再保险(板):网络犯罪公约声明反对意见

:首先我想感谢马库斯发人深思的洞察力。我同意他的一些担忧。然而,我认为重要的是要记住这句话的目的是表达关心。目的并不是具体的法律草案也没有创建任何犯罪或犯罪活动的具体定义。这个概念是提高意识。把这一点铭记在心,文档并不完美但我认为它击中目标。斯科特•斯科特•a . LAWLER CISSP国防部CERT“Steven m . Christey”写道:> >:> > Marcus Ranum编辑部非功能性需求的代表,与网络犯罪公约>表示反对意见的声明。>我在这里发帖马库斯的担忧的记录。这>不影响当前活动对获得支持>声明,我们已经决定,这不是一个>“官方”编辑委员会的活动。> >自他的一些问题涉及全>披露的有争议的问题,我鼓励任何潜在的反应这封邮件>小心,避免被“脱轨”这个问题。 There may be better > forums than the Editorial Board mailing list for those sorts of > discussions. > > The concern is with the following text of the statement: > > # System administrators, researchers, consultants and companies all > # routinely develop, use, and share software designed to exercise known > # and suspected vulnerabilities. Academic institutions use these > # tools to educate students and in research to develop improved > # defenses. Our combined experience suggests that it is impossible > # to reliably distinguish software used in computer crime from that > # used for these legitimate purposes. In fact, they are often > # identical. > > And following is Marcus' response, extracted from various email > discussions and approved by him: > > >The statement, as it is drafted, goes contrary to what I believe is > >the inevitable and right progression of legislative events concerning > >hacking/penetration test tools. > > > >While it is difficult to reliably distinguish between attack tools and > >security tools, I believe there are standards of reasonableness that > >can, and _must_ be applied. Too many attack tools are being developed > >and deployed, under the guise of "helping" and "education" - I believe > >that in the long run it is not helpful and is in fact detrimental. > >For example, nmap, by its very design, is intended to defeat certain > >forms of security. Therefore it is not a purely legitimate tool. Some > >may argue that it may still be useful to white hats. That may be true > >- but there are plenty of cases where legitimate tools that may be > >abused are restricted and regulated. I don't have a problem with that > >in this case. > > Others have expressed concerns that if it appears that the Board as a > whole supports this treaty statement, that it may conflict with the > organizational opinions of some parent organizations of Board members. > Marcus effectively agrees with this: > > >I am opposed to participating (and, by extension, NFR > >participating...) in any action that indicates support for further > >dissemenation, usage, teaching about, or otherwise condoning the use > >of hacking tools and techniques. > > - Steve