------------------------------- This email, including any attachments, is intended only for use by the addressee(s) and may contain confidential and/or personal information and may also be the subject of legal privilege. Any personal information contained in this email is not to be used or disclosed for any purpose other than the purpose for which you have received it. If you are not the intended recipient, you must not disclose or use the information contained in it. In this case, please let me know by return email, delete the message permanently from your system and destroy any copies. ----------------------------------------------------------------------------------------
Current thread:
- Re: Legal Question about privacy, (continued)
- Re: Legal Question about privacy Dave Dittrich (Jul 24)
- Re: Legal Question about privacy Stefan Kelm (Jul 28)
- Re: Legal Question about privacy t. elam (Jul 28)
- Re: Legal Question about privacy Stefan Kelm (Jul 28)
- RE: Legal Question about privacy dave kleiman (Jul 24)
- Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
- RE: Legal Question about privacy dave kleiman (Jul 24)
- Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
- RE: Legal Question about privacy dave kleiman (Jul 24)
- Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
- Re: Legal Question about privacy Jack Cleaver (Jul 24)
- Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
- Re: Legal Question about privacy Dave Dittrich (Jul 24)
- Re: Legal Question about privacy Richard Johnson (Jul 24)
- Re: Legal Question about privacy Matt D. Harris (Jul 29)
- RE: Legal Question about privacy Dave Dittrich (Jul 24)
- RE: Legal Question about privacy Chris Shepherd (Jul 31)