

Ask HN: What's current U.S. law regarding building and deployment of honeypots? - christianbryant

I&#x27;m a GNU&#x2F;Linux build&#x2F;release engineer and an opportunity to build a system that is essentially a honeypot came up. However, after researching this specific activity I see more red flags than I&#x27;m comfortable dealing with. Perhaps this really is a question for a lawyer with digital crime experience, or it&#x27;s a response of &quot;no, thanks&quot;...<p>I have lots of links to information on the topic that I&#x27;ve gathered published since the mid-2000s and this SANS document has always been my goto:<p>http:&#x2F;&#x2F;www.sans.org&#x2F;reading-room&#x2F;whitepapers&#x2F;legal&#x2F;cyberlaw-101-primer-laws-related-honeypot-deployments-1746<p>However, I was wondering if there are more recent changes to the laws and&#x2F;or a site that is more thorough in treatment of how private parties (contractors) factor into any legal issues that might arise from use of a honeypot deployment.<p>In other words, what are the references that folks experienced with the topic and&#x2F;or deployment of honeypots rely of for updates and practical legal knowledge?
======
pgonda
I remember discussing this in a Computer Crime Law class, and it might fall
under Wiretap laws because you might be recoding real time user input.

~~~
christianbryant
Yes, I recall reading a few articles about that. I wasn't clear, however,
whether if you can meet the criteria for the "exceptions" if there could be
another law somewhere that you could still get hit with. If I am serious about
this gig, I'd really have to lawyer up since my legal knowledge is only going
to get me in trouble :-)

