[Owasp-leaders] [Owasp-community] [Owasp-board] IAB Statement on the Trade in Security Technologies

McGovern, James james.mcgovern at hp.com
Sun Jun 21 23:23:09 UTC 2015

Jim, while you are going to the board for legal clarification, please inquire:

1. 501c3 is a US thing. Can we influence non-US government and still comply?
2. Understanding the US political issues sometimes will put us on a partisan path. For example, in CT I have commented in the past in a political context on why smart guns are just plain stupid. This particular issue leans more conservative/libertarian than it does Liberal. Therefore, we must attempt to understand the flow of politics on any given Sunday.
3. Maybe we could somehow solve this by having a policy that encourages legislators of all parties to reach out to their local chapter leader for an informed opinion.

-----Original Message-----
From: owasp-community-bounces at lists.owasp.org [mailto:owasp-community-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Saturday, June 20, 2015 4:37 PM
To: Kevin W. Wall
Cc: OWASP Board List; owasp-community at lists.owasp.org; owasp-leaders
Subject: Re: [Owasp-community] [Owasp-board] IAB Statement on the Trade in Security Technologies

I agree with you Kevin. Even the IRS is cagey about this topic. 

However, this is an organization risk that I feel we should be aware of before charging to far into policy. It would behoove is to get legal review before going to far. I'll bring this up at the next board meeting.

Jim Manico
(808) 652-3805

> On Jun 20, 2015, at 9:47 AM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> Jim,
>> On Sat, Jun 20, 2015 at 2:55 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> That is fair Michael.
>> But I do want to warn the community that this is a slippery slope, we 
>> are being watched, and trying to influence legislation is one of the 
>> few ways OWASP can lose it's charitable status. And if that happens, 
>> the debate about what to do with our funds will quickly change for the worse.
> I don't think that it is impossible for charitable organizations to 
> comment on public possible without loosing their 501(c)(3) status, but 
> it just has to be done in the right way. (However, IANAL, so I don't 
> even begin to know the details of what that "right way" would entail.)
> As a case in point, the ACM has a 501(c)(3) not-for-profit status, and 
> yet their public policy arm--the USACM--has certainly tried to 
> influence public policy. (Recall the crypto debate from the late 
> 1990s? The USACM and IEEE wrote a letter to Sen. John McCain to try to 
> influence the US legislation not to pass laws to mandate weak 
> encryption. E.g., see
> <http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri
> vacy%20and%20Security>.)
> So I'm guessing that the devil is in the details of how it is done.  
> In fact, according to Spaf's blog at 
> <https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t
> he_attack_on_encryption/> the USACM is going through this same this 
> this again. Like I said, I am not a lawyer and maybe this attempt to 
> influence public policy doesn't strictly qualify as "lobbying" in the 
> eyes of the IRS. But it certainly doesn't seem impossible.
> Also, we can--and should--all speak out strongly against things that 
> we believe are against the OWASP mission, but we don't have to do it 
> in a manner as representing OWASP. Do that on your personal blogs or 
> social media instead of OWASP mailing lists and there shouldn't be an 
> issue, especially if you add a short disclaimer as to how your opinion 
> does not necessarily affect the opinion of OWASP overall (in the cases when there might be some doubt).
> So perhaps if we decide that we officially want to speak out on 
> certain public policy as an organization in order to influence public 
> policy in accordance with our mission statements, then someone who 
> understands the nuances of the 501(c)(3) IRS regulations could help 
> OWASP navigate these waters.
> -kevin
> --
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.
Owasp-community mailing list
Owasp-community at lists.owasp.org

More information about the OWASP-Leaders mailing list