Re: [ISN] Reminder about WIPO Bill (from COAST)

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 01:26:43 PDT

  • Next message: mea culpa: "Re: [ISN] Signs of Insecurity in Cyberspace - Analysis"

    Reply From: Chris Wilson <cmw32t_private>
    > From: Gene Spafford <spaft_private>
    > To: coastwatcht_private
    > If 2281 passes in anything close to its current form, it is very possible 
    > that much of what we do at COAST and CERIAS will become illegal.  Products 
    > such as the ISS scanner, SATAN, SAINT, and the like may no longer be legal to 
    > develop, sell or distribute (or use).  Firewalls will need to be "dumbed 
    > down" and not allowed to block or proxy traffic.  Anti-virus researchers may 
    > be arrested for disassembling new viruses.  Penetration testing would be 
    > illegal.   Security testing of products you want to purchase or deploy might 
    > be a felony.
    > In other words, Congress may shortly be passing a law that might render 
    > illegal most of what we do in research and application of information 
    > security.  The end result would be that the security of our networks and 
    > computers would be endangered even further.
    How can governments even claim to be worried about foreign penetration of
    their computers and "information warfare" and in the same breath consider
    passing a bill like this? If we have no means of testing, review or
    defense against penetration attacks then we are WIDE OPEN to foreign
    powers with no such restrictions. The argument that without our help
    (to research these flaws in the first instance, e.g. BugTraq) they
    would not be able to penetrate our systems, is entirely flawed because it
    is based on racist principles, assuming as it does that foreign nations do
    not have the intelligence to discover these security flaws for themselves.
    >From what I have read, it appears to me that governments consider an
    information warfare attack by outside forces to be far more of a threat
    than an attack by their own countrymen. Your citizens at least have some
    respect for the country and don't wish to destroy it. I don't think the
    same can rationally be said of foreign dictatorships.
    We cannot deny that security flaws exist in our products. Nor can we deny
    that it is in the authors' best interests not to reveal those flaws, since
    it is bad for business. If it becomes illegal for neutral third parties
    such as the contributors to BugTraq to research and offer solutions to
    these problems, then only outlaws and foreign agents will do so. Is that a
    better solution? I think not. I hope you agree with me.
    Cheers, Chris.
       ___ __     _  
     /'__// / ,__(_)_ Wilson <Chris.Wilsont_private>
    / (_ / ,\/ _/ /_ \ Webmaster/SysAdmin/Timelord/BOFH/Programmer
    \__//_/_/_//_/___/ "1998 isn't MCMXCVIII. The Romans would have used MIIM"
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:45 PDT