[Owasp-leaders] Mozilla speaks up. Should OWASP?

Andrew van der Stock vanderaj at owasp.org
Tue Jan 31 22:53:10 UTC 2017


Hi all,

Tiffany is correct.

As a Director, it's my understanding that we are allowed to have a position
and agitate for a particular topic pertinent to our mission, such as
Wassenaar and say regulations around data privacy or encryption, but as per
the IRS guidance, it's best to steer clear of advocacy for or against
candidates, parties, or entire policy platforms that are outside our remit.
Additionally, we are a global organization. We have to look further afield
than just US politics. Our mission is to advance application security, not
be a political organization.

No matter what, if we do decide to have a position on Wassenaar or data
privacy or encryption that we present to politicians, I'd want us to engage
lawyers to review our materials and our stance prior to public advocacy on
that topic.

thanks,
Andrew

On Wed, Feb 1, 2017 at 8:55 AM, Bev Corwin <bev.corwin at owasp.org> wrote:

> The 501(c) 3 already states this as a regulation. I doubt there is need
> for a policy. Just need to enforce this.
>
> On Tue, Jan 31, 2017 at 4:51 PM, Rich Vázquez <rich.vazquez at owasp.org>
> wrote:
>
>> My warning for this is that there have been and will be policies that
>> decrease Web application security.
>>
>> Are we not to discuss policy issues affected Web security at meetings?
>>
>> On Tue, Jan 31, 2017, 3:49 PM Larry Conklin <larry.conklin at owasp.org>
>> wrote:
>>
>>> So lets make this a meaningful discussion. Create a policy that says in
>>> any form political parody is forbidden at any OWASP events, or material. I
>>> am willing to help with this.
>>>
>>> On Tue, Jan 31, 2017 at 4:13 PM, Bev Corwin <bev.corwin at owasp.org>
>>> wrote:
>>>
>>> +1 I like the idea of declaring OWASP a political free zone.
>>>
>>> Bev
>>>
>>>
>>> On Tue, Jan 31, 2017 at 4:08 PM, Larry Conklin <larry.conklin at owasp.org>
>>> wrote:
>>>
>>> When I started this thread I really wanted to hear what others thought.
>>> And I did. But Everyone please listen. It appears I struck a sore point
>>> about last years conference concerning the tee-shirts. Take-a-way here
>>> should be even in jest, even if sanction by a lawyer, the best bet is don't
>>> when concerning political parody in any forms.
>>>
>>> On Tue, Jan 31, 2017 at 4:01 PM, Colin Watson <colin.watson at owasp.org>
>>> wrote:
>>>
>>> > The shirts represented both candidates, advocated no policy, and were
>>> parody.
>>>
>>> So political parody is acceptable under the rules posted above?
>>>
>>> I think I only saw a photo of one type of political parody shirt. Could
>>> you share photos of all types please? I am trying to understand what the
>>> boundaries are.
>>>
>>> Colin
>>>
>>>
>>>
>>> On 31 January 2017 at 19:19, Tiffany Long <tiffany.long at owasp.org>
>>> wrote:
>>>
>>> Donald Trump filed his candidacy for 2020, he is officially a candidate
>>> again.  At this point any action must be run through a lawyer.  Any
>>> activities surrounding advocacy must be generated by the foundation (at the
>>> behest of the volunteers; with agreement from the board), must be directly
>>> related to the OWASP mission, and must not seek to single out any candidate
>>> specifically or by virtue of newly targeting a policy associated with that
>>> candidate.
>>>
>>> The shirts represented both candidates, advocated no policy, and were
>>> parody.  Therefore they were not in violation.
>>>
>>> I want to be clear, I am not splashing cold water on any effort for
>>> volunteers to ask the organization to take any particular stance.  I just
>>> want to illuminate the restrictions which any action is bound by.
>>>
>>> I have a feeling this will come up a lot and in many countries with
>>> issues such as net neutrality, security research, etcetera and want our
>>> community to understand where we need to ask for legal guidance and where
>>> we can act as a multinational organization.
>>>
>>>
>>> Tiffany Long
>>> Community Manager
>>>
>>> On Tue, Jan 31, 2017 at 11:02 AM, Mike McCabe <mccabe615 at gmail.com>
>>> wrote:
>>>
>>> Tiffany or Laura, can chime in but the t-shirts were run past a lawyer
>>> and since they neither endorsed a candidate or showed preference to either
>>> they were deemed 'ok'.
>>>
>>>
>>>
>>> On Tue, Jan 31, 2017 at 1:48 PM, Haral Tsitsivas <
>>> haral.tsitsivas at owasp.org> wrote:
>>>
>>> The posted material seems to be related to campaigns and candidates.
>>> POTUS 45 is already elected, so saying anything is taking a position on
>>> policy...
>>> What are the rules for that?
>>>
>>> On Tue, Jan 31, 2017 at 10:43 AM, Tony Turner <tony.turner at owasp.org>
>>> wrote:
>>>
>>> I don't think that is technically true. You cannot directly support or
>>> oppose a campaign but voter education IS allowed
>>>
>>> https://www.irs.gov/charities-non-profits/charitable-organiz
>>> ations/the-restriction-of-political-campaign-interventio
>>> n-by-section-501-c-3-tax-exempt-organizations
>>>
>>> and also from a lobbyist standpoint, public education is also permitted
>>> but it starts getting hairy when you start asking people to contact their
>>> legal representatives
>>>
>>> https://www.irs.gov/charities-non-profits/lobbying
>>>
>>> On Tue, Jan 31, 2017 at 1:30 PM, Tiffany Long <tiffany.long at owasp.org>
>>> wrote:
>>>
>>> Arturo,
>>>
>>> Due to domestic and international laws governing non-profits and our
>>> 501(c)(3) status in the US Chapters are not allowed to advocate
>>> political or policy positions nor can they sign contracts for the
>>> foundation.
>>>
>>> Best,
>>> Tiffany
>>>
>>> Tiffany Long
>>> Community Manager
>>>
>>> On Tue, Jan 31, 2017 at 10:23 AM, Arturo 'Buanzo' Busleiman <
>>> buanzo at buanzo.com.ar> wrote:
>>>
>>> If I may drop an opinion, each OWASP *US* Chapter should be free to
>>> speak out, if the chapter's leadership so vote/decide/etc it. And OWASP
>>> should not need to declare that chapters are free to speak up, I think.
>>>
>>>
>>> On Tue, Jan 31, 2017 at 2:44 PM, Tony Turner <tony.turner at owasp.org>
>>> wrote:
>>>
>>> I personally think we should avoid political activity unless it impacts
>>> our mission. If there are US based activities in support of the OWASP
>>> mission that are hampered by the ban then we should speak up, but otherwise
>>> stay out of it. For instance, if 90 days extends longer into the year and
>>> prevents foreign attendees from coming to AppSecUSA (or other activities,
>>> but I'm laser focused on Orlando right now) then that creates impact for
>>> our organization and our mission as a whole. That being said, I think there
>>> are ways to support our colleagues abroad without condemning the current US
>>> political leadership.
>>>
>>> On Tue, Jan 31, 2017 at 10:55 AM, Larry Conklin <larry.conklin at owasp.org
>>> > wrote:
>>>
>>> Personally I am torn here. Yes I want America safe. However I don't
>>> really see the value in a 90 days travel band is going to make America any
>>> safer.  Mozilla has spoken up against it. They are in many ways a community
>>> like ours. Should OWASP also go on record for support or against the travel
>>> ban?
>>>
>>>
>>> *This past weekend the Trump Administration signed an executive order to
>>> temporarily suspend travel into the United States for individuals from
>>> Syria, Iraq, Iran, Sudan, Somalia, Yemen and Libya. This is troubling for
>>> us as a community on many levels.*
>>>
>>> *Mozilla is a global community of people sharing ideas and working
>>> together. We believe in opportunity for all, freedom of ideas, and that
>>> multiculturalism is crucial to building a true global community. This is
>>> why Mozilla has taken a public position against the US immigration ban. *
>>>
>>>
>>> https://blog.mozilla.org/blog/2017/01/28/us-immigration-ban/
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>> --
>>> Tony Turner
>>> OWASP Orlando Chapter Founder/Co-Leader
>>> WAFEC Project Leader
>>> STING Game Project Leader
>>> tony.turner at owasp.org
>>> https://www.owasp.org/index.php/Orlando
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Tony Turner
>>> OWASP Orlando Chapter Founder/Co-Leader
>>> WAFEC Project Leader
>>> STING Game Project Leader
>>> tony.turner at owasp.org
>>> https://www.owasp.org/index.php/Orlando
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170201/0744a872/attachment-0001.html>


More information about the OWASP-Leaders mailing list