The Legal and Ethical Issues of Deploying Honeypots

Abstract

The purpose of this study is to identify the legal and ethical issues involved with the deployment of a computer system defence implementation known as a honeypot. During the course of this research reference shall be made to the term honeypot as an umbrella term covering honeypots themselves, honeynets, honey farms and honeytokens. These systems and devices all claim a common characteristic in that they masquerade as legitimate systems, however their main purpose is to detect, track and analyse patterns of behaviour, both user and software, when the system is illegally accessed. The aim of this research is to derive a strategic framework for minimizing the legal and ethical risks involved in deploying honeypots specifically within South Africa, but based on best practice from around the globe. The study will derive a taxonomy for honeypots based on their security goals. The taxonomy will serve as basis for evaluating the legal and ethical risks relative to the security goals of honeypots. The study has been conducted using a wide ranging literature review covering the legal landscape with regards to the areas of entrapment, privacy and liability, and their application in the field of cybercrime based upon the current legal framework in South Africa. This research will determine the different scenarios in which honeypots may and should be deployed and the ethical issues involved in deploying a honeypot specifically addressing the alignment with the various codes of conduct required by computer professionals. The ethical and legal risks involved in the deployment of a honeypot will be highlighted and ultimately a strategic framework for minimizing the legal and ethical issues involved with the deployment of honeypots will be outlined. This will take the form of a checklist designed to guide the practitioner in deployment of these tools in a legal and ethical manner.