[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Second draft of CyberCrime Treaty Statement

[The following is a bounced message from Matt Bishop.  I set the
"Reply-To" of this message to his address.  - Steve]

From: bishop@nob.cs.ucdavis.edu  Wed May 10 11:59:10 2000
To: Adam Shostack <adam@HOMEPORT.ORG>
cc: cve-editorial-board-list@lists.mitre.org
cc: bishop@cs.ucdavis.edu
Reply-To: Matt Bishop <bishop@cs.ucdavis.edu>
Subject: Re: Second draft of CyberCrime Treaty Statement
In-reply-to: Your message of Wed, 10 May 2000 10:58:30 -0400.
Date: Wed, 10 May 2000 08:54:42 -0700
From: Matt Bishop <bishop@nob.cs.ucdavis.edu>

Due to grading (not finals -- you're lucky, Spaf, we have 5
weeks in the term to go!) I've been silent.  So here I go.

I like the letter that Steve, Stuart, and Andre wrote. I
do however wish to weigh in with Adam's comments. I do not
think the language in this paragraph is counterproductive:

> If, instead, the treaty is used to ban any use of exploit tools, we
> fear that this will be very counter-productive.  Since computer
> criminals are currently largely beyond the reach of effective law
> enforcement, they will not be much impacted by new laws banning their
> tools.

I would add "However, computer security experts who wish to remain
within the bounds of law will be adversely impacted, as will organizations
who wish to use their services to improve their security." This, on the
theory that we have to hit people who aren't security experts in the
face with the problem.

I also do not think the paragraph:

> We urge that appropriate laws criminalizing the misuse of
> such tools replace the ownership or creation clauses, and further that
> the Council fund research into ways to encourage companies to produce
> more secure software, such as, but not limited to, recinding warranty
> law exemptions, requiring recalls of bad software, etc.

is too controversial. My only concern is that including it might give
the treaty makers the idea that we're in it for funding and not on
principle. If others do not think it will be taken that way, I'd urge its

But I think the letter as is is acceptable (obviously, I'd prefer the sentence
above added!) and would sign it.


------- End of Forwarded Message

Page Last Updated: May 22, 2007