Honeypots mailing list archives

RE: Legal Question about privacy

From: "dave kleiman" <dave () netmedic net>
Date: Wed, 23 Jul 2003 22:58:12 -0400

Does a thief who broke into your house have an "expectation of privacy"?

If so, and only case law would decide this, then a simple sign on your door
that said these premises are monitored at all times by electronic
surveillance would prevent this.
Just a as a warning banner on your site or in logon pages are suggested for
legal reasons.


 
_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net

"High achievement always takes place in the framework of high expectation."
Jack Kinder

 


-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Wednesday, July 23, 2003 11:29
To: Josh.Berry () compucom com
Cc: honeypots () securityfocus com
Subject: Re: Legal Question about privacy 

On Wed, 23 Jul 2003 09:24:40 CDT, Josh.Berry () compucom com  said:

The point of a Honeypot is that if someone is one the system, then they
broke into your digital property.  I am not going to be prosecuted for
having a surveillance system that monitors a thief breaking into my
house, the same should be true for a honeypot.


OK.. Assume your surveillance system includes an audio recording.  Let's say
your thief breaks in, helps himself to a cup of coffee, and calls a friend
of his
on his cell phone.  Your system records it.

You may have just committed an illegal wiretap/recording, depending on your
jurisdiction.

And if you think this is hypothetical, consider the hot water Linda Tripp
ended up in...

What if the intruder on your system uses a POP or Webmail client to check
his mail,
and your packet sniffer catches the data?  Remember that there's laws in 47
USC
mumble mumble (I dont have the section handy - Radiotelegraph Act of 1934
and ECPA
are the operative acts) regarding disclosure of transmissions intercepted by
a carrier.

Are you a carrier in this case?  If so, are you allowed to divulge the
contents of the transmission?
If you *arent* a carrier, are you allowed to do so?

If you are a carrier, is the sniffer attached to the honeypot part of
"network quality monitoring"?

There be serious and nasty legal dragons here....

Current thread:

Re: Legal Question about privacy Dan Bernard (Jul 23)
- Re: Legal Question about privacy Dave Dittrich (Jul 24)
  - Re: Legal Question about privacy Stefan Kelm (Jul 28)
    - Re: Legal Question about privacy t. elam (Jul 28)
- <Possible follow-ups>
- RE: Legal Question about privacy dave kleiman (Jul 24)
  - Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
    - RE: Legal Question about privacy dave kleiman (Jul 24)
    - Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
    - RE: Legal Question about privacy dave kleiman (Jul 24)
    - Re: Legal Question about privacy Jack Cleaver (Jul 24)
    - Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
- Re: Legal Question about privacy tcleary2 (Jul 24)
- Re: Legal Question about privacy Chris Boubalos (Jul 24)
- Re: Legal Question about privacy Christopher J Carella (Jul 24)
- Re: Legal Question about privacy Steve Barnet (Jul 24)

(Thread continues...)