Assuming that some user/hacker is attempting to use some computer remotely to attack a third party, such a user is implicly not agreeing to being monitored, but he/she should not have a reasonable expectation of privacy. He is committing an an illegal action with no compensating factors. Given the courts actions on public vs. non public communication, any monitoring of computer communication on the recieptant computer cannot be consider wiretaping.

Wheras intercepting communication before it reachs the legitmate target is illegal.

Consider the case where a phone conversation was recorded on a phone which had a legal wiretap, but where the two participants were not involved with the target action. The court did not throw out the evidence on a new nonrelated crime simply because the parties were not named in the wiretape court order.

Similarly if a user/hacker/sysadmin uses communication methods that are not apart of the intended public communication between two private parties, then any expectation of reasonable privacy is denied.

think of it another way, if one calls a phone sex service, (when in fact) they have called the police department and then attempts to use that medium as a mode of private conversation with one or more unknowns, it will not be construed as entrapment. If the phone sex operator ends up calling up potiential clients directly to get the client to make an illegal offer, that _is_ entrapment.

If a web site entices attacks and redirects traffic leading to the easy access server, that would be a similar entrapment situation.

redirecting incoming attacks to a seperate room/honeypot is not entrapment, but detection and isolation of illegal actions.

If one is aware of third party attacks, with the use of your equipment, and one does not make reasonable effort to stop the attack, then the local party should be consider a co conspirator to the attack.

Doing nothing about the attack either before or after, is facilating the attack and should be legally liable for the consequences of the attack

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/4004/19435#19435