[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [BOARD] Status of CyberCrime treaty statement

Do I understand correctly that MITRE is no longer willing to host the
website, even if the Board wishes to proceed with the statement?  Also,
will MITRE personnel no longer endorse the statement?

I have to disagree with the DoJ's assessment.  Our position was not that
the treaty would lead directly to the criminalization of our jobs.
Rather, we (as I understand it) are raising a concern about the potential
for misinterpretation.  Some staffer at DoJ assuring MITRE's corporate
counsel that that's not the intent changes exactly nothing in my mind.

I'm also more than a little concerned about this response being discussed
with DoJ by MITRE.  But I'll leave that for another rant.

Scott Blake                                   blake@bos.bindview.com
Security Program Manager                        +1-508-485-7737 x218
BindView Corporation                           Cell: +1-508-353-0269

>-----Original Message-----
>From: owner-cve-editorial-board-list@lists.mitre.org
>[mailto:owner-cve-editorial-board-list@lists.mitre.org]On Behalf Of
>Steven M. Christey
>Sent: Monday, June 26, 2000 4:07 PM
>Cc: cve-editorial-board-list@lists.mitre.org; ptasker@MITRE.ORG;
>gjg@MITRE.ORG; ramartin@MITRE.ORG
>Subject: [BOARD] Status of CyberCrime treaty statement
>Spaf asked about the status of the CyberCrime treaty statement.  Below
>is an update from Gary Gagnon, followed by a description of what we
>will do next:
>>We have completed the web site ready for public release.  We have been
>>discussing this with attorneys to validate our understanding of the
>>treaty and concerns.  In addition, we have also discussed our concerns
>>with key government personnel.  This past Friday, MITRE's corporate
>>attorney and I spoke to Martha Stansell-Gamm, the US Department of
>>Justice Section Chief responsible for the US delegations drafting the
>>treaty.  DoJ has convinced me and our attorney that treaty drafters
>>have adequately addressed this issue.  In particular, Article 6 has
>>two section "a", both of which must hold true to be a criminal
>>offense (emphasis added):
>>  "Each Party shall adopt such legislative and other measures as may be
>>  necessary to establish as criminal offences under its domestic law
>>  when committed intentionally and without right:
>>    1.a device, including a computer program, designed or adapted
>>    [specifically] [primarily] [particularly] for the purpose of
>>    committing any of the offences established in accordance with
>>    Article 2 – 5;
>>    2.a computer password, access code, or similar data by which the
>>    whole or any part of a computer system is capable of being accessed
>>    with intent that it be used for the purpose of committing the
>>    offences established in Articles 2 - 5;
>>   a.the possession of an item referred to in paragraphs (a)(1) and (2)
>>   OFFENSES ESTABLISHED IN ARTICLES 2 -5. A party may require by law
>>   that a number of such items be possessed before criminal liability
>>   attaches. "
>>The way this was explained to me is that the possession (production,
>>sale, distribution, etc) with the intent to commit the offenses is
>>what the treaty is recommending become a crime consistent across the
>>member nations.  DoJ recognized the difficulty proving the intent
>>portion of this treaty language.  In addition, I have re-read the
>>summary of concerns by the CVE Editorial Board, and feel that based on
>>the above the treaty language appropriately addressed them.
>>Therefore, based on this legal review of the treaty language as well
>>as personnel discussions with DoJ, we no longer feel this issue is of
>>grave concern to security professional community.  We would recommend
>>to NOT go forward with the letter and signature collection.
>However, we recognize that some Editorial Board members may still wish
>to move ahead with the statement, independently of DoJ's assurances
>that such a treaty would not result in the criminalization of "white
>hat" security activities.
>To this end, we are doing the following:
>1) We have scheduled a more detailed conversation with Gene Spafford
>   on Tuesday afternoon.
>2) We will be packaging the web site up for transition to Gene
>   Spafford, who will take over the effort in the event that Board
>   members want to move forward with the statement.
>More details will be available after our conversation with Spaf.
>- Steve

Page Last Updated or Reviewed: May 22, 2007