Re: Few questions about sp800-31

[Valdis.Kletnieks () vt edu]

On Mon, 27 Nov 2006 16:27:09 +0300, "Kuznetsov A.N." said:
> Hi list,
>    recently I have read sp800-31(NIST Special Publication on Intrusion Detection
> System) and have some questions about it.
>
> On page 28 they wrote about disadvantages of Honey Pots and Padded Cells
>  - The legal implications of using such devices are not well defined
> What kind of problems with law can any have when using Honey Pot or Padded Cell?
> The best thing I can guess that it can be some problems if IDS redirect legal
> user to Padded Cell and he get wrong info.

A bigger issue (at least in the US) is if you divert a legitimate user to a
Padded Cell environment, and your SLA/EULA/contract/whatever doesn't give
advance notice that the user's traffic may be sampled/captured.  On the one
hand, 18 USC 2511 (2)(a)(i) gives *some* wiggle room - it depends on whether
you think a honeypot/padded cell is allowed under "...  provider of wire
communication service to the public shall not utilize service observing or
random monitoring except for mechanical or service quality control checks."
On the other hand, if a padded cell isn't a "service quality control check",
you may have a problem....

http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511----000-.html

Most of these problems are easily worked around if you have a prior notice
that "All traffic may be monitored" or similar, as intercepts with permission
(even implicitly given by using the service after being informed of the
monitoring) is usually OK.

I am *NOT* a lawyer, and if the exact details matter, I suggest you hire one
of your own....

Attachment: _bin
Description: