RE: Honeypots & reccord industry

["Roger A. Grimes" <roger () banneretcs com>]

You are correct with your comments and fruit of the poisonous tree
logic. 

I should have known my two semesters of business law didn't make me a
lawyer.

Thanks for the compliment on the book.

-----Original Message-----
From: Austin, Richard D [mailto:richard.austin () hp com] 
Sent: Monday, December 19, 2005 3:22 PM
To: Roger A. Grimes; honeypots () securityfocus com
Subject: RE: Honeypots & reccord industry

Hello Roger,

        While I, like you, am of the opinion that people shouldn't be
illegally downloading copyrighted material, I would be a bit more
concerned about (in the US anyway) running afoul of the ECPA (PL 99-508)
with such a practice.  Considering the RIAA as a "service provider"
using the honeynet under the service-provider exemption would seem a bit
of a stretch to me.

        Regards entrapment, courts take a rather jaundiced view of
evidence that was collected illegally and then used to guide the
collection of "legal evidence" -- they tend to regard the whole bunch as
"fruit of a poisonous tree" and exclude it (assuming defending counsel
gets real curious about how it was they just happened to decide to look
at that particular place/item/etc).

        These types of issues are why an attorney (which I are not) is a
real good place to start when setting up one of these things if any of
the results may become evidence in a legal proceeding.  With all the
RIAA's $$, I would assume they've done that but you just never know.

        Incidentally, sincere compliments on your excellent book!

Best regards.   

-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com]
Sent: Monday, December 19, 2005 10:23 AM
To: honeypots () securityfocus com
Subject: RE: Honeypots & reccord industry

I don't remember the source, but I have read this several times. I don't
think it is a secret.

People should not be illegally downloading copyrighted material, so I
don't see the problem.

A courtcase based on evidence collected from one of these honeypots
might finally test the entrapment defense theory...but the RIAA would
probably just use the evidence collected to track other more certain
types of evidence.

Roger

*******************************************************************
*Roger A. Grimes, Banneret Computer Security, Consultant *CPA, CISSP,
MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger () banneretcs com
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
*******************************************************************



-----Original Message-----
To: Bruno Joho
Cc: honeypots () securityfocus com
Subject: Re: Honeypots & reccord industry

Bruno Joho wrote:
> Hi folks
>
> It came to my ears the reccord industry is collecting information 
> about people sharing music files or publishing such files for 
> download. They may using honeypot technology to get the data needed 
> for proceedings judicially. Does anybody knows more about?