Title: What's in your honeypot: a privacy compliance perspective
Authors: Adam J. Brown; Todd R. Andel
Addresses: University of South Alabama, Mobile, Alabama, USA ' University of South Alabama, Mobile, Alabama, USA
Abstract: Honeypots, a form of active cyber defence, assist in frustrating cyber aggressors through a detect and deceive strategy. However, significant legal questions arise in the USA from the emulation of a production host for purposes of recording information pertaining to access sessions. Taking a holistic perspective, this research explores credible legal claims that may arise when using a honeypot. Situations consider issues pertaining to setting up a honeypot to not violate US federal and state privacy laws, to operating a honeypot without becoming exposed to first or third party liability, and to providing data gathered by a honeypot to law enforcement officials to contribute to an investigation.
Keywords: active cyber; honeypot; legal; privacy; evidence.
DOI: 10.1504/IJICS.2019.099443
International Journal of Information and Computer Security, 2019 Vol.11 No.3, pp.289 - 309
Accepted: 31 Jul 2018
Published online: 02 May 2019 *