RE: legality of sacrificial host to prosecute [was RE: cyber copsting ]

[FMartins () pt imshealth com (Lisbon)]

Hi2all

Law, as security, have allways very good arguments to begin "never ending stories", or like it, so here is my point 
about this ...

David wrote:
a) Here is a helpful message from John Nicholson, someone who actually has law experience :-)

I have law experience too, just not from a degree, but in showing sometimes that "that" wasnt a crime.

b) First, and foremost, entrapment is a defense, not a crime in and of itself. 

It all depends on the entrapment, because if you are "Home Alone" and fanatic about security you can kill someone ... 
so you prevent a crime and make another worse =)
So, "in the eyes of the law" you CANT say that entrapment NEVER can be a crime.

c) So, they put cheap costume jewelry in the window. When someone breaks in and steals the fake jewelry, is the jewelry 
store guilty of entrapment for displaying such nice looking fake jewelry and tempting the thief into breaking in? No, 
again because the 
jewelry has not done anything to force the thief into breaking in.

If i was a customer on that jewelry, i'll start a law action for the owner of the jewlry pay me an "audit" on my jewls, 
because if he is working with fakes, i need a second opinion, and i must pay for it, so they must pay to me that (makes 
no sense, but tell me that there is no lawyer that take my case? eheh). What i didnt tell is that i have a jewelry my 
self, and i just want to make some noise about competitors, and even if i must loose some money to win more later, i 
dont care. Then this guy find out what i was doing and the story starts all over again ...
The entrapment was legal, my request its not illegal, and my motivation is understandable (just not for my competitor, 
but clients will like it).
Watch the IDS tests and opinions about them ...
You are not making nothing illegal, but yet you can get in trouble with an entrapment ... was the NSAKey_ an 
entrapment? =;o)

d) A honey pot is an area of your network that you set up so that if someone is going to break in, they break in where 
you are ready for them. This is not entrapment, and it's not a crime.

It all depends again in what the honeypot will do about it, like the admin will just kill this guy or will he start 
some bandwith waste for pay back? so, not so clear about who's doing a crime, if we are pointing just chances and not 
specify in details the rest.

e)  If someone breaks in, they are committing a crime and you're not aiding and abetting the crime just because you 
took steps to 
mitigate the damage from a break in.

I'll defend that "attacker" to the point where you prove that in a honeypot enviroment with bad admin configurations as 
a decoy, this kid as bad intentions, and just not some bad browser for example ... so its not so clear after all ...
I can talk very clear about this specific problem, because i have lived an experience like it being my self the 
supposed bad guy (that everyone of you know that i'm not, am i? eheheh)

Kind Regards,
Fernando Martins