back to article European Council: Creating hacking tools should be criminal across EU

The making of hacking tools and computer viruses should be a criminal act across Europe, EU ministers have said. The EU's Council of Ministers has backed the extension of criminal sanctions to tool—makers in response to European Commission plans to update EU laws tackling attacks against computer systems. Responding to …

COMMENTS

This topic is closed for new posts.
  1. nyelvmark
    Meh

    Illegal interception of computer data will also become a criminal offence

    Leaving aside the paradox in that statement, what exactly does "interception" mean? The network address translator in my router intercepts all my internet traffic, and even rewrites it. How about Phorm? This looks like a real money-spinner for the lawyers.

    1. Peladon

      I must be having a bad day...

      Do you mean paradox, or tautology kind sir?

      1. nyelvmark
        Thumb Up

        Paradox or tautology?

        I see your point, but I think it's a paradox because of the word "become":

        Behaving illegally is against the law - this is a tautology because "illegal" means the same as against the law.

        Behaving illegally will become against the law - this is a paradox because it suggests that behaving illegally is not yet against the law.

  2. Vic

    Oh good grief...

    More laws. Just what we need.

    Pretty much all cybercrime is *already* illegal. It just needs someone to investigate offences and prosecute offenders.

    So what do we get? More laws. Yep. that'll make all the difference.

    Vic.

  3. Dave Murray

    Stupid EU

    How am I to test the security of my webservers that are situated in the EU if not with hacking tools?

    EU please go back to mandating the straightness of bananas, it's much more your level of competance.

    1. Anonymous Coward
      Anonymous Coward

      Err...

      You don't seem to know the difference between the council of europe and the european union.

      Also, the definition of a banana was taken in whole from the British definition of a banana.

      1. Evan Essence
        WTF?

        Err...

        AC doesn't seem to know the difference between Council of the European Union (aka the Council of Ministers) and the Council of Europe.

    2. T.a.f.T.
      Thumb Up

      To commit a hack

      If you want to make, supply or download tools which *could* be used maliciously but you are solely intending to use them against your own systems or the systems of others for non-malicious purposes that should be fine. I am sure the current UK law allows academics, research institutes and security firms to make and supply all the hacking tools they like; bu they must take all reasonable steps to ensure they are not use maliciously. This probably means you have to buy the tools or submit enough verifiable info about yourself so that peps could quickly check it is not your gun that is smoking.

      I could be wrong but I have some vague memory that this is how the current UK law works and hopefully it would be how the new law is intended or implemented... hopefully. This is what makes white hacking a grey area.

    3. Sam Therapy
      Meh

      Bananas?

      They never did legislate about the straightness of bananas. IIRC that was dreamed up by either the Telegraph or the Fail.

      1. Graham Marsden
        Boffin

        Bananas

        For the facts on some perennial EuroMyths see:

        http://news.bbc.co.uk/1/hi/world/europe/6481969.stm

      2. julian_n

        Bent, not straight

        Of course they did not legislate on straight bananas - they legislated on bent ones! EU directive 2257/94 to be precise. And now the cucumber scare is over you can rely on the EU to make sure they are not bent either (directive 1677/88).

  4. Anonymous Coward
    Trollface

    It's..

    "It's for penetration testing, m'lud."

    1. TheRead
      Coat

      Does this mean

      condoms are for hacking the human body?

      1. Fred Flintstone Gold badge
        Coat

        Nope..

        ..as far as I know they tend to be involved in Denial of Service..

        The greasy flasher Mac, thanks.

        1. Anonymous Coward
          Coat

          IPS = Intrusion Prevention System

          errrr... maybe....

          Mines the one with the crowbar in the pocket, for conducting impromptu security audits on the way home late at night...

  5. Steve the Cynic
    FAIL

    So, if you're a hacking type, ...

    .. and I give you a Linux ISO, complete with ping, tracert, IRC clients, nslookup, you can use it (maybe you had a fire at your flat and lost all your stuff) to set up a hacking box, does that make me a criminal? No copies of Zeus, no nmap, nothing like that, but a copy of all the basic tools, and even a browser so you can grab the rest before you get started...

    1. Fred Flintstone Gold badge
      FAIL

      Yup, definitely.

      By that same logic we will forthwith ban the sale of cars as well, as they can be used in ram raids.

      Would everyone in any sort of club with an "EU" label first make sure their expenses and budget passes muster? Otherwise I don't know if this is a law written for, by or against criminals - I'm getting all confused..

    2. Intractable Potsherd
      Thumb Up

      This is the silliness in the idea, isn't it?

      There is no such thing as a "hacking program" - there are programs that, if used in a certain way, may make hacking easier/possible, but which also have legitimate uses. In the physical world (which legislators seem to have an easier time understanding), we might use the hammer as an example - it can be used for legal and illegal uses, but hammers are not automatically illegal because some people do bad things with them. The requirement is for someone else to show intention to use it illegally.This is usually after the event, but sometimes beforehand.

      "Hacking programs" is just more FUD being thrown up by those that don't understand what is happening in the world, and who cannot be bothered to keep up.

      1. CD001

        That's pretty much what I was thinking

        You say "hacking" I say "penetration testing" *shrugs*

  6. Tom 35

    Danger ahead

    The term "hacking tools" needs to be well defined (it will not be I expect). You would not want to ban hammers or baseball bats just because they can and have been used as weapons. The same can be said of some computer tools, they can be used by both white and black hats.

    1. Ben Tasker

      Exactly

      IIRC the Germans already have a similar law and all it does is criminalise whitehats.

      In fact, when I first read the Article my first thought was that Germany had presidency and had floated the idea.

  7. Tom 38
    Stop

    MS better watch out

    I'm pretty sure Windows, Outlook, MSIE, and VS.net all fall foul of this ludicrously worded legislation.

    I'm going to sound like a loony merkin now, but if trying to exploit programs or systems is illegal, then only criminals will know about the latest hacks. There must be exclusions to allow white or grey hat hacking to discover and fix security flaws in software.

    1. Figgus

      Loony?

      I guess that line is only loony until it refers to something you can see the logic in, eh?

  8. Anonymous Coward
    Pirate

    So, the next question

    How does one differentiate between legitimate debugging (like debuggers, disassemblers), security testing and similar software, and hacking tools?

    If the line is not sufficiently drawn, it would be like making kitchen knives illegal on the basis that they can be used to murder - as well as having a genuine basis for being owned and used.

    Thing is, in the UK, wouldn't creating a virus be an offence under the Computer Misuse Act, in which case why aren't there more prosecutions? That's right... you gotta catch 'em first.

    1. LaeMing
      Facepalm

      We haven't caught them yet because

      there aren't enough laws.

      More laws is always the answer!

      Laws. More laws. Laws. Law. Laws. More laws!!

  9. QuiteEvilGraham
    FAIL

    Jeez...

    So, unless they are going to outlaw compilers and debuggers, Good Luck with That!

  10. windowlicky
    Facepalm

    Hacking tools

    So what they want to do is restrict all these tool to people that already break the law? Does this mean that all network diagnostic tools will be illegal?

    Surely this has been badly though out as it will just increase hacking because people will not be able to test their own networks for vulnerabilities.

  11. NoneSuch Silver badge
    WTF?

    Absolutley NOT

    Crowbars are used every day by the construction industry and at night by a few individuals who break into sheds. Does that mean we ban crowbars and other hand tools? Of course not.

    This is another knee jerk politically motivated law that is completely unnecessary. It is not the tools that are hacking into systems, it is a person. There are already laws on the books to handle that. Besides gun crime is outlawed and there are still holdups at gunpoint.

    Hack tools are my daily bread and butter for validating security on my internal / external systems. Making these tools illegal just makes the life of the white hats harder and system protection nigh on impossible.

    1. Anonymous Coward
      Anonymous Coward

      But

      But Politicians (IE, Failed Lawyers), understand crowbars. All they understand about network tools is that they are used by EVVIL HAXXORS! to DESTROY SYSTEMS, CORRUPT MORALS and lead young impressionable kids into a LIFE OF CYBERCRIME!

      It doesnt have to make sense.

      1. LaeMing
        Happy

        To paraphrase two burgulars in an old Dr. Who.

        Handing him a pick, "you know how to use one of these?"

        "Yeah, I used one when I worked for the council."

        "Well this time it is for swinging, not leaning on."

  12. Tom 38
    Thumb Down

    Hmmm

    I'm pretty sure that if this was law, the contents of my keyring USB key would be considered 'going equipped'.

  13. ZimboKraut
    Flame

    Bunch of uneducated idiots

    That's what this commission seems to be!!!

    They have absolutely no clue about this matter and yet want to create and apply laws about it!!!

    Criminalising -what they portray as hacking tools- will do nothing but just create more work for the courts, where some trolls will try to get at some security contious admins.

    Security consulttants (like myself) will be criminalised

    - When are they going to criminalise kitchen knives because so many people get stabbed with them?

    - When are they going to criminalise car manufacturers because so many people get killed by them?

    - When are they going to criminalise smartcard readers, because they can be used to hack creditcards

    - When are they going to criminalise linux because it can be used to create these evil programs

    What about tools like nmap, wireshark, ettercap, etc.?

    And the response from those brainless numpties will be: oh no, we only target the bad guys.....

    How can a non-elected body make decisions like this?

    The EU commission has no accountability (who would believe this BS "to the people of the EU").

    I would go as far as suggesting what they call in Germany "civil disobedience".

    Our governments are going completely nuts.

    More and more laws, that only serve "the big ones"

    Music copyrights for 75 and/100 years, software patents....

    I am certainly not against copyrights and I am against piracy (I am though for fair use and a limited amount of private copies)

    but the way the industry is behaving and "buying" politicians with completely faked states and blatent lies cannot be tolerated any longer!

    unless peoples start fighting back, this is going to continue and in the long run we (or possibly our children or their children) are going to live in a society like robocop, where corporations publically rule (well they to do to a certain extent already).

    The flame is for the EU commission

    1. Anonymous Coward
      Facepalm

      Well,

      "When are they going to criminalise kitchen knives because so many people get stabbed with them?"

      Here in the UK, we *have* had Knife amnesties.

      KNIFE AMNESTYIES for crying out loud!

      Most of us arent proud.

      1. Anonymous Coward
        Anonymous Coward

        When I was young

        They placed one of those amnesty bins near where I lived, local yobs waited until it was reasonably full and broke into the friggin thing. So the 'Amnesty' simply provided a convenient armoury for those it was supposed to be taking the stuff away from!

      2. Anonymous Coward
        Anonymous Coward

        Yes...

        Knife amnesties and rightly so. The kind of knife that is handed in to one of these amnesties is not a kitchen knife, it's anything from a flick knife up to machet. Most knifes have legitimate uses, but I'd question the use of a 12" hunting knife in an inner city housing estate. It gives the owners a legitimate way to get rid of the weapon, they don't have to if they don't want to, but you're not allowed to carry these knifes in public so getting rid of them without an amnesty isn't that easy.

        PS. For the record, there is a big problem with teenagers stabbing each other in many UK cities.

    2. Anonymous Coward
      Anonymous Coward

      Re: Bunch of uneducated idiots

      ZimboKraut said:

      "unless peoples start fighting back, this is going to continue and in the long run we (or possibly our children or their children) are going to live in a society like robocop, where corporations publically rule (well they to do to a certain extent already)."

      The issue is _how_ do we fight back? From bitter experience, writing to ones MP is a waste of time, they have many letters on many subjects and an individual letter on a subject like this does not make the cut. I suspect that to actually make "the government" sit up and take notice it would require at least 50% of MP's (~300) to have about 8000 (~10% of a constituency) letters, i.e. 2.4 million letters on the one subject. Even then I suspect that "the government" would not have balls to tell the EU (which ever bit) where it gets off.

      So where do we go from here? May be the French had the right idea in 1789. We could do with some new pub names and "The Swinging Socialist" or "The Tories Head" sounds so much better than "The Slug and Lettuce".

      Also as has been note elsewhere on The Register - "you can not educate lard" - (Thank you to the dad that came up with that one, it is so true) so we are not going to make much progress down that route.

      1. CD001

        Refuse

        ----

        The issue is _how_ do we fight back?

        ----

        Refuse to vote, refuse to breed.

        Society will collapse entirely within a few decades if there are no children. It's the only weapon you've got against politicians, taking away their electorate.

  14. Lars Silver badge
    Pint

    I suppose

    it is about using the tools in a "criminal" way, but then again I am an optimist, sometimes.

    PS. I think it was about cucumber and not about bent bananas, and quit frankly a tiny bent cucumber is not what you want unless you live in the north with "electrically" produced cucumber with no taste at all.

  15. Anonymous Coward
    Anonymous Coward

    Ummm...

    While it would be nice to have people writing stuff like Zeus behind bars, I don't think it's possible to do it without large collateral damage. I do hope EC will figure that out before it's too late.

  16. Anonymous Coward
    Devil

    Declawing

    We have a cat that got declawed. Under normal circumstances I am adamantly against declawing a cat as it's cruel and barbaric. They don't just remove the claw, but the whole mechanism that controls the claw. The human equivalent is to remove not just your fingernail, but the end of your finger as well.

    Frankly, it's a ghastly thing to do to a cat.

    Trouble is that this cat would beat up the other cats on a regular basis, leaving wounds, shredded ears, etc. The cat would also claw humans badly. This is a bad tempered cat who hates everyone with equal disdain.

    We had a choice, either put her down, or declaw her and just live with a bad tempered cat. We went with declawing and gave her a shot at life. 10 years later, she's still as bad tempered as anything, but at least she had 10 years of life.

    Here is the key thing - she couldn't be trusted with claws so we had them removed. "Hackers" (or whatever badge a script kiddie is brandishing today) cannot be trusted with hacking tools, that's why they are being taken off them.

    1. Figgus

      All well and good....

      ...until someone else decides to make you the cat. "It's for your own good, honest!!!"

    2. Anonymous Coward
      Anonymous Coward

      Flawed Analogy

      What they are doing, to use your analogy is not just de-clawing your cat, but trying to de-claw _all_ cats 'just in case'. In fact they are trying to prevent cats from having claws in the first place!

      Although they may say that they are only after the bad guys, by making it a crime to _create_ these tools it also ensures that law-abiding folk can't get their hands on it.

  17. Christoph
    FAIL

    Don't ever report a security hole

    "I've just found a security hole in your web site, here's the details so you can fix it at once."

    "Right Sunshine, you're nicked!"

  18. amanfromMars 1 Silver badge

    Houston, Hi. Hello Beijing and Tokyo ..... Fancy a Crazy Life-Changing Opportunity?

    Hmmmm?!****

    ""Such network of compromised computers ('zombies' may be activated to perform specific actions such as attacks against information systems (cyberattacks). These 'zombies' can be controlled – often without the knowledge of the users of the compromised computers – by another computer," the Council statement said." ...... That is suspiciously too much like a PrimedDOSubliminal to be anything significantly different? ....... Posted Tuesday 14th June 2011 14:59 GMT .... http://forums.theregister.co.uk/forum/1/2011/06/14/mod_vid_campaign/

  19. dephormation.org.uk
    Meh

    Illegal interception of computer data will also become a criminal offence

    Illegally intecepting communications is already a criminal offence in the UK.

    Particularly given most voice comms also reduces to computer data.

    So the problem is not the words of the law. It is a complete lack of enforcement by corrupt and incompetent Police officers, regulators and prosecutors.

    You can have as much legislation as you like, but it is meaningless without law enforcement.

    For which Phorm is a weeping sore.

    1. Anonymous Coward
      Anonymous Coward

      The problem is worse than that..

      .. it's not just LACK of law enforcement, it is in some cases complaisance. All you (still) need to do is to mention that magic words "terrorist" or "child abuser" and there will be no judge or politician willing to be seen to even question the issue of an intercept warrant - and THAT is the real crime.

      Few people seem to understand that privacy is a right, whereas the ability to intercept is actually a PRIVILEGE, given to law enforcement to lift this right temporarily in very defined circumstances. However, getting a warrant the normal way is like hard work, so bypassing these checks and balances is so much more convenient (especially since there is no transparency) - damn your rights..

      It's not new, however. Look at the US during the McCarthy years where "communist" was the magic word, and see how that got abused. Not that anyone learned those lessons.. :(

  20. Select * From Handle
    Thumb Down

    all well and good shouting about how it should be illegal but...

    how would IT admins test their defences against hackers if it was illegal to create hacking tools? who would create the LOIC so i can fire it at my servers and see if it would fail?

  21. Anonymous Coward
    Anonymous Coward

    Another load of crap from people who are clueless

    Puts netcard into promiscuous mode, goes to jail

    Makes website drop a cookie, goes to jail

    Does a cartoon of a tiger and a laaaydeeey, goes to jail

    I hope someone, somewhere is writing a list

  22. mark 63 Silver badge
    Mushroom

    the right to arm bears

    if you ban guns , only criminals will have guns

  23. Cameron Colley

    So penetration testing is going to be made illegal?

    How about Wireshark? Should I remove it from my system now, even though I only use it to monitor traffic to and from my VMs out of curiosity?

    The morons in charge need hitting hard with a clue bat until they stop this nonsense -- otherwise IT professionals may as well start handing themselves in to the Stasi now.

  24. Anonymous Coward
    Anonymous Coward

    European Council

    Saves the day! That'll stop everybody doing it?!

    As an aside are they going to make metasploit illegal? dns? dhcp? irc? all are popular "hacking tools".

    1. Anonymous Coward
      Anonymous Coward

      From the same bunch of failed Lawyers that braught you...

      Limits on the straightness of Bananas,

  25. Skrrp
    Stop

    Please do something about this

    Everyone who reads this and lives in the EU, please land email on your MEP's desk:

    http://www.writetothem.com/

    1. Anonymous Coward
      FAIL

      writing

      I'm no good at writing eloquently, but if someone gives me a base letter to modify and send off, I'll be the first to send it.

      After I've finished penetration testing my servers whilse it's still legal.

  26. Alexander Vollmer
    Pint

    Bad news for shareholders

    A major draw back for defence industry. No future development of cyber war equipment, no more stuxnet decendants. Budget cuts, job cuts and never ever cold cuts.

    1. amanfromMars 1 Silver badge

      DAVROS Meltdown ...... Oh dear, what a Shame, Never Mind, ....

      ..... we can rebuild the Base System with Novel Fundamental Revisions.

      "Bad news for shareholders ...... A major draw back for defence industry. No future development of cyber war equipment, no more stuxnet decendants. Budget cuts, job cuts and never ever cold cuts." ..... Alexander Vollmer Posted Tuesday 14th June 2011 21:39 GMT [in response to "European Council: Creating hacking tools should be criminal across EU" .... http://theregister.co.uk//2011/06/14/making_hacking_tools_should_be_criminal_act_say_eu_ministers/

      Hi Alexander Vollmer,

      You may find that it is the probable self-righteous and self-serving and venal virtual rather than virtuous fear that mickey mouse wannabe politicians and diplomats and European Councillors have, regarding a Military Expeditionary Force or an Underground Economic Model having lead possession of the skillsets which lay bare and open to Seriously SMARTer Anonymous Peer Review, their Dodgy Artificial Virtual Reality Operating Systems with their discredited and discrediting, blunt trauma monetary collapse and market manipulation tools.

      And here is a Sub Prime Toxic Waste Generator ....... and Great White Dope Fear Monger ...... http://www.bbc.co.uk/news/world-us-canada-13770390

  27. Anonymous Coward
    Anonymous Coward

    A matter of intent?

    According to the article, an offender is one who :

    "makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, [a hacking offence]."

    If this is accurate then it is a matter of intent. If the article is made (etc) with the intention of it being used for legitimate purposes, there isn't any offence.

    Of course, it still leaves us all vulnerable to poor interpretation on the part of the powers that be.

  28. jocaferro

    SIEMENS SCADA & Co.

    Start here, please.

  29. Peter Stone
    Devil

    same old, same old

    I seem to recall that we've been here before, fortunately things got canned then, so let's hope that they get cannd again.

    1. Fred Flintstone Gold badge

      Not a chance..

      Not a chance that it gets canned this time IMHO - too much money involved.

  30. Anonymous Coward
    Anonymous Coward

    Guys, guys, you've got it all wrong

    Let them enact this and then wait until there's a spectacular fail, sort of like Y2K could have been in a best/worst case scenario or alternatively on the next sysadmin day, just power everything down and point out to your bosses that most of the systems in your kit is now illegal. Those of us in the private sector might have a hard time with this (unless we unify somehow, dont really see this happening to be fair, perhaps an injunction or edict needs to be issued) but in the public sector you can ask for written instructions to turn everything back on even though it could be illegal, and to be "held harmless" by your bosses.

    The effect of all government nets going down would get someone's attention

    It really needs something ot that magnitude to grab them by the short and curlies and make them remember (for a while at least)

    But realistically, remember what they did to Daniel Cuthbert. That's where this will come in to play.

    The authorities will let this one lie quietly until you cross them, for example not agreeing to give them data under a warrantless search (RIPA notwithstanding), and then they'll find this legislation and use it to penalise you. Pour encourage les autres.

  31. Anonymous Coward
    Paris Hilton

    Conspiracy Theory Alert

    Agreed with the points on Nmap and other genuine security tools, such as Nessus scripting. Any tool that can break (such as a hammer) is simply a tool - it can be used, or misused and this analogy holds up in the IT world. However, I think the long-term reality is more insidious....

    ...It's just all part of the sleepwalking in to a totalitarian state. They need laws like these so they can label any policy naysayer, objector, human rights supporter, or variants thereof a criminal or terrorist if they so choose.

    Given enough time, there will be a whole raft of stupid laws such as these. It will mean everybody is infringing legality somewhere - which is just how 'they' want it.... a trump card excuse to grab people off the streets when they want to dispose of somebody being too big a problem for their policies. The forthcoming extremism laws are similar - you have a freedom to choose to believe what you want, so long as it falls within government defined parameters of normality which they will constantly be narrowing to protect economic interests.

    Not long now until people say things on forums and then are removed form society never to be seen again.

    Ooops... here they come.. *gets coat*

    Paris: because she reminds me of the simple things in life

  32. Anonymous Coward
    Holmes

    Sounds a bit daft to me -

    - and labor intensive.

    Plus, it would appear to be consistently retrospective as the laws seem action focused.

    Now, for me, a wiser, easier and more balanced approach is to identify key principles (like what the French tend to do?) and in a charge against a perp it could list stuff like "contrary to Articles blah, blah and blah" hopefully encompassing hacker actions not yet envisioned or enshrined in law.

This topic is closed for new posts.

Other stories you might like