RE: Legal Question about privacy

[Chris Shepherd <chriss () whstuart com>]

Very intruiguing topic of conversation, and something most honeypot maintainers
would do well to consider.

Quoting Dave Dittrich <dittrich () cac washington edu>:
> To my knowledge, this has not been tested in a court, but someone
> could reasonably argue that a honeypot owner who logged their IRC
> traffic violated their privacy rights.  Even the intruder *could*
> bring a suit against someone for doing this, and they *might* win.  It
> has not (to my knowledge, or that of any lawyers I've talked with)
> been tested in court.  (If anyone knows of cases, please send them
> my way.)

I should hope that such a claim could be thrown out in that the communication is
passing through a private third party, who has given no expectations of privacy
to someone who breaks into their honeypot. The closest analogy to describe how
I see the act would be breaking into someone's home and using their phone to
dial up a friend (or more accurately, host a party line for your friends). In
this instance, how does the offender have any possible expectation of privacy?

> There is a court case (sorry, no reference ;) where a criminal, using
> a stolen cell phone that was used by the police to monitor the
> criminal's communication, successfully sued the police for violation
> of his privacy rights because they monitored the communications on the
> cell phone without a warrant.  Just because the person is a criminal,
> it doesn't mean they have given up all their rights or that anyone
> is free to violate another law with impunity.

I don't see it as the thief having given up his/her rights since it was not the
thief's phone. If the police got the owner of the phone to consent to having it
wiretapped (possibly the crux of the matter), then how could this ruling go in
favour of the criminal? The phone was not his to consent to have it wiretapped
or monitored in either fashion, therefore I would think that provided the
appropriate paperwork was in place it would be a non-issue. Cases like that
exist to keep police in check when issuing wiretaps (IMO), and little more. The
trouble with that is that it creates case law like this that can be referenced
to the point of absurdity.

My issue with privacy on the internet is that given that all of your traffic
passes through an average of 12 hosts or more, how can anyone reasonably expect
to have privacy? The Internet is now a vast, global, public (key word) network,
and I find it terribly difficult to envision any true sense of privacy while
using it.

--
Chris Shepherd