[Owasp-leaders] The Final Leaked TPP Text Is All That We Feared | Electronic Frontier Foundation

Milton Smith milton.smith at owasp.org
Tue Oct 13 23:59:47 UTC 2015


Hi Eoin,

Provisions of the TPP have been leaked to the public for more than year 
now.  I don't see any harm if we delay communications for a few weeks.  
TPP is part of a larger more systemic concern that we should discuss in 
a group setting.  I find it encouraging other OWASP members share my 
concern.

Can we agree to delay on the decision for a public statement until after 
we bring a working group together?

Regards,
Milton

On 13 Oct 2015, at 15:56, Eoin Keary wrote:

> Tobias,
> It needs to be a statement from leadership stating what's good and bad 
> about TPP.
> What is wrong and why.
>
>
>
>
> Eoin Keary
> OWASP Volunteer
> @eoinkeary
>
>
>
>> On 13 Oct 2015, at 11:31 p.m., Tobias <tobias.gondrom at owasp.org> 
>> wrote:
>>
>> This could be kicked-off as an initiative. Or if you like a more 
>> stable group as a committee.
>> Best, Tobias
>>
>>
>>> On 14/10/15 00:27, Milton Smith wrote:
>>> Paul & Bill,
>>>
>>> I know there's been some discussion around 501(c)3 vs. 501(c)6. 
>>> Before we deep dive into organizational structures let's form the 
>>> working group.  Let the working group work though the OWASP goals in 
>>> this area.  Once we have the goals/objectives that we agree upon, we 
>>> should let our goals/objectives drive any organizational 
>>> improvements or other improvements OWASP requires.  The facts you've 
>>> gathered and your experience around non-profit organizations will be 
>>> helpful.
>>>
>>> At this point, all I am recommending is thoughtful discussion.
>>>
>>> Regards,
>>> Milton
>>>
>>>> On 13 Oct 2015, at 14:29, Paul Ritchie wrote:
>>>>
>>>> To the OWASP Leadership.
>>>>
>>>> *On the topic of 'Allowable Lobbying by a 501c3 Charitable group 
>>>> like OWASP*
>>>>
>>>> Just for clarity, and regardless of the outcome of this year's 
>>>> board
>>>> elections, the OWASP community may do "some" lobbying and a greater 
>>>> share
>>>> of 'Advocacy' without jeopardizing their nonprofit and 'charitable'
>>>> status.  To determine "how much" is OK and how much is too much, 
>>>> the USA
>>>> IRS has several tests on amount of time invested, and amount of 
>>>> money
>>>> invested by the org.
>>>>
>>>> Per the USA IRS webpage and rules:  https://www.irs
>>>> .gov/Charities-&-Non-Profits/Lobbying
>>>>
>>>> *Lobbying  --  In general, no organization may qualify for section
>>>> 501(c)(3) status if a substantial part of its activities is 
>>>> attempting to
>>>> influence legislation (commonly known as lobbying).  A 501(c)(3)
>>>> organization may engage in some lobbying, but too much lobbying 
>>>> activity
>>>> risks loss of tax-exempt status.*
>>>>
>>>> *Legislation includes action by Congress, any state legislature, 
>>>> any local
>>>> council, or similar governing body, with respect to acts, bills,
>>>> resolutions, or similar items (such as legislative confirmation of
>>>> appointive office), or by the public in referendum, ballot 
>>>> initiative,
>>>> constitutional amendment, or similar procedure.  It does not 
>>>> include
>>>> actions by executive, judicial, or administrative bodies.*
>>>>
>>>> *An organization will be regarded as attempting to influence 
>>>> legislation if
>>>> it contacts, or urges the public to contact, members or employees 
>>>> of a
>>>> legislative body for the purpose of proposing, supporting, or 
>>>> opposing
>>>> legislation, or if the organization advocates the adoption or 
>>>> rejection of
>>>> legislation.*
>>>>
>>>> P.Ritchie says:  This last paragraph describes an 'Advocacy' effort 
>>>> as
>>>> opposed to a Lobbying effort.
>>>> *Organizations may, however, involve themselves in issues of public 
>>>> policy
>>>> without the activity being considered as lobbying.  For example,
>>>> organizations may conduct educational meetings, prepare and 
>>>> distribute
>>>> educational materials, or otherwise consider public policy issues 
>>>> in an
>>>> educational manner without jeopardizing their tax-exempt status.*
>>>>
>>>> If OWASP community agrees to proceed with drafting a Position 
>>>> Statement and
>>>> Educational Materials.....at the time we want to take it from 
>>>> 'draft
>>>> planning' to 'public distribution'.....we should engage legal 
>>>> counsel to
>>>> help define 'how much' is acceptable, and 'when our efforts become
>>>> substantial' and put our nonprofit charitable status in jeopardy.
>>>>
>>>> I've been through this before  and I trust my experiences will add 
>>>> value to
>>>> the OWASP efforts.
>>>>
>>>> Paul
>>>>
>>>>
>>>> Best Regards, Paul Ritchie
>>>> OWASP Executive Director
>>>> paul.ritchie at owasp.org
>>>>
>>>>
>>>>> On Tue, Oct 13, 2015 at 1:45 PM, Tobias <tobias.gondrom at owasp.org> 
>>>>> wrote:
>>>>>
>>>>> I agree that this is an important issue.
>>>>>
>>>>> What should we do as next step?
>>>>> Would a statement from OWASP in that regard be the appropriate way 
>>>>> to
>>>>> build awareness for this potentially problematic agreement text?
>>>>> Do Milton or Eoin maybe like to prepare a statement to run by the
>>>>> community and later release by OWASP?
>>>>> Are there other steps you think we could or should initiate?
>>>>>
>>>>> Best regards, Tobias
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 13/10/15 22:34, Eoin Keary wrote:
>>>>>
>>>>> Milton, this is worth making a stand for.
>>>>> I hope you are successful in the OWASP board elections.....
>>>>>
>>>>> Eoin Keary
>>>>> OWASP Volunteer
>>>>> @eoinkeary
>>>>>
>>>>>
>>>>>
>>>>> On 13 Oct 2015, at 8:22 p.m., Milton Smith 
>>>>> <milton.smith at owasp.org> wrote:
>>>>>
>>>>> A related article on TPP for everyone I found this morning.
>>>>>
>>>>> TPP requires countries to destroy security-testing tools (and your 
>>>>> laptop)
>>>>> http://boingboing.net/2015/10/13/tpp-requires-countries-to-seiz.html
>>>>> (article excerpt) "...order the destruction of devices and 
>>>>> products found
>>>>> to be involved in" breaking digital locks... used to identify 
>>>>> critical
>>>>> vulnerabilities in vehicles, surveillance devices, voting 
>>>>> machines, medical
>>>>> implants, and many other devices in our world.
>>>>>
>>>>> Among other things, this TPP provision includes destruction of 
>>>>> security
>>>>> static/dynamic analysis tools.  It's difficult to know if these 
>>>>> provisions
>>>>> will be adopted as written but I'm concerned it's on the table for
>>>>> discussion.  As written, TPP will hurt industry more than it will 
>>>>> help.
>>>>> Security researchers are not the problem.  The problem is 
>>>>> vulnerable
>>>>> software.
>>>>>
>>>>> Unfortunately, it will take politicians and rights holders years 
>>>>> to learn
>>>>> from there mistakes.  Positive influence early in the policy 
>>>>> making process
>>>>> will be beneficial for everyone including OWASP members.  I 
>>>>> realize most
>>>>> OWASP members are not very interested in politics.  Still 
>>>>> unfavorable laws
>>>>> and regulations will make security even more difficult than it is 
>>>>> today.
>>>>> Think of what it would mean if ZAP becomes illegal software.
>>>>>
>>>>> --Milton
>>>>>
>>>>> On 13 Oct 2015, at 9:49, Milton Smith wrote:
>>>>>
>>>>> I'm tracking TPP as well Tom.  Aside from favoritism for rights 
>>>>> holders,
>>>>> there are some provisions negatively impacting security. Wassenaar
>>>>> Arrangement is a disaster, crypto backdoors, etc.  Unwinding this 
>>>>> mess will
>>>>> cause trouble for years.  Think of pass problems like ITAR.
>>>>>
>>>>>
>>>>> OWASP must begin investing to positively to influence security 
>>>>> from the
>>>>> top down as well.
>>>>>
>>>>>
>>>>> --Milton
>>>>>
>>>>>
>>>>> On 13 Oct 2015, at 1:40, Tom Brennan wrote:
>>>>>
>>>>>
>>>>> Worth a read when you consider getting behind and lobbying for 
>>>>> things that
>>>>> matter.
>>>>>
>>>>>
>>>>> https://www.eff.org/deeplinks/2015/10/final-leaked-tpp-text-all-we-feared
>>>>>
>>>>>
>>>>> Tom Brennan
>>>>>
>>>>> 973-506-9304
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> OWASP-Leaders mailing list
>>>>>
>>>>> OWASP-Leaders at lists.owasp.org
>>>>>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing 
>>>>> listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>


More information about the OWASP-Leaders mailing list