4日的网络犯罪公约草案声明

所有,这是第四削减在草案。1)这个版本试图合并Spaf与我之前的评论,更短的版本。2)关于责任在我没有把语言/马特主教的言论1)保持简洁和2)有助于防止异化的人来说,它仍然是一个有争议的话题。3)我将敦促其他人简单地发布自己的修改是什么下面而不是做评论。同时使言论更容易,它需要别人合并编辑。4)我个人的感觉是,目前的草案是危险的,应该被缩短。如果别人可以修补它修剪它,我感觉它将加强。戴夫* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *亲爱的<公约起草者>我们是一群的安全专家参与共同弱点和风险敞口倡议。这个项目是一个合作广泛的计算机安全专家和负责公司开发一套共同的行业名称的许多不同的漏洞在计算机系统。因此,我们代表的截面技术社区工作的计算机安全漏洞。 As experts, educators, and practitioners of information security, we wish to register our concerns about the Council of Europe draft treaty on Crime in Cyberspace. In brief, we believe that the portions of the proposed treaty are vague or counter to accepted practice. The wording may actually result in criminalizing behavior and tools that are commonly used in education, research and the protection of computer systems. If member states implement the provisions of the treaty and supporting legislation, the result is likely to be a reduction in the overall security and protection of computer systems in those locations. In particular, we find Article 6 to be vague with respect to issues of use, distribution, or possession of software that could be used to violate the security of computer systems. We note that it is critically important to the advancement of science and engineering techniques for computer security professionals to be able to test software for new vulnerabilitities, determine the presence of known vulnerabilities in existing systems, and exchange information about such vulnerabilities with each other. Therefore, most professionals and companies in this field routinely develop, use, and share scripts and programs designed to exploit vulnerabilities. These exploits are often included in commercial tools used by systems administrators and security experts to test the security of their systems. Academic institutions also use these tools and techniques in education of students and in research efforts to develop new and better defenses. Our experience has shown that it is impossible to reliably distinguish between instances of tools used in computer crime from instances of tools used for the legitimate purposes described above. Furthermore, important tools and techniques are regularly published by previously unknown individuals or groups. To criminalize their research and educational activities would be to slow the important progress of computer security research. We do not intend to challenge the idea that breaking into computer systems is wrong. But, we are very concerned that the draft treaty, and legislation that might flow from it, not be drafted so as to impede the development and application of good security measures. We are strongly in favor of criminalizing inappropriate behavior, but we urge the Council to avoid criminalizing the development, use, and distribution of tools that are important to professionals -- in commerce, academia, and government -- who are working to prevent misuse. We ask that the treaty drafters specifically recognize the legitimate and important role that the creation and public dissemination of demonstration code plays in advancing the information security field. Moreover, we urge that appropriate laws criminalizing the misuse of such tools replace the ownership or creation clauses of the treaty. Signed,   "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization."