Re: Jail Time for Honeypots?

["yannick san" <yannicksan () free fr>]

As far as I know access control could be a little bit different...
The problem is not only regulary analysing the file but beeing able to trace
employers...
I'm completly agree that tracing employers is forbidden but if we're not
able to reconize employers in the files, where is the problem ? I mean, if
employers can only be traced as numbers and not by their names... and if we
need a special clearance (in case of a security event for exemple) to
translate the numbers by names ?
In cctv systems it's more complicated because here we have the face.. and
here I'm agree that we must not see the pictures without any security
reasons.
About security banners, according to the law I'm agree that they must be
visible. It's true for cctv, it is true any equipements. Exemple : try to
log in to an equipement and a message appear to tell you that this
equipement is the property of xxx and every command passed is analysed...
But do you think we should write something like "...an honeypot is used..."
somewhere ?? We write that any commands is analysed but we also don't write
that we implemented intrusion detection too.
So, as I'm concerned, cctv systems and honeypots are not so similar problem.
Please, correct me if I'm wrong.

Yannick
Information Security Engineer


----- Original Message -----
From: "Fernando Martins" <fernando.martins () esoterica pt>
To: <honeypots () securityfocus com>
Sent: Tuesday, April 22, 2003 8:01 PM
Subject: Re: Jail Time for Honeypots?


> > Then again in other areas, if you are in the "public eye", that is to
say,
> > out in public, you can be filmed at will.  As long as it is not
> distributed
> > as a "commerical production" and even then, if the person complaining
was
> > not the main focus of the event, they have no case.
>
> May be the fault is on my poor english skillz ... but you got it all
wrong.
> If one is out in public area it's illegal to film/monitor, unless by the
> police or special service, never by "civilians".
> And only if there is an event/intrusion/crime the recorded images can be
> seen.
> And as several guys here sugested, a warning banner must be visible in
> monitored places.
> All of these in Portugal, and many other places in Europe.
>
> I'll not discuss here the design of closed or open surveillance systems,
> this is not the forum for it.
> But the implications of this can be for example inside a bank, where as
'we
> speak' most of banks in Portugal are not respecting the law regarding cctv
> systems.
> Most of the companies (probably all less one, as far as I know) by the
same
> law, are also illegal regarding access control systems.
> I was not thinking in me walking the dog at the park ... that's not my
field
> and I don't have a dog :>
>
> My point was just 'put on the table' a known, and covered by law, issue to
> somehow clarify what can be important as legal issues regarding
> honeypots/nets.
> Also to point out that laws from several countries can be involved, while
in
> cctv systems that is not the case.
>
> FM