The making of hacking tools and computer viruses should be a criminal act across Europe, EU ministers have said. The EU's Council of Ministers has backed the extension of criminal sanctions to tool—makers in response to European Commission plans to update EU laws tackling attacks against computer systems. Responding to European …
Illegal interception of computer data will also become a criminal offence
Leaving aside the paradox in that statement, what exactly does "interception" mean? The network address translator in my router intercepts all my internet traffic, and even rewrites it. How about Phorm? This looks like a real money-spinner for the lawyers.
I must be having a bad day...
Do you mean paradox, or tautology kind sir?
Paradox or tautology?
I see your point, but I think it's a paradox because of the word "become":
Behaving illegally is against the law - this is a tautology because "illegal" means the same as against the law.
Behaving illegally will become against the law - this is a paradox because it suggests that behaving illegally is not yet against the law.
How am I to test the security of my webservers that are situated in the EU if not with hacking tools?
EU please go back to mandating the straightness of bananas, it's much more your level of competance.
You don't seem to know the difference between the council of europe and the european union.
Also, the definition of a banana was taken in whole from the British definition of a banana.
AC doesn't seem to know the difference between Council of the European Union (aka the Council of Ministers) and the Council of Europe.
To commit a hack
If you want to make, supply or download tools which *could* be used maliciously but you are solely intending to use them against your own systems or the systems of others for non-malicious purposes that should be fine. I am sure the current UK law allows academics, research institutes and security firms to make and supply all the hacking tools they like; bu they must take all reasonable steps to ensure they are not use maliciously. This probably means you have to buy the tools or submit enough verifiable info about yourself so that peps could quickly check it is not your gun that is smoking.
I could be wrong but I have some vague memory that this is how the current UK law works and hopefully it would be how the new law is intended or implemented... hopefully. This is what makes white hacking a grey area.
They never did legislate about the straightness of bananas. IIRC that was dreamed up by either the Telegraph or the Fail.
For the facts on some perennial EuroMyths see:
Bent, not straight
Of course they did not legislate on straight bananas - they legislated on bent ones! EU directive 2257/94 to be precise. And now the cucumber scare is over you can rely on the EU to make sure they are not bent either (directive 1677/88).
So, if you're a hacking type, ...
.. and I give you a Linux ISO, complete with ping, tracert, IRC clients, nslookup, you can use it (maybe you had a fire at your flat and lost all your stuff) to set up a hacking box, does that make me a criminal? No copies of Zeus, no nmap, nothing like that, but a copy of all the basic tools, and even a browser so you can grab the rest before you get started...
By that same logic we will forthwith ban the sale of cars as well, as they can be used in ram raids.
Would everyone in any sort of club with an "EU" label first make sure their expenses and budget passes muster? Otherwise I don't know if this is a law written for, by or against criminals - I'm getting all confused..
This is the silliness in the idea, isn't it?
There is no such thing as a "hacking program" - there are programs that, if used in a certain way, may make hacking easier/possible, but which also have legitimate uses. In the physical world (which legislators seem to have an easier time understanding), we might use the hammer as an example - it can be used for legal and illegal uses, but hammers are not automatically illegal because some people do bad things with them. The requirement is for someone else to show intention to use it illegally.This is usually after the event, but sometimes beforehand.
"Hacking programs" is just more FUD being thrown up by those that don't understand what is happening in the world, and who cannot be bothered to keep up.
That's pretty much what I was thinking
You say "hacking" I say "penetration testing" *shrugs*
Oh good grief...
More laws. Just what we need.
Pretty much all cybercrime is *already* illegal. It just needs someone to investigate offences and prosecute offenders.
So what do we get? More laws. Yep. that'll make all the difference.
The term "hacking tools" needs to be well defined (it will not be I expect). You would not want to ban hammers or baseball bats just because they can and have been used as weapons. The same can be said of some computer tools, they can be used by both white and black hats.
IIRC the Germans already have a similar law and all it does is criminalise whitehats.
In fact, when I first read the Article my first thought was that Germany had presidency and had floated the idea.
"It's for penetration testing, m'lud."
Does this mean
condoms are for hacking the human body?
..as far as I know they tend to be involved in Denial of Service..
The greasy flasher Mac, thanks.
IPS = Intrusion Prevention System
Mines the one with the crowbar in the pocket, for conducting impromptu security audits on the way home late at night...
So, unless they are going to outlaw compilers and debuggers, Good Luck with That!
Crowbars are used every day by the construction industry and at night by a few individuals who break into sheds. Does that mean we ban crowbars and other hand tools? Of course not.
This is another knee jerk politically motivated law that is completely unnecessary. It is not the tools that are hacking into systems, it is a person. There are already laws on the books to handle that. Besides gun crime is outlawed and there are still holdups at gunpoint.
Hack tools are my daily bread and butter for validating security on my internal / external systems. Making these tools illegal just makes the life of the white hats harder and system protection nigh on impossible.
But Politicians (IE, Failed Lawyers), understand crowbars. All they understand about network tools is that they are used by EVVIL HAXXORS! to DESTROY SYSTEMS, CORRUPT MORALS and lead young impressionable kids into a LIFE OF CYBERCRIME!
It doesnt have to make sense.
To paraphrase two burgulars in an old Dr. Who.
Handing him a pick, "you know how to use one of these?"
"Yeah, I used one when I worked for the council."
"Well this time it is for swinging, not leaning on."
MS better watch out
I'm pretty sure Windows, Outlook, MSIE, and VS.net all fall foul of this ludicrously worded legislation.
I'm going to sound like a loony merkin now, but if trying to exploit programs or systems is illegal, then only criminals will know about the latest hacks. There must be exclusions to allow white or grey hat hacking to discover and fix security flaws in software.
I guess that line is only loony until it refers to something you can see the logic in, eh?
So, the next question
How does one differentiate between legitimate debugging (like debuggers, disassemblers), security testing and similar software, and hacking tools?
If the line is not sufficiently drawn, it would be like making kitchen knives illegal on the basis that they can be used to murder - as well as having a genuine basis for being owned and used.
Thing is, in the UK, wouldn't creating a virus be an offence under the Computer Misuse Act, in which case why aren't there more prosecutions? That's right... you gotta catch 'em first.
We haven't caught them yet because
there aren't enough laws.
More laws is always the answer!
Laws. More laws. Laws. Law. Laws. More laws!!
So what they want to do is restrict all these tool to people that already break the law? Does this mean that all network diagnostic tools will be illegal?
Surely this has been badly though out as it will just increase hacking because people will not be able to test their own networks for vulnerabilities.
I'm pretty sure that if this was law, the contents of my keyring USB key would be considered 'going equipped'.
While it would be nice to have people writing stuff like Zeus behind bars, I don't think it's possible to do it without large collateral damage. I do hope EC will figure that out before it's too late.
Bunch of uneducated idiots
That's what this commission seems to be!!!
They have absolutely no clue about this matter and yet want to create and apply laws about it!!!
Criminalising -what they portray as hacking tools- will do nothing but just create more work for the courts, where some trolls will try to get at some security contious admins.
Security consulttants (like myself) will be criminalised
- When are they going to criminalise kitchen knives because so many people get stabbed with them?
- When are they going to criminalise car manufacturers because so many people get killed by them?
- When are they going to criminalise smartcard readers, because they can be used to hack creditcards
- When are they going to criminalise linux because it can be used to create these evil programs
What about tools like nmap, wireshark, ettercap, etc.?
And the response from those brainless numpties will be: oh no, we only target the bad guys.....
How can a non-elected body make decisions like this?
The EU commission has no accountability (who would believe this BS "to the people of the EU").
I would go as far as suggesting what they call in Germany "civil disobedience".
Our governments are going completely nuts.
More and more laws, that only serve "the big ones"
Music copyrights for 75 and/100 years, software patents....
I am certainly not against copyrights and I am against piracy (I am though for fair use and a limited amount of private copies)
but the way the industry is behaving and "buying" politicians with completely faked states and blatent lies cannot be tolerated any longer!
unless peoples start fighting back, this is going to continue and in the long run we (or possibly our children or their children) are going to live in a society like robocop, where corporations publically rule (well they to do to a certain extent already).
The flame is for the EU commission
"When are they going to criminalise kitchen knives because so many people get stabbed with them?"
Here in the UK, we *have* had Knife amnesties.
KNIFE AMNESTYIES for crying out loud!
Most of us arent proud.
When I was young
They placed one of those amnesty bins near where I lived, local yobs waited until it was reasonably full and broke into the friggin thing. So the 'Amnesty' simply provided a convenient armoury for those it was supposed to be taking the stuff away from!
Re: Bunch of uneducated idiots
"unless peoples start fighting back, this is going to continue and in the long run we (or possibly our children or their children) are going to live in a society like robocop, where corporations publically rule (well they to do to a certain extent already)."
The issue is _how_ do we fight back? From bitter experience, writing to ones MP is a waste of time, they have many letters on many subjects and an individual letter on a subject like this does not make the cut. I suspect that to actually make "the government" sit up and take notice it would require at least 50% of MP's (~300) to have about 8000 (~10% of a constituency) letters, i.e. 2.4 million letters on the one subject. Even then I suspect that "the government" would not have balls to tell the EU (which ever bit) where it gets off.
So where do we go from here? May be the French had the right idea in 1789. We could do with some new pub names and "The Swinging Socialist" or "The Tories Head" sounds so much better than "The Slug and Lettuce".
Also as has been note elsewhere on The Register - "you can not educate lard" - (Thank you to the dad that came up with that one, it is so true) so we are not going to make much progress down that route.
Knife amnesties and rightly so. The kind of knife that is handed in to one of these amnesties is not a kitchen knife, it's anything from a flick knife up to machet. Most knifes have legitimate uses, but I'd question the use of a 12" hunting knife in an inner city housing estate. It gives the owners a legitimate way to get rid of the weapon, they don't have to if they don't want to, but you're not allowed to carry these knifes in public so getting rid of them without an amnesty isn't that easy.
PS. For the record, there is a big problem with teenagers stabbing each other in many UK cities.
The issue is _how_ do we fight back?
Refuse to vote, refuse to breed.
Society will collapse entirely within a few decades if there are no children. It's the only weapon you've got against politicians, taking away their electorate.
it is about using the tools in a "criminal" way, but then again I am an optimist, sometimes.
PS. I think it was about cucumber and not about bent bananas, and quit frankly a tiny bent cucumber is not what you want unless you live in the north with "electrically" produced cucumber with no taste at all.
Houston, Hi. Hello Beijing and Tokyo ..... Fancy a Crazy Life-Changing Opportunity?
""Such network of compromised computers ('zombies' may be activated to perform specific actions such as attacks against information systems (cyberattacks). These 'zombies' can be controlled – often without the knowledge of the users of the compromised computers – by another computer," the Council statement said." ...... That is suspiciously too much like a PrimedDOSubliminal to be anything significantly different? ....... Posted Tuesday 14th June 2011 14:59 GMT .... http://forums.theregister.co.uk/forum/1/2011/06/14/mod_vid_campaign/
We have a cat that got declawed. Under normal circumstances I am adamantly against declawing a cat as it's cruel and barbaric. They don't just remove the claw, but the whole mechanism that controls the claw. The human equivalent is to remove not just your fingernail, but the end of your finger as well.
Frankly, it's a ghastly thing to do to a cat.
Trouble is that this cat would beat up the other cats on a regular basis, leaving wounds, shredded ears, etc. The cat would also claw humans badly. This is a bad tempered cat who hates everyone with equal disdain.
We had a choice, either put her down, or declaw her and just live with a bad tempered cat. We went with declawing and gave her a shot at life. 10 years later, she's still as bad tempered as anything, but at least she had 10 years of life.
Here is the key thing - she couldn't be trusted with claws so we had them removed. "Hackers" (or whatever badge a script kiddie is brandishing today) cannot be trusted with hacking tools, that's why they are being taken off them.
All well and good....
...until someone else decides to make you the cat. "It's for your own good, honest!!!"
What they are doing, to use your analogy is not just de-clawing your cat, but trying to de-claw _all_ cats 'just in case'. In fact they are trying to prevent cats from having claws in the first place!
Although they may say that they are only after the bad guys, by making it a crime to _create_ these tools it also ensures that law-abiding folk can't get their hands on it.
Don't ever report a security hole
"I've just found a security hole in your web site, here's the details so you can fix it at once."
"Right Sunshine, you're nicked!"
Illegal interception of computer data will also become a criminal offence
Illegally intecepting communications is already a criminal offence in the UK.
Particularly given most voice comms also reduces to computer data.
So the problem is not the words of the law. It is a complete lack of enforcement by corrupt and incompetent Police officers, regulators and prosecutors.
You can have as much legislation as you like, but it is meaningless without law enforcement.
For which Phorm is a weeping sore.
The problem is worse than that..
.. it's not just LACK of law enforcement, it is in some cases complaisance. All you (still) need to do is to mention that magic words "terrorist" or "child abuser" and there will be no judge or politician willing to be seen to even question the issue of an intercept warrant - and THAT is the real crime.
Few people seem to understand that privacy is a right, whereas the ability to intercept is actually a PRIVILEGE, given to law enforcement to lift this right temporarily in very defined circumstances. However, getting a warrant the normal way is like hard work, so bypassing these checks and balances is so much more convenient (especially since there is no transparency) - damn your rights..
It's not new, however. Look at the US during the McCarthy years where "communist" was the magic word, and see how that got abused. Not that anyone learned those lessons.. :(
So penetration testing is going to be made illegal?
How about Wireshark? Should I remove it from my system now, even though I only use it to monitor traffic to and from my VMs out of curiosity?
The morons in charge need hitting hard with a clue bat until they stop this nonsense -- otherwise IT professionals may as well start handing themselves in to the Stasi now.
the right to arm bears
if you ban guns , only criminals will have guns
Another load of crap from people who are clueless
Puts netcard into promiscuous mode, goes to jail
Makes website drop a cookie, goes to jail
Does a cartoon of a tiger and a laaaydeeey, goes to jail
I hope someone, somewhere is writing a list
all well and good shouting about how it should be illegal but...
how would IT admins test their defences against hackers if it was illegal to create hacking tools? who would create the LOIC so i can fire it at my servers and see if it would fail?