Yet, the illegality of certain content could also lead to potential attacks on individuals. Click crime could be used to frame adversaries, in much the same way as so-called "swatting" has been used to induce a police response. An adversary can hack into your system (or use a Trojan to obtain access) and cause your system to access the FBI honeypot. Some time thereafter, federal agents armed with warrants kick in your door, seize your computers, and you are left having to explain why you are NOT guilty of some computer crime. One click trouble.

Another problem is the assumption that people click on links because they want the thing that is on the other end of the link. We know from the spread of viruses and worms that people are inherently trusting and will click on just about anything –- often without reading it.

Indeed, in the wake of one highly publicized virus, I tried an experiment, e-mailing a hyperlink to about 100 IT security professionals which contained the exact wording of the recent email propagating the virus, together with what purported to be a hyperlink. Within minutes I received e-mails from many of these professionals complaining that the link didn’t work.

Indeed, were you to send a mass mailing out to millions of users with a hyperlink and a statement that "by clicking this link you agree to wipe the entire contents of your computer," some percentage of the recipients will invariably click the link. Thus, basing a criminal conviction on a single mouse click is dubious at best. Merely clicking a link may not be indicative of anything more than curiosity, bad judgment, bad computer hygiene, or foolishness.

Moreover, some researchers maintain sites that are designed to automatically click on links. Should this lead to a search warrant and possible prosecution? While some mouse clicks represent intentional, volitional conduct, many more do not. The FBI’s "click-crime" system does not adequately distinguish between the two, particularly for obtaining a search warrant.

In addition, there is the problem of the client-side honeypot. These client side products may scan inbound communications and attempt to resolve links in the communications in a secure manner to make sure that the links do not expose the company to malware or liability. In the case of the FBI undercover operation, the links would ultimately not resolve to anything, and might be allowed through. However, to determine this, the client-side honeypot would have already clicked the link, creating the potential for civil or criminal liability at worst and a swift kick in the door at best.

Today, Pornography; Tomorrow?

The recent cases are not likely to engender much sympathy, as few in society are willing to be seen as coddling or protecting child pornographers. Moreover, the government’s efforts here seem, at first blush, to be both reasonable and appropriate.

However, it will not likely be long before the click-crime honeypot technique may be applied to other cases. Once law enforcement agents are successful in using the honeypot technique in child pornography cases, it is unlikely that they will stop there.

The government could, for example load peer-to-peer sites with advertisements for pirated music or video -- going well beyond what companies like MediaDefender has done -- and prosecute those who merely seek the unlicensed materials, even if only for purposes that could legitimately fall under the "fair use" doctrine. A mere click on the link with no actual infringement might lead to a conspiracy charge or attempted prosecution.

In Germany, where the use of certain security tools is illegal, the government could place hacking and security tools on a site available for download and a mouse click on any of the links could lead to a criminal prosecution. The government could flood online classified sites, such as Craigslist, with links to undercover government sites posing as "erotic services," and arrest those clicking the links for solicitation of prostitution -– or at least attempted solicitation. Links to eBay sites might be used for prosecution for attempted receipt of stolen property.