RE: Cybercrime treaty
-----BEGIN PGP SIGNED MESSAGE-----
I'd suggest replacing the word "chill" with "limit" or "impede".
- - Jim
> -----Original Message-----
> From: Stuart Staniford [mailto:stuart@SILICONDEFENSE.COM]
> Sent: Monday, May 08, 2000 10:01 AM
> To: Steven M. Christey
> Cc: email@example.com
> Subject: Re: Cybercrime treaty
> "Steven M. Christey" wrote:
> > Nobody has sent any objections to me yet, and I did bring this
> > issue up to a few Board members who I thought might have concerns
> > (one is looking at it, the other hasn't responded). It may be
> > that making a general statement such as "this item is too vague,
> > and here's why" could be agreed to by contributing members, and
> > benign enough that NOOP's may not mind.
> Here's some quick text that I would like, and that it doesn't
> seem to me
> treads on the toes of the objections that have been raised so far.
> Dear <treaty drafters>
> We the undersigned are <a majority, all, ..> of the board of
> the Common
> Vulnerabilities and Exposures project. This project is a
> project by a range of responsible computer security companies and
> experts to develop a common industry-wide set of names for the many
> different vulnerabilities known in computer systems . As such,
> we represent a cross-section of the technical community which works
> on computer security vulnerabilities.
> <Treaty> has recently come to our attention, and we have some
> concerns about it, specifically Article 6. We note that it is
> critically important for computer security professionals to be able
> to test software looking for new vulnerabilitities, determine the
> presence of known vulnerabilities in existing systems, and exchange
> information about such vulnerabilities with each other. Therefore,
> most professionals and companies in this field routinely develop,
> use, and share scripts and programs designed to exploit
> vulnerabilities. It is technically very difficult or impossible to
> distinguish the tools used for this purpose from the tools used by
> computer criminals to commit unauthorized break-ins.
> We are concerned that Article 6 may prevent, or at least chill,
> such responsible development and use of exploit tools. We ask that
> the treaty be reworded such that this is clearly allowed.
> If, instead, the treaty is used to ban any use of exploit
> tools, we fear
> that this will be very counter-productive. Since computer
> criminals are
> currently largely beyond the reach of effective law enforcement,
> they will not be much impacted by new laws banning their tools.
> However, since legitimate companies and professionals will follow
> any laws that are put in place as a result of this treaty, our
> ability to do our jobs will be severely compromised.
> If we can be of further help in drafting appropriate language,
> please contact us via <Steve>.
>  <More about CVE>
> Stuart Staniford --- President --- Silicon Defense
> (707) 445-4355 (707) 445-4222 (FAX)
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>
-----END PGP SIGNATURE-----