|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- To: "Steven M. Christey" <coley@linus.mitre.org>
- Subject: Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- From: Bill Hill <bill@mitre.org>
- Date: Fri, 12 May 2000 15:51:53 +0100
- CC: cve-editorial-board-list@lists.mitre.org
- Delivery-Date: Fri May 12 15:52:24 2000
- Organization: The MITRE Corporation
- References: <200005120228.WAA28981@basie.mitre.org>
ACCEPT. "Steven M. Christey" wrote: > All, > > Please vote on the current text of the CyberCrime treaty statement, > included below, which I've labeled v5.5 (just in case it doesn't turn > out to be the "final"). This is *NOT* a vote on how we will present > signatures and organizational affiliations, as that issue is still > under discussion and can be separated from the actual text. > > Since the list has been quiet about edits in the last day and a half, > this is the only concrete way to be certain that the Board is ready to > bless this statement and agree to a "final copy" to use to draw > support from outside the Board. > > Please send one of the following votes to me and Dave Mann > (dmann@bindview.com), or to the Editorial Board list: > > ACCEPT - accept text as recorded > > MODIFY - make modifications. Please send any MODIFY votes to the > list. However, at this time you are strongly urged not to > suggest minor modifications that could be labeled "pedantic > wordsmithing" :-) > > NOOP - use this if you wish to abstain from voting. > > REJECT - use this vote at your own risk ;-) > > It is requested that you send your vote by Tuesday, May 16. If a > "final decision" can be made at that time, I'll announce it. > > I will gather and count the votes. Of the 26 organizations > represented on the Board, 21 have established that they are aware of > this issue. > > It seems reasonable to require a minimum of 16 ACCEPT votes, which > would be 75% of the "active" Board member organizations, and 60% of > all Board member organizations. > > Note that I will be unavailable for all or most of Friday, so if > you're voting then, please make sure that Dave Mann knows how you > voted. > > - Steve > > ************** TEXT of CyberCrime Treaty Statement v5.5 ************** > > Greetings: > > As leading security practitioners, educators, vendors, and users of > information security, we wish to register our misgivings about the > Council of Europe draft treaty on Crime in Cyberspace. > > We are concerned that portions of the proposed treaty may result in > criminalizing techniques and software commonly used to make computer > systems resistant to attack. Signatory states passing legislation to > implement the treaty may endanger the security of their computer > systems because computer users in those countries will not be able to > adequately protect their computer systems and the education of > information protection specialists will be hindered. > > Critical to the protection of computer systems and infrastructure is > the ability to > * Test software for weaknesses > * Verify the presence of defects in computer systems > * Exchange vulnerability information > > System administrators, researchers, consultants and companies all > routinely develop, use, and share software designed to exercise known > and suspected vulnerabilities. Academic institutions use these > tools to educate students and in research to develop improved > defenses. Our combined experience suggests that it is impossible > to reliably distinguish software used in computer crime from that > used for these legitimate purposes. In fact, they are often > identical. > > Currently, article 6 of the draft treaty is vague regarding the use, > distribution, and possession of software that could be used to > violate the security of computer systems. We agree that damaging or > breaking into computer systems is wrong and we unequivocally support > laws against such inappropriate behavior. We affirm that a goal of the > treaty and resulting legislation should be to permit the development > and application of good security measures. However, legislation that > criminalizes security software development, distribution and use > is counter to that goal, as it would adversely impact security > practitioners, researchers, and educators. > > Therefore, we respectfully request that the treaty drafters remove > section a.1 from article 6, and modify section b accordingly; the > articles on computer intrusion and damage (viz., articles 1-5) are > already sufficient to proscribe any improper use of security-related > software or information. > > Please do not hesitate to call on us for technical advice in your > future deliberations. > > Signed, > > [** signatures, affiliations, and disclaimers deleted - still under > discussion **]
begin:vcard n:Hill;William tel;work:703-883-6416 x-mozilla-html:TRUE org:The MITRE Corporation adr:;;1820 Dolley Madison Blvd;McLean;VA;22102; version:2.1 email;internet:bill@mitre.org title:INFOSEC Engineer fn:Bill Hill end:vcard
S/MIME Cryptographic Signature
- References:
- [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- From: "Steven M. Christey" <coley@linus.mitre.org>
- [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Prev by Date: Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Next by Date: Re: v 5.4 - from Dave Mann
- Prev by thread: Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Next by thread: RE: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Index(es):