[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Gene Spafford wrote: > The word "since" means "time since" and not causality. Great catch!!! New Changes: * Replaced the word "since" as suggested - see aragraphs 2 and 5 * Further strengthened 2nd sentance in 2nd paragraph - replaced "the education of ... specialists may be hindered" with "the education of ... specialists will be hindered" Spaf offered: > I do not believe the letter needs to be further shortened. I think > it is ready to go. I agree. -- ============================================================== Dave Mann || e-mail: email@example.com Senior Security Analyst || phone: 508-485-7737 x254 BindView Corporation || fax: 508-485-0737 ============================================================== Greetings: As leading security practitioners, educators, vendors, and users of information security, we wish to register our misgivings about the Council of Europe draft treaty on Crime in Cyberspace. We are concerned that portions of the proposed treaty may result in criminalizing techniques and software commonly used to make computer systems resistant to attack. Signatory states passing legislation to implement the treaty may endanger the security of their computer systems because computer users in those countries will not be able to adequately protect their computer systems and the education of information protection specialists will be hindered. Critical to the protection of computer systems and infrastructure is the ability to * Test software for weaknesses * Verify the presence of defects in computer systems * Exchange vulnerability information System administrators, researchers, consultants and companies all routinely develop, use, and share software designed to exercise known and suspected vulnerabilities. Academic institutions use these tools to educate students and in research to develop improved defenses. Our combined experience suggests that it is impossible to reliably distinguish software used in computer crime from that used for these legitimate purposes. In fact, they are often identical. Currently, article 6 of the draft treaty is vague regarding the use, distribution, and possession of software that could be used to violate the security of computer systems. We agree that damaging or breaking into computer systems is wrong and we unequivocally support laws against such inappropriate behavior. We affirm that a goal of the treaty and resulting legislation should be to permit the development and application of good security measures. However, legislation that criminalizes security software development, distribution and use is counter to that goal, as it would adversely impact security practitioners, researchers, and educators. Therefore, we respectfully request that the treaty drafters remove section a.1 from article 6, and modify section b accordingly; the articles on computer intrusion and damage (viz., articles 1-5) are already sufficient to proscribe any improper use of security-related software or information. Please do not hesitate to call on us for technical advice in your future deliberations. Signed, <name> <title> <affiliation> "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization."