Re: RE: RE: cybercop sting

[eric () gruver net (Eric)]

"Endler, David S" wrote:
>         The sacfrifical lamb suggestion is a great idea generally, but be
> careful about the legal pitfalls of "disinformation." Leading an attacker to
> commit a crime by providing an open door (aka no warning banners, weak
> passwords, etc.) is commonly called entrapment and can be counterproductive.

In the United States, setting up a computer to detect and catch people 
attempting to break into your systems is not entrapment.

For example, in Texas, the following is the definition of entrapment from
the state's Penal Code, Section 8 - General Defenses to Criminal Responsibility

   Sec. 8.06.  Entrapment.

            (a) It is a defense to prosecution that the actor engaged in
   the conduct charged because he was induced to do so by a law
   enforcement agent using persuasion or other means likely to cause
   persons to commit the offense.  Conduct merely affording a person
   an opportunity to commit an offense does not constitute
   entrapment.

            (b) In this section "law enforcement agent" includes personnel
   of the state and local law enforcement agencies as well as of the
   United States and any person acting in accordance with
   instructions from such agents.

Note the last sentence of paragraph (a).  Also, please note that it applies
only to personnel of law enforcement agents or from people under their
control.

Of course, the law may be different in other parts of the world.

> You can get in a lot of serious trouble with your own organization as well
> by spreading false data which could result in nasty rumors about earnings
> which could affect stock prices negatively, etc. 

That's a good point.  Any false data, or for that matter real data, contained
should be cleared by the lawyers before using it.

Eric Johnson