Niels Provos honeypot illegal !

[Ghostdog]

A news at security focus said that Niels Provos thesis work on honeypot and steganography are illegal regarding a michigan law.
You can found more here

[tonybradley]

He actually is moving his stuff offshore proactively because the law seems to make his work illegal.

The Michigan state, and other state Super-DMCA laws pending and passed have yet to be tested in court to really define the scope of what they apply to versus what their actual intent was.

This was discussed in another thread as well. See: Michigan Super-DMCA

[bballad]

I think the offshore reaction was a childish overreaction. Leave the work there the EFF or ACLU will give you free legal help if the state tries to prosecute you. This law is invalid on a number of points (states can't enact copy write laws only the federal government can do that. too broad to be useful ect.)

Running away and crying dose nothing productive. its stupid and pointless, Hell the law probably doesn’t even apply to his work. None of his work has the malicious intent to defraud anyone.

EDIT: also see on security focus the article about why super DCMA isn't inherently evil
http://www.securityfocus.com/columnists/153

Whiney people not reading laws and overreacting to them are getting on my nervs, yes the Super-DCMA statutes seem dumb and bad, but before you freak out or go running around screaming that the world is ending let things work themselves out...after the first few test cases we can see how the law stands.

On another note those of you in Europe need to understand how the US works, your parliaments create working laws, here senates (state or federal) pass nonworking laws and let the courts figure out how to fix them. We trust our judges a LOT more then we trust our politicos.

[MrLinus]

Being forced to move information and deny access because of fear of litigation is definately not a good sign.

From the article

A University of Michigan graduate student noted for his research into steganography and honeypots -- techniques for concealing messages and detecting hackers, respectively -- says he's been forced to move his research papers and software offshore and prohibit U.S. residents from accessing it, in response to a controversial new state law that makes it a felony to possess software capable of concealing the existence or source of any electronic communication.

So all of those of you that are on AO and are from those states are not allowed to:

a) research, build, investigate or consider a honeypot

b) research, create, develop or fund any type of cryptography (although the issue in this case is steganography the prinicples are the same, although the method/media is slightly different).

From the article

In response to the early criticism, the industry groups pushing for the law released a new version of their model legislation on April 1st that, among other things, adds an "intent to defraud" to the language -- significantly narrowing the scope of the law.

Even with "intent to fraud" it makes it easy to get around the law. "I wasn't trying to take anything from anyone.. I was just playing around". These laws are a joke. I hope someone does put them to a test soon.

[bballad]

Can we get the two threads combined...and note MSMittens the law dosn't say that hony pots are illigal its just an overreaction by the researcher

[instronics]

I wonder what the paranoid would say to this subject. I can imagine a few things that could be the cause of this, but the officials would never admitt it. Can anyone of you take a wild guess what im talking about . Remember the thread about firewalls becoming illegal? Slowly slowly it all makes sense, but to understand that, you would have to be paranoid in a sense.

Cheers.

[the_JinX]

bballad, I'm brought up thinking paranoia was a good thing when it comes to security..

And I'm taking security beyond protection of your data.. also protection of knowlege..
The USA makes it seem like the second cold war.. only this time they are the "Sharing of Knowlege Suppressing Super Power"

I agree with MsMittens on the part that most part of the law won't stand a chance..
You just can't prove most of them..

[gore]

leave it to Michigan to be a penis, lol this damn state gets on my nerves sometimes.

[tonybradley]

Hell the law probably doesn’t even apply to his work. None of his work has the malicious intent to defraud anyone.

The "intent to defraud" wording was added later. Because Michigan was one of the first out of the gate with this legislation that is not a part of the Michigan law.

Besides, isn't "intent to defraud" relative? By hiding my internal IP addressing with NAT or using a product like Anonymizer, is it not my intent to defraud someone? The whole point is to defraud those who should not be reading my data.

I don't personally think that adding "with intent to defraud" changes the law enough to make it reasonable. They can still twist that and use it inappropriately.

If it is now illegal in Michigan to:

"assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service." SecurityFocus Article

as well as being illegal to provide written instructions to do so I think that it is reasonable for Mr. Provos to believe he is in violation of this law.

I agree the law is crap and will hopefully be shot down the first time they try to use it. Organizations like the ACLU or EFF may jump in and help defend someone prosecuted under this law, but maybe Mr. Provos has better things to do with his time / life than being that guinea pig. Often by the time the decision is appealed and re-appealed to the Supreme Court it is too late to help the martyr who is fighting.

I have somewhat of a working relationship with my Michigan State Senator and plan to write her on this issue. I want to at least make sure the government is aware of the feathers they've ruffled since I doubt they're surfing SecurityFocus or AntiOnline.

[gore]

i just remembered you live here too...sad state huh? laws here are mostly ****.