RE: New laws in the wings

["Mike Denka" <mdenk () whidbey net>]

There is no "mandatory" life sentence.  I quote from the DoJ analysis:

"This section affects only the maximum penalty allowed by statute. It does
not limit the authority of the Sentencing Commission and the courts to
tailor the sentences imposed in particular cases to offense and offender
characteristics."

As for the concern over the definition of "intent":  first of all, where in
the bill, specifically, do you find fault with the use of that term?  Also,
it seems to me that any intent would have to be proven, as always in our
courts, beyond a reasonable doubt.  And it would be up to the prosecution to
prove that intent, not up to the accused to disprove it.  I don't see how
this ties anyone's hands except for the prosecuting entity who will be
expected to provide the proof of intent.  How is this different from any
other charge of conspiracy to commit any crime?

I don't see anything in the Bill outlawing possession of penetration tools.
I may have missed it, please point to the section for me if I have.  I only
see provisions covering sharing, offering or consulting in the use of these
tools to terrorist organizations.  I do see where someone may get into
pretty deep trouble advising or assisting certain individuals or
organizations known to promote terrorist activities.  This puts a fairly
heavy burden upon the pen tester to do some up front research on the
authenticity of his/her clients.  Should we try and shirk this responsiblity
to lighten our load?

Mike

-----Original Message-----
From: Keith.Morgan [mailto:Keith.Morgan () Terradon com]
Sent: Wednesday, September 26, 2001 1:49 PM
To: 'T. Barrick'
Cc: 'pen-test () securityfocus com'
Subject: RE: New laws in the wings


Reading that article to the letter, and assuming no provision for intent,
this would make almost every security professional, and possibly most IT
professionals accessories to terrorists by default.  We are asking our
representative for a full copy of the legislation for review by our
attorneys.  If there is no mention of intent in the legislation, a federal
judge's hands would be tied.  He would be forced to hand down a life
sentance regardless of the absurdity of the situation.

I'll post our conclusions upon reading the bill in it's entirety.

Keith T. Morgan
Chief of Information Security
Terradon Communications
keith.morgan () terradon com
304-755-8291 x142


> -----Original Message-----
> From: T. Barrick [mailto:tbarrick () home com]
> Sent: Wednesday, September 26, 2001 1:02 AM
> To: pen-test
> Subject: New laws in the wings
>
>
> I would advise everyone to read and UNDERSTAND (Hint: use your
> imagination) the ramifications of this proposed law...
>
> See the article at :  http://www.securityfocus.com/news/257
>
> Toby
> --
> Toby Barrick
> American Express
> Security Operations
> Ecommerce Security Specialist
> +1 602.766.3444 - work
> +1 480.496.6507 - home
> Toby.Barrick () aexp com
> tbarrick () home com
>
> ICQ - 121647688
> MSN - tbarrick2001
> AIM - tbarrick2001
> Yahoo - tbarrick2001
> ...others just ask...
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/