Honeypots mailing list archives
Re: Honeynet Alliance Charter Question
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Wed, 16 Mar 2005 08:19:36 -0500
On Wed, 2005-03-16 at 02:33, Adam Carlson wrote:
From what I've read entrapment only applies when one is attempting to use the information to criminally prosecute individuals.
Agreed, it comes down to intent. If the information is collected for the sole purpose of prosecution, you are on a gray line. There are some easy ways around this however: 1) Develop a process of collecting logs from all your primary systems, not just your honeypot. 2) Give your honeypot some active but minor role in your network, such as a backup secondary DNS server. Given both of the above, entrapment becomes a non-issue.
From what I understand from the entrapment laws, if there is some collaboration between the honeynet alliance and law enforcement, then the honeynet alliance could be guilty of entrapment.
Unfortunately, this line can be fuzzy. If you've had zero interaction with law enforcement regarding a specific incident, but have worked with law enforcement in the past on previous incidents, it *could* be enough to show "reasonable doubt". Its not a given however as each situation is different.
I think a big part of liability depends on whether or not you are monitoring with the intent of using it in a criminal prosecution.
Bingo, thus the first item above. If collecting logs is part of your daily operations, its certainly not focused on prosecution. HTH, Chris
Current thread:
- Honeynet Alliance Charter Question Adam Carlson (Mar 15)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- RE: Honeynet Alliance Charter Question Christopher Cook (Mar 15)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question Sushant Sinha (Mar 16)
- Re: Honeynet Alliance Charter Question Adam Carlson (Mar 16)
- Re: Honeynet Alliance Charter Question Chris Brenton (Mar 16)
- Re: Honeynet Alliance Charter Question sushant (Mar 15)
- <Possible follow-ups>
- RE: Honeynet Alliance Charter Question Croad Christopher D Contr AFRL/IFOSS (Mar 16)