[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- To: cve-editorial-board-list@lists.mitre.org
- Subject: Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- From: Dave Mann <dmann@bindview.com>
- Date: Thu, 08 Jun 2000 10:26:40 -0400
- Delivery-Date: Thu Jun 8 10:29:41 2000
- References: <200006080158.VAA23526@basie.mitre.org> <p0432046cb564dd6bc04b@[128.10.253.66]>
- Sender: owner-cve-editorial-board-list@lists.mitre.org
First off, I want to thank Marcus for raising the issue. I suspect this is something like "feeding the poor". It may be a goal that we all share while at the same time disagreeing on how to achieve it. I think we are all in raging agreement GOAL that the improper use of attack tools should be criminalized. Jim Magdych wrote: > This goes back to the gun analogy... It would be interesting to solicit the input from somebody like a prosecutor who better understands how the law deals with issues surrounding gun use. For example, there is a distinction between robbery and armed robbery. There are laws regulating the use and possession of guns like licensing restrictions. I could easily see (and support) similar distinctions and restrictions regarding attack tools. Gene Spafford wrote: > There are slippery slope arguments here that suggest that there is no > clear demarcation line where we can say that everything before is > okay and after is criminal. This is especially true in today's > world of IT. Indeed. I am reminded that the idea of CVE was first discussed publicly at the 2nd Workshop on Research with Security Vulnerability Databases, which was held by Spaf at COAST in Jan '99. The keynote, if I recall correctly, was Bob Abbott, who shared scary stories about documentation of "bugs" being left on doorsteps in plain manilla envelops under the cover of night. At the risk of reopening discussion on the content of the letter, I note that the current letter read (in part): ... We agree that damaging or breaking into computer systems is wrong and we unequivocally support laws against such inappropriate behavior. We affirm that a goal of the treaty ... Perhaps we could strengthen this statement along the lines of: ... inappropriate behavior. In particular, we support the criminalization of the use of so-called attack tools when they are used in the commission of a cyber crime. We affirm that a goal of the treaty ... Dave -- ============================================================== Dave Mann || e-mail: dmann@bos.bindview.com Senior Security Analyst || phone: 508-485-7737 x254 BindView Corporation || fax: 508-485-0737
- Follow-Ups:
- Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- From: Gene Spafford <spaf@cerias.purdue.edu>
- Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- References:
- [BOARD] Dissenting opinion on CyberCrime treaty statement
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- From: Gene Spafford <spaf@cerias.purdue.edu>
- [BOARD] Dissenting opinion on CyberCrime treaty statement
- Prev by Date: Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- Next by Date: Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- Prev by thread: Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- Next by thread: Re: [BOARD] Dissenting opinion on CyberCrime treaty statement
- Index(es):
