Re: legality of sacrificial host to prosecute

[jnduncan () cisco com (Jim Duncan)]

JohnNicholson () aol com writes:
> For those of you who think this is flogging a dead horse, I apologize 
> for the bandwidth. However, this seems to be an issue about which there 
> is a great deal of confusion, so it seems worthwhile to try and clear it 
> up.

_Black's Law Dictionary_ sixth edition, 1990, says this on page 532:

    Entrapment.  The act of officers or agents of the government in 
    inducing a person to commit a crime not contemplated by him for the 
    purpose of instituting a criminal prosecution against him.  According 
    to the generally accepted view, a law enforcement official, or an 
    undercover agent acting in cooperation with such an official, 
    perpetrates an entrapment when, for the purpose of obtaining evidence 
    of a crime, he originates the idea of the crime and then induces 
    another person to engage in conduct constituting such a crime when the 
    other person is not otherwise disposed to do so.  Sorrells v. U.S., 
    287 U.S. 435, 53 S.Ct. 210, 77 L.Ed. 413; Sherman v. U.S., 356 U.S. 
    369, 78 S.Ct. 819, 2 L.Ed.2d 848.
    
    A public law enforcement official or a person acting in cooperation 
    with such an official perpetrates an entrapment if for the purpose of 
    obtaining evidence of the commission of an offense, he induces or 
    encourages another person to engage in conduct constituting such 
    offense by either: (a) making knowingly false representations designed 
    to induce the belief that such conduct is not prohibited; or (b) 
    employing methods of persuasion or inducement which create a 
    substantial risk that such an offense will be committed by persons 
    other than those who are read to commit it.  Model Penal Code, section 
    2.13.  See also Predisposition.

On page 1177:

    Predisposition.  For purposes of entrapment defense, may be defined as 
    defendant's inclination to engage in illegal activity for which he has 
    been charged, i.e., that he is ready and willing to commit the crime.  
    It focuses on defendant's state of mind before government agents 
    suggest that he commit crime.  U.S. v. Ortiz, C.A.Utah, 804 F.2d 1161, 
    1165.  See also Premeditation.

And on page 1180:

    Premeditation.  The act of meditating in advance; deliberation upon a 
    contemplated act; plotting or contriving; a design formed to do 
    something before it is done.  A prior determination to do an act, but 
    such determination need not exist for any particular period before it 
    is carried into effect.  Thought of beforehand for any length of time, 
    however short.  State v. Marston, Mo., 479 S.W.2d 481, 484.

And that's enough.  Executive summary:  If the person breaking in to the 
honeypot was already breaking in to the system anyhow, then it's *not* 
entrapment.  If the honeypot somehow induced the person to break the law 
*and* the honeypot was set up or configured as such at the behest of a law 
enforcement official (or an agent acting on behalf of a law enforcement 
official) then it *might* be entrapment.  But this implies the sysadmins 
set up the honeypot for the purposes of catching and prosecuting 
interlopers, when in reality most honeypots are set up to occupy the time 
of any interlopers once they have broken into the system.  And, as I said 
above, if they're breaking in anyhow, then it can't be entrapment.

Hope this helps.

By the way, I'm _not_ a lawyer, and Rik Farrow and I make this abundantly 
clear in the incident handling class we teach for the USENIX Association.

        Jim


-- 
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan () cisco com>  Phone(Direct/FAX): +1 919 392 6209