Privacy Issues with Honeypots and Honeynets

This article discusses the legality of the data collected by honeypots and honeynets, and how they relate to liability and entrapment in US and EU law. After you read, you should be able to describe the four core elements of a honeynet and the issues associated with honeynets. How are honeypots classified according to their level of interaction and their purpose?

Conclusions


The legal aspects of honeypots and honeynets are a fascinating research topic. In this paper, we have discussed the aspects of privacy and personal data protection. The paper has outlined the concept of personal data protection in the EU law and focused on the issues of the purpose of data processing, the legal grounds for data processing, and the retention of data. The paper has also discussed issues related to privacy, such as network monitoring and the publication of results.

First, we investigated the data collected by honeypots from the perspective of EU law. In data collection, it is necessary to distinguish content data (contents of communications) and transactional data (information for establishing communication). It is also crucial to identify a relevant lawful purpose of personal data processing and choose a correct legal ground for such processing.

Second, we studied the legal conditions for the collection of data and data retention. Administrators of honeypots and honeynets, who are seen as personal data controllers in the eyes of the law, because IP addresses are considered personal data within EU law, can rely on the legal ground of legitimate interest to collect and process personally. In production honeypots, the legitimate interest lies in safeguarding the security of the service. In our opinion, the legal ground of legitimate interest is applicable also for research honeypots. An adequate length of retention of personal data is also an important issue for the processing of honeypot data since the data minimization principle applies. In situations where a researcher wants to publish data collected by honeypots and honeynets, anonymization is needed.

The conclusions of this paper open issues that need to be addressed in the context of future research. In connection with the fact that IP addresses are personal data, it is necessary to discuss them in more detail and propose an anonymization technique for the collected data. Other newly opened research questions are closely linked to international cooperation and the cooperation with private and public authorities. In these cases, it is needed to closely discuss the issue of cross-border transmission of data.