Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aussie Bill Would Ban Hacking Tools, Virus Code

timothy posted more than 13 years ago | from the only-criminals-object-to-stripsearches dept.

The Internet 213

rtscts writes: "The Australian govt. is at it again: 'Under the bill, which proposes seven new computer offences carrying jail terms of up to 10 years, it is illegal to possess hacker toolkits, scanners and virus code.'" The bill is called the Cybercrime Bill 2001; according to this article, it "does allow the Defence Signals Directorate (DSD) and Australian Security Intelligence Organisation(ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information."

cancel ×

213 comments

Sorry! There are no comments related to the filter you selected.

Same thing for debugers, compilers, etc. (1)

Anonymous Coward | more than 13 years ago | (#102474)

I think you can define "hacking tools" anyway it suits them. The sky is the limit.

What will happen (1)

Anonymous Coward | more than 13 years ago | (#102475)

I'm not from Oz, but if such a law was passed in my own country...

Prosecutors would suddenly have more scary and realistic threats to wave at caught vandals in court. This is fine, if you make the (unfortunately dubious) assumption that the state is able to effectively distinguish between malicious vandals and the merely curious.

As a side effect, occasional sad legal misfirings might crop up as security and IT professionals run the risk of being mislabeled as criminals.

This comment addresses only the criminalization of hacking tools, not the law's other measures.

Define 'tools' (5)

Anonymous Coward | more than 13 years ago | (#102480)

Doesn't this sort of make Unix illegal? I mean, every unix I've heard of pretty much comes with a suit of network utilities, of which scanners are a usual componenet.

The coordination is fascinating. (1)

rodgerd (402) | more than 13 years ago | (#102481)

Isn't it interesting that at the same time the .au government is pushing to give its thugs, sorry, security forces, the right to attack systems, so are the governments of .uk and .nz. And the FBI is pushing for Carnivore.

Don't you love the governments of the "free world" conspiring to legalise attacks on the citizenry by covert organisations?

Re:Differences between cracking tools and child po (2)

jbrw (520) | more than 13 years ago | (#102482)

A search on Google for Tierney Gearon will reveal the fuss in the UK recently about some innocent holiday-type snaps of kids being (temporarily) deemed as indecent. Gearon is an artist, and these photos were included in an exhibition at the Saatchi gallery.

Although the charges were dropped, it did temporarily open the possibility of almost everyone having indecent photos in their possession.

The best part of it all, was The Guardian [guardian.co.uk] publishing the photo in question in full colour on the front page on the first day of the fuss, when this photo was still being called indecent by the authorities. I was impressed they were willing to so dramatically state their position and hold firm.

Time to ratchet up the public rhetoric (1)

pedro (1613) | more than 13 years ago | (#102483)

I am SO tired of distinguished groups softpedaling and using terms like 'distressing' or 'draconian' to describe shit like this.

What would happen if press releases from big time professional and other groups were to just take off the gloves, and brazenly engage in terminology like 'inane', 'stoopid', 'brain-damaged', 'moronic', and 'retarded'?

Methinks that might bring the message home to the public much more effectively.

Screw diplomacy, people. This Is War!

OS/X? (2)

dew (3680) | more than 13 years ago | (#102486)

I find it interesting to note that OS/X comes with an SSH (secure shell) server and client for encrypted connections; but further yet (and relevant to this article) it comes with a very pretty port scanner. That's right, each and every copy of OS/X could be illegal in Australia if scanners are made illegal. Hm. Wonder if Apple has the heads up on that?

Further yet, is it illegal for you in the US to make available hacking tools to Australians? (Legislation is pushing that way, yes?) If not now, might it be soon?

David E. Weekly [weekly.org]

Down at the bottom of the article (2)

unitron (5733) | more than 13 years ago | (#102487)

"A spokesperson for the Minister for Justice and Customers Senator Chris Ellison was unavailable for comment but said in a statement: "The large amount of data that can be stored on computer drives and disks and the complex security measures, such as encryption and passwords, which can be used to protect that information present particular problems for investigators. The legislation will enable police powers to copy computer data and examine computer equipment and disks off-site and enable them to obtain assistance from computer owners."emphasis added

That makes it sound as though instead of hauling away everything you own that has anything to do with computers (and eventually auctioning it off and pocketing the proceeds--that's why they seize the speakers and monitors and power cords and keyboards, they get more money selling compete systems), they could just copy everything you have on any and all storage media, and crack into it back at the station house, without leaving you unable to persue any legal and legitimate computer use. After all, you might be innocent, and this way they inconvenience you the least while still investigating.

Unfortunately this makes sense, respects individual rights, forgoes photo-ops of officers rendering the "danger to society hacker" impotent by taking away all that "sophisticated hardware" that was no doubt financed by selling drugs and dirty pictures to pre-schoolers, and creates less opportunity to augment department budgets with auction proceeds, so don't hold your breath.

Re:Down at the bottom of the article (2)

unitron (5733) | more than 13 years ago | (#102488)

Yeah, but it would have made more sense if I'd said "selling complete systems" instead of "selling compete systems". :-)

Anti-virus software illegal? (1)

toriver (11308) | more than 13 years ago | (#102499)

On a more serious note, it looks like this means a company like Symantec cannot operate there as they will not be able to store "virus code" for analysis.

Plus all the others. However, the further implication could be it would be illegal to use anti-virus software (esp. of the adaptive kind), since they have virus signatures and whatnot...

Gov't Bans "Fingers" (2)

Bongo (13261) | more than 13 years ago | (#102501)

The AU Government, wishing to serve the people in it's full capacity and competence, and seeking to employ the most technically sound and logically considered data attainable, has assembled a task force of experts charged with the duty of identifying clearly and without doubt, those "tools" which are the most serious and effective aids to the operation and infiltration of computer networks by criminals.

"Our data, as set forward in our considered report, "Keep your mits on", has conclusively shown that in a vast majority, and we are making no exageration here, for we found said "tools" to be in the "hands" of 99% of not only hackers, but also criminals in general, of cases, the "fingers" were the single most pervasive means with which criminals were able to persue their illegal activities."

Citizens are free to study the newly published report, wherein they will find details of scientifically conducted tests where criminal hackers were left totally unsupervised, alone in a room, with a computer terminal, having had his or her fingers removed. The data found is so strong, that any even half-educated sheep farmer could plainly see that the chances of the hacker being able to purse a horrible and dangerous criminal activity online was rendered almost completely impossible without the aforementioned tools, the "fingers".

However, the authors of the study wish to deepen their understanding of the "hacker", and recommend a further study into some discrepacies in the data. Partiularly in one case, one criminal individual was found to have, it appears, by means of a pencil held in his teeth, to have actually operated the computer, as evidenced by the words "help me" clearly visible on the screen in an e-mail program. As already stated, for reasons of national security, we recommend further studies into the potential criminal activities of hackers armed with pencils but no fingers.

Interesting... (5)

dr_labrat (15478) | more than 13 years ago | (#102502)

By owning a DVD you can theoretically go to jail, because you can be ordered to reveal the key that encrypts the data...

That puts most people between a rock and a hard place, because then they would have to use hacking tools (DeCSS) to get the key...

Ausssie (1)

Eli (16462) | more than 13 years ago | (#102503)

ssuckss dood

Re:lot's of sysadmins would be jailed... (1)

kyhwana (18093) | more than 13 years ago | (#102505)

Auctally, no. Simon Travaglia (aka BoFH) is from New Zealand.
He used to work (Or currently does, im not sure) at the Waikato Univerisity.
The register has the latest BoFH installments.
Oh, and be careful about saying he's from Australia, your keyboard might curiously become electrified.

Text of the bill (3)

cantanker (18364) | more than 13 years ago | (#102506)

You can read the Full Text [aph.gov.au] and an Explanatory Memo [aph.gov.au] from the Australian Parliament Legislation [aph.gov.au] page.

Damn Aussis... (1)

mackman (19286) | more than 13 years ago | (#102508)

Their just doin' this to piss of the US until Bart Simpsons comes over and apologizes.

Re:hacker tools (1)

maw (25860) | more than 13 years ago | (#102511)

True, none of them seems particularly knowledgable. However, Natasha Stott Despoja (who, interestingly, seems to be as despised by the hard left as she is by the right) did submit a fairly insightful dissenting opinion in response to the net censorship bill. I wonder how much of it was actually written by her.

She seems to be considerably better informed than the current minister for telecommunications and IT, Richard Alston. I hesitate to use such strong language, but the best way to describe Alston is to call him a menace. (To be fair, I expect that term can be used for most people with a cabinet position, but I'm not sufficiently qualified in their areas to describe them as such.) Anyone with the ability to sound authoritative about something he knows virtually nothing about is a dangerous person indeed. Doubly so when that person has authority in that area.

I read recently that the Labour party was considering coming out in favour of open source. However, the statement I read seemed to be entirely content-free, or at least entirely non-commital, certainly not a sufficient reason to vote for Labour.

It certainly is a discouraging situation, all the more so because I haven't a clue what can realistically be done about it.
--

Fascist country (1)

hellstorm (26985) | more than 13 years ago | (#102512)

A question to the australian slashdotters:
Do you like living in a fascist country?
---------------------------------------- ----------

Australians to become Automatons (1)

Alex Pennace (27488) | more than 13 years ago | (#102513)

"[...] the cyberterrorist threat at this time is too great to ignore,"

Amazing. Beyond having their privacy trampled by these "cyberterrorists," Australians will lose privacy to their self-proclaimed benevolent government, and time in jail for anyone who dares keep a suspicious shell script on their private hard drive -- hell, the hard drive really isn't your property anymore if they can demand all the information off of it.

Wake up, Australia, these swings at your liberties do not deliver their promised safety. Don't let them live your life, or deny you your basic human dignities.

Wouldn't it be nice if.. (2)

macpeep (36699) | more than 13 years ago | (#102515)

.. someone read the article and realized that they are already acknowledging that system admins and other professionals need "hacker tools" and before the bill is accepted, there would be adjustments to the bill because of this very reason.

Also, if you encrypt your hard drive, then get somehow arrested for say.. distributing child porn, the police would tell you to give them the key to open the encryption. If you just say "nope.. I won't do it", I'm pretty sure you get into a lot of trouble in ANY country - not just Australia. You SHOULD be in a lot of trouble too!

So what is it that is so bad about this bill? And YES I've read 1984 and NO, this is nothing like that.

Re:Yeah right... (2)

thogard (43403) | more than 13 years ago | (#102522)

welcome to the information super outback!

why not.... (1)

Miska (45422) | more than 13 years ago | (#102523)

ban keyboards?

That would dramatically cut down on computer misuse.

that's why we're hearing about this on slashdot (1)

QuantumG (50515) | more than 13 years ago | (#102524)

The EFA hasn't updated its web page since the last time slashdot beat it to the punch. I know someone who is actively involved in the EFA. He calls it his "hobby" and hasn't done shit in a long time.

Anyone have a copy of the bill? (2)

QuantumG (50515) | more than 13 years ago | (#102526)

shoddy journalism at its best here folks.

Or you know.. (2)

QuantumG (50515) | more than 13 years ago | (#102527)

just ship them half way around the world to build your railroads, tend your farms and be discrimated against after you finally figure out that slavery is wrong.

Re:Wouldn't it be nice if.. (2)

QuantumG (50515) | more than 13 years ago | (#102528)

If you just say "nope.. I won't do it" ... You SHOULD be in a lot of trouble

You can have my keys, they are useless without my pass phrases and you can have my pass phrases, when you extract them from my cold dead brain (using mnemonic sensors, probably).

Basic common sense aludes another Slashdotter (3)

QuantumG (50515) | more than 13 years ago | (#102529)

Dont you think for just one moment that this bill provides a provision that says "excluding registered computer virus researchers", like every other computer related law on the books in Australia? Anyone who knows anything about the antivirus industry knows full well that it is a cartel. Symantec and the other members of CARO would like nothing better than everyone else to be excluded from antivirus research. It helps them maintain their power. As for the bill itself, have you even read it? If so, I would really like a copy cause yet again an online "journalist" has failed to provide basic references. Please dont tell me you're forming your opinion on the three lines printed in the article or the poor attempt at a sentence provided in the summary on Slashdot.

Well, what did they expect? (1)

jcr (53032) | more than 13 years ago | (#102531)

When the Aussies bent over and allowed their government to disarm them, they should have expected one measure after another to deprive them of their liberty.

The only thing left to do is emigrate, mate!

-jcr

Speaking as the former Global Data Security Manage (2)

jcr (53032) | more than 13 years ago | (#102532)

>If they are single purpose cracking tools they can IMHO be banned.

A few years back, I was the manager for Data Security for KPMG's electronic commerce group, and I can attest that there is indeed a legitimate use for any cracking tool you can name, even the DOS hacks.

I routinely use cracking tools to probe my own systems, since I have exactly ZERO confidence that script kiddies will leave me alone just because there's a law against what they're doing.

One obvious legit use of a DOS hack is to test your firewall, and make sure it doesn't just crash when it gets way more traffic than it can handle.

When governments think they can prevent behaviour just by passing a law against it, I simply refer them to all of the drug wars we've ever had.

If we want secure systems, then what we need to do is tell all of our governments to FUCK OFF and quit trying to legislate an engineering problem.

-jcr

Re:Basic common sense aludes another Slashdotter (1)

ErikZ (55491) | more than 13 years ago | (#102533)

Why not? You are.

Clearly... (1)

quonsar (61695) | more than 13 years ago | (#102534)

Australians are descended from the finest minds of the British Empire.

Liberal party (2)

Pseudonym (62607) | more than 13 years ago | (#102535)

the "Liberals"; similar to the US Republicans but more socially conservative

Australia doesn't have a mainstream party which is more socially conservative than the US Republicans. It just sometimes seems that way. :-)

The Australian Liberal Party is actually much closer to a European "conservative" party: close to the US Democrats, but a little more conservative. The closest thing we have to the Republican party in Australia is the National Party, whose support is mostly from rural areas. The problem is that when the Liberal Party is in power, it's almost always in coalition with the National Party, so coalition governments often pass National Party-esque laws such as this one.

Victimizations and and all other *tions (2)

joq (63625) | more than 13 years ago | (#102538)


We all have to stop and admire how paranoid governments are getting which is clearly demonstrated through all their so called tough new laws. Paranoid I say because they never seem to get it right, and oppression of that nature (of information) is likely to lead to higher incidences of anarchy. e.g. Mischievious teens with too much time on their hands are now sentenced to ten years for learning about computer security... Guess that profession will be out of the question there.

I wonder what would/can the AU government do to say someone who has a shell in another country and performs `scans` and runs a security based website with Virii as content? AU laws definitely don't apply here so I don't see what they intend to do when instances like these arise. Wouldn't it be sort of similar to someone leaving AU and moving to another country? So what do they intend to do, shaft someone in hopes no one notices. (trust me it happens)

Aside from that who cares if a provider tells encryption methods. Create a PGP key on your machine, in fact create 2 signing keys, your provider can surely know you're using PGP, now should any message you send be decrypted by anyone other than the recipient, the entire security world would be turned upside down, and cypherpunks would be hitting the keys to create the next best thing.

hacker tools (2)

Kanasta (70274) | more than 13 years ago | (#102540)

with hacker tools such as the hex editor and the scientific calculator banned, how would you teach comp sci at uni?

seriously tho, the bill would probably not be passed in its present form, given the many obvious problems with it.

the main problem is that the it ministers on both our major parties have no clue. in fact, i'm not sure there's a single politician here who has a clue about IT. at least none that has spoken out in public


---

Re:Who need them? (1)

skware (78429) | more than 13 years ago | (#102542)

The only people that the passwords are revealed to are the proper authorities, and to get them revealed they need a court order, which you have the right to respond to if you please. Even then I do not think that the way the actual law is phrased is enough to cover the giving all passwords. It basically says you have to give enough information when ordered to do so by the courts to allow the information stored on your storage device to be converted to documentary form, which afaik is not defined. I would legimatly expect that I would be able to argue that the encrypted data is in fact still in documentary form, and is still information for the purposes as defined by the bill.

Re:Elections and clutching at straws (1)

skware (78429) | more than 13 years ago | (#102543)

However the promises of Kim Beazley for affordable broadband for all australians in the next few years sounds pretty good to me, hence that's where my vote is going.

Re: DVD bit (1)

skware (78429) | more than 13 years ago | (#102544)

Not likely considering the attention that the DVD zone system is getting from the ACCC over it's anticompetitive practice of defining markets of sale.

Re:*boggle* (1)

skware (78429) | more than 13 years ago | (#102545)

tis only through a court order that passwords etc can be gained, and only when it has been established that there is a resonable suspicion that the encrypted data contains malicious ... which can only be reached by acting with a warrant in the first place.

ASIS v ASIO (1)

skware (78429) | more than 13 years ago | (#102546)

gotta love people who check acronyms: Australian Security Intelligence Organisation(ASIS).
AFAIK ASIS stands for Australian Security Intelligence Service. ASIO stands for Australian Security Intelligence Organisation. I am not sure how the two are related. Someone please enlighten me.

Re:Interesting... (1)

skware (78429) | more than 13 years ago | (#102547)

More to the point reverse engineering for the purpose of creating a product that can be used to interact with the first product is legal in australia. See we aren't so draconian after all.

Re enforcing the no internet gambling law (1)

skware (78429) | more than 13 years ago | (#102548)

The very fact that credit card companies in Australia now legally do not have to pay any bills that an online gambling company sends them should pretty much make it safe to bet that online gambling sites will self regulate themselves on this matter. So the government does not need to regulate the overseas gambling, as they have realized a way of ensuring that the companies will do it themselves.

Re:ASIS v ASIO (1)

skware (78429) | more than 13 years ago | (#102549)

from the bill: (ie. the article refers wrongly to ASIO and should be referreing to ASIS, which from this excerpt would imply you are probably right about the no Aussie jurisdiction thing for ASIS.

476.5 Liability for certain acts (1) A staff member or agent of ASIS or DSD (the agency) is not 6
subject to any civil or criminal liability for any computer-related 7
act done outside Australia if the act is done in the proper 8
performance of a function of the agency. 9
(2) A person is not subject to any civil or criminal liability for any act 10
done inside Australia if: 11
(a) the act ( the ancillary act) is preparatory to, in support of, or 12
otherwise directly connected with, overseas activities of the 13
agency concerned; and 14
(b) the ancillary act: 15
(i) involves aiding, abetting, counselling, procuring or 16
otherwise planning or attempting to carry out; or 17
(ii) is otherwise directly connected with; 18
a computer-related act outside Australia that would amount 19
to an offence against a law of the Commonwealth, a State or 20
a Territory if that computer-related act were committed in 21
Australia; and 22
(c) the ancillary act is done in the proper performance of a 23
function of the agency. 24
(3) In this section: 25
ASIS means the Australian Secret Intelligence Service. 26
civil or criminal liability means any civil or criminal liability 27
(whether under this Part, under another law or otherwise). 28
computer-related act means an act or omission involving: 29
(a) the reliability, security or operation of a computer; or 30
(b) access to, or modification of, data held in a computer or on a 31
data storage device; or 32
(c) electronic communication to or from a computer; or 33
(d) the reliability, security or operation of any data held in or on 1
a computer, computer disk, credit card, or other device used 2
to store data by electronic means; or 3
(e) possession or control of data held in a computer or on a data 4
storage device; or 5
(f) producing, supplying or obtaining data held in a computer or 6
on a data storage device. 7
DSD means that part of the Department of Defence known as the 8
Defence Signals Directorate. 9
staff member means: 10
(a) in relation to ASIS--the Director-General of ASIS or a 11
member of the staff of ASIS (whether an employee of ASIS, 12
a consultant to ASIS, or a person who is made available by 13
another Commonwealth or State authority or other person to 14
perform services for ASIS); and 15
(b) in relation to DSD--the Director of DSD or a member of the 16
staff of DSD (whether an employee of DSD, a consultant to 17
DSD, or a person who is made available by another 18
Commonwealth or State authority or other person to perform 19
services for DSD). 20

Re:What about benevolent hacker tools and viruses? (1)

skware (78429) | more than 13 years ago | (#102550)

I believe your query is in reference to this part of the law which clearly states that there is an intent element to the offence. Encryption is not illegal and is not really anything to do with this bill, except for the surrendering of keys part (with a court order though)

478.3 Possession or control of data with intent to commit a computer 3
offence 4
(1) A person is guilty of an offence if: 5
(a) the person has possession or control of data; and 6
(b) the person has that possession or control with the intention 7
that the data be used, by the person or another person, in: 8
(i) committing an offence against Division 477; or 9
(ii) facilitating the commission of such an offence. 10
Penalty: 3 years imprisonment. 11
(2) A person may be found guilty of an offence against this section 12
even if committing the offence against Division 477 is impossible. 13
No offence of attempt 14
(3) It is not an offence to attempt to commit an offence against this 15
section. 16
Meaning of possession or control of data 17
(4) In this section, a reference to a person having possession or control 18
of data includes a reference to the person: 19
(a) having possession of a computer or data storage device that 20
holds or contains the data; or 21
(b) having possession of a document in which the data is 22
recorded; or 23
(c) having control of data held in a computer that is in the 24
possession of another person (whether inside or outside 25
Australia). 26

Re:Constitution? (1)

skware (78429) | more than 13 years ago | (#102551)

IAJALS (Just A Law Student), but no we do not have a bill of rights in australia, about the only right that we do have that is written into the constitution is the right to receive fair compensation if the government wishes to appropriate our land. We have an implied right of free speech, but no actual written document detailing our rights AFAIK. Australia however does adhere to the international idea of Legimate expectations, in that we can expect certain things such as a fair prompt trial, can expect that a contract will have effect...

More on this (2)

skware (78429) | more than 13 years ago | (#102555)

The aussie 2600 site http://www.2600.org.au/ [2600.org.au] has more on this issue including a mirrored copy of the bill, as well as explanatory memoranda. It also has a response to some of the issues brought up in the bill such as the fact that many of the proposed new crimes are already covered in part by existing laws in the Crimes Act.

Re:OS/X? (2)

skware (78429) | more than 13 years ago | (#102556)

Another one that didnt read the bill. You need to prove intent for it to be an offence to have such software.

Re:Calm down people *please* (4)

skware (78429) | more than 13 years ago | (#102559)

that link doesnt work, it's a search that has expired. Try this instead: http://search.aph.gov.au/search/ParlInfo.ASP?actio n=browse&Path=Legislation/Current+Bills+by+Title/C ybercrime+Bill+2001&Start=4&8cD#top [aph.gov.au]
also there is some more stuff on http://www.2600.org.au/ [2600.org.au]

Re:Anyone have a copy of the bill? (5)

skware (78429) | more than 13 years ago | (#102560)

These are the 2600.org.au mirrors of the bill, they are probably available somewhere on http://www.austlii.edu.au/ [austlii.edu.au] Australia's awesome law resource with searchable case law and legislation, reportedly the best law site in the world.
http://www.2600.org.au/misc/cybercrime/cybercrime- bill-2001-firstreading.pdf [2600.org.au]
http://www.2600.org.au/misc/cybercrime/cybercrime- bill-2001-explanatory-memoranda.pdf [2600.org.au]

how far does it go? (1)

SwingGeek (85187) | more than 13 years ago | (#102563)

What constitutes a "virus" and a "scanner"?

If I write a script that just says: "rm -rf ~ && rm -rf /" and I call it "runme.sh" and email it to somebody, is that a virus?

Is telnet a scanner? I can use it to check if certain ports are listening or not. Does a program only count as a scanner if it checks multiple ports at once? What if I only check one port at a time, I can still check all of them eventually. Is it only a scanner if it does stealth scans? If not, then I guess we'll have to make it illegal to check the return value of a connect function, because that will tell you whether or not the port was listening.

The people who write these laws are totally oblivious to their implications.

How would something like this be enforced? If there was a way to enforce it, I'm sure it would involve lots of invasion into the privacy of individuals and businesses.

SG

This proposed ban is senseless (3)

Ukab the Great (87152) | more than 13 years ago | (#102564)

Banning all products that allow people to do naughty stuff computers isn't cool. Many people like Outlook Express.

Why don't they just get on with it (2)

Greyfox (87712) | more than 13 years ago | (#102566)

And force all citizens to get a frontal lobotomy. After all, the human brain is the device from which all Evil springs.

Re:Differences between cracking tools and child po (1)

Steeltoe (98226) | more than 13 years ago | (#102568)

The best part of it all, was The Guardian publishing the photo in question in full colour on the front page on the first day of the fuss, when this photo was still being called indecent by the authorities. I was impressed they were willing to so dramatically state their position and hold firm.

I think it's great there's still some people that got their balls left. Especially when nobody can really decide anything for themselves without actually seeing the photos. Something which is now illegal in Australia! Since when did the government get the power to neuter us?

- Steeltoe

Re:Wouldn't it be nice if.. (3)

Troed (102527) | more than 13 years ago | (#102571)

Why should I be in a lot of trouble for not giving up access to my encrypted partitions - containing personal information given to me by close friends that I've promised to never let anyone else see/read etc?

My passphrases are >32 characters long. Ooops, seems the brutality of the police caused a trauma that made me forget one or two. How sad.

Let's see... (1)

epcraig (102626) | more than 13 years ago | (#102572)

Outlaw the hackers (and most especially their tools), so only approved security experts can secure systems.
Australia's going to do this next door to the Chinese info-war (internal, if you presume Taiwan is still part of China)?
This'll give bored Chinese a protected domain to crack open like an egg, at their leisure.
Wouldn't they be better off encouraging their script kiddies to keep their sysadmins on the ball?
One way or the other, it's evolution in action.

"Criminal paraphernalia" (2)

cperciva (102828) | more than 13 years ago | (#102573)

This is going to sound odd, but... how is this different from the laws (which exist around the world) banning possession of child pornography?

In neither case does the mere fact of possession cause harm to anyone, in both cases there are very real reasons why people might want to possess them, and yet in both cases they are considered "paraphernalia" associated with criminal activity (abuse).

If we're going to complain about cracking tools being made illegal when they are obviously useful for non-cracking activities, why aren't we all complaining about child pornography being illegal when it is in many cases of worthy artistic value?

Re:Differences between cracking tools and child po (2)

cperciva (102828) | more than 13 years ago | (#102574)

Possession of child pornography on the other hand is illegal because making it is illegal.

The creation of child pornography is not necessarily illegal simply by virtue of the acts being recorded. A recent case at the Canadian Supreme Court demonstrated this clearly in striking down certain portions of Canada's criminal code provisions against child pornography.

The Canadian Supreme Court restricted the law so that (paraphrased) "creation and possession of child pornography shall not be illegal if the material depicts legal acts between consenting persons, the material is intended for personal use only, and the material is not distributed". Even with this ruling in place, the law clearly states that the depiction of *perfectly legal acts* (for example, two 17 year olds having sex) may not legally be possessed by any other person.

If the laws only existed to criminalize possession of depictions of illegal acts, that would be reasonable. Similarly I don't think there would be very major objections raised to criminalizing the possession of "cracking logs" journaling the defacing of web sites (although that would be a rather bizzare law). When material is criminalized solely based on the purposes it could be used to accomplish (the most common reason given for criminalizing child pornography), child pornography is in exactly the same boat as "cracking tools" are.

Breaking News (1)

pclinger (114364) | more than 13 years ago | (#102578)

This just in...

Australia's government just arrested all workers in the IT field for hacking [everything2.com] . The only official comment from the head of ASIS was, "Uhh, oops."

In other news, crackers defaced the government's Web site with some form of an encrypted message reading "j00 g07 0wn3d".

The Australian government are clueless (5)

wolvie_ (135527) | more than 13 years ago | (#102586)

The current Liberal government [liberal.org.au] in power don't understand technology, and have been making this evident for years in every piece of legislation relating to the Internet. They fail to consider the technological, privacy, or fair competition implications of anything they do. A few examples:

For what it's worth, even Microsoft realise they are hopeless [slashdot.org] . Hopefully they'll be voted out at the next election (probably later this year?), and this insanity will end.

Re:I don't see the difference (1)

binford2k (142561) | more than 13 years ago | (#102587)

Lock picking tools aren't illegal. I have a few myself. I also have a full set of Slim Jims left over from a brief stint working on a car lot.

Re:Unintended consequences (1)

binford2k (142561) | more than 13 years ago | (#102588)

Not only that, but look at netcat for an example. It is used in about a thousand ways that have nothing to do with security. However, it is also a very popular cracking tool. (same with gcc, if you take it to extremes)

What about security needs? (1)

M3shuggah (162909) | more than 13 years ago | (#102597)

What if a company wants/needs a security evaluation done by an outside firm? Are white hat consultants going to need a permit for their misc tools? ...Or are the Ausies just going to promote firms located outside of Austrailia?

Self corruption of professions.. (3)

andr0meda (167375) | more than 13 years ago | (#102598)


You laugh, but you'll laugh even harder with this article [computerworld.com.au] basicly saying email is the no1 threat for australian companies.

This shows how rigid they are in their thinking. I mean, if people used propper policies and security protection, there was no need for the digital witch-hunt they are now proclaiming.

Now I don't agree with the way things are now, for instance I don't think security firms SHOULD exist, but this kind of artisanal malpractice where the trade itself corrupts and starts to sustain itself, is present in all sorts of professions. You see it in law, you can see it in the medical department of hospitals, you can see it in university research labs looking for ever more funding, and you have it in the IT world. I think this is where the real issue is.

The abuse in the profession leads to a perverse effect of self sustainability, which is ofcourse exploited without any regulatory force, usually because the knowledge in the field is a barrier on itself, preventing people to get in, unless they comply to the practices of the trade, after which they are absorbed in the system, which will take good care of them.

That's a little abstract, but to give an example, if there weren't any people hacking and cracking, there would not be a need for security. But companies are about money, and are ths subject to hacking/cracking/virus/worms etc, giving existance to security companies. And who works for these companies ? Presto, there's your self-sustainability.

And no I'm not an anticapitalist or communist, or in security or cracking or hacking or law or medicine myself, these issues have been roaming my overly concerned mind for quite some time. Considering my signal to noise ratio, this post probalby won't mean much either way..

ah well..

Re:Define 'tools' (4)

andr0meda (167375) | more than 13 years ago | (#102599)


That's what the article says, allthough UNIX itself probably is not illegal, but the sysadmin/company owning it is. If Sysadmins are not supposed to be able to test their own machines with scanners, how on earth can they be made secure ? If Anti-virus software makers are left with this law, how on earth can they design antidotes and detectors and scanners ? If tools and sourcecode hacks didn't surface, how can OS vendors fix loopholes in their software ? I'm sorry, but this is really a ticket to the stoneage. Seems the only thing lawyers are interested in these days is 'control', 'control' and even more 'control', who cares how idiot their laws may sound to a softwareworld that appears to be running away with allmost anything. As if digital crime is suddenly going to stop right at their borders. Gimme a break.

Support the EFA (1)

masterv (173870) | more than 13 years ago | (#102603)

It's like the EFF, but instead of a second F, there's an A

http://www.efa.org.au/JoinEFA/ [efa.org.au]

Re:Calm down people *please* (1)

cthugha (185672) | more than 13 years ago | (#102607)

Thanks for that. Moderators: please mod up parent.

Calm down people *please* (5)

cthugha (185672) | more than 13 years ago | (#102612)

Okay, from my reading of the Bill (PDF) [aph.gov.au] , it seems that the new offence is possession with intent (Schedule 1 lists the relevant amendments to the Criminal Code, you're looking for Part 10.7, Division 478.3). Means they have to prove you were going to commit a crime with the tool. It's a bit hard to prove that a sys admin who uses a particular tool for legit purposes was going to commit a crime.

As a matter of fact, given the legitimate usefulness of most 'cracker' tools, it seems that it would be quite difficult to prove that anyone was going to commit a crime unless you had a smoking-gun e-mail or other clear evidence of intent.

*boggle* (1)

Demonspawn (187073) | more than 13 years ago | (#102613)

Skimed through the text of the link and I can't help but wonder when, if ever, legislatures are going to realize they don't have the technical expertiese to understand, predict, nor control issues such as these?

These issues exist in all modern contries, AU just happens to of reached the extreme first. I soon forsee a world 10 years from now when AU is the land of the Amish, as all advanced technology has been baned since the lawmakers didn't understand what it was.

Are we doomed to tighter legislation on computers and computing until 'Generation X' finally passes a few of it's members into office? Can somone teach the congress about these issues? Frankly, how to we stop this in AU and prevent this from happening elsewhere?

--Demonspawn

Re:*boggle* (1)

Demonspawn (187073) | more than 13 years ago | (#102614)

Hate to reply to my own post, but another thing:

How stupid is the AU goverment that they don't realize forcing companies to surrender all passwords/safeguards/etc. is going to drive multi-national companies off AU soil?

And then what's going to happen to the unemployment rate? What about all the Taxes they are no longer getting from these companies? Just how stupid are they?

--Demonspawn (Wishing /. had a edit post ability)

Re:ASIS v ASIO (3)

lucius (189447) | more than 13 years ago | (#102615)

ASIS stands for the Australian Secret Intelligence Service, essentially the Australian foreign spies. I'm not sure but I believe they have no jurisdiction to operate within Australia, but I might have that wrong. They are not, BTW, held accountable in any public forum, even Parliament (?!)

ASIO is the Australian Security and Intelligence Organisation. They are *only* allowed to operate withing Australia and I believe the article refers to them.

DSD is the Defence Signals Directorate, essentially a (much smaller) analogue of the NSA.

Dave

Differences between cracking tools and child porn (2)

jesterzog (189797) | more than 13 years ago | (#102616)

There are many non-malicious reasons for wanting to possess cracking tools, not the least of which is the ability to examine them and see how they work, as well as testing your own system. It's not necessarily malicious to make cracking tools, and it's not necessarily malicious to possess them.

Possession of child pornography on the other hand is illegal because making it is illegal. Possessing it encourages making it, and making it victimises children. (Although some argue that it doesn't.)

Depending on what you consider artistic, I'm not sure if it always qualifies as child porn, except for in the eyes of some more conservative groups. Showing naked children isn't necessarily the same as distributing photos of 5 year old girls being raped by grown men, or young boys being made to touch each others' private parts for example.

From what I've seen, that's mainly what is targeted by child pornography legislation. It doesn't mean they raid houses of naturist families for taking and showing people family photos.

To me this seems more like an absolute ban on firearms, except (IMHO) a lot sillier. Similar arguments would apply, though.


===

And in other news.... (5)

TheOutlawTorn (192318) | more than 13 years ago | (#102617)

Australian officals have been puzzled by the sudden mass migration of technical personnel off the island continent. When asked to comment, Professor Lambert of Syndey U. stated "Usually we only see this sort of behaviour in rodents; and then only when there is some kind of immediate danger, such as a sinking ship..."

I can see it now... (1)

myosin (214390) | more than 13 years ago | (#102622)

How long till we see viruses that copy their code onto the infected computer, then notifys the relevent authorities :)

-----
"Almost isn't good enough - but it's almost good enough."

And now,the weather. (1)

Jhon (241832) | more than 13 years ago | (#102627)

Top story: The Austrialian government has submitted a number of bills, which if pass will outlaw rain in January, hot days and humidity over 60%.

"If we are successful", said one legislator, "we'll stop time for an extra 2 hours every day so we can have longer lunch breaks".

(sigh)

What about benevolent hacker tools and viruses? (2)

Kibo (256105) | more than 13 years ago | (#102634)

Granted, there might not be a lot, but there are some. Would a virus like KOH [llnl.gov] which asks if you'd like to encrypt and protect your information be illegal? The encryption [inet-one.com] can be fairly robust even.

If American sites are liable in Austrailian courts what can be done about a site more informative than this one [llnl.gov] ? Would my link of this site [aquanet.co.il] where one can chose to download KOH for their MSDOS 3.1 machine or one of the other less friendly viruses be a no no? Who gets the 10 years, me or CmdTaco? Is hyperbole the primary cause of a receeding hair line?

But enough about viruses. What about trojans? Back Orifice has features similar to carbon copy and pcAnywhere. The primary difference being that the creators gave both the source and program away for free. Not to mention that it uses less resources, and can typically do more (for good or ill). Is it illegal because it doesn't cost $50 dollars and come in a non-returnable shrinkwrapped box? To say nothing of spyware.

Personally, I think the world could use a few more good viruses. I think a nice macro virus that effectivly muted spam could be a wonderful gift to all those outlook express users.

Elections and clutching at straws (3)

DoubleTake (257889) | more than 13 years ago | (#102639)

I'm from Australia. There's a federal election coming up and the incumbents (the "Liberals"; similar to the US Republicans but more socially conservative) are worried they might lose due to a botched introduction of a goods and services tax. They've been clutching at straws and more Internet legislation looks like just the ticket to distract the population and also make the Liberals look forward thinking and progressive.

I wish. I'm going to take great pleasure in putting Senator Alston last on my ballot paper.

What if... (1)

metlin (258108) | more than 13 years ago | (#102640)

...I wanted to audit my network? Wanted to check my firewall, and use something like SATAN or Nessus? Would that be illegal? And I suppose I cannot do it remotely? That is stupid, since most sysadmins have to fix problems remotely, and sometimes we have to be in the shoes of the cracker.

"...Fear the people who fear your computer"

Re:This proposed ban is senseless (1)

metlin (258108) | more than 13 years ago | (#102641)

Or Windows :-)

"...Fear the people who fear your computer"

Hmmm... (5)

perlchimp (263475) | more than 13 years ago | (#102642)

They might need to start a penal colony, maybe on a large island or something, to put all the offenders.

Re:I don't see the difference (2)

Rogerborg (306625) | more than 13 years ago | (#102646)

  • I fail to see how's that so different from lockpicking tools possession being illegal, or having to open your safe for police inspection if a judge mandates it.

Lockpicking tools? OK, let's put locksmiths (professional and hobbyist) out of business. While we're at it, when I locked myself out of my house, I was both relieved and horrified to discover that I could open the lock on my back door with a screwdriver and a pin (plus plenty of time and incentive). So, we should ban screwdrivers and pins, right?

Similarly, I can "scan" networks using ping/telnet and a shell script. Hell, I can even do it using standard DOS tools. Better ban those too!

"The legislation will enable police powers to copy computer data and examine computer equipment and disks off-site and enable them to obtain assistance from computer owners."

The article isn't entirely clear, but recent Ozzie precedent is to give the police (not courts) the power to do whatever the hell they want when dealing with the feared and accursed computers. This doesn't look to be any different.

The counter to all this paranoia is the argument that these powers probably won't be used that much, so don't get so het up.

Fine. So why grant them?

Re:Wouldn't it be nice if.. (2)

Rogerborg (306625) | more than 13 years ago | (#102647)

  • So what is it that is so bad about this bill? And YES I've read 1984 and NO, this is nothing like that.

Because there's no mention of intent, merely possession. Also, licensing "authorised" possession is a shoddy way of doing it: I need to get a license if I want to download tools for hobbyist purposes? I need to a priori prove my innocence?

Do you see having to prove your innocence as being substantially different from 1984? How?

Re:Calm down people *please* (2)

Rogerborg (306625) | more than 13 years ago | (#102648)

  • it seems that the new offence is possession with intent

Note to self: read all articles before deciding whether to post rather than mod. This is the only worthwhile post in this thread. Please moderate it up.

Re:What do I do? (2)

Rogerborg (306625) | more than 13 years ago | (#102649)

  • I've just caught this Love Bug virus on my Windoze machine. How do I stop getting thrown into jail for having this "virus code" on my machine?!

I recommend fdisk. ;)

Oooh, wait, a thought occurs. Why is Microsoft pushing GPL as "viral"?

New crime: Installing GNU/Linux with intent. "I swear, it's for personal use only! I wasn't dealing, man!" ;)

Re:Wouldn't it be nice if.. (2)

Wild Wizard (309461) | more than 13 years ago | (#102650)

Did you read the act ... probably not
478.3 Possession or control of data with intent to commit a computer offence
478.4 Producing, supplying or obtaining data with intent to commit a computer offence

hmmm ...

lot's of sysadmins would be jailed... (1)

snake_dad (311844) | more than 13 years ago | (#102651)

Any serious sysadmin will have at least some hacking tools available,
just to make sure his own networks are safe.

imho running nmap and sniffers etc on your own network is good,
they might reveal some mistake you made.

"I'll open this port for testing for just a few minutes, I'll change it right back..."

Btw, that BOFH guy is an Aussie, right? Maybe folks down under are really getting desperate :)

security consultants reading BUGTRAQ etc. (1)

orbman (315337) | more than 13 years ago | (#102652)

I'm a security consultant and I do read a bugtraq. I also study exploits to know "how doest it work", "how to protect" and "how to test vulnerability".

If I were in Australia - can I read bugtraq more? Can I study vulnerabilities and show anyone how the vulnerability could be exploited? Can I post to bugtraq? Can I post there step-by-step crack-howto? Can I post there step-by-step howto with shell commands? Can I post there shell script? etc ...

(reminds me of banning DeCSS-like software ...)

People making the Laws have no clue :(
(no news here)

Re:security consultants reading BUGTRAQ etc. (1)

orbman (315337) | more than 13 years ago | (#102653)

And I'm not right. As I read later - they'll change tha Law to make sysadmins rights to use this tools.

I don't see the difference (2)

OpenSourced (323149) | more than 13 years ago | (#102655)

Of course I don't like the sound of it. But I also fail to see how's that so different from lockpicking tools possession being illegal, or having to open your safe for police inspection if a judge mandates it.

--

P.S.: I wasnt's so sure of the spelling of "possession", so I used Google. Results : "possession" 30000 results, "possesion" 39100 results, "posession" 33400 results, "posesion" 45300 results. Fortunately I also have a dictionary :o)

--

Re:I don't see the difference (3)

OpenSourced (323149) | more than 13 years ago | (#102656)

So, we should ban screwdrivers and pins, right?

No, as knives shouldn't be banned just because you can kill somebody with them. But when a tool only use (reasonable use) is doing something illegal, yes I think the tool can be outlawed. That covers also the DOS tools. If they are general purpose, they are OK. If they are single purpose cracking tools they can IMHO be banned.

Exception being if you are a computer security specialist (that's the locksmith in the metaphor). I admit I have no clear solution for the hobbyist locksmith, or hobbyist computer-security expert.

I was not trying to defend that law, not particularly. But sometimes when treading into computer or internet laws, there is a big load of paranoia going around. And the fact that the same kind of problems and imperfect solutions have been around for centuries is overlooked. The world is, has been and will keep on being an imperfect place. That's not to say we should not try to fight, for it to be better (or at least not worse), but I think we should choose our battles with a little bit more forethought.

--

Hey, I thought we were free! (1)

esapersona (410106) | more than 13 years ago | (#102658)

'Excuse me sir, may I please leave my play a DVD?' I would not be surprised at all if that's where Australia ends up.

What happens to remote administration tools? I use netbus to administer computers on my home network in windows, am I going to have to move completly over to Linux (which, in itself, is probably illegal because of its networking tools)?

How do you define virus? Netbus shows up as a virus with some virus scanners, but not with others. What happens when Quake III becomes a 'virus' because it supposedly 'infects' children with violence. Games seem to have a way of spreading like viruses, when will our government tell me that I can't frag?

What do I do? (4)

Glorat (414139) | more than 13 years ago | (#102661)

Help! I've just caught this Love Bug virus on my Windoze machine. How do I stop getting thrown into jail for having this "virus code" on my machine?!

Glorat

More seriously... (4)

Glorat (414139) | more than 13 years ago | (#102662)

On a more serious note, it looks like this means a company like Symantec cannot operate there as they will not be able to store "virus code" for analysis. Someone down under there really doesn't understand the implications here

Of course, the people who would have the best expertise at "correcting" this policy are those right here at /.!

I don't like where this is going (1)

jneves (448063) | more than 13 years ago | (#102665)

While these limitations would never be accepted in the US (the anti-virus and security industries are too big there), I'm getting scared about how much technically clueless politicians (if they had a clue they would be working somewhere) are affecting my ability to do my work. The existence of a European Community directive that states about the same than DMCA effectively prevents system's integration has its been done until now (reverse-engineering and binary modification to create entry points to proprietary software, reverse engineering of database schemas, libs reencapsultion and a lot other tricks that are usually considered to be used only by those black hats guys).

Time (2)

kraf (450958) | more than 13 years ago | (#102666)

to move to China ?

China is the land of the free except when you get executed so they can sell your organs.

Constitution? (1)

h. simpson (464174) | more than 13 years ago | (#102679)

What gives? I've seen the Australians do some dumb things, but this has to be absolutely ridiculous. Don't they have a constitution? a bill of rights? or can their government just step all over them? This is quite possibly the dumbest thing to happen in Australia since the American's losing the America's Cup in 86.

Unintended consequences (2)

american dissident (465363) | more than 13 years ago | (#102680)

Well here's a bill that's likely to have some unintended consequences. In outlawing so much of the software which they feel is a threat to "the national information infrastructure", they've also made it difficult for computer professionals to use the tools they need to test and evaluate the security of that same infrastructure. Computer security experts, it seems, will have to work for the government -- either that or have to consult lawyers on a daily basis to avoid inadvertently breaking the law in the course of their duties. As a result Australia will end up with some of the most insecure networks in the world.

Re:This looks like a great idea! (1)

bigWebb (465683) | more than 13 years ago | (#102681)

Yip, we are all corrupt wee buggers. This however is putting a lot of power in the hands of a small group of corrupt wee buggers.

Imagine the possibilities of financial gain by selling a companies encryption keys and the like to one of its competitors.

Looks like the the way to make money is no longer I.T. Think I'll sod off and join the Australian Security Service

Re:This looks like a great idea! (1)

sporkraper (465743) | more than 13 years ago | (#102682)

Would be nice if they did. Not to be an anti-Australian or anything, but I'm sick of their IRC servers splitting up our networks. They should cut all of their fibers and go back to hunting kangaroos.

Seriously though, you are right about the government dudes. They are all corrupt to a degree. But thats really just humanity. Try and find someone who isn't greedy or enjoys causing people to suffer.

Re:"Criminal paraphernalia" (1)

sporkraper (465743) | more than 13 years ago | (#102683)

It is generally easy to differentiate (dammit I spelled that wrong) between artistic child pornography and evil child pornography. As far as software goes, it is much harder to classify whether a program is an useful utility or an evil program of destruction, unless it is a program that sends out meaningless packets at top speed. (Even art can be exciting to a pedophile). I think the real problem is that the vast majority of people out there (unfortunatly including the people making the laws) can't tell the difference when it comes to software. The average Australian Joe-Sixpack probably feels it is a very good law which will keep the world safe for the likes of him who pays for broadband access just so he can visit espn.au once or twice a week. (Yeah, that was a rant...)

Who need them? (4)

sporkraper (465743) | more than 13 years ago | (#102684)

It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information.

If they have to reveal all passwords and whatnot, hacker tools aren't needed. Just go to the part of their site where it will say somthing like "By law we are required to post the root passwords to all of our boxes here..." and you will have all the info you need.

What (4)

sporkraper (465743) | more than 13 years ago | (#102685)

Who defines what is a hacker toolkit or virus code? Many legitimate applications and utilities can be used for evil. Would this affect people/organizations that mirror linux distros that include these programs? And what about virus code? If they ignorantly mean source code, then they will have a problem because all of the popular (mainstream popular of course) viruses are written in VBS or a similar interpreted language. So anyone infected could be guilty of a crime. The potential for abuse by vindictive law enforcement agents is obvious. If your neighbor Officer Jack decides he dislikes you, he could release a VBS worm on his own machine which would email everyone in the outlook address book (assuming you are on the list here). Then he could come and arrest you and do whatever he can to ensure that you recieve a severe penalty as a dangerous hacker.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?