A primer on US laws related to honeypot deployments

A Honeypot is defined as an Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system .
These devices have created a confusing interaction of legal and cyber issues, as discussions of such devices are typically accompanied by a legal disclaimer, yet, these legal issues are not typically discussed due to time constraints or lack of experience in legal matters.

At a recent SANS conference a lawyer in the group lectured for five minutes on the need to consult a legal team before deploying or using honeypots when the topic came up, and pointed out the many tricky legal issues surrounding such devices. Yet, the same lawyer was not able to specify the legal issues nor was he able to make suggestions on how to handle such issues.

This legal gray area presents two interesting issues. First, honeypots are one of the more esoteric
issues that a corporate counsel would have to address and, it is very possible, a corporate legal team might not have the required knowledge to answer questions on honeypot issues. Second, not all IT professionals have has access to corporate counsel and hiring a lawyer for advice on this specific issue is often not cost effective, again, due to the esoteric nature of the issue.