RE: New laws in the wings

From: Mike Denka (mdenk@whidbey.net)
Date: 09/27/01 

From: "Mike Denka" <mdenk@whidbey.net>
To: <pen-test@securityfocus.com>
Subject: RE: New laws in the wings
Date: Thu, 27 Sep 2001 12:29:02 -0700
Message-ID: <MPECLHOFNFNOADIEFCGBMEHLCMAA.mdenk@whidbey.net>

There is no "mandatory" life sentence. I quote from the DoJ analysis:

"This section affects only the maximum penalty allowed by statute. It does
not limit the authority of the Sentencing Commission and the courts to
tailor the sentences imposed in particular cases to offense and offender
characteristics."

As for the concern over the definition of "intent": first of all, where in
the bill, specifically, do you find fault with the use of that term? Also,
it seems to me that any intent would have to be proven, as always in our
courts, beyond a reasonable doubt. And it would be up to the prosecution to
prove that intent, not up to the accused to disprove it. I don't see how
this ties anyone's hands except for the prosecuting entity who will be
expected to provide the proof of intent. How is this different from any
other charge of conspiracy to commit any crime?

I don't see anything in the Bill outlawing possession of penetration tools.
I may have missed it, please point to the section for me if I have. I only
see provisions covering sharing, offering or consulting in the use of these
tools to terrorist organizations. I do see where someone may get into
pretty deep trouble advising or assisting certain individuals or
organizations known to promote terrorist activities. This puts a fairly
heavy burden upon the pen tester to do some up front research on the
authenticity of his/her clients. Should we try and shirk this responsiblity
to lighten our load?

Mike

-----Original Message-----
From: Keith.Morgan [mailto:Keith.Morgan@Terradon.com]
Sent: Wednesday, September 26, 2001 1:49 PM
To: 'T. Barrick'
Cc: 'pen-test@securityfocus.com'
Subject: RE: New laws in the wings

Reading that article to the letter, and assuming no provision for intent,
this would make almost every security professional, and possibly most IT
professionals accessories to terrorists by default. We are asking our
representative for a full copy of the legislation for review by our
attorneys. If there is no mention of intent in the legislation, a federal
judge's hands would be tied. He would be forced to hand down a life
sentance regardless of the absurdity of the situation.

I'll post our conclusions upon reading the bill in it's entirety.

Keith T. Morgan
Chief of Information Security
Terradon Communications
keith.morgan@terradon.com
304-755-8291 x142

> -----Original Message-----
> From: T. Barrick [mailto:tbarrick@home.com]
> Sent: Wednesday, September 26, 2001 1:02 AM
> To: pen-test
> Subject: New laws in the wings
>
>
> I would advise everyone to read and UNDERSTAND (Hint: use your
> imagination) the ramifications of this proposed law...
>
> See the article at : http://www.securityfocus.com/news/257
>
> Toby
> --
> Toby Barrick
> American Express
> Security Operations
> Ecommerce Security Specialist
> +1 602.766.3444 - work
> +1 480.496.6507 - home
> Toby.Barrick@aexp.com
> tbarrick@home.com
>
> ICQ - 121647688
> MSN - tbarrick2001
> AIM - tbarrick2001
> Yahoo - tbarrick2001
> ...others just ask...
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Super-DMCA
    ... Security Developer Snared In Legal Tar Pit ... super-DMCA laws. ... authorization of the communication service provider. ... according to the digital-rights activist group Electronic ...
    (alt.computer.security)
  • RE: Vulnerabilites in new laws on computer hacking
    ... This damages all security professionals. ... Vulnerabilites in new laws on computer hacking ... "advanced societies" will have no clue about how remote computer attacks ...
    (Bugtraq)
  • Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence
    ... Hey there Bart, ... I do not depend on man changing his nature in order to have security. ... Morals are learned and enforced and reinforced...not inherited or ... Laws are necessary for exactly the reasons you say they ...
    (Full-Disclosure)
  • RE: application for an employment
    ... As much as I dislike most of the laws covering these issues, I'm grateful for the discussion of them in this thread. ... But I'm no less of the opinion that the laws governing these aspects of cyber-security are biased in favor of large entities with elaborate online presences, and those people who serve them. ... The mere examination of the possibility of there being vulnerabilities in an organization's internet presence is virtually equated with the act of mailicously exploiting such a weakness. ...
    (Security-Basics)
  • RE: Vulnerabilites in new laws on computer hacking
    ... Vulnerabilites in new laws on computer hacking ... To learn computer / network security is expensive and the ... "advanced societies" will have no clue about how remote computer attacks ...
    (Bugtraq)