[Owasp-leaders] The Final Leaked TPP Text Is All That We Feared | Electronic Frontier Foundation

Milton Smith milton.smith at owasp.org
Tue Oct 13 22:38:25 UTC 2015


I'm thinking this will take several meetings to work through.
--Milton

On 13 Oct 2015, at 15:31, Tobias wrote:

> This could be kicked-off as an initiative. Or if you like a more 
> stable group as a committee.
> Best, Tobias
>
>
> On 14/10/15 00:27, Milton Smith wrote:
>> Paul & Bill,
>>
>> I know there's been some discussion around 501(c)3 vs. 501(c)6. 
>> Before we deep dive into organizational structures let's form the 
>> working group.  Let the working group work though the OWASP goals in 
>> this area.  Once we have the goals/objectives that we agree upon, we 
>> should let our goals/objectives drive any organizational improvements 
>> or other improvements OWASP requires.  The facts you've gathered and 
>> your experience around non-profit organizations will be helpful.
>>
>> At this point, all I am recommending is thoughtful discussion.
>>
>> Regards,
>> Milton
>>
>> On 13 Oct 2015, at 14:29, Paul Ritchie wrote:
>>
>>> To the OWASP Leadership.
>>>
>>> *On the topic of 'Allowable Lobbying by a 501c3 Charitable group 
>>> like OWASP*
>>>
>>> Just for clarity, and regardless of the outcome of this year's board
>>> elections, the OWASP community may do "some" lobbying and a greater 
>>> share
>>> of 'Advocacy' without jeopardizing their nonprofit and 'charitable'
>>> status.  To determine "how much" is OK and how much is too much, the 
>>> USA
>>> IRS has several tests on amount of time invested, and amount of 
>>> money
>>> invested by the org.
>>>
>>> Per the USA IRS webpage and rules:  https://www.irs
>>> .gov/Charities-&-Non-Profits/Lobbying
>>>
>>> *Lobbying  --  In general, no organization may qualify for section
>>> 501(c)(3) status if a substantial part of its activities is 
>>> attempting to
>>> influence legislation (commonly known as lobbying).  A 501(c)(3)
>>> organization may engage in some lobbying, but too much lobbying 
>>> activity
>>> risks loss of tax-exempt status.*
>>>
>>> *Legislation includes action by Congress, any state legislature, any 
>>> local
>>> council, or similar governing body, with respect to acts, bills,
>>> resolutions, or similar items (such as legislative confirmation of
>>> appointive office), or by the public in referendum, ballot 
>>> initiative,
>>> constitutional amendment, or similar procedure.  It does not include
>>> actions by executive, judicial, or administrative bodies.*
>>>
>>> *An organization will be regarded as attempting to influence 
>>> legislation if
>>> it contacts, or urges the public to contact, members or employees of 
>>> a
>>> legislative body for the purpose of proposing, supporting, or 
>>> opposing
>>> legislation, or if the organization advocates the adoption or 
>>> rejection of
>>> legislation.*
>>>
>>> P.Ritchie says:  This last paragraph describes an 'Advocacy' effort 
>>> as
>>> opposed to a Lobbying effort.
>>> *Organizations may, however, involve themselves in issues of public 
>>> policy
>>> without the activity being considered as lobbying.  For example,
>>> organizations may conduct educational meetings, prepare and 
>>> distribute
>>> educational materials, or otherwise consider public policy issues in 
>>> an
>>> educational manner without jeopardizing their tax-exempt status.*
>>>
>>> If OWASP community agrees to proceed with drafting a Position 
>>> Statement and
>>> Educational Materials.....at the time we want to take it from 'draft
>>> planning' to 'public distribution'.....we should engage legal 
>>> counsel to
>>> help define 'how much' is acceptable, and 'when our efforts become
>>> substantial' and put our nonprofit charitable status in jeopardy.
>>>
>>> I've been through this before  and I trust my experiences will add 
>>> value to
>>> the OWASP efforts.
>>>
>>> Paul
>>>
>>>
>>> Best Regards, Paul Ritchie
>>> OWASP Executive Director
>>> paul.ritchie at owasp.org
>>>
>>>
>>> On Tue, Oct 13, 2015 at 1:45 PM, Tobias <tobias.gondrom at owasp.org> 
>>> wrote:
>>>
>>>> I agree that this is an important issue.
>>>>
>>>> What should we do as next step?
>>>> Would a statement from OWASP in that regard be the appropriate way 
>>>> to
>>>> build awareness for this potentially problematic agreement text?
>>>> Do Milton or Eoin maybe like to prepare a statement to run by the
>>>> community and later release by OWASP?
>>>> Are there other steps you think we could or should initiate?
>>>>
>>>> Best regards, Tobias
>>>>
>>>>
>>>>
>>>>
>>>> On 13/10/15 22:34, Eoin Keary wrote:
>>>>
>>>> Milton, this is worth making a stand for.
>>>> I hope you are successful in the OWASP board elections.....
>>>>
>>>> Eoin Keary
>>>> OWASP Volunteer
>>>> @eoinkeary
>>>>
>>>>
>>>>
>>>> On 13 Oct 2015, at 8:22 p.m., Milton Smith <milton.smith at owasp.org> 
>>>> wrote:
>>>>
>>>> A related article on TPP for everyone I found this morning.
>>>>
>>>> TPP requires countries to destroy security-testing tools (and your 
>>>> laptop)
>>>> http://boingboing.net/2015/10/13/tpp-requires-countries-to-seiz.html
>>>> (article excerpt) "...order the destruction of devices and products 
>>>> found
>>>> to be involved in" breaking digital locks... used to identify 
>>>> critical
>>>> vulnerabilities in vehicles, surveillance devices, voting machines, 
>>>> medical
>>>> implants, and many other devices in our world.
>>>>
>>>> Among other things, this TPP provision includes destruction of 
>>>> security
>>>> static/dynamic analysis tools.  It's difficult to know if these 
>>>> provisions
>>>> will be adopted as written but I'm concerned it's on the table for
>>>> discussion.  As written, TPP will hurt industry more than it will 
>>>> help.
>>>> Security researchers are not the problem.  The problem is 
>>>> vulnerable
>>>> software.
>>>>
>>>> Unfortunately, it will take politicians and rights holders years to 
>>>> learn
>>>> from there mistakes.  Positive influence early in the policy making 
>>>> process
>>>> will be beneficial for everyone including OWASP members.  I realize 
>>>> most
>>>> OWASP members are not very interested in politics.  Still 
>>>> unfavorable laws
>>>> and regulations will make security even more difficult than it is 
>>>> today.
>>>> Think of what it would mean if ZAP becomes illegal software.
>>>>
>>>> --Milton
>>>>
>>>> On 13 Oct 2015, at 9:49, Milton Smith wrote:
>>>>
>>>> I'm tracking TPP as well Tom.  Aside from favoritism for rights 
>>>> holders,
>>>> there are some provisions negatively impacting security. Wassenaar
>>>> Arrangement is a disaster, crypto backdoors, etc.  Unwinding this 
>>>> mess will
>>>> cause trouble for years.  Think of pass problems like ITAR.
>>>>
>>>>
>>>> OWASP must begin investing to positively to influence security from 
>>>> the
>>>> top down as well.
>>>>
>>>>
>>>> --Milton
>>>>
>>>>
>>>> On 13 Oct 2015, at 1:40, Tom Brennan wrote:
>>>>
>>>>
>>>> Worth a read when you consider getting behind and lobbying for 
>>>> things that
>>>> matter.
>>>>
>>>>
>>>> https://www.eff.org/deeplinks/2015/10/final-leaked-tpp-text-all-we-feared
>>>>
>>>>
>>>> Tom Brennan
>>>>
>>>> 973-506-9304
>>>>
>>>> _______________________________________________
>>>>
>>>> OWASP-Leaders mailing list
>>>>
>>>> OWASP-Leaders at lists.owasp.org
>>>>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing 
>>>> listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>


More information about the OWASP-Leaders mailing list