Lance Spitzner, founder of the nonprofit security organization Honeynet Project, agreed, saying that neither liability nor entrapment has been an issue, but that privacy is a concern. "From a privacy perspective, you need to consider what you capture, how you capture it, and what you use it for," Spitzner said. He said the main concern surrounds violating the federal Wiretap Act, which prohibits intercepting the content of communications. "Are you getting the conversations themselves?" he asked. "The more data youre pulling, the more potential privacy issues there are."But there are still no hard and fast answers to some of these legal concerns. "There is no absolute authority, because there are so many variables involved and no precedents," Spitzner said. The Honeynet Project recently published a book on honey pots, which includes a chapter (here in PDF form) on legal concerns by Richard Salgado of the Department of Justice. Security firm Sophos, based in the United Kingdom, isnt much concerned with the legal aspects of honey pots and is one of many vendors using various types to develop cyber-defenses. "We receive millions of spam messages into our traps from around the world," said Gregg Mastoras, senior security analyst at Sophos. "We take those messages, dissect them, try to understand them, where theyre coming from, and build protection around it for our clients." Because its a closed systemthe spam and viruses the company receives dont get distributed from the Sophos systemand the company isnt building legal cases against spammers, there arent legal implications for its spam traps. "Most of the security research companies use honey pots to get information on bad guys, malware, viruses and things like that," Honeynets Spitzner said. "Honey pots are also becoming more commonly accepted, so theyre being used for marketing purposes by security firms." "If youre going to develop products and services to defeat these, youve got to understand the basics of what theyre delivering by actually getting some of them yourself," Sophos Mastoras said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
If a firm is capturing transactional information such as IP addresses, or examining malware contained in the communications, there likely is little to be concerned about. IMlogic told eWEEK.com its honey pots would likely only receive spam or malware, so conversations wouldnt be an issue.