The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called "hacking tools". The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006. However, the ban along with measures to increase the maximum …
The real security people should just give up - Western governments have no interest in the truth only catchy headlines and flashy soundbites.
We should all move to an honest nation like China.
More nulabour authoritrian BS legislation
nuLabour know best! No need for public consultation, they just blindly churn out bad law after bad law. Just like the fact you cant take a picture of your own kid in public, they are doing a blanket ban on the majority instead of actually targeting the very small minority of criminals. They are fascist, authoritarian and they make me and a lot of people sick with disgust at what they have done to this country.
Mmm who will use this first
My money is on Steve "Apple is perfect and we'll sue anyone who says otherwise" Jobs, closely followed by Larry "Oracle is perfect and we'll sue anyone who says otherwise" Ellison
"This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers."
So does that mean they can prosecute Woolworths for selling that hammer then?
When is a kitchen knife a weapon of mass destrustion!
When I read things like this I feel assured that the law makers know as much about computer security than they do kitchen knifes. One mans security audit tool is anothers hacking tool. Thats a line that needs to be defined and given the `reasonable doubt` bottom line then any computer buff could argue enough to get that verdict and as such get off any charges under this law. What is sad is that because its so poorly defined for what it is entended for it actualy goes against making computer more secure and will only waste valuable resources and courts chassing cases that shouldn't of even been there were the ones that should be get delayed and increase public exposure as a consiquence.
So when is a kitchen knife a weapon of mass destruction given in the computer world there is no kitchen defined, nor valid uses of said knifes.
Well its down to use, which given we already have laws that cover wrong doing makes this new law a lamentable farce in that the only people it will effect are the people who do no wrong and help security as a whole even if they dont have some expensive members club card to security work.
"They are fascist, authoritarian and they make me and a lot of people sick with disgust at what they have done to this country."
Can you expand on what you mean by "facist"?
I'd recommend using screwdriver and screws to put up a shelf, not a hammer and nails!
Does that mean I can get locked up if I'm caught using DOS edlin to modify a file when I'm doing my system administration bit then?
Thank goodness we have such a caring government looking after our every needs. I feel I can sleep safely at night knowing they are keeping an eye on the rascals who are just doing their job.
It'll be even better when we get our ID cards, as then we can all be comfortable that the last person who went to the loo was trustworthy.
Prosecuting the innocent
This, like many laws will only end up making it difficult for legitimate users. These users will find it difficult to use/create/distribute these programs without being on the wrong side of the law. The actual criminals will continue doing what they do now with little or no extra hassle.
Another stupid law
Well from the sounds of things this is another badly thought out law made by people who dont really understand what they are trying to ban, When this comes into law, if it stays as it is, it will turn a whole load of people overnight into criminals for doing nothing wrong.
Sure there are tools out there that can be used for wrong but the same tools have very good and important uses. Who decides whats acceptable and whats not? Some people might say a port scanner isn't acceptable yet many network admin's use such tools all the time.
But I guess thats our government for you manking criminals out of everyday good people, and often having no real impact of the people the laws were originally meant to target.
"A system of government marked by centralization of authority under a dictator, stringent socioeconomic controls, suppression of the opposition ..."
"A social and political ideology with the primary guiding principle that the state or nation is the highest priority, rather than personal or individual freedoms."
Are both pretty good definitions.
Well, all we in the computing world know what a hacker is. A hacker is someone who tries to break into a computer system or network. Strictly speaking, there's not actually anything wrong with 'hacking'.
What these people mean are the people we might call 'phreakers' and 'crackers' who try to break into systems/networks/software with malicious intent.
That little bit about malicious intent is important. A 'hacker' doesnt have that malicious intent. It is a challenge, plain and simple. I might enjoy a walk in a maze - eventually I'd find the correct path to the goal, much like a hacker might find the right doorway to a system......
Trying a door handle isnt the same as smashing it down, nicking all the stuff on the other side, and running for it...much like owning a linux machine isnt exactly the same as being a supervillan (unless its a linux box with a 'proprietory' frontend like say, OSX).
Anyways, damn this pathetic government... I think everyone should make sure they possess as much open source hacking software as possible.... this new law is as stupid as lots of the other newer laws have been.
I'll get me coat (and maybe leave the country cause its going down the pan)
Here go the incompetent Government yet again sticking their oar into things they dont understand. Perhaps instead they should make "losing data through stupidity" illegal but of course they would'nt want to put themselves in the frame. They need to add something into the draft law such as would be required in the real world, such as PROVING "possessing with intent " or "going equipped to break into computers illegally" or similar ,so that it will be harder to prove yet ensure innocent use is not made illegal.
I think it is real shame this Government spends its time making laws and and starting wars, yet cannot give us decent NHS,Transport, Education etc services. Vote them out next time.
One presumes "facist" is someone who discriminates against those with faces.
...that politicians would stop meddling in things they know nothing about.
hax0rs use the bus as much as they use nmap. We'd better outlaw the use of buses now too.
Typical UK Government
Ok so by the same line of reasoning, if I run 10 people over in my car does that mean the manufacturer is to blame?
Damn, I'm glad I moved to the US.
Paris Hilton icon because... well, just because.
gov = Perl script
1- "a man agresses another with a screwdriver"
2- "the gov. bans the use and distribution of screwdrivers"
Replace screwdrivers by anything from dildos to knifes, mp3 players, bretzels (it's been proved it could shortly fail of killing one US president, some time ago :-).
I think a simple perl script can replace the gov to automate laws generations ;-)
What's to stop so called "hackers" from releasing them as "security tools" and selling them at a reasonable price, only to then be distributed via bit torrent?
Dumbest idea for a law ever...
They're all the same(almost)
The problem with the main alternative (the Tories) is that I seem to remember they knew just as little as the current bunch, and they didn't manage the economy very well either. Also whilst I find that Labour incompetence is wearisome, they don't induce the same gut-churning hatred that some Tories did - remember Nick Ridley, Aitken, Archole, and the Maggon herself - God they were awful!
Little niggling thought
It's now almost impossible not to be a terrorist/subversive/hacker in the eyes of the law.
That makes it easy for the protectors of the nations virtue to entangle anyone who annoys them in a net of legal interpretation, providing years of lucrative enjoyment for our learned friends and fiscal ruin to the "defendant" who has to prove his activities are innocent to a judge and jury whose chief source of information has been the Times, Telegraph, Sun or Daily Mail.
Does this mean that every Linux distro that comes with such tools is then illegal?
Are the government going to ban RedHat, Slackware and Ubuntu etc etc etc?
Is the grubby hand of MS in this somewhere (probably up someones nether regions)?
In reality this is largely unenforcable, especially as the police will need buckets full of forensic IT specialists to sift through Linux boxes to determine whether said tools have ever been used - a cost I can't see them being likely to bear.
Hackers, technically are just people who like to figure out how things work.
Phreakers was a side name for people that hacked telephones.
Crackers were traditionally people who got around security in games, media and other software things.
Script Kiddies were people that took the work of the other 3 to cause mayhem.
Dangerous Criminals are the people who took the work of the first three, added their own magic and started making a business out of it all.
However their all pretty rubbish titles to describe diverse groups. You could often throw in the terms, idiots, genious, mad men, losers, visionaries. Depending.
An economic definition: "a regime which guarantees profits for business".
Not at the 'shopkeeper' end of the spectrum, but at the 'capitalist' end. Sometimes the guarantee is in the form of idemnity (e.g. subsidy), and sometimes it is achieved by regulation. Want to start a bank, say? Tough. OK, how about a credit union? Even tougher. Government IT contracts - now we're talking!
Tories didn't manage the economy well either ???
Nu Liemore makes the tories look like the economic superpower of that past century. Seriously do some research and get a fecking clue before you start typing drivel.
The Tories were bad in many ways, but economics was not one of them. Nu Liemore have all but destoryed the economy of this country by pissing all the money we have up the wall while creating more and more debt and stealing all the cash from pensions + raising taxes i an attmept to pay for it.
Contrary to what people believe, not only is it perfectly legal to take pictures of your own children, it's also perfectly legal to take pictures of other peoples children in public places.
UK photograpers rights can be found here
PHOTOGRAPHY IN PUBLIC PLACES
You are reminded that under English law :
there are no restrictions on taking photographs in a public place or on photography of individuals, whether they are adults or minors;
there is no right to privacy in a public place, although photographers are of course subject to the usual libel laws in the same way as other citizens and should observe them;
equipment or film may not be confiscated, or images deleted, by any person or officer unless a warrant for such action is issued.
Any attempt without a warrant is considered assault under English law.
Interesting thread relating to this here
A thread relating to pics of children here
The problem is - the document is simply guidance to the CPS on the circumstances in whch a prosecution should be brought. But each prosecutor makes up his/her own mind. Once the charges have been laid, the test for guilt will not be the CPS Guidance but how a trial judge interprets the wording of the statute when he instructs the jury about the law.
The hacking tools law was brought in, not because there is a wealth of cases where no other prosecutorial route was available but as a result of an obligation to provide a UK equivalent to a provision within the CoE CyberCrime Treaty. Almost certainly we could cover the position with incitement and "aiding and abetting" charges. But it was felt that a more visible form of Treaty conformance was required - although it has been clear to civil servants for a long time that there were considerable difficulties in finding words which differentiated between legitimate and malign motivations in deploying dual use tools
This grubby hand of MS you speak of Dave, close relative is he? Unfortunate choice of wording IMHO. Mind you, wouldn't be (allegedly) the first time a government minister had been accused of having a hand up his nether region if Julian Clary is to be believed.
Consider a hypothetical case: a freelance computer "security researcher" specialising in Open Source migration. He gets a contract with a company currently using Microsoft Windows and Office, and shows them how they could save a lot of money moving to Linux and OpenOffice.org. A migration strategy is agreed, and a suitably lavish corporate celebration ensues. At some point between bars, or maybe on the way home, our hapless "security researcher" gets caught short, thanks to the local council's ongoing policy of closing public toilets.
He's now earned himself a place on the Sex Offenders' Register, and is about to get his home computers confiscated for deep forensic examination.
I really, really wouldn't want to be in that guy's shoes.
"Trying a door handle isnt the same as smashing it down, nicking all the stuff on the other side, and running for it..."
No it isn't, but I'd like to think that if someone had opened my front door, rooted through all my kitchen cupboards, opened up a few of my utility bills and was sat down watching my TV when I came home, that there'd be some kind of law against it.
And that's regardless of whether I'd locked my front door or not. Hacking isn't fun or a game. It's intrusive even if it isn't destructive and should be punished accordingly and appropriately.
Any time that Paris wants to come round and watch TV is fine with me though.
It should be as it is for locksmiths in the physical world
For ordinary users, the question is, do they want to have to keep buying more powerful computers while having that power gobbled-up by the ever increasing overhead of parameter checking by applications, increased overhead of signature and heuristic antivirus programs, and software firewalls?
Or do ordinary users want to put hackers and script kiddies in jail, leaving more power available to applications.
Registered professionals should be able to have and use security tools for their work.
It should be the same in the physical and the cyber worlds. If you want to be a locksmith, take the course, sign a code of ethics, get a license, and you can have the tools.
The current situation, where there is no security on the internet suits many security companies just fine. The more security problems, the busier they are, the more they can bill.
Increased internet security will mean a decreased need for the services of security companies. But it is all for the greater good. I'm tired of spending so much time, money, disk space and CPU power on security.
Put the script kiddies and those who provide them tools in jail for a few months.
A facebook user?
There is nothing newly restrictive in this
This legislation should just be bringing the existing rules of the physical world to bear on the cyber world. It is just common sense to do this. It is not really a new restriction on our liberties, so long as the law is properly worded.
The question in the cyber and physical world is, what is the overall use of the tool, what are the risks in allowing general access to it, and what redemming abilities does it provide.
So screwdrivers and hammers can be owned by anyone in any country.
Only professionals with a need can legally own fully automatic weapons (in most countries).
Only governments can legally own weapons of mass destruction.
It should be the same with software tools.
- Some tools have little potential for malicious use, and are needed in common use.
- Other tools have little use in the home or for hobbiests, have a great potential for misuse, but are sometimes essential, and should probably be controlled.
For example, MS Word password crackers and encryption crackers. It is probably worth the increase in security for a small company to pay to have an outside person come in to apply the tool, rather than allowing the local admin to apply the tool whenever and whereever he or she wants. (I'm sorry local admins, but you are a security risk just like any one else.)
- Other tools have little use except for hacking, for example trojan toolkits. Their possession should perhaps be restricted to those doing research and development for recognized AV companies.
As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change.
Forcing a lock or jimmying a window to access and explore someone else's home or business, without permission, in a physical or cyber manner, should be considered criminal by all ethical computer professionals, hobbiests, amateurs, and regular users -- regardless of the reason. This should be taught in mainstream schools, and re-taught in IT professional education.
Why do lawmakers keep on assuming that a criminal will not want to break the law a little bit more in order to continue breaking the law in the same larger way they had been? Stupid, stupid, stupid!
"This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers"
Where does this distinction stop? It becomes harder to get a copy of nmap, so the "hacker" fires up their preferred weapon of code editing and writes something which sorta kinda works the same way. Do you then declare that all compilers and interpreters are illegal as a criminal might use them to write a "hacking" tool? Ban pens, pencils, paper and CPU instruction set listings because a "hacker" might be able to write a malicious tool in assembler and hand assemble it, old-school style, from the mnemonic listings? Ban MS Windows, because God knows *that* gets abused by "hackers" often enough?
And I thought we had a monopoly on stupid legislation on this side of the pond
Sounds like a law that would come about on the this (left) side of the pond.
Common Sense Really
"He's now earned himself a place on the Sex Offenders' Register, and is about to get his home computers confiscated for deep forensic examination."
Yeah, it gets personal at the sharp end of IT, but that doesn't necessarily have to be bad if your Sexuality is Sought out for XPosure. It all depends upon how well you manage Proxy Change ...which you will have to admit is the natural daily default .... as to expect anything living to remain the same is clearly madness.
And our Thinking Evolves to Higher Planes too leaving behind all those Money making schemes.
You don't need Money for Dreams but as Henry Ford/Walt Disney et al discovered and constantly abused ... You need Dreams for Money.
No Viable Dreams.... No Real Money ........ The Sub-Prime Credit Crunch Sting/Low Blow. A Scam Grotesque.
1984 here we are
In a police state, everyone is a criminal. That's how it works.
Re: Keith T
Well, do you for one moment think this'll stop any "bad guys" in the UK from being able to download these tools anyway? If not, it's merely a way to put them in jail (gaol) for slightly longer after they are caught (and hence the damage is already done). Restricting physical goods is a lot easier, if it's digital online there will be hundreds of sources within a couple of minutes spent searching online, if you know what you're looking for. And that won't change unless you also propose some kind of Great Firewall (which can also easily enough be circumvented through SSH tunnelling and proxies).
So this means that all those recovery CD's , Universal Boot Disc's and anti viral disinfectant agents supplied by the notebook factory to reload OEM software on any laptop is now technically illegal and not forgetting to include all those live Linux CD's/DVD's too which have hacking tools incorporated at kernel level !
So now we have a new class of 20 million plus felons in the UK daily using laptops and notebooks who should be in jail or at least deported for possession of hacking tools or whatever the severe penalty may be !
Not forgetting all those computer technicians fixing any computer due to owner self induced stupidity are equally guilty of said crime as well !
At this rate one would have to erect a ten metre high razor wire fence around the country and at all ports as well replete with a new batch of prison guards to house all these new miscreants and computer felons !
Nuts , "Idiocracy" truly rules in this new century of propaganda !
These adherents of the "Peter Principle" are multiplying at an incredible rate !
So you make nmap illegal, which ironically is a tool used by both criminal and security activities. .. The security people can't use it due to the law and the criminals will just stop using it also? Utter nonsense, I wish the government would employ people who actually know the difference between reality and stupidity instead of just asking a 'suit' for an uninformed opinion.
Ultracrepidarians the lot of them. (including Paris)
Is there a legal paradox in this?
If tools for hacking and the actual hacking regardless of intent are made illegal then would not forensic scientists, the security services and other governmental hacking protagonists become prosecutable were they to use computer technology to forcefully access other hardware and software? And how would the law that forces a person to reveal decryption keys be interpreted? Surely that same law is tantamount to hacking: it may not entail software utilization to obtain any decryption key but the principle is the same as that of hacking; namely, to forcefully access software by circumventing protection mechanisms.
On a lighter note, in an online game, when someone hacks a virtual computer (as part of the game) would that person be prosecutable? Laws and regulations governing cyberlife need to be developed within its Cyberworld context using a totally new concept: commonsense. Only those whom have gained Cyberworld citizenship through long term experience can truly develop those Cyberworld laws and regulations. Geeks are the ruling class of Cyberworld and as such should guide governance of it.
Would America allow an Indian citizen to govern American law; would the EU allow an American to govern EU law; would any country allow a non-citizen to vote in its elections or even become an elected member of state governance? No. Why? Because only longtime members of a state can understand the workings of that state. And likewise with any other group and discipline. Computer technology is best understood by its practitioners (and five year olds); and cyberlife is best understood by those that live it often. Should a group of geeks ever declare intention to gain independence of Cyberworld from the physical world then I will support them.
I used to think that this country was free and stood for ideals. However I am sadly mistaken over this illusion. What I'd like to see is this country run by democracy and not the current dictatorship which is Labour.
Locksmiths have a handicap, as it were, in having to be physically present at the door they're working on, and therefore tend to be within the jurisdiction the law on locksmithing applies to when you want to invoke that to keep your door closed.
The script kiddie trying to get into your computer systems can be in the Ukraine, Sri Lanka or Argentina, and do they care about whether there's some British law prohibiting their activities?
ban these evil "com-pewters"!
Keith T: "Or do ordinary users want to put hackers and script kiddies in jail, leaving more power available to applications."
Absolutely mate, it' s gonna be grate when they lock up all the script kiddies and make all that nasty "hacking software" illegal - it'll be just like that time when they made guns illegal, and now there are NO GUNS IN BRITAN!! FACT.
Sadly I hear there is this thing called a "computer" that can be used to hack into peoples internets - if only we could make possesion of one of these demonic boxes a crime, and lock up all these so-called "computer users" there'd be no more computer crime EVOR.
@kissingthecarpet and others
The problem is not the politicians, or the parties. The problem is the system that they perpetuate in order to butter their swollen egos.
Remember, you only take up politics when you realise you have no other talent, other than lying beautifully, and some of them can't even do that. They are just about the only employees that ritually ignore their employers.
What we need to do is to modify the system that politicians euphemistically call democracy, so that politicians are reduced to a purely functional role. The system exists and is fairly successfully used in Switzerland, it is called direct democracy. The system works by employing two powerful tools, known as referendum and popular initiative.
The trouble is that under our present system, we would have to depend on a political party that has a realistic chance of being the governing party to pass the necessary legislation.... like turkey's voting for Christmas really!
Instead, they would rather spend our money interfering in everyone else's business, and always getting it wrong.
@Anon. Cow @Paul
And "Government" is when a clueless 3rd party can practically hand over on a silver platter the data to the "Dangerous Criminals" and get away with it scot-free
"Ban MS Windows, because God knows *that* gets abused by "hackers" often enough?"
Now you're beginning to make sense.
So if you want to get an annoying colleague sacked...
...all you'd have to do is copy something like nmap onto their notebook (to a folder where they wouldn't normallly look) and then grass them up to the local plod (anonymously of course).
I'm happy to be living and working in another country.
Re: There is nothing newly restrictive in this
The good news is, Keith, that your subject is right .
There's no border more porous than the Internet - so netcat et al are all just an FTP, HTTP, SCP, NNTP (uuencode, etc), Rsync, SMTP, etc, (or even an NSTX, ICMP payload, etc) away from a usable state. Assuming you want a binary copy, of course.
What's particularly disappointing about your argument is that you seem to ignore the fact that the UK is already a "participating state" to the Wassenaar Arrangement [http://www.wassenaar.org/introduction/index.html] which provides international guidance on export controls for munitions, including dual use goods, and including computer technology and software (particularly "information security" per chapter 5, part 2); surely a superb guide for those participating states seeking to draft domestic policy on the topic. I could, however, understand your omission given that even the regulatory framework for international munitions admits;
Controls do not apply to "technology" "in the public domain", to "basic scientific research" or to the minimum necessary information for patent applications. [WA-LIST (07) 2 Corr. 6-12-2007; GENERAL TECHNOLOGY NOTE]
The Lists do not control "software" which is either: [...] or 2. "In the public domain". [WA-LIST (07) 2 Corr. 6-12-2007; GENERAL SOFTWARE NOTE]
Where the following definitions are key;
"Basic scientific research" - Experimental or theoretical work undertaken principally to acquire new knowledge of the fundamental principles of phenomena or observable facts, not primarily directed towards a specific practical aim or objective. [WA-LIST (07) 2 Corr. 6-12-2007; DEFINITIONS]
"In the public domain" - This means "technology" or "software" which has been made available without restrictions upon its further dissemination. Note Copyright restrictions do not remove "technology" or "software" from being "in the public domain". [WA-LIST (07) 2 Corr. 6-12-2007; DEFINITIONS]
This would seem to be a far more pragmatic condition-set to be considered against the "article" of software, particularly before the "likelihood" of misuse or intent to misuse was tested against a given defendant.
As for your further consideration;
>> As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change.
Given your predisposition to aligning computer concepts to UK law, I'd be interested to know why you wouldn't want hackers to be able to replace a given system MOTD message with a Section 6 statement (as in Section 6 of the Criminal Law Act 1977, as amended by Criminal Justice and Public Order Act 1994) in order to legally validate a computer version of Squatting.
This would, in-turn, validate adverse possession of a computer system. As such, after 10 years of possession, a hacker must apply to a Computer Registry (the Internet already has the NIC structure in place) to have their title recognised as the owner in fee simple. The original owner of the computer system will receive notification from the Registry and will be able to defeat the application by simple objection.
Though this may not agree with your "buffet meal" argument.
I can't speak for Dave, but:
Mussolini said of fascism that it should have been called 'corporatism' because it really is a political system that merges of political and business interests and enshrines the rights of the result above all others.
This law defines right as a function of how the software or hardware is distributed: if through business channels then the product is not a hacking tool, if not through business channels the product is a hacking tool.
Given that business channels and open source are essentially mutually exclusive, this law serves to enshrine the business system's rights above those of open source / free speech/ whatever-you-call-it.
Thus, it is a fascist law.