Honeypots mailing list archives
RE: Legal Question about privacy
From: Chris Shepherd <chriss () whstuart com>
Date: Thu, 31 Jul 2003 11:06:24 -0400
Very intruiguing topic of conversation, and something most honeypot maintainers would do well to consider. Quoting Dave Dittrich <dittrich () cac washington edu>:
To my knowledge, this has not been tested in a court, but someone could reasonably argue that a honeypot owner who logged their IRC traffic violated their privacy rights. Even the intruder *could* bring a suit against someone for doing this, and they *might* win. It has not (to my knowledge, or that of any lawyers I've talked with) been tested in court. (If anyone knows of cases, please send them my way.)
I should hope that such a claim could be thrown out in that the communication is passing through a private third party, who has given no expectations of privacy to someone who breaks into their honeypot. The closest analogy to describe how I see the act would be breaking into someone's home and using their phone to dial up a friend (or more accurately, host a party line for your friends). In this instance, how does the offender have any possible expectation of privacy?
There is a court case (sorry, no reference ;) where a criminal, using a stolen cell phone that was used by the police to monitor the criminal's communication, successfully sued the police for violation of his privacy rights because they monitored the communications on the cell phone without a warrant. Just because the person is a criminal, it doesn't mean they have given up all their rights or that anyone is free to violate another law with impunity.
I don't see it as the thief having given up his/her rights since it was not the thief's phone. If the police got the owner of the phone to consent to having it wiretapped (possibly the crux of the matter), then how could this ruling go in favour of the criminal? The phone was not his to consent to have it wiretapped or monitored in either fashion, therefore I would think that provided the appropriate paperwork was in place it would be a non-issue. Cases like that exist to keep police in check when issuing wiretaps (IMO), and little more. The trouble with that is that it creates case law like this that can be referenced to the point of absurdity. My issue with privacy on the internet is that given that all of your traffic passes through an average of 12 hosts or more, how can anyone reasonably expect to have privacy? The Internet is now a vast, global, public (key word) network, and I find it terribly difficult to envision any true sense of privacy while using it. -- Chris Shepherd
Current thread:
- Re: Legal Question about privacy, (continued)
- Re: Legal Question about privacy Jack Cleaver (Jul 24)
- Re: Legal Question about privacy Valdis . Kletnieks (Jul 24)
- Re: Legal Question about privacy tcleary2 (Jul 24)
- Re: Legal Question about privacy Chris Boubalos (Jul 24)
- Re: Legal Question about privacy Christopher J Carella (Jul 24)
- Re: Legal Question about privacy Steve Barnet (Jul 24)
- Re: Legal Question about privacy Richard Johnson (Jul 24)
- Re: Legal Question about privacy Matt D. Harris (Jul 29)
- Re: Legal Question about privacy Richard Johnson (Jul 24)
- RE: Legal Question about privacy Koseroski, Val (Jul 24)
- RE: Legal Question about privacy Dave Dittrich (Jul 24)
- RE: Legal Question about privacy Chris Shepherd (Jul 31)
- RE: Legal Question about privacy Dave Dittrich (Jul 24)