[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BOARD] Dissenting opinion on CyberCrime treaty statement

First off, I want to thank Marcus for raising the issue.
I suspect this is something like "feeding the poor".  It
may be a goal that we all share while at the same time
disagreeing on how to achieve it.    I think we are all
in raging agreement GOAL that the improper use of attack
tools should be criminalized.

Jim Magdych wrote:
> This goes back to the gun analogy...

It would be interesting to solicit the input from somebody
like a prosecutor who better understands how the law deals with
issues surrounding gun use.  For example, there is a distinction
between robbery and armed robbery.  There are laws regulating the
use and possession of guns like licensing restrictions.  I could
easily see (and support) similar distinctions and restrictions
regarding attack tools.

Gene Spafford wrote:
> There are slippery slope arguments here that suggest that there is no
> clear demarcation line where we can say that everything before is
> okay and after is criminal.   This is especially true in today's
> world of IT.


I am reminded that the idea of CVE was first discussed publicly
at the 2nd Workshop on Research with Security Vulnerability Databases,
which was held by Spaf at COAST in Jan '99.  The keynote, if I recall
correctly, was Bob Abbott, who shared scary stories about documentation
of "bugs" being left on doorsteps in plain manilla envelops under the
cover of night.

At the risk of reopening discussion on the content of the letter,
I note that the current letter read (in part):
  ... We agree that damaging or breaking into computer systems is
  wrong and we unequivocally support laws against such inappropriate
  behavior.  We affirm that a goal of the treaty ...

Perhaps we could strengthen this statement along the lines of:
  ... inappropriate behavior.  In particular, we support the
  criminalization of the use of so-called attack tools when they
  are used in the commission of a cyber crime.  We affirm that a
  goal of the treaty ...


Dave Mann                ||   e-mail:  dmann@bos.bindview.com
Senior Security Analyst  ||    phone:  508-485-7737   x254
BindView Corporation     ||      fax:  508-485-0737

Page Last Updated or Reviewed: May 22, 2007