It's nice to see that some people here share my concerns about this. Like
software, laws got holes, so laws about software usually have 'the best' of
both worlds. I did had some interesting 'issues' in my life about this, but
this is not the point, this is just a kind of justification about my
interest in the issue.
> This draft is horribly incomplete, opens possibly dangerous legislative
> backdoors and generally is no good basis for further
> the area of computer security. What the makers of this draft don't want to
> understand is that even the most strict laws are nonsense if the person
> want to hit with this law can not be found out. And we all know how
> it is to trace a hacker or even get a general idea where he or she was
> from when he or she attacks several hosts.
Danger #1: If they are not sure if the suspect is the right suspect, but
since he had 'illegal' software, is a defendant anyway (and the witch hunt
will start right here).
> Some may say that it's a good thing to prohibit and/or illegalize the
> production of trojan programs like back orifice or netbus which are
> programmed to cause trouble and to overtake foreign systems, but where do
> stop? Do they (the european council) really intend to prohibit security
> like nmap, sniffit or the like? Are they up to lay the power of network
> security investigations in the hands of big companies who are able to
> (with lots of bakshish) that they are using their security tools
> "according the law"?
Danger #2: If a 'certified' vendor makes the tool, it's legal. A private
team makes a tool of the same kind (some times better), it's illegal (we had
seen this before, didn't we?)
> The whole draft convention reads like a NSA paper in certain parts,
> where speech turns to collection and archiving of traffic data. I don't
> spread the fear of the "big brother", but I for myself would be much more
> alert and subversive if this convention turns into reality - and that is
> most criminal elements will do, too; the real bad boys know how to protect
> themselves of being caught, regardless wether there are renewed laws or
Danger #3: Again, the small fish is in trouble while the big fish will be
out of danger
> Any chance this legislation could be MS sponsered? Who is actually the
> brainchild of this draconian document? Soemhow I just cannot see some old
> in Brussles formulating this for obvious reasons.
Today i had listen a local 'economist' guru saying that what will happend in
the future will be worldwide corps sponsoring and choosing goverments. I
suppose MS is big enough for that, the sponsership is just not clear, if it
exist anyway, but who knows? i dont know, but i'll not be surprised even.
There was an issue that was not public, the 128-bit upgrade of IE, that was
supposed not be available outside US and Canada. The fact was that it was
available worldwide, under a simple condition. Then they change their policy
and let local authorities handle that. Probably now, they luv too see
'proper' laws approved...
> I would say it is when it'll make things like nmap and tcpdump illegal. Of
> course once the treaty passes there is still a large window before
> pass laws to actually implement it, but this treaty scares the bejezus out
> me, lists like Linux-Security will also be illegal, and vendor advisories
> show how to exploit a problem would also be illegal (my interpetation
> wrong, but the way the treaty is going ..... ).
Law Hole #1: All laws that UE approve, must be regulated in each contry.
Before that it just continue to be a draft.
Law Hole #2: They say it will be exceptions to the law, like for legal
system administrators, so i just have to create an enterprise about Security
Consulting, and all staff will be 'legal'. And i will not have to pay
sallaries, people will pay me for having a job :>
Final note about other mails regaring the Microsoft hack, passwords from
their servers where allways travelling around the globe, now that was public
(i'm afraid to say that only now they had discover that)
[ ]'s bacano