[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v 5.5



Title: RE: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5

ACCEPT


*************************************************************
Paul E. Proctor
Director of Technology
Cybersafe Corporation
6363 Greenwich Drive, Suite 150
San Diego, CA 92122
Tel: (Direct) +619-546-2400 x1312; Fax: +619-546-0590
Email: paul.proctor@cybersafe.com
*************************************************************

    * Steven M. Christey (coley@LINUS.MITRE.ORG) [000512 02:28]:
    > All,
    >
    > Please vote on the current text of the CyberCrime treaty statement,
    > included below, which I've labeled v5.5 (just in case it doesn't turn
    > out to be the "final").  This is *NOT* a vote on how we will present
    > signatures and organizational affiliations, as that issue is still
    > under discussion and can be separated from the actual text.
    >
    > Since the list has been quiet about edits in the last day and a half,
    > this is the only concrete way to be certain that the Board is ready to
    > bless this statement and agree to a "final copy" to use to draw
    > support from outside the Board.
    >
    > Please send one of the following votes to me and Dave Mann
    > (dmann@bindview.com), or to the Editorial Board list:
    >
    > ACCEPT - accept text as recorded
    >
    > MODIFY - make modifications.  Please send any MODIFY votes to the
    >          list.  However, at this time you are strongly urged not to
    >          suggest minor modifications that could be labeled "pedantic
    >          wordsmithing" :-)
    >
    > NOOP - use this if you wish to abstain from voting.
    >
    > REJECT - use this vote at your own risk ;-)
    >
    >
    > It is requested that you send your vote by Tuesday, May 16.  If a
    > "final decision" can be made at that time, I'll announce it.
    >
    > I will gather and count the votes.  Of the 26 organizations
    > represented on the Board, 21 have established that they are aware of
    > this issue.
    >
    > It seems reasonable to require a minimum of 16 ACCEPT votes, which
    > would be 75% of the "active" Board member organizations, and 60% of
    > all Board member organizations.
    >
    > Note that I will be unavailable for all or most of Friday, so if
    > you're voting then, please make sure that Dave Mann knows how you
    > voted.
    >
    > - Steve
    >
    >
    > ************** TEXT of CyberCrime Treaty Statement v5.5 **************
    >
    > Greetings:
    >
    > As leading security practitioners, educators, vendors, and users of
    > information security, we wish to register our misgivings about the
    > Council of Europe draft treaty on Crime in Cyberspace.
    >
    > We are concerned that portions of the proposed treaty may result in
    > criminalizing techniques and software commonly used to make computer
    > systems resistant to attack.  Signatory states passing legislation to
    > implement the treaty may endanger the security of their computer
    > systems because computer users in those countries will not be able to
    > adequately protect their computer systems and the education of
    > information protection specialists will be hindered.
    >
    > Critical to the protection of computer systems and infrastructure is
    > the ability to
    > * Test software for weaknesses
    > * Verify the presence of defects in computer systems
    > * Exchange vulnerability information
    >
    > System administrators, researchers, consultants and companies all
    > routinely develop, use, and share software designed to exercise known
    > and suspected vulnerabilities.  Academic institutions use these
    > tools to educate students and in research to develop improved
    > defenses.  Our combined experience suggests that it is impossible
    > to reliably distinguish software used in computer crime from that
    > used for these legitimate purposes.  In fact, they are often
    > identical.
    >
    > Currently, article 6 of the draft treaty is vague regarding the use,
    > distribution, and possession of software that could be used to
    > violate the security of computer systems.  We agree that damaging or
    > breaking into computer systems is wrong and we unequivocally support
    > laws against such inappropriate behavior.  We affirm that a goal of the
    > treaty and resulting legislation should  be to permit the development
    > and application of good security measures.  However, legislation that
    > criminalizes security software development, distribution and use
    > is counter to that goal, as it would adversely impact security
    > practitioners, researchers, and educators.
    >
    > Therefore, we respectfully request that the treaty drafters remove
    > section a.1 from article 6, and modify section b accordingly; the
    > articles on computer intrusion and damage (viz., articles 1-5) are
    > already sufficient to proscribe any improper use of security-related
    > software or information.
    >
    > Please do not hesitate to call on us for technical advice in your
    > future deliberations.
    >
    > Signed,
    >
    >
    > [** signatures, affiliations, and disclaimers deleted - still under
    > discussion **]


 
Page Last Updated: May 22, 2007