What's in your honeypot: a privacy compliance perspective

Abstract

Honeypots, a form of active cyber defence, assist in frustrating cyber aggressors through a detect and deceive strategy. However, significant legal questions arise in the USA from the emulation of a production host for purposes of recording information pertaining to access sessions. Taking a holistic perspective, this research explores credible legal claims that may arise when using a honeypot. Situations consider issues pertaining to setting up a honeypot to not violate US federal and state privacy laws, to operating a honeypot without becoming exposed to first or third party liability, and to providing data gathered by a honeypot to law enforcement officials to contribute to an investigation.