Not only that, but looking at the list of "banned tools", it would make
production of Intrusion Detection tools impossible since they are either
based on some sniffing mechanism (NIDS) and have some insight as to the kind
of traffic signature generated by the hacker's tools to be able to log and
identify them successfully.
On top of this, the only people to fear the new regulations will be
companies and organizations which have a legal liability to toe the line,
not your average basement-dwelling script-kiddie or your multinational
cyber-terrorist. This is the same argument against encryption export
restrictions, which incidentally just got fixed a couple of days ago.
Haven't we learned anything yet?
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-----Original Message-----
From: spiff <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>;
'[EMAIL PROTECTED]' <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Friday, January 14, 2000 1:00 AM
Subject: fwd message concerning tools.
>Hello all,
>
>This is _unconfirmed_ and relatively new (bad) news to me.
>
>As Maurice says below:
>
>"Many people on this list will have to worry about it. It will make your
>job a lot more difficult."
>
>For me, this is very disconcerting, as it would create a situation where I
>could not legally possess the same tools that outlaws would use to
>penetrate the systems I am employed to protect. As if an intruder, who
>would break the law by entering my systems could care less if the tools he
>used were _also_ illegal... Security by denial has never worked in the
>past, it will never work in the future. If this is remotely true, it is
>very serious.
>
>spiff
>
>----- Forwarded message from mea culpa <[EMAIL PROTECTED]> -----
>
>From: mea culpa <[EMAIL PROTECTED]>
>Subject: [ISN] US-Europe cybercrime treaty happening in secret
>--M.Wessling
>To: [EMAIL PROTECTED]
>
>Forwarded From: Declan McCullagh <[EMAIL PROTECTED]>
>
>[The following note says a draft treaty would outlaw distributing (think:
>posting on your web site) hacking and eavesdropping tools, including
>presumably ones that are currently readily available like crack and
>tcpdump. I wonder if there will be a grandfather clause for the version of
>crack I compiled in 1992? If not, does this mean I'll be a criminal if I
>lend a CDROM with my hard drive archive to a friend? Hmmm. --Declan]
>
>***********
>
>To: [EMAIL PROTECTED]
>Subject: Bogus cybercrime treaty happening in secret
>Date: Thu, 13 Jan 2000 06:37:49 -0800
>From: John Gilmore <[EMAIL PROTECTED]>
>
>
>Date: Thu, 13 Jan 2000 15:23:17 +0100 (CET)
>From: Maurice Wessling <[EMAIL PROTECTED]>
>Subject: cybercrime treaty
>
>I've just submitted this to slashdot. Many people on this list will have
>to worry about it. It will make your job a lot more difficult.
>maurice
>
>The Council of Europe is preparing a so-called "Cybercrime"
>treaty. European countries, the USA, Canada, Japan and
>South Africa are involved in the talks. There is no draft
>made public but a letter of the Dutch minister of Justice to
>the Dutch parliament is mentioning some of the details of
>what is discussed during the negotiations about the treaty.
>The draft is prepared by an ad-hoc group of experts
>(PC-CY) who will have to finish their work by the end of
>2000. There is only a Dutch language version of the letter
>(if you can read Dutch, I've put it on
>http://www.bof.nl/cybercrime_treaty.pdf
>One part of the treaty is of particular interest to Slashdot
>readers. The treaty will outlaw hacking tools. A summary
>(not a word-by-word translation):
><treaty>
>Protection against so-called CIA-crimes (confidentiality,
>integrity and availability) of public and closed networks
>and systems: computer hacking, unauthorized eavesdropping,
>unauthorized changing or destroying of data (either stored
>or in transport). In discussion are also denial of service
>attacks to public and private networks and systems. This
>will probably not cover spam.
>The treaty will outlaw the production, making available or
>distribution of hardware and software tools to do the
>above-mentioned (hacking, denial of service, eavesdropping,
>etc.). The letter does not mention the possession of these
>tools.
>The treaty will also outlaw sites with lists of passwords or
>codes that give unauthorized access to computer systems
>(this is not about copyright related serials and cracks).
>The letter explicitly points out that as a result of this
>treaty countries that wish to implement digital wiretapping
>or the use of hacking tools by law enforcement need to
>implement that in their national legislation.
></treaty>
>This definitely sounds like a bad idea. The public will get
>a false sense of safety, security experts can not do their
>work and software producers and system administrators will
>loose an important stimulation to improve the quality of
>their work.
>Other points in the treaty:
><treaty>
>illegal content
>There is only agreement upon child pornography.
>The countries involved could not agree upon racist speech
>and pornography in general. European countries wanted to
>include racist speech but the USA blocked this. On the other
>hand, European countries did not want to include pornography
>in general as some others wanted to (the letter doesn't
>mention who).
>Child pornography is defined here as "the realistic
>depiction of a child involved in sexual behavior". It does
>not matter if children were actually involved in the
>fabrication of the material. It explicitly includes material
>with adult actors impersonating as children or computer
>animations. Cartoons with a non-realistic character are not
>included in the definition.
>The letter states a broad international consensus about this
>definition.
>
>email
>The treaty defines the procedures of investigating the
>content of email. The treaty tries to follow regimes for
>search warrants when email is stored and warrants for
>tapping of telecommunication when email is in transport.
>Under circumstances (not further explained in the letter)
>the person subject of a search warrant which involves stored
>email can be ordered to keep the search secret to prevent
>damage to the further investigation.
>
>border crossing aspects of computer and network search
>warrants
>Law enforcement can not cross borders during the search of a
>computer network. The draft outlines a procedure in which an
>official request is necessary to the other country to
>complete the search. All members of treaty will establish a
>national contact point where such request can be handled
>fast. In most cases this will be the Interpol contact point.
>Discussions are ongoing about accessing a computer in
>another country to which the person that gets the warrant
>already has authorized access. Is that a border crossing of
>law enforcement competence? Do the authorities in the other
>country need to be informed?
>There is no agreement yet about the status of information
>that was accidentally gathered from systems in other
>countries during a network search. One possibility is that
>that country gets a veto right on the use of that
>information.
>
>preservation order to admins of public or private networks
>The treaty will define a preservation order that can be
>given to the admin of the public or private network. Such an
>order is intended to log traffic data (not content) that
>would normally be lost immediately or as soon as that data
>is not important anymore for the maintenance of the network
>(according to privacy rules).
>
>tapping
>The treaty will force countries to implement digital
>wiretapping into their national laws. Both of public and
>private networks.
>As the Netherlands already have digital wiretapping laws
>this section is not discussed extensively in the letter.
></treaty>
>
>ISN is sponsored by Security-Focus.COM
>
>----- End forwarded message -----
>
>--
> Patrick Oonk - PO1-6BONE - [EMAIL PROTECTED] - www.pine.nl/~patrick
> Pine Internet B.V. GOAT666-RIPE PGP key ID BE7497F1
> Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/
> -- Pine Security Digest - http://security.pine.nl/ (Dutch) ----
> Excuse of the day: Your excuse is: T-1's congested due to porn
> traffic to the news server.
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
