Could my use of StingBox be deemed a form of entrapment?
StingBox Honeypots are designed to be placed inside your own network. Not outside with an intent to bait anyone in. To our knowledge, no one has ever been prosecuted for entrapping the bad guys inside their own. Entrapment, by definition is “a law-enforcement officer’s or government agent’s inducement of a person to commit a crime, by means of fraud or undue persuasion, in an attempt to later bring a criminal prosecution against that person.”
Does StingBox HoneyPot violate privacy laws?
Privacy laws in the US may limit your right to capture data about an attacker, even when the attacker is breaking into your honeypot, but the exemption under Service Provider Protection is key. What this exemption means is that security technologies can collect information on people (and attackers), as long as that technology is being used to protect or secure your environment. In other words, these technologies are now exempt from privacy restrictions. For example, when StingBox captures the IP, MAC address and keystrokes entered by a hacker’s (and thus enable you to respond to) unauthorized activity. StingBox HoneyPot will most likely not be considered a violation of privacy as the technology is being used to help protect you or your organization, so it falls under the exemption of Service Provider Protection. Intentions matter. Honeypots that are used to protect an organization would fall under this exemption.