[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- To: "'Steven M. Christey'" <coley@mitre.org>, <cve-editorial-board-list@lists.mitre.org>
- Subject: RE: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- From: "Ken Armstrong" <karmstrong@ewa-canada.com>
- Date: Mon, 15 May 2000 08:00:14 -0400
- Cc: "Work \(E-mail\)" <karmstrong@ewa-canada.com>
- Delivery-Date: Mon May 15 08:02:38 2000
- Importance: Normal
- In-Reply-To: <200005120228.WAA28981@basie.mitre.org>
ACCEPT | -----Original Message----- | From: owner-cve-editorial-board-list@lists.mitre.org | [mailto:owner-cve-editorial-board-list@lists.mitre.org]On Behalf Of | Steven M. Christey | Sent: Thursday, May 11, 2000 10:29 PM | To: cve-editorial-board-list@lists.mitre.org | Subject: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement | v5.5 | | | All, | | Please vote on the current text of the CyberCrime treaty statement, | included below, which I've labeled v5.5 (just in case it doesn't turn | out to be the "final"). This is *NOT* a vote on how we will present | signatures and organizational affiliations, as that issue is still | under discussion and can be separated from the actual text. | | Since the list has been quiet about edits in the last day and a half, | this is the only concrete way to be certain that the Board is ready to | bless this statement and agree to a "final copy" to use to draw | support from outside the Board. | | Please send one of the following votes to me and Dave Mann | (dmann@bindview.com), or to the Editorial Board list: | | ACCEPT - accept text as recorded | | MODIFY - make modifications. Please send any MODIFY votes to the | list. However, at this time you are strongly urged not to | suggest minor modifications that could be labeled "pedantic | wordsmithing" :-) | | NOOP - use this if you wish to abstain from voting. | | REJECT - use this vote at your own risk ;-) | | | It is requested that you send your vote by Tuesday, May 16. If a | "final decision" can be made at that time, I'll announce it. | | I will gather and count the votes. Of the 26 organizations | represented on the Board, 21 have established that they are aware of | this issue. | | It seems reasonable to require a minimum of 16 ACCEPT votes, which | would be 75% of the "active" Board member organizations, and 60% of | all Board member organizations. | | Note that I will be unavailable for all or most of Friday, so if | you're voting then, please make sure that Dave Mann knows how you | voted. | | - Steve | | | ************** TEXT of CyberCrime Treaty Statement v5.5 ************** | | Greetings: | | As leading security practitioners, educators, vendors, and users of | information security, we wish to register our misgivings about the | Council of Europe draft treaty on Crime in Cyberspace. | | We are concerned that portions of the proposed treaty may result in | criminalizing techniques and software commonly used to make computer | systems resistant to attack. Signatory states passing legislation to | implement the treaty may endanger the security of their computer | systems because computer users in those countries will not be able to | adequately protect their computer systems and the education of | information protection specialists will be hindered. | | Critical to the protection of computer systems and infrastructure is | the ability to | * Test software for weaknesses | * Verify the presence of defects in computer systems | * Exchange vulnerability information | | System administrators, researchers, consultants and companies all | routinely develop, use, and share software designed to exercise known | and suspected vulnerabilities. Academic institutions use these | tools to educate students and in research to develop improved | defenses. Our combined experience suggests that it is impossible | to reliably distinguish software used in computer crime from that | used for these legitimate purposes. In fact, they are often | identical. | | Currently, article 6 of the draft treaty is vague regarding the use, | distribution, and possession of software that could be used to | violate the security of computer systems. We agree that damaging or | breaking into computer systems is wrong and we unequivocally support | laws against such inappropriate behavior. We affirm that a | goal of the | treaty and resulting legislation should be to permit the development | and application of good security measures. However, legislation that | criminalizes security software development, distribution and use | is counter to that goal, as it would adversely impact security | practitioners, researchers, and educators. | | Therefore, we respectfully request that the treaty drafters remove | section a.1 from article 6, and modify section b accordingly; the | articles on computer intrusion and damage (viz., articles 1-5) are | already sufficient to proscribe any improper use of security-related | software or information. | | Please do not hesitate to call on us for technical advice in your | future deliberations. | | Signed, | | | [** signatures, affiliations, and disclaimers deleted - still under | discussion **]
- References:
- [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- From: "Steven M. Christey" <coley@linus.mitre.org>
- [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Prev by Date: Re: v 5.4 - from Dave Mann
- Next by Date: Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Prev by thread: Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Next by thread: Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5
- Index(es):
