Title: What's in your honeypot: a privacy compliance perspective

Authors: Adam J. Brown; Todd R. Andel

Addresses: University of South Alabama, Mobile, Alabama, USA ' University of South Alabama, Mobile, Alabama, USA

Abstract: Honeypots, a form of active cyber defence, assist in frustrating cyber aggressors through a detect and deceive strategy. However, significant legal questions arise in the USA from the emulation of a production host for purposes of recording information pertaining to access sessions. Taking a holistic perspective, this research explores credible legal claims that may arise when using a honeypot. Situations consider issues pertaining to setting up a honeypot to not violate US federal and state privacy laws, to operating a honeypot without becoming exposed to first or third party liability, and to providing data gathered by a honeypot to law enforcement officials to contribute to an investigation.

Keywords: active cyber; honeypot; legal; privacy; evidence.

DOI: 10.1504/IJICS.2019.099443

International Journal of Information and Computer Security, 2019 Vol.11 No.3, pp.289 - 309

Accepted: 31 Jul 2018
Published online: 02 May 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article