Re: Cybercrime treaty

[Matt Bishop <bishop@nob.cs.ucdavis.edu>]

I think I'll wade in here ...

I agree that the idea is silly. It's also very chilling -- I think
Stuart struck the right note when he said that it hobbles us
without affecting the malevolent ones. I'll leave it at that, in
order to spare you all my diatribes against those with power
deciding what is an "illegal access" (Article 2 itself is quite
chilling -- what does "other dishonest intent" mean?)

And by the way, if you think 6a1 is bad, check out 6a2. -- kiss
crack, johntheripper, etc. goodbye. And merely POSSESSING these
seems to be illegal, under 6b (they mislabeled it a; it's the
second a).

Example: my classes in computer security regularly do penetration
exercises on systems I control (they are having fun with a Windows
2000 box now :-)). As part of the exercise, they need to determine
if particular vulnerabilities exist, and the use of attack tools
is one way to do this. (There are others, and they try other means
first; we spend a fair amount of time hammering on ethics, too.)
But as I read what should be 6b, this means if they do write these
tools, they become criminals. Am I being to apocalyptic here? Someone,
please tell me I am!

That old 70's radical,

Matt

PS: One thing, David -- if I remember my political science class
taken umptiddy-ump years ago, treaties in the US are at
the same level as the Constitution, so I'm not sure that the
US federal courts would accept an argument that restricting this
technology (break-in programs) is unconsititutional -- the issue
arose during the court cases about the seizure of Iranian
assets in the 1980s, and the US Government's efforts to return
(some of) the assets. The leinholders hollared bloody murder, but
-- if I remember correctly -- the US Supreme Court said too bad.
Any lawyers (or computer scientists who play lawyers on the web :-))
know if I'm completely off base here?