RE: Cybercrime treaty

[David LeBlanc <dleblanc@microsoft.com>]

> Russ wrote:
> >
> > IMO, we should do nothing but prepare for a demonstration
> case where one (or
> > more of us) are the defendants.
>
> Russ - this is a treaty.  That means every country will come up with
> their own legal implementation.  When they prosecute you in
> Canada, for
> example, the resulting precedent will do nothing for us in the U.S.
> (It's actually a council of Europe treaty, but apparently the
> US DOJ has
> taken a strong role in drafting it).  And if the treaty
> starts out with
> dumb provisions, it will be very hard not to end up with dumb
> provisions
> in all the implementing legislations in individual countries.

I agree 100% with Stuart.  It is a lot easier to change things like this in
the early stages, and a well-reasoned response from a respected group could
have some strong effects.  We're also not without some political resources
among our own group - for example, Sen. Nunn is on ISS' board.

> > If we shot this down what will come afterwards? If we're
> listened to, what
> > would prefer it to say?

> How about making it a crime to distribute an exploit script without
> first giving two weeks notice to affected vendors?
>
> Think of this: if it was in an international treaty, you wouldn't have
> to defend your policy on NTBugtraq :-)

ROTFL.

OK, let's get serious about this - what ought it say?  Why shouldn't it say
what it does? Let's come up with a reasoned response that the people who are
doing this will listen to.