[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CVEPRI] Please Vote on Text of CyberCrime Treaty Statement v5.5

ACCEPT

This is an excellent document.  I think it clearly captures our view and
covers the issues well.  Kudos  to those of you who labored over it.

Scott

SCOTT A. LAWLER, CISSP
DOD CERT

"Steven M. Christey" wrote:
>
> All,
>
> Please vote on the current text of the CyberCrime treaty statement,
> included below, which I've labeled v5.5 (just in case it doesn't turn
> out to be the "final").  This is *NOT* a vote on how we will present
> signatures and organizational affiliations, as that issue is still
> under discussion and can be separated from the actual text.
>
> Since the list has been quiet about edits in the last day and a half,
> this is the only concrete way to be certain that the Board is ready to
> bless this statement and agree to a "final copy" to use to draw
> support from outside the Board.
>
> Please send one of the following votes to me and Dave Mann
> (dmann@bindview.com), or to the Editorial Board list:
>
> ACCEPT - accept text as recorded
>
> MODIFY - make modifications.  Please send any MODIFY votes to the
>          list.  However, at this time you are strongly urged not to
>          suggest minor modifications that could be labeled "pedantic
>          wordsmithing" :-)
>
> NOOP - use this if you wish to abstain from voting.
>
> REJECT - use this vote at your own risk ;-)
>
> It is requested that you send your vote by Tuesday, May 16.  If a
> "final decision" can be made at that time, I'll announce it.
>
> I will gather and count the votes.  Of the 26 organizations
> represented on the Board, 21 have established that they are aware of
> this issue.
>
> It seems reasonable to require a minimum of 16 ACCEPT votes, which
> would be 75% of the "active" Board member organizations, and 60% of
> all Board member organizations.
>
> Note that I will be unavailable for all or most of Friday, so if
> you're voting then, please make sure that Dave Mann knows how you
> voted.
>
> - Steve
>
> ************** TEXT of CyberCrime Treaty Statement v5.5 **************
>
> Greetings:
>
> As leading security practitioners, educators, vendors, and users of
> information security, we wish to register our misgivings about the
> Council of Europe draft treaty on Crime in Cyberspace.
>
> We are concerned that portions of the proposed treaty may result in
> criminalizing techniques and software commonly used to make computer
> systems resistant to attack.  Signatory states passing legislation to
> implement the treaty may endanger the security of their computer
> systems because computer users in those countries will not be able to
> adequately protect their computer systems and the education of
> information protection specialists will be hindered.
>
> Critical to the protection of computer systems and infrastructure is
> the ability to
> * Test software for weaknesses
> * Verify the presence of defects in computer systems
> * Exchange vulnerability information
>
> System administrators, researchers, consultants and companies all
> routinely develop, use, and share software designed to exercise known
> and suspected vulnerabilities.  Academic institutions use these
> tools to educate students and in research to develop improved
> defenses.  Our combined experience suggests that it is impossible
> to reliably distinguish software used in computer crime from that
> used for these legitimate purposes.  In fact, they are often
> identical.
>
> Currently, article 6 of the draft treaty is vague regarding the use,
> distribution, and possession of software that could be used to
> violate the security of computer systems.  We agree that damaging or
> breaking into computer systems is wrong and we unequivocally support
> laws against such inappropriate behavior.  We affirm that a goal of the
> treaty and resulting legislation should  be to permit the development
> and application of good security measures.  However, legislation that
> criminalizes security software development, distribution and use
> is counter to that goal, as it would adversely impact security
> practitioners, researchers, and educators.
>
> Therefore, we respectfully request that the treaty drafters remove
> section a.1 from article 6, and modify section b accordingly; the
> articles on computer intrusion and damage (viz., articles 1-5) are
> already sufficient to proscribe any improper use of security-related
> software or information.
>
> Please do not hesitate to call on us for technical advice in your
> future deliberations.
>
> Signed,
>
> [** signatures, affiliations, and disclaimers deleted - still under
> discussion **]
Page Last Updated or Reviewed: May 22, 2007