[Owasp-leaders] The Final Leaked TPP Text Is All That We Feared | Electronic Frontier Foundation

Tobias tobias.gondrom at owasp.org
Tue Oct 13 22:31:46 UTC 2015


This could be kicked-off as an initiative. Or if you like a more stable 
group as a committee.
Best, Tobias


On 14/10/15 00:27, Milton Smith wrote:
> Paul & Bill,
>
> I know there's been some discussion around 501(c)3 vs. 501(c)6. Before 
> we deep dive into organizational structures let's form the working 
> group.  Let the working group work though the OWASP goals in this 
> area.  Once we have the goals/objectives that we agree upon, we should 
> let our goals/objectives drive any organizational improvements or 
> other improvements OWASP requires.  The facts you've gathered and your 
> experience around non-profit organizations will be helpful.
>
> At this point, all I am recommending is thoughtful discussion.
>
> Regards,
> Milton
>
> On 13 Oct 2015, at 14:29, Paul Ritchie wrote:
>
>> To the OWASP Leadership.
>>
>> *On the topic of 'Allowable Lobbying by a 501c3 Charitable group like 
>> OWASP*
>>
>> Just for clarity, and regardless of the outcome of this year's board
>> elections, the OWASP community may do "some" lobbying and a greater 
>> share
>> of 'Advocacy' without jeopardizing their nonprofit and 'charitable'
>> status.  To determine "how much" is OK and how much is too much, the USA
>> IRS has several tests on amount of time invested, and amount of money
>> invested by the org.
>>
>> Per the USA IRS webpage and rules:  https://www.irs
>> .gov/Charities-&-Non-Profits/Lobbying
>>
>> *Lobbying  --  In general, no organization may qualify for section
>> 501(c)(3) status if a substantial part of its activities is 
>> attempting to
>> influence legislation (commonly known as lobbying).  A 501(c)(3)
>> organization may engage in some lobbying, but too much lobbying activity
>> risks loss of tax-exempt status.*
>>
>> *Legislation includes action by Congress, any state legislature, any 
>> local
>> council, or similar governing body, with respect to acts, bills,
>> resolutions, or similar items (such as legislative confirmation of
>> appointive office), or by the public in referendum, ballot initiative,
>> constitutional amendment, or similar procedure.  It does not include
>> actions by executive, judicial, or administrative bodies.*
>>
>> *An organization will be regarded as attempting to influence 
>> legislation if
>> it contacts, or urges the public to contact, members or employees of a
>> legislative body for the purpose of proposing, supporting, or opposing
>> legislation, or if the organization advocates the adoption or 
>> rejection of
>> legislation.*
>>
>> P.Ritchie says:  This last paragraph describes an 'Advocacy' effort as
>> opposed to a Lobbying effort.
>> *Organizations may, however, involve themselves in issues of public 
>> policy
>> without the activity being considered as lobbying.  For example,
>> organizations may conduct educational meetings, prepare and distribute
>> educational materials, or otherwise consider public policy issues in an
>> educational manner without jeopardizing their tax-exempt status.*
>>
>> If OWASP community agrees to proceed with drafting a Position 
>> Statement and
>> Educational Materials.....at the time we want to take it from 'draft
>> planning' to 'public distribution'.....we should engage legal counsel to
>> help define 'how much' is acceptable, and 'when our efforts become
>> substantial' and put our nonprofit charitable status in jeopardy.
>>
>> I've been through this before  and I trust my experiences will add 
>> value to
>> the OWASP efforts.
>>
>> Paul
>>
>>
>> Best Regards, Paul Ritchie
>> OWASP Executive Director
>> paul.ritchie at owasp.org
>>
>>
>> On Tue, Oct 13, 2015 at 1:45 PM, Tobias <tobias.gondrom at owasp.org> 
>> wrote:
>>
>>> I agree that this is an important issue.
>>>
>>> What should we do as next step?
>>> Would a statement from OWASP in that regard be the appropriate way to
>>> build awareness for this potentially problematic agreement text?
>>> Do Milton or Eoin maybe like to prepare a statement to run by the
>>> community and later release by OWASP?
>>> Are there other steps you think we could or should initiate?
>>>
>>> Best regards, Tobias
>>>
>>>
>>>
>>>
>>> On 13/10/15 22:34, Eoin Keary wrote:
>>>
>>> Milton, this is worth making a stand for.
>>> I hope you are successful in the OWASP board elections.....
>>>
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>>
>>>
>>>
>>> On 13 Oct 2015, at 8:22 p.m., Milton Smith <milton.smith at owasp.org> 
>>> wrote:
>>>
>>> A related article on TPP for everyone I found this morning.
>>>
>>> TPP requires countries to destroy security-testing tools (and your 
>>> laptop)
>>> http://boingboing.net/2015/10/13/tpp-requires-countries-to-seiz.html
>>> (article excerpt) "...order the destruction of devices and products 
>>> found
>>> to be involved in" breaking digital locks... used to identify critical
>>> vulnerabilities in vehicles, surveillance devices, voting machines, 
>>> medical
>>> implants, and many other devices in our world.
>>>
>>> Among other things, this TPP provision includes destruction of security
>>> static/dynamic analysis tools.  It's difficult to know if these 
>>> provisions
>>> will be adopted as written but I'm concerned it's on the table for
>>> discussion.  As written, TPP will hurt industry more than it will help.
>>> Security researchers are not the problem.  The problem is vulnerable
>>> software.
>>>
>>> Unfortunately, it will take politicians and rights holders years to 
>>> learn
>>> from there mistakes.  Positive influence early in the policy making 
>>> process
>>> will be beneficial for everyone including OWASP members.  I realize 
>>> most
>>> OWASP members are not very interested in politics.  Still 
>>> unfavorable laws
>>> and regulations will make security even more difficult than it is 
>>> today.
>>> Think of what it would mean if ZAP becomes illegal software.
>>>
>>> --Milton
>>>
>>> On 13 Oct 2015, at 9:49, Milton Smith wrote:
>>>
>>> I'm tracking TPP as well Tom.  Aside from favoritism for rights 
>>> holders,
>>> there are some provisions negatively impacting security. Wassenaar
>>> Arrangement is a disaster, crypto backdoors, etc.  Unwinding this 
>>> mess will
>>> cause trouble for years.  Think of pass problems like ITAR.
>>>
>>>
>>> OWASP must begin investing to positively to influence security from the
>>> top down as well.
>>>
>>>
>>> --Milton
>>>
>>>
>>> On 13 Oct 2015, at 1:40, Tom Brennan wrote:
>>>
>>>
>>> Worth a read when you consider getting behind and lobbying for 
>>> things that
>>> matter.
>>>
>>>
>>> https://www.eff.org/deeplinks/2015/10/final-leaked-tpp-text-all-we-feared 
>>>
>>>
>>>
>>> Tom Brennan
>>>
>>> 973-506-9304
>>>
>>> _______________________________________________
>>>
>>> OWASP-Leaders mailing list
>>>
>>> OWASP-Leaders at lists.owasp.org
>>>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing 
>>> listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>



More information about the OWASP-Leaders mailing list