Re: Draft Convention on Cybercrime

[dhaag () net-defender net (dhaag)]

I have watched this thread and have to interject in order to make a few
points clear to everyone.

> All of us that use nmap would NOT be in trouble...only the author, the
> web/ftp site and possibly this mailing list.

Dead Wrong.  No more then a library is guilty of terrorism because it has
books on terrorism.  The Constitution and its Amendments supercede and apply
here. The author is not, and could not be found to be, guilty of anything,
as long as the program or software was not "specifically" designed to be
used in a criminal activity as defined in the act.

> Quote:
> a device, including a computer program, designed or adapted [specifically]
> [primarily] [particularly] for the purpose of committing any of the
offences
> established in accordance with Article 2 - 5;

> The above offense and the definition below would say that making nmap and
> putting on a website for download would fit under the definition of "dolus
> eventualis" -- also know in Homer Simpson terms as "Doh!".  There's no way
> that an author or web/ftp site could say "well gee, we didn't think it
would
> be used for bad purposes".  It's only a little bit of a stretch to say
that
> a mailing list is a "piece of software" that educates users how to do bad
> things (note -- I'm not talking about majordomo here...but the specific
> mailing list).  Hacker websites would most certainly be targeted.

Wrong again.  NMap, to the best of my knowledge, is not [specifically]
[primarily][particularly] designed or intended to commit any of the offences
listed.  It is a security review tool for legal use by authorized
individuals in the maintenance and upkeep of their network and systems.  The
same as other products that assist in network tuning, such as NetXray,
Openview, ISS Security Scanner, and a plethora of others. List groups that
discuss the software or technology, as well as "hacker sites" that do not
promote the software for illegal purposes would not be effected. This is
covered under the 1st amendment.


> (6) In the understanding of certain members of the Drafting Group,
"intent"
> may also cover "dolus eventualis". For common law countries, this notion
> would be similar to "recklessness", i.e. that a person is aware of the
high
> risk that a certain result may occur and knowingly accepts it. The
Drafting
> Group agreed that the interpretation of "intent" should be left to
national
> laws, but it should not, where possible, exclude "dolus eventualis".

Whether or not this ever makes it into the act is totally irrelevant. The
courts would not allow it to be used in a prosecution due to "breadth of
scope" and vagueness.  "Dolus Eventualis" would never fly, if it did, one
could also apply Dolus Eventualis in across the board litigation. As an
example. you buy a new car - you drive the new car - you have an accident in
the new car and are injured severely - you cannot sue the manufacturer using
Dolus Eventualis as a basis, even though the manufacturer was aware of the
high risk that a certain result ( injurous accidents ) would occur, and
knowingly accepted the risk by continuing to manufacture automobiles. Just
imagine the class actions that could by pursued on something so broad and
vague as Dolus Eventualis.

As in any "Draft" there is much to be hashed out.  And, just because it may
or may not become Law, it still has to stand the test before the courts.
Which, in its present state, it would not do.


Just my two cents worth.


Dale Haag
CCSA/CCSE/CCSI/CNTE/CIE/CFE/CCI/CFT/VCS/CSI/ICSA/ISSA/HTCIA/HTCN/HTCC
President
Net-Defender
Seabrook, TX 77586
(281) 532-1488 voice
(877)733-5451 fax
http://www.net-defender.net