Discussion on proposed motion: Iran activities

29 views
Skip to first unread message

Andrew van der Stock

unread,
Oct 1, 2020, 12:56:10 PM10/1/20
to Global-board
Hi Board,

Based upon legal feedback, I would suggest the Board adopt at the next meeting a motion to stop all participation, chapters, membership, and project or chapter leadership of Iranian members / participants. To make these OWASP members whole, I would suggest refunding memberships. We have 9 known Iranian members, so the cost is around $450 plus admin fees. 

Proposed motion (happy to take any amendments from the Board)

"Resolved, to comply with various US sanctions on Iran, the OWASP Board directs the Foundation to revoke and refund membership dues to any Iranian members, disband any Iranian chapters, remove any Iranian project leadership, and communicate this decision with the community (and any Iranian participants). Lastly, the Board directs that the Foundation updates all relevant membership and participation policies to reject or prohibit Iranian involvement from October 20, 2020 onward until such time as sanctions are lifted." 

Once an agreed text is decided, this motion will require a sponsor and second at the prep call. 

thanks,
Andrew



Andrew van der Stock

unread,
Oct 1, 2020, 1:47:50 PM10/1/20
to Global-board, Andrew van der Stock
Actually, there are roughly five sanctioned countries at the moment. Iran is the only one with members. A better evergreen motion would be:

"Resolved, to comply with various sanctioned countries by the US government, the OWASP Board directs the Foundation to revoke and refund membership dues to any sanctioned country members, disband any sanctioned country chapters, remove any sanctioned country project leadership, and communicate this decision with the community (and all affected participants). Lastly, the Board directs that the Foundation updates all relevant membership and participation policies to reject or prohibit sanctioned country involvement from October 20, 2020 onward until such time as sanctions are lifted." 

thanks
Andrew

Sherif Mansour

unread,
Oct 1, 2020, 2:02:10 PM10/1/20
to Andrew van der Stock, Global-board
Thank you Andrew,

I'm happy to sponsor this motion, can you re-confirm - last we spoke Iran was the only country with OWASP Chapter/Project leadership? The motion to address all this in policy but do we have any other engagement with US sanction countries? i.e. note Chapters are by Cities, and obviously Projects leadership are a bit harder to track done - has the foundation done a review already?

-Sherif

--
You received this message because you are subscribed to the Google Groups "Global-board" group.
To unsubscribe from this group and stop receiving emails from it, send an email to global-board...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/global-board/6c1a1824-d5fa-4e4d-86ed-6d0c40eb110dn%40owasp.org.


--
Sherif Mansour
OWASP Global Board Member & OWASP London Chapter Leader 
Site: https://www.owasp.org/index.php/London
Email: sherif....@owasp.org Follow OWASP London Chapter on Twitter: @owasplondon "Like" us on Facebook: https://www.facebook.com/OWASPLondon Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london

Consider giving back, and supporting the open source community by becoming a member or making a donation today!

Grant Ongers (OWASP)

unread,
Oct 1, 2020, 2:31:35 PM10/1/20
to Sherif Mansour, Andrew van der Stock, Global-board
I'm not sure how I feel about the Foundation sanctioning countries like this based on the US list.



Are we seriously being required to do this? How? Why? Do we have options? We are an international, open community and exclusions should be exceptional and with good cause, not because of political pressures. 

Best regards,
Grant


Sherif Mansour

unread,
Oct 1, 2020, 2:35:27 PM10/1/20
to Grant Ongers (OWASP), Andrew van der Stock, Global-board
I believe Andrew was looking into this a while back - the reason why the foundation is sticking with the US sanctions list is that we are a US registered foundation and thus bound by US Law.
The only caveat of course is the EU entity, but this would still be the same for any US organisation with presence in the EU.

@Andrew van der Stock anything else to add?

-Sherif

Andrew van der Stock

unread,
Oct 6, 2020, 10:54:37 AM10/6/20
to Global-board, Sherif Mansour, Andrew van der Stock, Global-board, Grant Ongers
Just a quick update. I've not had any contact with the gentleman concerned, and so instead of making a deliberate choice on one person as a value judgement by the Board, let's fix it via complying with the law.

I'd prefer to deal with the current issue by complying with the law as it both deals with the current individual issue as well as protecting the Foundation now and in the future by complying with US sanctions.

thanks,
Andrew

Sherif Mansour

unread,
Oct 7, 2020, 10:58:51 AM10/7/20
to Andrew van der Stock, Global-board, Grant Ongers
Thanks Andrew,

What are the next steps are you proposing?

1) Have you looked at the list of sanctioned nations and checked if OWASP has chapters in any city within those countries? What is the approach to dealing with these projects/chapters?

2) Are there proposed bylaw/policy changes? If so are you able to draft a change by the next BoD meeting?

3) How will this be enforced, will the foundation update their processes to include checking if a new chapter requests or project is with in a sanctioned nation? 

4) Are we allowed to take donations/membership funds from a sanctioned nation?

-Sherif

Andrew van der Stock

unread,
Oct 7, 2020, 11:02:12 AM10/7/20
to Global-board, Sherif Mansour, Global-board, Grant Ongers, Andrew van der Stock
I am putting together the Board agenda for next week. There's an updated motion in there:

### Motion to comply with US Government sanctions

**Background:** Our lawyers reviewed the recent issue with leadership of a project after a member from a sanctioned country was accused of illegal activities, which led them to being listed in the FBI's Most Wanted list. The lawyers recommended the OWASP Foundation, as a United States 501 (c)(3) not for profit, has a duty to comply with US Government sanctions, which means severing relations with sanctioned countries and individuals. After an internal review, this will affect 9 members, 1 project, and 1 chapter. 


**Motion:** "Resolved, to comply with US government sanctions, the OWASP Board directs the Foundation to revoke and refund membership dues to any sanctioned country members, disband any sanctioned country chapters, remove any sanctioned country project leadership, and communicate this decision with the community (and all affected participants). Lastly, the Board directs that the Foundation updates all relevant membership and participation policies to reject or prohibit sanctioned country involvement from October 20, 2020 onward until such time as sanctions are lifted." 

Sponsor: TBA
Second: TBA

Andrew van der Stock

unread,
Oct 7, 2020, 11:04:28 AM10/7/20
to Global-board, Andrew van der Stock, Sherif Mansour, Global-board, Grant Ongers
1. Yes. We have 9 members, 1 project and 1 chapter in Iran. None in any other sanctioned country
2. Yes. See above.
3. We will need to sever the ties with the existing members and participants, and if we can, refund them. We will need to put in a checkbox that asks if they are in a sanctioned country. They are already using some form of VPN to sign up and work with us, so GeoIP checks are basically worthless. We just need to do what we can.
4. No.

thanks,
Andrew

Sherif Mansour

unread,
Oct 7, 2020, 11:09:12 AM10/7/20
to Andrew van der Stock, Global-board, Grant Ongers
For point 4 what do we do for any donations/memberships already paid?

Andrew van der Stock

unread,
Oct 7, 2020, 11:11:40 AM10/7/20
to Global-board, Sherif Mansour, Global-board, Grant Ongers, Andrew van der Stock
We will have to try to refund them. If they have used a payment instrument that is not blocked, it should be a straightforward refund in Stripe. If it is blocked, at least we tried. I don't think we should try to evade sanction laws any further than that.

thanks,
Andrew

Sherif Mansour

unread,
Oct 7, 2020, 11:13:43 AM10/7/20
to Andrew van der Stock, Global-board, Grant Ongers
Agreed, the question was pointed on our current legal liabilities in case we might have received funds?

Andrew van der Stock

unread,
Oct 7, 2020, 11:23:18 AM10/7/20
to Global-board, Sherif Mansour, Global-board, Grant Ongers, Andrew van der Stock
There have been no donations as far as we can tell from sanctioned countries. Before the Board meeting or e-vote on this matter, I will get you the final numbers and if any donations were paid.

thanks,
Andrew

Sherif Mansour

unread,
Oct 7, 2020, 11:37:59 AM10/7/20
to Andrew van der Stock, Global-board, Grant Ongers
Thank you Abdrew please put me down as the motion sponsor 
Reply all
Reply to author
Forward
0 new messages