RE: 5 - 6——网络犯罪公约草案声明

重发为v6戴夫曼-编辑的要求包括在[]。前注意了,这样你就可以明白我的改变。> >非常小的变化[]——一个引人注目的“next >的一代”,因为更古老的安全专家需要>教育,另一个添加‘授权’这个词>最后一段强调旁边。>亲爱的<公约起草者>我们是一群的安全专家参与共同弱点和风险敞口倡议。这个项目是一个合作广泛的计算机安全专家和负责公司开发一套共同的行业名称的许多不同的漏洞在计算机系统。因此,我们代表的工作计算机安全漏洞的技术社区。专家、教育者和从业人员的信息安全,我们希望注册我们的担忧欧洲理事会的条约草案犯罪在网络空间。部分提出条约可能导致criminializing实践和工具通常用于制造计算机系统抗攻击。如果签署州通过立法来实现条约,他们会危及他们的计算机系统的安全,因为专业人员将无法充分保护这些系统。他们也会阻碍信息保护的教育专家。 Critical to the protection of computer systems and infrastructure is the ability to test software for new vulnerabilitities, determine the presence of known vulnerabilities in existing systems, and exchange information about such vulnerabilities. Professionals and companies routinely develop, use, and share tools designed to exploit vulnerabilities. Commercial tools for system administrators and security experts include these exploit tools. Academic institutions use these tools and techniques to educate students and in research to develop new and better defenses. Our experience convinces us that impossible to reliably distinguish between tools used in computer crime and instances of tools used for the legitimate purposes described above. Article 6 of the treat is vague with respect to issues of use, distribution, or possession of software that could be used to violate the security of computer systems. Enabling legislation that criminalized tools or their uses would affect practitioners, researchers, and teachers, and would slow the important progress of computer security research. We agree that breaking into computer systems is wrong. But, we do not want the treaty, and the resulting legislation, to impede the development and application of good security measures. We are strongly in favor of criminalizing inappropriate behavior, but we urge the Council to avoid criminalizing the development, authorized use, and distribution of tools that are important to professionals -- in commerce, academia, and government -- who are working to prevent misuse. We ask that the treaty drafters specifically recognize the legitimate and important role that the creation and public dissemination of demonstration code plays in advancing the information security field. Moreover, we urge that appropriate laws criminalizing the misuse of such tools replace the ownership or creation clauses of the treaty. Signed,   "Organizational affiliations are listed for identification purposes only, and do not necessarily reflect the official opinion of the affiliated organization."