[Owasp-leaders] Cybercrime convention and hacking tools

Paweł Krawczyk pawel.krawczyk at hush.com
Fri Apr 27 20:37:34 UTC 2012


Not sure if this topic was already touched on this list:

 

https://www.eff.org/deeplinks/2012/02/eff-european-parliament-protect-coders
-rights

http://www.wired.com/threatlevel/2012/04/hacking-tools/

 

There are really two regulatory activities going on:

 

.         Ratification of 2001 Cybercrime Convention into national laws
(many countries have signed it, but not ratified - i.e. not implemented or
not fully implemented). The Convention contains pretty good safeguard
against suing pentesters (article 6, item 2), but some countries have
ignored it (Poland for sure).

.         New EU directive on cybercrime - same ideas, exact wording not yet
known.

 

The context is that "hacking tools"  - like RATs, exploits etc - are often
major (or the only) hard evidence in real cybercrime cases. So there's
pressure from law enforcement to keep this law and it's comfortable for them
to make it as general as possible. I feel that we have quite opposite
objective - to make the definition as precise as possible to avoid any
possible clashes between law enforcement priorities and security
professionals and, especially, researchers.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120427/e4883ed8/attachment.html>


More information about the OWASP-Leaders mailing list