I'm all for people having an expectation of privacy, but I think it would be crazy if a honeypot operator went to prison. You shouldn't have to use "warning banners" to let someone know you are monitoring their activities. It should be an expectation that if you are using/hacking someone elses system that they are monitoring the activities to/from/on that system.

Another question, why isn't the honeypot system considered a production system? Like any other system a company uses, the honeypot system is there to support the business. It supports the business by alerting the security group to new attacks that they need to know about to prevent their other business systems from being attacked.

Another point I'd like to make is:

What is the difference between a honeypot logging your activity and other types of logs? You go to a web page and it records your activity in web server logs, is that illegal wiretapping if you haven't been warned about it? Seems like wiretapping laws haven't kept up with the new technologies. They are usually discussed when the activity is illegal, what about logs that capture appropriate behavior?

Obviously there are no clear cut answers, but I thought I would stir the pot and provide some additional thoughts on the subject.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/4004/19409#19409