Friday, April 18, 2003

Legality of Collecting Network Traffic

Kevin Poulsen, one of the few sources of original reporting on security issues wrote this article which is of interest to anyone doing network security monitoring. Although the article deals with honeypots, it asks good questions about the legality of collecting network traffic. This excerpt talks about using the "provider exemption" (explained here, with the law here):

That leaves a third "provider exemption" as the most promising for honeypot fans. This allows the operator of a system to eavesdrop for the purpose of protecting their property or services from attack. But even that exemption probably wouldn't apply to a system that's designed to be hacked, Salgado said. "The very purpose of your honeypot is to be attacked... so it's a little odd to say we're doing our monitoring of this computer to prevent it from being attacked."

No comments: