Re: [swinog] Fwd: Re: Hackerparagraph
* on the Wed, Mar 18, 2009 at 08:36:35AM +0100, Thomas Dagonnier wrote: It may be an idea to have a look at the treaty they have to implement : http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm I concur, this treaty is shite. It criminalizes various tools instead of acts, tries to heavy-hand enforcement of monopolies, tries to invent new laws where old ones are quite clear (forgeries, fraud), tries to criminalize third parties (aiding, abettig) and so on. Shame on whoever came up with this, and on whoever signed this. You've just grossly violated democratic judical principles. In accordance to Henlons Razor (which assumes there is no malice if sufficiently explained by stupidity), you are morons. Seegras -- Those who give up essential liberties for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin It's also true that those who would give up privacy for security are likely to end up with neither. -- Bruce Schneier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Peter Keel seeg...@discordia.ch wrote: * on the Wed, Mar 18, 2009 at 08:36:35AM +0100, Thomas Dagonnier wrote: It may be an idea to have a look at the treaty they have to implement : http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm Shame on whoever came up with this, and on whoever signed this. You've just grossly violated democratic judical principles. One important thing to keep in mind is that signatures under international treaties are *not* a commitment to do what the treaty says, they are only a declaration of intention to consider for ratification that particular version of the treaty. The step through which a country promises to implement what the treaty says is ratification. In Switzerland, ratfication of a treaty requires decisions of both Nationalrat and Staenderat and then there is the possibility of a referendum. The reality is that we have quite extensive democratic rights and possibilities to influence what happens. Many officials in the federal administration don't really appreciate these democratic principles, and like to make everyone believe that Switzerland has to do certain things because the text of an international treaty says that we should, even if we haven't yet decided to agree to that international treaty. But we have real power in our hands. As pointed out by Thomas, if the Swiss legislation mimics exactly what the treaty says in its article 6, the problems that we are concerned about will not occur. So at least that article of the convention is not a true problem. I haven't yet studied the convention in its entirety -- it might contain serious problems in other areas, but if it doesn't, we shouldn't oppose this CoE convention, but just demand that it should be implemented in a way which does not cause problems. If they don't listen to this demand, there's always the possibility of doing a referendum campaign. Of course that'd be MUCH more work than simply sending in a comment during the present public comments period. Our main benefit from having the democratic possibility of doing a referendum campaign is that because we have this possibility, comments from all kinds of interested parties (like we are now invited to send in during the present public comments period) are going to be taken seriously. Therefore, I'm pretty sure that the disaster with regard to the legality of security tools is going to be averted if we take appropriate action now. Therefore, please, everyone: Please make sure that your employer or some other organization that you're a member of sends a letter which states clearly that security tools must remain legal to possess and distribute, as long as this is done with a legitimate, non-criminal intention. (I'm writing such a letter, too, on behalf of SIUG, but IMO it's best when many concerned companies and other organizations all send a letter of their own.) Greetings, Norbert -- http://siug.ch/ Swiss Internet User Group (SIUG), eine Initiative der /ch/open ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
* on the Wed, Mar 18, 2009 at 12:15:53PM +0100, Norbert Bollow wrote: * on the Wed, Mar 18, 2009 at 08:36:35AM +0100, Thomas Dagonnier wrote: It may be an idea to have a look at the treaty they have to implement : http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm Shame on whoever came up with this, and on whoever signed this. You've just grossly violated democratic judical principles. One important thing to keep in mind is that signatures under international treaties are *not* a commitment to do what the treaty says, they are only a declaration of intention to consider for ratification that particular version of the treaty. Yes, but they're a commitment to implement said articles, so if you sign this, you intent to: 10.1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright, There are certain provisions which weaken this, further down but STILL this declares the intention to take out copyright infringement out of civil right into criminal right. Which is an outrageous step in the protection of artificial trade-monopolies. Cheers Seegras -- Those who give up essential liberties for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin It's also true that those who would give up privacy for security are likely to end up with neither. -- Bruce Schneier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Copyright infringement IS already a criminal offence (Art. 67 URG - Bundesgesetz über das Urheberrecht) - nothing new there. Regards, Christa Von: swinog-boun...@lists.swinog.ch im Auftrag von Peter Keel Gesendet: Mi 18.03.2009 13:41 An: swi...@swinog.ch Betreff: Re: [swinog] Fwd: Re: Hackerparagraph * on the Wed, Mar 18, 2009 at 12:15:53PM +0100, Norbert Bollow wrote: * on the Wed, Mar 18, 2009 at 08:36:35AM +0100, Thomas Dagonnier wrote: It may be an idea to have a look at the treaty they have to implement : http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm Shame on whoever came up with this, and on whoever signed this. You've just grossly violated democratic judical principles. One important thing to keep in mind is that signatures under international treaties are *not* a commitment to do what the treaty says, they are only a declaration of intention to consider for ratification that particular version of the treaty. Yes, but they're a commitment to implement said articles, so if you sign this, you intent to: 10.1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright, There are certain provisions which weaken this, further down but STILL this declares the intention to take out copyright infringement out of civil right into criminal right. Which is an outrageous step in the protection of artificial trade-monopolies. Cheers Seegras -- Those who give up essential liberties for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin It's also true that those who would give up privacy for security are likely to end up with neither. -- Bruce Schneier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hackerparagraph (fwd)
Andreas Fink af...@list.fink.org 2009-03-17: Collegues, The federal adminstration wants to change the law about cyber crime. See also: http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD (or especially Genehmigung und Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität ) [...] Note that according to the Adressatenliste, SwiNOG was explicitly invited to comment on the proposed change of law. I guess SwiNOG should comment on Art. 143bis Abs. 2 and request a clarification, in order to make sure that academical, commercial and private IT security research will not be affected by the change of law. The proposed wording of Abs. 2 currently does not adequatly honour the fact that security tools are dual-use goods by nature; i.e. they are not inherently good or evil. Or in other words, there is no practical way to distinguish a tool used by a professional penetration tester from a tool used by a blackhat. The difference between the two is not in the tools, it's in the contracts (i.e. approval of the target's owner). -- Daniel Roethlisberger http://daniel.roe.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hackerparagraph (fwd)
I have a suggestion: I could draft a comment (regarding hacking-tools) for the Vernehmlassung and submit it to the mailing-list for approval and input by SWINOG members. As the author of a doctoral thesis on Art. 143bis (the Swiss hacking provision), I might be able to add a certain academic weight to the SWINOG position. I would be prepared to do this for free, it wouldn't be a paid Gutachten, but rather a joint statement by an association of people who deal with this issues on a daily basis and a lawyer who has studied this provision in depth. If SWINOG agrees (do you have any decision procedures?), I would submit a draft by 15 May 2009. The Vernehmlassung ends 30 June, so that would leave us enough time for discussion. Regards, Christa Von: swinog-boun...@lists.swinog.ch im Auftrag von Daniel Roethlisberger Gesendet: Mi 18.03.2009 15:45 An: SWINOG Betreff: Re: [swinog] Hackerparagraph (fwd) Andreas Fink af...@list.fink.org 2009-03-17: Collegues, The federal adminstration wants to change the law about cyber crime. See also: http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD (or especially Genehmigung und Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität ) [...] Note that according to the Adressatenliste, SwiNOG was explicitly invited to comment on the proposed change of law. I guess SwiNOG should comment on Art. 143bis Abs. 2 and request a clarification, in order to make sure that academical, commercial and private IT security research will not be affected by the change of law. The proposed wording of Abs. 2 currently does not adequatly honour the fact that security tools are dual-use goods by nature; i.e. they are not inherently good or evil. Or in other words, there is no practical way to distinguish a tool used by a professional penetration tester from a tool used by a blackhat. The difference between the two is not in the tools, it's in the contracts (i.e. approval of the target's owner). -- Daniel Roethlisberger http://daniel.roe.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hackerparagraph (fwd)
Hi Christa (do you have any decision procedures?) I guess that the only decission would be, who pays you the beer/drink/prosecco or whatever. ;-) Cheers Günti From: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch] On Behalf Of Christa Pfister Sent: Wednesday, March 18, 2009 4:22 PM To: swi...@swinog.ch Subject: Re: [swinog] Hackerparagraph (fwd) I have a suggestion: I could draft a comment (regarding hacking-tools) for the Vernehmlassung and submit it to the mailing-list for approval and input by SWINOG members. As the author of a doctoral thesis on Art. 143bis (the Swiss hacking provision), I might be able to add a certain academic weight to the SWINOG position. I would be prepared to do this for free, it wouldn't be a paid Gutachten, but rather a joint statement by an association of people who deal with this issues on a daily basis and a lawyer who has studied this provision in depth. If SWINOG agrees (do you have any decision procedures?), I would submit a draft by 15 May 2009. The Vernehmlassung ends 30 June, so that would leave us enough time for discussion. Regards, Christa Von: swinog-boun...@lists.swinog.ch im Auftrag von Daniel Roethlisberger Gesendet: Mi 18.03.2009 15:45 An: SWINOG Betreff: Re: [swinog] Hackerparagraph (fwd) Andreas Fink af...@list.fink.org 2009-03-17: Collegues, The federal adminstration wants to change the law about cyber crime. See also: http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD (or especially Genehmigung und Umsetzung des Übereinkommens des Europarates über die Cyberkriminalität ) [...] Note that according to the Adressatenliste, SwiNOG was explicitly invited to comment on the proposed change of law. I guess SwiNOG should comment on Art. 143bis Abs. 2 and request a clarification, in order to make sure that academical, commercial and private IT security research will not be affected by the change of law. The proposed wording of Abs. 2 currently does not adequatly honour the fact that security tools are dual-use goods by nature; i.e. they are not inherently good or evil. Or in other words, there is no practical way to distinguish a tool used by a professional penetration tester from a tool used by a blackhat. The difference between the two is not in the tools, it's in the contracts (i.e. approval of the target's owner). -- Daniel Roethlisberger http://daniel.roe.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hackerparagraph (fwd)
Hi Christa On Wednesday 18 March 2009, Christa Pfister wrote: [..] I would be prepared to do this for free, it wouldn't be a paid Gutachten, but rather a joint statement by an association of people who deal with this issues on a daily basis and a lawyer who has studied this provision in depth. If SWINOG agrees (do you have any decision procedures?), I would submit a draft by 15 May 2009. The Vernehmlassung ends 30 June, so that would leave us enough time for discussion. I'd appreciate that very much! Michi ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Christa Pfister m...@c-pfister.ch wrote: One important thing to keep in mind is that signatures under international treaties are *not* a commitment to do what the treaty says, they are only a declaration of intention to consider for ratification that particular version of the treaty. That's an interesting thesis, but I don't agree 100 %. I wonder if you would maybe be willing to help me find a formulation which you would support 100%, but which is nevertheless a reasonably short explanation of how the Swiss government can sign treaties such as this Convention on Cybercrime, which requires changes to the law that the government does not have authority to decide on its own? I believe that in order to agree to be bound to a treaty of this type, there must be approval from Ständerat and Nationalrat and the possibility of a referendum! [ As I see it, the challenge here particularly with regard to this particular treaty is that at least upon casual reading of the treaty text, I get the impression that (unlike e.g. the WIPO Internet Treaties) this would be one of the those treaties where signing the treaty is intended to be a form of expressing consent to be bound by the treaty, just like ratification. However, if for this treaty, that is the meaning of signing it, how can it be that Switzerland signed it in 2001, but only in 2008 it was proposed in parliament that Switzerland might ratify this treaty, and it is only this proposal of ratification that leads to discussion of the changes to the law which are necessary for implementing the treaty? As you are certainly aware, the international law of treaties, as codified in the Vienna Convention on the Law of Treaties, foresees both possibilities: Signature of a treaty can have the meaning of committing to do what the treaty says, but it isn't necessarily so. ] Greetings, Norbert -- http://siug.ch/ Swiss Internet User Group (SIUG), eine Initiative der /ch/open ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog