[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Final Draft?
Time delays in my access to email have kept me lurking to date, but I want to add my support. I like this letter very much. Bill Dave Mann wrote: > Gene Spafford wrote: > > The word "since" means "time since" and not causality. > > Great catch!!! > > New Changes: > > * Replaced the word "since" as suggested > - see aragraphs 2 and 5 > > * Further strengthened 2nd sentance in 2nd paragraph > - replaced "the education of ... specialists may be hindered" > with "the education of ... specialists will be hindered" > > Spaf offered: > > I do not believe the letter needs to be further shortened. I think > > it is ready to go. > > I agree. > > -- > ============================================================== > Dave Mann || e-mail: firstname.lastname@example.org > Senior Security Analyst || phone: 508-485-7737 x254 > BindView Corporation || fax: 508-485-0737 > ============================================================== > > Greetings: > > As leading security practitioners, educators, vendors, and users of > information security, we wish to register our misgivings about the > Council of Europe draft treaty on Crime in Cyberspace. > > We are concerned that portions of the proposed treaty may result in > criminalizing techniques and software commonly used to make computer > systems resistant to attack. Signatory states passing legislation to > implement the treaty may endanger the security of their computer > systems because computer users in those countries will not be able to > adequately protect their computer systems and the education of > information protection specialists will be hindered. > > Critical to the protection of computer systems and infrastructure is > the ability to > * Test software for weaknesses > * Verify the presence of defects in computer systems > * Exchange vulnerability information > > System administrators, researchers, consultants and companies all > routinely develop, use, and share software designed to exercise known > and suspected vulnerabilities. Academic institutions use these > tools to educate students and in research to develop improved > defenses. Our combined experience suggests that it is impossible > to reliably distinguish software used in computer crime from that > used for these legitimate purposes. In fact, they are often > identical. > > Currently, article 6 of the draft treaty is vague regarding the use, > distribution, and possession of software that could be used to > violate the security of computer systems. We agree that damaging or > breaking into computer systems is wrong and we unequivocally support > laws against such inappropriate behavior. We affirm that a goal of the > treaty and resulting legislation should be to permit the development > and application of good security measures. However, legislation that > criminalizes security software development, distribution and use > is counter to that goal, as it would adversely impact security > practitioners, researchers, and educators. > > Therefore, we respectfully request that the treaty drafters remove > section a.1 from article 6, and modify section b accordingly; the > articles on computer intrusion and damage (viz., articles 1-5) are > already sufficient to proscribe any improper use of security-related > software or information. > > Please do not hesitate to call on us for technical advice in your > future deliberations. > > Signed, > > <name> > <title> > <affiliation> > > "Organizational affiliations are listed for identification purposes > only, and do not necessarily reflect the official opinion of the > affiliated organization."
begin:vcard n:Hill;William tel;work:703-883-6416 x-mozilla-html:TRUE org:The MITRE Corporation adr:;;1820 Dolley Madison Blvd;McLean;VA;22102; version:2.1 email;internet:email@example.com title:INFOSEC Engineer fn:Bill Hill end:vcard