Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Moves to Outlaw 'Hacker Tools'

Zonk posted more than 6 years ago | from the getting-to-be-popular-over-there dept.

Government 308

twitter writes "New guidance rules for the UK's controversial Computer Misuse Act do not allay fears of impracticality, or of the banning of legitimate IT software: 'The government has come through with guidelines that address some, but not all, of these concerns about dual-use tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.'" Somewhat similar legislation recently became law in Germany.

cancel ×

308 comments

Sorry! There are no comments related to the filter you selected.

Not sure (-1, Offtopic)

dippitydoo (1134915) | more than 6 years ago | (#21900814)

Was I first? Its gunna be close!

Interestingly enough.... (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#21900960)

MI5 (CIA of the UK) have been working on a custom trojan [google.com] for the last year or so. I wonder how this will affect them? Are they above the law?

Re:Not sure (-1, Offtopic)

dippitydoo (1134915) | more than 6 years ago | (#21901092)

YAY!! I was! Now am I the first to reply to my first?

SLASHDOT SUX0RZ (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21900816)

_0_
\''\
'=o='
.|!|
.| |
goatse for freedom!! [goatse.ch]

FIRST TROUT! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21900818)

I am a fish, I am not a hacker.

I better take down... (4, Funny)

MozeeToby (1163751) | more than 6 years ago | (#21900820)

That list of every IP address I posted a while back.

Re:I better take down... (2, Funny)

Anonymous Coward | more than 6 years ago | (#21900978)

Not yet - Please!
I'm almost done downloading...

IDEs too? (2, Insightful)

RingDev (879105) | more than 6 years ago | (#21900840)

So if I hack something while running my custom application in debug mode from an IDE like Eclipse or VS.Net, would that not make Eclipse and VS.Net hacker tools that should be stripped from the land?

These laws are just retarded knee jerk reactions made by people who have no idea about what it is they are legislating on.

-Rick

Re:IDEs too? (3, Interesting)

hesaigo999ca (786966) | more than 6 years ago | (#21900932)

I am so glad you mentioned VS.net...yes this tool can be used to do many "hacker" like things...
I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools.... ;P

Re:IDEs too? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21901192)

"I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools..."

No, not a chance. What they really mean is if you wear tee shirt and create a dual-use tool in your basement, is contraband. But the same tool created by a person wearing a suit and tie in a corporation then it's okay.

Re:IDEs too? (2, Informative)

timeOday (582209) | more than 6 years ago | (#21901034)

Only if you could prove that the author of the IDE intended it to be used to commit computer crime. Actually this seems like a rather high barrier, since proving intent is hard. Of course if you tossed out this law and replaced it with a fictional one outlawing the creation of tools that could be used for crime, then it becomes absurd. Which is, I suppose, what the next 500 replies will do.

Re:IDEs too? Oh yes, and what about OO Design? (1)

monkeyboythom (796957) | more than 6 years ago | (#21901386)

Will it actually come down to arresting me for code pieces like a TCP/IP transport routine that I contributed to an open source application - that somehow has been tied to whatever crime committed because they copied my source?

When did my peers and people of my parent's age become such softcore fascists?

Re:IDEs too? (1)

kryptkpr (180196) | more than 6 years ago | (#21901440)

From both the article and the summary:

But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers

According to such a law, as long as the IDE was used to develop a piece of software that was subsequently used in a computer crime, they want to make the IDE developers liable. Now, the law may of course have exceptions for programming environments.. the article doesn't say.

Re:IDEs too? (2, Insightful)

wizardforce (1005805) | more than 6 years ago | (#21901104)

exactly, and utterly meaningless to boot- the only people who would actually follow the law are the ones who wouldn't commit computer crime. these kind of laws serve nothing more than to limit what law abiding citizens can do, it's nothing more than one more meaningless set of laws to make it appear that they are doing something constructive.

Still available for legitimate use? (2, Interesting)

EmbeddedJanitor (597831) | more than 6 years ago | (#21901174)

Perhaps the real idea is to restrict access to these tools to licensed practitioners or those with a valid reason to posess them. You cannot buy dymanite over the counter, but people with a blasting tickets can still buy it.

THIS ROCKS (0)

Anonymous Coward | more than 6 years ago | (#21901436)

why cause it places my tools which are secretly stored as gold mines.
Also if the uk and germany go poof lets have the usa do that, and canada keep it free. All the rest of us can then become the top hackers and get teh best security jobs while the rest of you become ( no offense ) NOOBS at SECURITY.
      Yes gov't control is sweet, drives all under ground and makes the people willing to do it in htose prospective countries more ridgid and crazy. AKA the crackheads, bikers and maffia's will now be only ones with such stuff. Great news for the UK. Also gets rid of script kiddie crap.
      Look about ten years in future as the only places now getting hacked are banks and your credit card sites. Other sites will be tests. /end sarcasm
CHRoNoSS
Chair
United Hackers Association

Welcome to Slashdong! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21900842)

Suck it long and suck it hard.

Arrest everyone with money (0)

Anonymous Coward | more than 6 years ago | (#21900850)

By the same logic, arrest anyone that distributes money, because criminals can use it to buy guns and kill people.

Re:Arrest everyone with money (1)

smitty_one_each (243267) | more than 6 years ago | (#21901178)

More generally, the thought that some external words on paper will somehow preclude Bad Stuff from happening is a triumph of ass-hattery.
You have to figure they already have laws on the books covering computer crimes. Maybe it gives them some sort of British-only satisfaction:
"Don't make us pass more laws saying it's illegal to do X! There! We did it! Shall we give all of you another, miscreants?"

Time to flee the Fascist State of America... (4, Funny)

goldspider (445116) | more than 6 years ago | (#21900858)

...and find solace in Europe, where reasonable government and personal liberty reign supreme! ...wait, what?

Re:Time to flee the Fascist State of America... (-1, Troll)

vux984 (928602) | more than 6 years ago | (#21900894)

...and find solace in Europe, where reasonable government and personal liberty reign supreme! ...wait, what?

There is a reason the UK is on an island. They don't really want to be a part of Europe, and Europe reciprocates the sentiment.

Re:Time to flee the Fascist State of America... (1)

goldspider (445116) | more than 6 years ago | (#21900914)

Guess you missed the "Somewhat similar legislation recently became law in Germany." part.

Re:Time to flee the Fascist State of America... (0, Offtopic)

sholden (12227) | more than 6 years ago | (#21901086)

Yes, it's got nothing to do with the fact that geography happened to put them on an island.

Centuries ago they got pissed off at the Europeans so they dug a large trench, creating the English Channel and generating some islands for themselves in the process.

Re:Time to flee the Fascist State of America... (1)

jgtg32a (1173373) | more than 6 years ago | (#21901264)

and they no longer boarder France because of it.

Re:Time to flee the Fascist State of America... (2, Insightful)

Stonent1 (594886) | more than 6 years ago | (#21901496)

So could this legislation potentially prohibit the distribution of complete Linux distros? Since tools like netcat and nmap are part of the base installs of most Linux systems. I work at a Fortune 500 company and we use Wireshark for diagnosing and monitoring network issues. I'm sure many UK companies do the same.

I use these 'hacker tools' (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21900860)

For things like remote desktop [google.com] quite a lot for work and home. I imagine that the legislation applies only to property you do not own, much in the same way as someone (past resident etc) could quite legally have a key to your house, it's just when they use it [contactlog.net] they get in trouble.

Just hope they don't get too draconian with it.

Re:I use these 'myminicity links' (2, Interesting)

Anonymous Coward | more than 6 years ago | (#21900922)

Now this is interesting, the parent actually has content, but the links all go to contactlog.net, where they're forwarded to myminicity, unlike a lot of the other myminicity spammers.

Also,

applies only to property you do not own
is wrong, they're talking about distributing the tools.

Idiots... (3, Insightful)

cromar (1103585) | more than 6 years ago | (#21900874)

What is it with politicians??! Keep your nose out of business you don't understand and, uh, maybe secure the governments damn servers (a big problem in the US, at least). Maybe mandate security for banks, etc. The policy could be written by, gasp, someone who knows what they are talking about. Somehow, I don't feel like holding my breath till then...

Re:Idiots... (2, Insightful)

JonTurner (178845) | more than 6 years ago | (#21901064)

Agreed. However, I can't help but wonder how many of those here who damn these politicans for meddling in that which they do not understand, also simultaneously hold a deep-seated belief that these same politicans have the capacity to benevolantly control an entire healthcare industry.

Oh, the ironing.

Re:Idiots... (5, Insightful)

archen (447353) | more than 6 years ago | (#21901244)

Keep your nose out of business you don't understand

Well that's the problem, politicians have to make choices on topics they don't understand all the time. Do you think they really understand economic theory well enough to pass many of the laws they do? Do they understand health care? Do they understand military strategy? Hardly. Sure they listen to "advisers" but basically you'll always find people arguing about if things will really work or not. This is magnified many times over in the U.S. where we only have two parties.

The best you can hope for is people yelling loud enough to stop government stupidity from passing things like "anti hacker tools" type laws. Unfortunately there's always SOMEONE yelling trying to stop everything which is part of the reasons governments do so little.

Wahey - Good news :) (1)

Ash Vince (602485) | more than 6 years ago | (#21900880)

Where I work we just survived a security audit. Hopefully this will make it so impractical for the security companies to stay in business we will never have to go through on ever again. Then we can get away with producing a slipshod product that leaks personal private data left right and central.

Re:Wahey - Good news :) (1)

FinchWorld (845331) | more than 6 years ago | (#21901552)

Then we can get away with producing a slipshod product that leaks personal private data left right and central.

At the moment that seems our (UK) governments favourite game. Looks like they are getting bored and are looking for new and exciting ways to play the game.

Obligatory (2, Funny)

Anonymous Coward | more than 6 years ago | (#21900882)

If you outlaw security tools, then only outlaws will be secure!

Guilty Mind (1)

Jonesy69 (904924) | more than 6 years ago | (#21900890)

Well, at least the courts have to demonstrate mens rea [wikipedia.org] ... /sarcasm

IRC and Windows (4, Funny)

OrangeTide (124937) | more than 6 years ago | (#21900898)

Better ban IRC servers (popular for zombies) and Windows boxes in general (also popular for zombies)

Re:IRC and Windows (4, Funny)

Pichu0102 (916292) | more than 6 years ago | (#21901196)

Such full bans are not neccessary. Just make it so that Windows boxes and boxes with IRC clients are at least a few miles away from graveyards.

Re:IRC and Windows (1)

LiquidCoooled (634315) | more than 6 years ago | (#21901626)

This is abhorrent.
We need a national zombie register.

For once, I can feel good as an American (3, Insightful)

elrous0 (869638) | more than 6 years ago | (#21900910)

Every now and then I get to look at some OTHER country's heavy-handedness.

Re:For once, I can feel good as an American (0)

Anonymous Coward | more than 6 years ago | (#21901448)

The UK is just America's little brother that tries his best to take after Big Brother... he kind of overdoes it most of the time though.

Protest Blair and Bush: (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#21900918)


Don't visit the United Gulag [privacyinternational.org] .

P.S.: Fuck Blair AND Bush.

Cheers.

Re:Protest Blair and Bush: (0, Flamebait)

Bryansix (761547) | more than 6 years ago | (#21901278)

You do know that Gordon Brown in the Prime Minister of the UK now right? Oh wait, this is an AC I'm responding to. You don't know anything.

Thanks for (0)

Anonymous Coward | more than 6 years ago | (#21901352)

your timely reply. Please notice the "and" in the sentence.

Oh, wait, this is a registered poster I'm responding to. Mod points: Wow.

Not surprised (3, Funny)

fastest fascist (1086001) | more than 6 years ago | (#21900928)

Pretty much on par for the UK, as far as I can tell. Now, fess up: Who gave the gov't there copies of 1984?

Re:Not surprised (1)

Arcane_Rhino (769339) | more than 6 years ago | (#21901206)

I just really wish that politicians could tell the difference between cautionary tales and instruction manuals.

Re:Not surprised (1)

dgatwood (11270) | more than 6 years ago | (#21901480)

The problem is not that they got copies. It is that they were so clueless and/or malevolent that they read it and instead of understanding that the book was railing against these practices, instead thought to themselves, "Hey, that's a great idea." Pretty much the same way most fascist policies get put in place.

It is human nature to fear things outside one's control, and it is the nature of sociopaths to gain more control over their own environments by preying upon those fears in others by promising "control" in exchange for reduction of freedom. Of course, in effect, the only ones with any real control when all is said and done are those in charge of limiting the freedom of others, but the perception of control---the perception of safety---even when false, is so compelling for the weak-minded that most continue to believe that they are more in control than ever before, not realizing that they were never really in control at all.

Re:Not surprised (1)

db32 (862117) | more than 6 years ago | (#21901512)

Something tells me that a ban on 1984 would actually be a move towards freedom rather than against it. Someone needs to quit giving them ideas...

It's not about security. (4, Insightful)

JonTurner (178845) | more than 6 years ago | (#21900936)

Don't believe for a minute this is about security, it's about control. And those who regulate access to information, control those who consume it. Next steps? Mandatory spyware and BigBrother remote control software. To make it easier to spot the criminals/terrorists/boogeyman du jour, of course.

Re:It's not about security. (2, Funny)

Intron (870560) | more than 6 years ago | (#21901134)

Fortunately, you can now get that at Sears. [slashdot.org]

Re:It's not about security. (1)

davidsyes (765062) | more than 6 years ago | (#21901488)

You can bet ANYTHING that people like steve ballmer are behind this. See LXF Christmas 2007:

"No Unauthorized Innovation in Oceana", around para 6 or 7.

Re:It's not about security. (3, Interesting)

91degrees (207121) | more than 6 years ago | (#21901562)

But it is about security! They've decided it's too hard to actually solve crimes and prosecute the old fashioned way, by proving intent to commit a crime.

Instead they just criminalise the capability to commit a crime. No matter whether there may be a legitimate use for something, or whether there may be enthusiasts who take pleasure from understanding how security works. Of course, they're not going to actually prosecute people who they think probably aren't going to commit a real crime. Just those who probably are but the police aren't capable of proving without some of that pesky "reasonable doubt" stuff getting in the way.

seriously (4, Funny)

SoupGuru (723634) | more than 6 years ago | (#21900948)

I mean really, are there any legitimate reasons to use something like nmap?

Yes, ladies and gents, that was sarcasm. ...and yes, that "ladies" part was a joke too.

Re:seriously (1)

calebt3 (1098475) | more than 6 years ago | (#21901286)

Your supposed to use the '/sarcasm' tag. We won't revoke your geek cred this time, but let this be a warning.

I cant believe this word "hacker" is misused here! (1)

ethicalstar (1162063) | more than 6 years ago | (#21900954)

I can not believe myself when i saw the word "hacker" misused here. It should be replaced with "cracker". Hackers are not crackers. Even slashdot publishes this means where can i talk abt it? Am i wrong or something? humbly, a hacker wannabe. against all crackers.

Re:I cant believe this word "hacker" is misused he (1)

PrescriptionWarning (932687) | more than 6 years ago | (#21901102)

i think the legislation doesn't understand a difference either, which is why the retarded law is being talked about in the first place.

Misused? (0)

Anonymous Coward | more than 6 years ago | (#21901212)

Legitimate security professionals, i.e. hackers, use these tools, too.

If it was only about cracking tools, there'd be no problem, but many tools are dual-use. Sure, you can use them for something bad, but you can do that with a lot of things.

Re:I cant believe this word "hacker" is misused he (1)

Waffle Iron (339739) | more than 6 years ago | (#21901422)

Give it up. Nobody uses "cracker". Just like many other words in the English language, the term "hacker" has multiple meanings. One usage means "good" programming work, and another means "evil" programming work, and yet another means whacking at something with a sharp implement. The context will help you figure out which one is being used in each case.

Re:I cant believe this word "hacker" is misused he (4, Insightful)

dan dan the dna man (461768) | more than 6 years ago | (#21901466)

I think it's about time people got over the semantics of the word 'hacker'. Given that 'crackers' don't call themselves 'crackers' they call themselves 'hackers' and they call what they do 'hacking', the word has *CHANGED ITS MEANING*. This is not uncommon for languages. Really. Just look at words like 'gay' for instance or even 'computer'. Go and find the original definition of that one!

Get over the semantic drift already, we're not all mired in some rose-spectacled view of the technoutopia where you have to have hacked solenoids under a model railway at MIT in order to qualify for the term.

Re:I cant believe this word "hacker" is misused he (1)

91degrees (207121) | more than 6 years ago | (#21901642)

Only very few people refer to unauthorised computer attackers as "crackers". The rest of the world (including the crackers, the mainstream media, and me) aren't going to change their terminology just to please a few programmers who, for whatever reason, want to call themselves hackers. The majority rules when it comes to use of language.

Hosting tools (1)

s800 (940543) | more than 6 years ago | (#21900968)

So what countries are friendly for hosting "hacker tools"? Time to find a not so friendly webhost in another country.

Outlaw politicans who make stupid laws about tech (3, Interesting)

Marcion (876801) | more than 6 years ago | (#21900970)

From TFA behind the TFA:

Whilst the law was going through Parliament the Home Office suggested that "likely" would be a 50% test.. Anyway, that guidance is now out -- and there's no mention, surprise, surprise, of "50%"

If over 50% of the laws they make are nonsense, can we ban the politicians?
   

Reminds me of the middle ages (3, Interesting)

pwnies (1034518) | more than 6 years ago | (#21900974)

This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge. That's the same thing the UK is trying to do now - they're trying to ban software because it might be able to be used for naughty purposes. Why don't you ban the C programming language while you're at it UK? I hear those buffer overflows could be dangerous.

Hopefully this mistake won't take 400 year to remedy.

Re:Reminds me of the middle ages (2, Insightful)

timeOday (582209) | more than 6 years ago | (#21901198)

This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge
And, sure enough, it wasn't long after affordable printing and widespread literacy that Roman Catholicism headed steeply into its ongoing decline. (No, I'm not saying the enlightenment was a bad thing, just that it's exactly what the Church feared all along).

legal system (1)

Lord Ender (156273) | more than 6 years ago | (#21900980)

In the US, completely insane laws, like this one, typically sit on the books for a year before a prosecution, get appealed to the Supreme Court of the US, and are killed by the legal system. Germany and UK both seem to have some terribly misinformed laws regarding encryption and security. Do these countries also have a judicial process for fixing laws, similar to that in the USA?

The judicial system really is great, because the laws politicians pass to buy votes or appease contributors/lobbyists are, for the first time, subject to intense debate and logical analysis. If only such a process were applied before the bill becomes a law, we would have a much more just system...

Re:legal system (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21901214)

Kind of like the DMCA?

Just for the sake of argument- (5, Interesting)

llamalad (12917) | more than 6 years ago | (#21901002)

How about if such tools were only legal for licensed/certified IT and Information Security professionals?

Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.

Re:Just for the sake of argument- (2, Insightful)

pwnies (1034518) | more than 6 years ago | (#21901160)

It'd still be a bad move in my opinion. What if you are making a small start up? Can you not probe your own network unless you're "certified" to do so? This would crush small businesses that couldn't afford to hire a "Certified AAA MSCE IT professional networkomagicineer", and could otherwise easily perform the same tasks themselves if it weren't for legal restrictions. These days you don't need to pay to be educated, and all the piece of paper that you get for being certified means is that you shelled out cash for a plaque on the wall.

Re:Just for the sake of argument- (1)

Spad (470073) | more than 6 years ago | (#21901258)

I'm not a "Certified IT Security Professional", just a regular server admin. I was using nmap today to troubleshoot some connectivity issues we were having to a 3rd party and I really wouldn't want to have to either (no doubt pay to) get myself certified as a security professional or hire one in just to run a couple of port scans.

Re:Just for the sake of argument- (3, Insightful)

evanbd (210358) | more than 6 years ago | (#21901482)

In both those cases, the requirements are based on the assumption that there is a risk to the customers, that customers cannot readily evaluate. (The free market can't solve problems, like safety in some cases, that are very difficult for consumers to evaluate.)

I'm firmly against the idea of making ownership of lockpicks illegal, for the same reason as I'm against this law. As I understand the law here in North Carolina about lockpicks, I rather like it. You're allowed to own them, but if you're breaking and entering, tresspassing, or doing something similar, and carrying lockpicks then they automatically count as burglary tools. I rather like this policy -- it adds harsher penalties for those who go about acquiring tools and skills for illegitimate purposes, yet allows people like myself to own lockpicks purely because we like understanding how locks work. The analogy to computer security tools is a very good one, I think.

Requiring certification of people representing themselves as computer security experts might make sense (I'd withold judgement until I knew more about how it worked, personally). But restricting the tools doesn't. Adding something analogous to possession of burglary tools, though, does make sense to me. (Well, somewhat -- it's complicated, and since you can't really break into a computer without some level of software tool, the analogy gets strained.)

Re:Just for the sake of argument- (1)

syousef (465911) | more than 6 years ago | (#21901506)

How about if such tools were only legal for licensed/certified IT and Information Security professionals? ...and who would you trust to certify? The government that barely understands the technology?

Guns are licensed in the US. Does that stop gun crime?

Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

This licensing is about ensuring competence so that if you hire a hairdresser or engineer you won't have all your hair fall out or have your bridge fall down.

The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.

No it's not. Lockpicks have 1 use: to pick locks. nmap's use isn't limited to hacking.

Go directly to jail. Do not pass go.

Re:Just for the sake of argument- (1)

evanbd (210358) | more than 6 years ago | (#21901618)

I own a set of lockpicks. I use them to pick locks. Both are perfectly legal (where I live, as I understand it). The locks I pick are locks I purchased for the purpose. I made the lockpicks myself. In the process I learned a bit about the world around me (locks, metalworking, etc). It's a fun and perfectly geeky hobby and it trains my manual dexterity and intellect. I see nothing wrong with this.

Now, in my jurisdiction, lockpicks automatically count as burglary tools if you're carrying them in commission of a crime like tresspassing. (AIUI. IANAL. Etc.) That makes sense to me -- they're considering it a worse crime to abuse tools and skills in the commission of a crime than to simply kick down a door and take some stuff. Or, put another way, with training comes responsibility. Analogous treatment of tools of computer crime would make sense to me -- though I would be suspicious of the certification process and authority at least until I understood the details of the proposal. Something like a PE certification would make sense, though.

Re:Just for the sake of argument- (1)

R2.0 (532027) | more than 6 years ago | (#21901624)

"WHERE Guns are licensed in the US, it does NOT stop gun crime?"

Fixed that for ya.

Please don't use my state as a paragon of freedom (3, Insightful)

Russ Nelson (33911) | more than 6 years ago | (#21901540)

Please don't use my state as a paragon of freedom. Oh, wait, it's *security* you want? Try moving to some nice secure country where everything is prohibited, including crime.

Certifications don't protect the public. They protect the certified against competition.

Re:Just for the sake of argument- (1)

deck (201035) | more than 6 years ago | (#21901558)

I think you've probably hit the nail on the head in one way. This law would show that these tools are needed for good reasons and then another law would be passed to certify people to develop and/or use these tools. This would require very indepth background checks maybe even government security clearances therefore resticting the use of these tools to the select few who work for large businesses that can afford the tens of thousands of dollars, pounds sterling, euros to have these certifications.

Re:Just for the sake of argument- (1)

R2.0 (532027) | more than 6 years ago | (#21901664)

"The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks."

Yeah, because that law has worked so well at keeping burglaries down in NYC.

The Idiots are at it again... (4, Insightful)

flajann (658201) | more than 6 years ago | (#21901008)

So, does that mean that if I write a compiler or scripting language, that I could be nailed for creating a hacker tool as well?

Well, they may as well outlaw all of software development, because any software tool can be put to malicious purposes.

What they should focus on instead are the actual actions taken by individuals to compromise someone's computer or network, not the tools they use to do it with. For instance, there's already a number of tools on the market and in FOSS that can do DDoS attacks -- but they are normally used to stress-test a web site or some other network application.

The whole "intent" bit is always a slippery slope, ready for Kangaroo Court time. Obviously, these idiot politicians never saw or read "Minority Report", where going after "pre-crime" turnned out to cause more problems than it solved.

Yes, the governments of the world are not unlike a bunch of monkeys with dangerous toys -- total unbridled power, without the wisdom nor the precision to use it properly.

Get out of jail free card(s)? (0)

Anonymous Coward | more than 6 years ago | (#21901014)

I am an undercover **AA investigator.

These are not the tools you are looking for.

What about..... (2, Insightful)

himurabattousai (985656) | more than 6 years ago | (#21901056)

What about the hacking tool that resides between the ears? I could give you a hundred different "hacking tools" and a hundred different machines to hack, and unless you know which tool to use on which machine, they're all worthless to you. Unless you know how to use them, they're worthless to you. It's that big old hunk of grey matter that makes program code into a legitimate tool. It's that same stuff that makes a legitimate tool into a weapon. Some 90-year-old grandmother isn't (likely) going to be breaking into other machines for kicks. She probably doesn't have the knowledge or desire to do so, both of which reside in the minds of those who think it's funny to steal people's data.

The solution: ban brains.

Outside the sarcasm tags, I wonder how long it will be before some moron tries that.

It's "crackers", not "hackers" (0)

Anonymous Coward | more than 6 years ago | (#21901058)

Frankly, this is absolutely ridiculous. Wait for all the data security breaches because sysadmins were too afraid to run nessus against their own systems. Perhaps the UK government is trying to make their IT security look no worse than anybody elses by banning non-governmental entities from running tools to check for possible security issues.

Expect more attacks against weaker UK IT (0)

Anonymous Coward | more than 6 years ago | (#21901108)

It's always a great idea to clip the wings of the defenders before the attack. Also, possibly the bigwigs didn't quite grasp that the internet stretches even some length beyond the UK's borders...

The solution to the internet problems is to trash ICANN and hand over all power to a global force, something alike the UN. And then regulate its use with a fist of iron. A logical first move would be to cut of major sources of misuse, the USA, Russia and China for starters. Once they have their shit together, they may apply to rejoin. Maybe then the politicians would start to take the internet seriously.

'Legitimate' tools? (4, Insightful)

Ed Avis (5917) | more than 6 years ago | (#21901132)

What is a 'legitimate' computer program? There are many people who make a living as consultants paid to test how hard it is to break into a company's systems. They might well need to use even the most dastardly and underhanded 'hacking tool' to do their work. Indeed the police and security services also use programs that help them get unauthorized access to computers. What grounds are there for criminalizing any computer program?

Re:'Legitimate' tools? (3, Insightful)

Marcion (876801) | more than 6 years ago | (#21901672)

I think it is all ridiculous, the whole area is so grey. What is software anyhow? What is a tool? What is an article? If you think about proof of concept code, articles, scripts, approaches written out in English. Where do you draw the line?

I see no reason to go down this track at all.

Cliche' (1)

HockeyPuck (141947) | more than 6 years ago | (#21901162)

If you outlaw hacker tools, then only outlaws will have hacker tools.

Great Idea! (4, Insightful)

RAMMS+EIN (578166) | more than 6 years ago | (#21901222)

Great idea!! If we outlaw hacker tools, only outlaws will have hacker tools!

Then we can just arrest everybody who has them, and we'll have our systems broken into by the black hats we missed, while those who would have protected us have their hands tied.

And that's while using the popular meaning of "hacker", rather than the correct one.

Quick! Outlaw Pencils and Paperclips! (2, Interesting)

locust (6639) | more than 6 years ago | (#21901234)

Everyone knows that a pencil when sharpened can be used to maim or injure! I mean you could loose an eye! Paperclips can be used to pick simple locks! They facilitate breakins! These deadly and criminal tools must be outlawed! Hurry! Arrest the employees of Office Depot and Staples for purveying these items, and enabling the criminal underclass!

Re:Quick! Outlaw Pencils and Paperclips! (1)

pwnies (1034518) | more than 6 years ago | (#21901330)

Paperclips - AKA the Maguyver multitool of the devil!

Thought Tools (4, Interesting)

nurb432 (527695) | more than 6 years ago | (#21901280)

I guess we should just arrest everyone that has a bad thought.

WIth 'bad' being relative to the administration in charge at the time in said country.

Will they be outlawing FTP or HTTP as well?

When hammers are outlawed ... (0)

Anonymous Coward | more than 6 years ago | (#21901294)

Only outlaws will carry hammers.

Well, and carpenters.

And plumbers.

And people doing home repair.

And ...

Oh, screw it. It's a stupid idea.

Don't prosecute people for making, distributing, or owning tools. Prosecute people for how the tools are *used*. If there truly is only one possible use for a tool, I could perhaps see some justification, but most of these supposed "hacker tools" (nmap is a good example) are very clearly useful for all sorts of beneficial purposes, and it makes no sense to stifle their development or distribution. If you want to make a better lock, it makes sense to learn how ordinary locks are defeated by such tools as a lock pick. We need to know what the "bad guys" might use.

Ah, yes. The ol' appearance of doing something (1)

sizzzzlerz (714878) | more than 6 years ago | (#21901302)

So much easier to pretend you're taking action than to actually take effective action. The rubes are impressed because they don't have a clue while those who do have clue, know more than enough to get around whatever has been done.

This law is funny (1)

sr8outtalotech (1167835) | more than 6 years ago | (#21901322)

If you break this law, do it in Scotland.

(4)

A person guilty of an offence under this section shall be liable--

(a)

on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

(b)

on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;

Brilliant - Does Someone Know the Answer (0)

Anonymous Coward | more than 6 years ago | (#21901338)

Just what is a Hacker Tool Anyway?

(This is not a troll, I have been in the IT Industry for 26 years and still haven't found the answer to this one. I guess the politicians figured it out.)

-- The same knife used to butter your bread, could be used to kill someone if used incorrectly. Therefore outlaw all knives. --

Re:Brilliant - Does Someone Know the Answer (0)

Anonymous Coward | more than 6 years ago | (#21901748)

-- The same knife used to butter your bread, could be used to kill someone if used incorrectly. Therefore outlaw all knives. --

Ho ho! Terribly sorry old chap. Thought you would make a funny?

These doctors aren't laughing [bbc.co.uk] . Sadly, I"m quite certain they were perfectly serious.

Why stop there (1, Funny)

Anonymous Coward | more than 6 years ago | (#21901380)

Why stop at nmap or wireshark? Sure, your basic networking book refers to both of these, but in a world without malhackers, which is what you want if you support this law (you don't support law breakers who want to hurt children, do you?), why do you need to understand networking? Why stop there, you can glean a good amount of information with malicious intent off of a TCP header, you don't want your computers and phones hacked do you, ban TCP, UDP, MAC addresses, finger, traceroute, ping. While we are at it, we could still have a local hacker, we should ban keyboards too! Cat5 cables can be used to bind someone, you don't support kidnapping, do you? Damn, I'm not even a PhD and I have solved computer security forever. Stop ripping on these good lawmakers, they know whats best for you. A nerf world, we need a plug-and-play nerf world!

Guidance text- rigged against free/open source (2, Informative)

Marcion (876801) | more than 6 years ago | (#21901426)

Some relevant bits follow.

CMA = Computer Misuse Act

The whole thing seems to be rigged against free software/open source and heavily in favour of security through obscurity. Perhaps we should contact them and ask?

Everything below is copied from the guidance. ......


Prosecutors should be aware that there is a legitimate industry concerned with the security of computer systems that generates 'articles' (this includes any program or data held in electronic form) to test and/or audit hardware and software. Some articles will therefore have a dual use and prosecutors need to ascertain that the suspect has a criminal intent. .....

Whilst the facts of each case will be different, the elements to prove the offence will be the same. Prosecutors dealing with dual use articles should consider the following factors in deciding whether to prosecute:

* Does the institution, company or other body have in place robust and up to date contracts, terms and conditions or acceptable use polices?
* Are students, customers and others made aware of the CMA and what is lawful and unlawful?
* Do students, customers or others have to sign a declaration that they do not intend to contravene the CMA? ....

Section 3A (2) CMA covers the supplying or offering to supply an article "likely" to be used to commit, or assist in the commission of an offence contrary to section 1 or 3 CMA. "Likely" is not defined in CMA but, in construing what is "likely", prosecutors should look at the functionality of the article and at what, if any, thought the suspect gave to who would use it; whether for example the article was circulated to a closed and vetted list of IT security professionals or was posted openly.
In determining the likelihood of an article being used (or misused) to commit a criminal
offence, prosecutors should consider the following:

* Has the article been developed primarily, deliberately and for the sole purpose of committing a CMA offence (i.e. unauthorised access to computer material)?
* Is the article widely used for legitimate purposes?
* Is the article available on a wide scale commercial basis and sold through legitimate channels?
* Does it have a substantial installation base?
* What was the context in which the article was used to commit the offence compared with its original intended purpose?

hmmm (1)

Malikie (1203376) | more than 6 years ago | (#21901434)

I play Diablo alot and *use* hacks alot..I wonder if that would count and if so what would happen.

Thank God for xen (1)

WindBourne (631190) | more than 6 years ago | (#21901450)

It will be possible to give multiple shells on boxes located in countries that have not gone loco. Hopefully, Canada, Australia, or even France will come to the rescue. Sadly, it will not be America. I am quite sure that we will shortly try to pass a similar bill on our way to enabling bills. Stars anyone?

Historical Precedent (5, Insightful)

Jim Robinson Jr. (853390) | more than 6 years ago | (#21901456)

Not to throw too much fuel onto this fire, but the UK has a large precedent with the concept that TOOLS are the problem rather than the USERS. Look at guns. Is the phrase "guns kill people" really that much different than "hacking tools break into computers"? Not in my book. In fact, they are so similar as to be scary. Both assume that intent is not relevant, the person behind the tool is not responsible for his/her actions, and that these tools cause crime to be committed. Come on guys... If we start banning tools that *could* be used to commit a crime you had better come lock me up now. I've got a whole garage full of hammers, screwdrivers and other tools... and I know how to use them! :-)

When hacker tools are outlawed... (1)

QuietLagoon (813062) | more than 6 years ago | (#21901462)

... only outlaws will have hacker tools.

They can have my ping client .... (4, Insightful)

Russ Nelson (33911) | more than 6 years ago | (#21901600)

They can have my ping client when they pry it from my cold, dead hands.

Another great way to preserve the status quo (1)

stewartjm (608296) | more than 6 years ago | (#21901640)

The status quo being more malware and more loss of dollars and privacy due to lack of computer/network security each and every year.

People love to throw around analogies about computer security. Door knocking and opening are thrown around a lot. Here's the proper analogy:

A computer on the internet is analagous to a house with a door on every street in every nation of the planet. If someone breaks down your door and pillages your house, it's quite likely they don't even live in a jurisdiction where you could attempt to find them criminally liable. And that's assuming you manage to find out who and where they are in the first place.

Creating these various computer crimes has only made research more difficult and added another layer of BS so that the creators of these insecure hardware and software systems can point blame at someone other than themselves.

If you truly want secure computers on a secure Internet, then decriminalize all hacking/cracking, we'll have a secure Internet within 5 years of this occuring.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>