[Owasp-leaders] The Final Leaked TPP Text Is All That We Feared | Electronic Frontier Foundation

Andrew van der Stock vanderaj at owasp.org
Wed Oct 14 00:35:16 UTC 2015


Agreed Eoin.

I would suggest that anyone in the working group work come up with a set of
facts about the TPP, and how that impacts our members. This is advocacy,
not lobbying. As it affects 12 countries, including Australia, New Zealand,
Japan, Philippines, and the USA, it would be good to make sure that we have
participants from all affected countries.

My view on lobbying is that the people who put this in to the TPP behind
closed doors are already bought by actual lobbyists, and knew it stinks
which is why it had to hide in secrecy. We're not going to change the minds
of these venal cowards and their backers. We need to work on those who
didn't know and don't yet have a view. We don't do that by slinging mud or
getting all out of shape on this.

It's important for us not to come across like change.org but to come out
with real world impacts for our members, and how this would negatively
affect the legitimate and lawful work we do for our collective clients,
which includes those affected by major breaches. We then promote our view,
not to politicians, but to the wider information, communications and
technology leadership.

OWASP In its history has rarely advocated or lobbied. I don't think setting
up a working group and working within the IRS definition is harmful to us
in any way.

thanks
Andrew

On Wed, Oct 14, 2015 at 9:56 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

> Tobias,
> It needs to be a statement from leadership stating what's good and bad
> about TPP.
> What is wrong and why.
>
>
>
>
> Eoin Keary
> OWASP Volunteer
> @eoinkeary
>
>
>
> On 13 Oct 2015, at 11:31 p.m., Tobias <tobias.gondrom at owasp.org> wrote:
>
> This could be kicked-off as an initiative. Or if you like a more stable
> group as a committee.
> Best, Tobias
>
>
> On 14/10/15 00:27, Milton Smith wrote:
>
> Paul & Bill,
>
>
> I know there's been some discussion around 501(c)3 vs. 501(c)6. Before we
> deep dive into organizational structures let's form the working group.  Let
> the working group work though the OWASP goals in this area.  Once we have
> the goals/objectives that we agree upon, we should let our goals/objectives
> drive any organizational improvements or other improvements OWASP
> requires.  The facts you've gathered and your experience around non-profit
> organizations will be helpful.
>
>
> At this point, all I am recommending is thoughtful discussion.
>
>
> Regards,
>
> Milton
>
>
> On 13 Oct 2015, at 14:29, Paul Ritchie wrote:
>
>
> To the OWASP Leadership.
>
>
> *On the topic of 'Allowable Lobbying by a 501c3 Charitable group like
> OWASP*
>
>
> Just for clarity, and regardless of the outcome of this year's board
>
> elections, the OWASP community may do "some" lobbying and a greater share
>
> of 'Advocacy' without jeopardizing their nonprofit and 'charitable'
>
> status.  To determine "how much" is OK and how much is too much, the USA
>
> IRS has several tests on amount of time invested, and amount of money
>
> invested by the org.
>
>
> Per the USA IRS webpage and rules:  https://www.irs
>
> .gov/Charities-&-Non-Profits/Lobbying
>
>
> *Lobbying  --  In general, no organization may qualify for section
>
> 501(c)(3) status if a substantial part of its activities is attempting to
>
> influence legislation (commonly known as lobbying).  A 501(c)(3)
>
> organization may engage in some lobbying, but too much lobbying activity
>
> risks loss of tax-exempt status.*
>
>
> *Legislation includes action by Congress, any state legislature, any local
>
> council, or similar governing body, with respect to acts, bills,
>
> resolutions, or similar items (such as legislative confirmation of
>
> appointive office), or by the public in referendum, ballot initiative,
>
> constitutional amendment, or similar procedure.  It does not include
>
> actions by executive, judicial, or administrative bodies.*
>
>
> *An organization will be regarded as attempting to influence legislation if
>
> it contacts, or urges the public to contact, members or employees of a
>
> legislative body for the purpose of proposing, supporting, or opposing
>
> legislation, or if the organization advocates the adoption or rejection of
>
> legislation.*
>
>
> P.Ritchie says:  This last paragraph describes an 'Advocacy' effort as
>
> opposed to a Lobbying effort.
>
> *Organizations may, however, involve themselves in issues of public policy
>
> without the activity being considered as lobbying.  For example,
>
> organizations may conduct educational meetings, prepare and distribute
>
> educational materials, or otherwise consider public policy issues in an
>
> educational manner without jeopardizing their tax-exempt status.*
>
>
> If OWASP community agrees to proceed with drafting a Position Statement and
>
> Educational Materials.....at the time we want to take it from 'draft
>
> planning' to 'public distribution'.....we should engage legal counsel to
>
> help define 'how much' is acceptable, and 'when our efforts become
>
> substantial' and put our nonprofit charitable status in jeopardy.
>
>
> I've been through this before  and I trust my experiences will add value to
>
> the OWASP efforts.
>
>
> Paul
>
>
>
> Best Regards, Paul Ritchie
>
> OWASP Executive Director
>
> paul.ritchie at owasp.org
>
>
>
> On Tue, Oct 13, 2015 at 1:45 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>
> I agree that this is an important issue.
>
>
> What should we do as next step?
>
> Would a statement from OWASP in that regard be the appropriate way to
>
> build awareness for this potentially problematic agreement text?
>
> Do Milton or Eoin maybe like to prepare a statement to run by the
>
> community and later release by OWASP?
>
> Are there other steps you think we could or should initiate?
>
>
> Best regards, Tobias
>
>
>
>
>
> On 13/10/15 22:34, Eoin Keary wrote:
>
>
> Milton, this is worth making a stand for.
>
> I hope you are successful in the OWASP board elections.....
>
>
> Eoin Keary
>
> OWASP Volunteer
>
> @eoinkeary
>
>
>
>
> On 13 Oct 2015, at 8:22 p.m., Milton Smith <milton.smith at owasp.org> wrote:
>
>
> A related article on TPP for everyone I found this morning.
>
>
> TPP requires countries to destroy security-testing tools (and your laptop)
>
> http://boingboing.net/2015/10/13/tpp-requires-countries-to-seiz.html
>
> (article excerpt) "...order the destruction of devices and products found
>
> to be involved in" breaking digital locks... used to identify critical
>
> vulnerabilities in vehicles, surveillance devices, voting machines, medical
>
> implants, and many other devices in our world.
>
>
> Among other things, this TPP provision includes destruction of security
>
> static/dynamic analysis tools.  It's difficult to know if these provisions
>
> will be adopted as written but I'm concerned it's on the table for
>
> discussion.  As written, TPP will hurt industry more than it will help.
>
> Security researchers are not the problem.  The problem is vulnerable
>
> software.
>
>
> Unfortunately, it will take politicians and rights holders years to learn
>
> from there mistakes.  Positive influence early in the policy making process
>
> will be beneficial for everyone including OWASP members.  I realize most
>
> OWASP members are not very interested in politics.  Still unfavorable laws
>
> and regulations will make security even more difficult than it is today.
>
> Think of what it would mean if ZAP becomes illegal software.
>
>
> --Milton
>
>
> On 13 Oct 2015, at 9:49, Milton Smith wrote:
>
>
> I'm tracking TPP as well Tom.  Aside from favoritism for rights holders,
>
> there are some provisions negatively impacting security. Wassenaar
>
> Arrangement is a disaster, crypto backdoors, etc.  Unwinding this mess will
>
> cause trouble for years.  Think of pass problems like ITAR.
>
>
>
> OWASP must begin investing to positively to influence security from the
>
> top down as well.
>
>
>
> --Milton
>
>
>
> On 13 Oct 2015, at 1:40, Tom Brennan wrote:
>
>
>
> Worth a read when you consider getting behind and lobbying for things that
>
> matter.
>
>
>
> https://www.eff.org/deeplinks/2015/10/final-leaked-tpp-text-all-we-feared
>
>
>
> Tom Brennan
>
>
> 973-506-9304
>
>
> _______________________________________________
>
>
> OWASP-Leaders mailing list
>
>
> OWASP-Leaders at lists.owasp.org
>
>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
>
> OWASP-Leaders mailing list
>
> OWASP-Leaders at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
>
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://
> lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
>
> OWASP-Leaders mailing list
>
> OWASP-Leaders at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151014/55aa0641/attachment-0001.html>


More information about the OWASP-Leaders mailing list