Re: Cybercrime treaty
"Magdych, Jim" wrote:
> Sorry if that sounded dismissive... I am absolutely NOT saying that
> it doesn't matter. I just wanted to point out that some of the
> arguments (particularly the one I made earlier) were fairly
> US-centric. It IS, for example, a crime to own a gun in some
> European countries.
I'm still struggling with whether or not the ambiguity of
the language is a problem or not!
First, I note that I am not well versed in the issues of how public
policy is shaped by international treaties. And at the risk of being
inflamatory, I will suggest that the CVE Editorial Board does not
have ANY experts on international law on it. This is NOT a
criticism, nor is it meant to suggest that we should do nothing.
But, I would suggest that we, as a Board, seek the advice and
input of those who may be able to shed light on the pros and
cons of ambiguous treaty language.
BTW, the example of gun ownership is precisely what is motivating
me here. Some countries may choose to make it illegal to ban
exploit code in much the same way that they ban guns. While
I may strongly disagree with both of these (Mike, you aren't
the only gun totin' redneck here), I recognize that it is within
their soverign right to do so. This leads me to question the
purpose of such a treaty. Are there higher purposes that are
served by drafting a internation treaty that is vague enough
to allow *some* countries to ban exploit code while
allowing other countries not to ban it? Is the ambiguity
the result of a political comprimise to gain broader acceptance
or is it misguided bumbling by beaurocrats who don't understand
I'm not sure and would love to hear some input from some folks
who regularly deal with policy issues at the federal level.
Steve Christey, perhaps MITRE could open a dialogue with somebody
like Jeffery Hunker and bring him into the discussion by acting
as his proxy to the board. Perhaps others could suggest good
sources from outside of the US to gain a broader international
Dave Mann || e-mail: firstname.lastname@example.org
Senior Security Analyst || phone: 508-485-7737 x254
BindView Corporation || fax: 508-485-0737