1 / 17

The Law of Government Honeypots

The Law of Government Honeypots. Anthony V. Teelucksingh Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 202-514-1026. Honeypots; Topics. Legal Issues Search & Seizure Electronic Surveillance Charging Entrapment Collateral Damage.

Sophia
Download Presentation

The Law of Government Honeypots

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Law of Government Honeypots Anthony V. Teelucksingh Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 202-514-1026

  2. Honeypots; Topics • Legal Issues • Search & Seizure • Electronic Surveillance • Charging • Entrapment • Collateral Damage

  3. Honeypots Generally • Uncharted Legal Water • Get Counsel Involved Pre-Development

  4. Honeypots; Legal Issues • Honeypot are Undercover Operations • Search & Seizure & Electronic Surveillance • Fourth Amendment • Wiretap Act • Pen Register/Trap and Trace • Electronic Communications Privacy Act

  5. Honeypots; The Constitution • Fourth Amendment: Unreasonable Search and Seizure • Collection of Electronic Communications can be a search and seizure • Test: Reasonable Expectation of Privacy • Hackers Do Not Have Such Expectation • But Other Users on Honeypot May

  6. Honeypots; The Wiretap Act • Value Derived from Monitoring Activity of Would-Be Attackers • To Legally Intercept Communications, Exception to Wiretap Act Must Apply • Consider These Exceptions • Computer Trespasser Exception • Party to the Communication or Consent of a Party to the Communication Exception • Provider Exception (System Protection)

  7. Honeypots; The Computer Trespasser Exception • Government may monitor “trespasser” • No contractual relationship or authority to be on computer • Use care if “advertising” honeypot; may imply authority to use • Provider must authorized interception • Government must do the monitoring • Only trespasser’s communications intercepted • Relevant to an ongoing “investigation”

  8. Honeypots; Party and Consent of a Party Exception • A party to a communication can intercept or give consent to intercept • Two ways this may help • Banner the System (but is imperfect solution) • The honeypot may be a party in some cases (but risky in other cases, e.g., IRC)

  9. Honeypots;The Provider Exception • To Apply, the Monitoring Must be Done to Protect the Provider’s Rights or Property • May have Some Limited Application to Honeypots • Helpful Facts: • Separate Sys Admin Tasks from Investigatory Functions • Honeypot Associated with Production Servers

  10. Suspicious Traffic Routed Hide Among Production Servers Honeypots; Examples

  11. Honeypots; Pen/Trap • Monitoring only addressing information (to the exclusion of content), then the Pen Register, Trap and Trace statute would apply • If have exception to Wiretap Act to intercept communications, then have argument that ok to collect related info

  12. Honeypots; ECPA • ECPA Rules May Limit • Voluntary Disclosure of Info Stored on Honeypot • Process Necessary to Compel Production • Do Voluntary Disclosure Limits Apply? • Only if services offered “to the public” • Not Clear what this Condition Means • Avoid Rapid Collection of Info that, although in Stored State, has been Stored only Short Time; Looks Like Wiretap

  13. Honeypots; Other Rules • Other Laws May Apply Too • E-Government Act of 2002 • Rules on Use of Cookies • Rules on Privacy Policies • Internal Agency Regulations on Internet Resources • Populating Honeypot with Contraband • Make Sure You Know What Rules Apply and What Waivers are Available • DOD-Specific Rules

  14. Honeypots; Charges • Know your Goal before Designing • If Purpose to Prosecute • Identify Charges of Interest • Attempt (Impossibility) • Other Victims • Warez, etc. • Consider Jury Appeal

  15. Honeypots; Entrapment • Entrapment is a potential factor in any undercover • To find entrapment in most jurisdictions: • The government induced the illegal conduct and • The defendant was not predisposed to engage in the illegal conduct. • Entrapment is unlikely a good defense in pure honeypot cases • Still, keep it in mind • Trappings of Honeypot (e.g., promotion, password or vulnerability distribution) • If core of charge is based on gov’t supplying necessary item available only through the government

  16. Honeypots; Collateral Damage • Do No Harm • Potential lawsuits • Downstream victims of intrusions • Launch Pad for Denial of Service Attack • Drop or Distribution Site for Contraband • Plan Ahead • Evidence of Criminal Activity • Evidence of National Security Breach • Victim Notification Issues • Can Take Significant Resources

  17. Where To Get More Information • Computer Crime Section: (202) 514-1026 • E-Mail: anthony.teelucksingh@usdoj.gov • Computer Crime Section’s Web page:

More Related