再保险(板):网络犯罪公约声明的地位

我在斯科特。我还注意到,意图证明是不可能的。我们都知道,大多数黑客工具分布eductional目的只有。他们的语言不解决我们的问题。我创建的工具,是为了进入别人的电脑和/或确定计算机安全漏洞。我显然拥有大量的工具满足a1的定义,以及是否我打算做坏事是非常模糊的。我通常还指出,我可以做的非常糟糕的事情大多数网络正常使用命令行工具船的操作系统,那么下一个是什么?将键盘? ? ?或者我的大脑?我现在看到了,先生,你已经被定罪的思维跳出框框… or - "He had net.exe and was thinking bad thoughts, so we hauled him in." Furthermore, I NORMALLY, AS PART OF MY JOB, use tools which really were created with the intent of breaking into things to LEGITIMATELY determine whether systems I am charged with securing are vulnerable, as well as determining whether my own checks actually WORK properly. The treaty needs to EXPLICITLY allow for white hat activities and research. Also just read Elias' response, and agree with that as well. I am not especially disturbed by MITRE discussing it with whoever they feel like they should, but I don't appreciate this being done without notifying everyone else involved. We should have been informed, and part of the discussion. > -----Original Message----- > From: Scott Blake [mailto: blake@BOS.BINDVIEW.COM]>发送:星期一,2000年6月26日下午3:09 >:cve-editorial-board-list@lists.mitre.org >主题:RE:网络犯罪公约(董事会)状态的声明> > >我理解正确,斜方不再愿意主办>网站,即使董事会希望进行>语句呢?同时,>斜方人员不再支持声明吗?> >我不同意司法部的评估。我们的立场>不是>条约将直接导致定罪的我们的工作。>,我们(我的理解)是提高误解的关注> >的潜力。一些职员在司法部向斜方的企业>顾问保证这不是意图的变化到底是什么在我的脑海里。> >我也多一点关心和司法部正在讨论此响应> >斜接。但我把它留给另一个咆哮。> > - - - - - - >斯科特·布莱克blake@bos.bindview.com >安全项目经理+ 1-508-485-7737 x218 > BindView公司手机:+ 1-508-353-0269 > > > > - - - - - - - - - - - > >从原始信息:owner-cve-editorial-board-list@lists.mitre.org > > (mailto: owner-cve-editorial-board-list@lists.mitre.org]代表> > Steven m . Christey > >发送:周一,6月26日,2000年开场后点> >:spaf@CERIAS.PURDUE。EDU > > Cc: cve-editorial-board-list@lists.mitre.org;ptasker@MITRE.ORG;> > gjg@MITRE.ORG;ramartin@MITRE。ORG > >主题(板):网络犯罪公约的状态声明> > > > > >,> > > > Spaf问及网络犯罪公约>语句的状态。下面从加里Gagnon > >是一个更新,紧随其后的是我们的描述> >下一步:> > > > >我们已经完成了网站准备公开发布。>我们> > >与律师讨论这个验证我们对条约> > >的理解和关注。此外,我们还讨论了> > > >与重要的政府人员的担忧。上周五,横切的企业> > >律师,我跟玛莎Stansell-Gamm,美国司法部的> > > >科长负责美国代表团起草条约> > >。司法部已经说服我和我们的律师,起草人条约> > >充分解决这一问题。 In particular, Article 6 has > >>two section "a", both of which must hold true to be a criminal > >>offense (emphasis added): > >> > >> "Each Party shall adopt such legislative and other > measures as may be > >> necessary to establish as criminal offences under its domestic law > >> when committed intentionally and without right: > >> > >> > >> a.THE PRODUCTION, SALE, PROCUREMENT FOR USE, IMPORT, > DISTRIBUTION OR > >> OTHERWISE MAKING AVAILABLE OF: > >> > >> 1.a device, including a computer program, designed or adapted > >> [specifically] [primarily] [particularly] for the purpose of > >> committing any of the offences established in accordance with > >> Article 2 – 5; > >> > >> 2.a computer password, access code, or similar data by which the > >> whole or any part of a computer system is capable of > being accessed > >> with intent that it be used for the purpose of committing the > >> offences established in Articles 2 - 5; > >> > >> a.the possession of an item referred to in paragraphs > (a)(1) and (2) > >> above, WITH INTENT THAT IT BE USED FOR THE PURPOSE OF > COMMITTING THE > >> OFFENSES ESTABLISHED IN ARTICLES 2 -5. A party may require by law > >> that a number of such items be possessed before criminal > liability > >> attaches. " > >> > >>The way this was explained to me is that the possession (production, > >>sale, distribution, etc) with the intent to commit the offenses is > >>what the treaty is recommending become a crime consistent across the > >>member nations. DoJ recognized the difficulty proving the intent > >>portion of this treaty language. In addition, I have re-read the > >>summary of concerns by the CVE Editorial Board, and feel > that based on > >>the above the treaty language appropriately addressed them. > >> > >>Therefore, based on this legal review of the treaty language as well > >>as personnel discussions with DoJ, we no longer feel this > issue is of > >>grave concern to security professional community. We would > recommend > >>to NOT go forward with the letter and signature collection. > > > > > >However, we recognize that some Editorial Board members may > still wish > >to move ahead with the statement, independently of DoJ's assurances > >that such a treaty would not result in the criminalization of "white > >hat" security activities. > > > >To this end, we are doing the following: > > > >1) We have scheduled a more detailed conversation with Gene Spafford > > on Tuesday afternoon. > > > >2) We will be packaging the web site up for transition to Gene > > Spafford, who will take over the effort in the event that Board > > members want to move forward with the statement. > > > > > >More details will be available after our conversation with Spaf. > > > >- Steve > > >