Re: [BOARD] Status of CyberCrime treaty statement

To: David LeBlanc <dleblanc@microsoft.com>
Subject: Re: [BOARD] Status of CyberCrime treaty statement
From: Adam Shostack <adam@HOMEPORT.ORG>
Date: Tue, 27 Jun 2000 14:06:26 -0400
Cc: "'Marcus J. Ranum'" <mjr@nfr.net>, "'Scott Blake'" <blake@BOS.BINDVIEW.COM>, cve-editorial-board-list@lists.mitre.org
Delivery-Date: Tue Jun 27 14:03:07 2000
In-Reply-To: <C183CC073051D31184DA0008C707BBF00CE1B3DD@RED-MSG-41>
References: <C183CC073051D31184DA0008C707BBF00CE1B3DD@RED-MSG-41>
Sender: owner-cve-editorial-board-list@lists.mitre.org

On Tue, Jun 27, 2000 at 10:30:53AM -0700, David LeBlanc wrote:
| Right, which is why the wisest course is to regulate conduct. It is quite
| possible to define "system that doesn't belong to me" and "attack".  Once
| you start getting into the question of tools, we start dealing with vague
| clauses that are left open to interpretation, trampling of free speech
| rights, and the possibility of putting legal barriers in the way of people
| who are trying to protect you. After all, we're likely to pay attention to
| the laws.
|
| For example, a coat hanger can be used to break into cars. Mechanics quite
| often possess a "slim jim" set which are sophisticated coat hangers. We
| don't have laws against possession of these objects, whether the person
| possessing them has criminal intent or not. USING these objects on a vehicle
| where you do not have permission from the owner IS illegal and rightfully
| so. Planning to use the objects in a criminal manner is conspiracy and is
| also illegal.  Possession of the objects may be considered evidence, but it
| is NOT illegal.

Actually, it is in some states.  But I think that we're way off topic,
and would like to suggest that Steve is working on finding a good home
for those of us who would like to make a statement in public about the
treaty, and our energies are better spent finding additional respected
signers for the document that many editorial board members want to
sign.

The board as a group, I think, should consider if we want to create
guidelines for speaking as a group in public in the future, and
perhaps consider addressing the mission of the CVE in other ways.

Adam


| These types of crimes are no different, and should not be treated any
| differently.  I would really find it onerous to have to go check with legal
| every time I hit the compile button, and that's where we're headed.
|
| > -----Original Message-----
| > From: Marcus J. Ranum [mailto:mjr@nfr.net]
| > Sent: Tuesday, June 27, 2000 6:51 AM
| > To: David LeBlanc; 'Scott Blake';
| > cve-editorial-board-list@lists.mitre.org
| > Subject: RE: [BOARD] Status of CyberCrime treaty statement
| >
| >
| >
| > >The treaty needs to EXPLICITLY allow for white hat
| > activities and research.
| >
| > That's also impossible to define such as not to allow loopholes.
| >
| > mjr.
| >
| > -----
| > Marcus J. Ranum
| > Chief Technology Officer, Network Flight Recorder, Inc.
| > Work:                  http://www.nfr.net
| > Personal:              http://pubweb.nfr.net/~mjr
| >

--
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Follow-Ups:
- Re: [BOARD] Status of CyberCrime treaty statement
  - From: "Andy Balinsky" <balinsky@cisco.com>

References:
- RE: [BOARD] Status of CyberCrime treaty statement
  - From: David LeBlanc <dleblanc@microsoft.com>

Prev by Date: RE: [BOARD] Status of CyberCrime treaty statement
Next by Date: RE: [PROPOSAL] Cluster RECENT-19 - 33 candidates
Prev by thread: RE: [BOARD] Status of CyberCrime treaty statement
Next by thread: Re: [BOARD] Status of CyberCrime treaty statement
Index(es):
- Date
- Thread