The real security people should just give up - Western governments have no interest in the truth only catchy headlines and flashy soundbites.
We should all move to an honest nation like China.
The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called "hacking tools". The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006. However, the ban along with measures to increase the maximum …
nuLabour know best! No need for public consultation, they just blindly churn out bad law after bad law. Just like the fact you cant take a picture of your own kid in public, they are doing a blanket ban on the majority instead of actually targeting the very small minority of criminals. They are fascist, authoritarian and they make me and a lot of people sick with disgust at what they have done to this country.
When I read things like this I feel assured that the law makers know as much about computer security than they do kitchen knifes. One mans security audit tool is anothers hacking tool. Thats a line that needs to be defined and given the `reasonable doubt` bottom line then any computer buff could argue enough to get that verdict and as such get off any charges under this law. What is sad is that because its so poorly defined for what it is entended for it actualy goes against making computer more secure and will only waste valuable resources and courts chassing cases that shouldn't of even been there were the ones that should be get delayed and increase public exposure as a consiquence.
So when is a kitchen knife a weapon of mass destruction given in the computer world there is no kitchen defined, nor valid uses of said knifes.
Well its down to use, which given we already have laws that cover wrong doing makes this new law a lamentable farce in that the only people it will effect are the people who do no wrong and help security as a whole even if they dont have some expensive members club card to security work.
Does that mean I can get locked up if I'm caught using DOS edlin to modify a file when I'm doing my system administration bit then?
Thank goodness we have such a caring government looking after our every needs. I feel I can sleep safely at night knowing they are keeping an eye on the rascals who are just doing their job.
It'll be even better when we get our ID cards, as then we can all be comfortable that the last person who went to the loo was trustworthy.
This, like many laws will only end up making it difficult for legitimate users. These users will find it difficult to use/create/distribute these programs without being on the wrong side of the law. The actual criminals will continue doing what they do now with little or no extra hassle.
Well from the sounds of things this is another badly thought out law made by people who dont really understand what they are trying to ban, When this comes into law, if it stays as it is, it will turn a whole load of people overnight into criminals for doing nothing wrong.
Sure there are tools out there that can be used for wrong but the same tools have very good and important uses. Who decides whats acceptable and whats not? Some people might say a port scanner isn't acceptable yet many network admin's use such tools all the time.
But I guess thats our government for you manking criminals out of everyday good people, and often having no real impact of the people the laws were originally meant to target.
"A system of government marked by centralization of authority under a dictator, stringent socioeconomic controls, suppression of the opposition ..."
"A social and political ideology with the primary guiding principle that the state or nation is the highest priority, rather than personal or individual freedoms."
Are both pretty good definitions.
Well, all we in the computing world know what a hacker is. A hacker is someone who tries to break into a computer system or network. Strictly speaking, there's not actually anything wrong with 'hacking'.
What these people mean are the people we might call 'phreakers' and 'crackers' who try to break into systems/networks/software with malicious intent.
That little bit about malicious intent is important. A 'hacker' doesnt have that malicious intent. It is a challenge, plain and simple. I might enjoy a walk in a maze - eventually I'd find the correct path to the goal, much like a hacker might find the right doorway to a system......
Trying a door handle isnt the same as smashing it down, nicking all the stuff on the other side, and running for it...much like owning a linux machine isnt exactly the same as being a supervillan (unless its a linux box with a 'proprietory' frontend like say, OSX).
Anyways, damn this pathetic government... I think everyone should make sure they possess as much open source hacking software as possible.... this new law is as stupid as lots of the other newer laws have been.
I'll get me coat (and maybe leave the country cause its going down the pan)
Here go the incompetent Government yet again sticking their oar into things they dont understand. Perhaps instead they should make "losing data through stupidity" illegal but of course they would'nt want to put themselves in the frame. They need to add something into the draft law such as would be required in the real world, such as PROVING "possessing with intent " or "going equipped to break into computers illegally" or similar ,so that it will be harder to prove yet ensure innocent use is not made illegal.
I think it is real shame this Government spends its time making laws and and starting wars, yet cannot give us decent NHS,Transport, Education etc services. Vote them out next time.
1- "a man agresses another with a screwdriver"
2- "the gov. bans the use and distribution of screwdrivers"
Replace screwdrivers by anything from dildos to knifes, mp3 players, bretzels (it's been proved it could shortly fail of killing one US president, some time ago :-).
I think a simple perl script can replace the gov to automate laws generations ;-)
The problem with the main alternative (the Tories) is that I seem to remember they knew just as little as the current bunch, and they didn't manage the economy very well either. Also whilst I find that Labour incompetence is wearisome, they don't induce the same gut-churning hatred that some Tories did - remember Nick Ridley, Aitken, Archole, and the Maggon herself - God they were awful!
It's now almost impossible not to be a terrorist/subversive/hacker in the eyes of the law.
That makes it easy for the protectors of the nations virtue to entangle anyone who annoys them in a net of legal interpretation, providing years of lucrative enjoyment for our learned friends and fiscal ruin to the "defendant" who has to prove his activities are innocent to a judge and jury whose chief source of information has been the Times, Telegraph, Sun or Daily Mail.
Does this mean that every Linux distro that comes with such tools is then illegal?
Are the government going to ban RedHat, Slackware and Ubuntu etc etc etc?
Is the grubby hand of MS in this somewhere (probably up someones nether regions)?
In reality this is largely unenforcable, especially as the police will need buckets full of forensic IT specialists to sift through Linux boxes to determine whether said tools have ever been used - a cost I can't see them being likely to bear.
Hackers, technically are just people who like to figure out how things work.
Phreakers was a side name for people that hacked telephones.
Crackers were traditionally people who got around security in games, media and other software things.
Script Kiddies were people that took the work of the other 3 to cause mayhem.
Dangerous Criminals are the people who took the work of the first three, added their own magic and started making a business out of it all.
However their all pretty rubbish titles to describe diverse groups. You could often throw in the terms, idiots, genious, mad men, losers, visionaries. Depending.
An economic definition: "a regime which guarantees profits for business".
Not at the 'shopkeeper' end of the spectrum, but at the 'capitalist' end. Sometimes the guarantee is in the form of idemnity (e.g. subsidy), and sometimes it is achieved by regulation. Want to start a bank, say? Tough. OK, how about a credit union? Even tougher. Government IT contracts - now we're talking!
Tories didn't manage the economy well either ???
Nu Liemore makes the tories look like the economic superpower of that past century. Seriously do some research and get a fecking clue before you start typing drivel.
The Tories were bad in many ways, but economics was not one of them. Nu Liemore have all but destoryed the economy of this country by pissing all the money we have up the wall while creating more and more debt and stealing all the cash from pensions + raising taxes i an attmept to pay for it.
Contrary to what people believe, not only is it perfectly legal to take pictures of your own children, it's also perfectly legal to take pictures of other peoples children in public places.
UK photograpers rights can be found here
PHOTOGRAPHY IN PUBLIC PLACES
You are reminded that under English law :
there are no restrictions on taking photographs in a public place or on photography of individuals, whether they are adults or minors;
there is no right to privacy in a public place, although photographers are of course subject to the usual libel laws in the same way as other citizens and should observe them;
equipment or film may not be confiscated, or images deleted, by any person or officer unless a warrant for such action is issued.
Any attempt without a warrant is considered assault under English law.
Interesting thread relating to this here
A thread relating to pics of children here
The problem is - the document is simply guidance to the CPS on the circumstances in whch a prosecution should be brought. But each prosecutor makes up his/her own mind. Once the charges have been laid, the test for guilt will not be the CPS Guidance but how a trial judge interprets the wording of the statute when he instructs the jury about the law.
The hacking tools law was brought in, not because there is a wealth of cases where no other prosecutorial route was available but as a result of an obligation to provide a UK equivalent to a provision within the CoE CyberCrime Treaty. Almost certainly we could cover the position with incitement and "aiding and abetting" charges. But it was felt that a more visible form of Treaty conformance was required - although it has been clear to civil servants for a long time that there were considerable difficulties in finding words which differentiated between legitimate and malign motivations in deploying dual use tools
Consider a hypothetical case: a freelance computer "security researcher" specialising in Open Source migration. He gets a contract with a company currently using Microsoft Windows and Office, and shows them how they could save a lot of money moving to Linux and OpenOffice.org. A migration strategy is agreed, and a suitably lavish corporate celebration ensues. At some point between bars, or maybe on the way home, our hapless "security researcher" gets caught short, thanks to the local council's ongoing policy of closing public toilets.
He's now earned himself a place on the Sex Offenders' Register, and is about to get his home computers confiscated for deep forensic examination.
I really, really wouldn't want to be in that guy's shoes.
"Trying a door handle isnt the same as smashing it down, nicking all the stuff on the other side, and running for it..."
No it isn't, but I'd like to think that if someone had opened my front door, rooted through all my kitchen cupboards, opened up a few of my utility bills and was sat down watching my TV when I came home, that there'd be some kind of law against it.
And that's regardless of whether I'd locked my front door or not. Hacking isn't fun or a game. It's intrusive even if it isn't destructive and should be punished accordingly and appropriately.
Any time that Paris wants to come round and watch TV is fine with me though.
For ordinary users, the question is, do they want to have to keep buying more powerful computers while having that power gobbled-up by the ever increasing overhead of parameter checking by applications, increased overhead of signature and heuristic antivirus programs, and software firewalls?
Or do ordinary users want to put hackers and script kiddies in jail, leaving more power available to applications.
Registered professionals should be able to have and use security tools for their work.
It should be the same in the physical and the cyber worlds. If you want to be a locksmith, take the course, sign a code of ethics, get a license, and you can have the tools.
The current situation, where there is no security on the internet suits many security companies just fine. The more security problems, the busier they are, the more they can bill.
Increased internet security will mean a decreased need for the services of security companies. But it is all for the greater good. I'm tired of spending so much time, money, disk space and CPU power on security.
Put the script kiddies and those who provide them tools in jail for a few months.
This legislation should just be bringing the existing rules of the physical world to bear on the cyber world. It is just common sense to do this. It is not really a new restriction on our liberties, so long as the law is properly worded.
The question in the cyber and physical world is, what is the overall use of the tool, what are the risks in allowing general access to it, and what redemming abilities does it provide.
So screwdrivers and hammers can be owned by anyone in any country.
Only professionals with a need can legally own fully automatic weapons (in most countries).
Only governments can legally own weapons of mass destruction.
It should be the same with software tools.
- Some tools have little potential for malicious use, and are needed in common use.
- Other tools have little use in the home or for hobbiests, have a great potential for misuse, but are sometimes essential, and should probably be controlled.
For example, MS Word password crackers and encryption crackers. It is probably worth the increase in security for a small company to pay to have an outside person come in to apply the tool, rather than allowing the local admin to apply the tool whenever and whereever he or she wants. (I'm sorry local admins, but you are a security risk just like any one else.)
- Other tools have little use except for hacking, for example trojan toolkits. Their possession should perhaps be restricted to those doing research and development for recognized AV companies.
As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change.
Forcing a lock or jimmying a window to access and explore someone else's home or business, without permission, in a physical or cyber manner, should be considered criminal by all ethical computer professionals, hobbiests, amateurs, and regular users -- regardless of the reason. This should be taught in mainstream schools, and re-taught in IT professional education.
Why do lawmakers keep on assuming that a criminal will not want to break the law a little bit more in order to continue breaking the law in the same larger way they had been? Stupid, stupid, stupid!
"This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers"
Where does this distinction stop? It becomes harder to get a copy of nmap, so the "hacker" fires up their preferred weapon of code editing and writes something which sorta kinda works the same way. Do you then declare that all compilers and interpreters are illegal as a criminal might use them to write a "hacking" tool? Ban pens, pencils, paper and CPU instruction set listings because a "hacker" might be able to write a malicious tool in assembler and hand assemble it, old-school style, from the mnemonic listings? Ban MS Windows, because God knows *that* gets abused by "hackers" often enough?
"He's now earned himself a place on the Sex Offenders' Register, and is about to get his home computers confiscated for deep forensic examination."
Yeah, it gets personal at the sharp end of IT, but that doesn't necessarily have to be bad if your Sexuality is Sought out for XPosure. It all depends upon how well you manage Proxy Change ...which you will have to admit is the natural daily default .... as to expect anything living to remain the same is clearly madness.
And our Thinking Evolves to Higher Planes too leaving behind all those Money making schemes.
You don't need Money for Dreams but as Henry Ford/Walt Disney et al discovered and constantly abused ... You need Dreams for Money.
No Viable Dreams.... No Real Money ........ The Sub-Prime Credit Crunch Sting/Low Blow. A Scam Grotesque.
Well, do you for one moment think this'll stop any "bad guys" in the UK from being able to download these tools anyway? If not, it's merely a way to put them in jail (gaol) for slightly longer after they are caught (and hence the damage is already done). Restricting physical goods is a lot easier, if it's digital online there will be hundreds of sources within a couple of minutes spent searching online, if you know what you're looking for. And that won't change unless you also propose some kind of Great Firewall (which can also easily enough be circumvented through SSH tunnelling and proxies).
So this means that all those recovery CD's , Universal Boot Disc's and anti viral disinfectant agents supplied by the notebook factory to reload OEM software on any laptop is now technically illegal and not forgetting to include all those live Linux CD's/DVD's too which have hacking tools incorporated at kernel level !
So now we have a new class of 20 million plus felons in the UK daily using laptops and notebooks who should be in jail or at least deported for possession of hacking tools or whatever the severe penalty may be !
Not forgetting all those computer technicians fixing any computer due to owner self induced stupidity are equally guilty of said crime as well !
At this rate one would have to erect a ten metre high razor wire fence around the country and at all ports as well replete with a new batch of prison guards to house all these new miscreants and computer felons !
Nuts , "Idiocracy" truly rules in this new century of propaganda !
These adherents of the "Peter Principle" are multiplying at an incredible rate !
So you make nmap illegal, which ironically is a tool used by both criminal and security activities. .. The security people can't use it due to the law and the criminals will just stop using it also? Utter nonsense, I wish the government would employ people who actually know the difference between reality and stupidity instead of just asking a 'suit' for an uninformed opinion.
Ultracrepidarians the lot of them. (including Paris)
If tools for hacking and the actual hacking regardless of intent are made illegal then would not forensic scientists, the security services and other governmental hacking protagonists become prosecutable were they to use computer technology to forcefully access other hardware and software? And how would the law that forces a person to reveal decryption keys be interpreted? Surely that same law is tantamount to hacking: it may not entail software utilization to obtain any decryption key but the principle is the same as that of hacking; namely, to forcefully access software by circumventing protection mechanisms.
On a lighter note, in an online game, when someone hacks a virtual computer (as part of the game) would that person be prosecutable? Laws and regulations governing cyberlife need to be developed within its Cyberworld context using a totally new concept: commonsense. Only those whom have gained Cyberworld citizenship through long term experience can truly develop those Cyberworld laws and regulations. Geeks are the ruling class of Cyberworld and as such should guide governance of it.
Would America allow an Indian citizen to govern American law; would the EU allow an American to govern EU law; would any country allow a non-citizen to vote in its elections or even become an elected member of state governance? No. Why? Because only longtime members of a state can understand the workings of that state. And likewise with any other group and discipline. Computer technology is best understood by its practitioners (and five year olds); and cyberlife is best understood by those that live it often. Should a group of geeks ever declare intention to gain independence of Cyberworld from the physical world then I will support them.
Locksmiths have a handicap, as it were, in having to be physically present at the door they're working on, and therefore tend to be within the jurisdiction the law on locksmithing applies to when you want to invoke that to keep your door closed.
The script kiddie trying to get into your computer systems can be in the Ukraine, Sri Lanka or Argentina, and do they care about whether there's some British law prohibiting their activities?
Keith T: "Or do ordinary users want to put hackers and script kiddies in jail, leaving more power available to applications."
Absolutely mate, it' s gonna be grate when they lock up all the script kiddies and make all that nasty "hacking software" illegal - it'll be just like that time when they made guns illegal, and now there are NO GUNS IN BRITAN!! FACT.
Sadly I hear there is this thing called a "computer" that can be used to hack into peoples internets - if only we could make possesion of one of these demonic boxes a crime, and lock up all these so-called "computer users" there'd be no more computer crime EVOR.
The problem is not the politicians, or the parties. The problem is the system that they perpetuate in order to butter their swollen egos.
Remember, you only take up politics when you realise you have no other talent, other than lying beautifully, and some of them can't even do that. They are just about the only employees that ritually ignore their employers.
What we need to do is to modify the system that politicians euphemistically call democracy, so that politicians are reduced to a purely functional role. The system exists and is fairly successfully used in Switzerland, it is called direct democracy. The system works by employing two powerful tools, known as referendum and popular initiative.
The trouble is that under our present system, we would have to depend on a political party that has a realistic chance of being the governing party to pass the necessary legislation.... like turkey's voting for Christmas really!
Instead, they would rather spend our money interfering in everyone else's business, and always getting it wrong.
The good news is, Keith, that your subject is right .
There's no border more porous than the Internet - so netcat et al are all just an FTP, HTTP, SCP, NNTP (uuencode, etc), Rsync, SMTP, etc, (or even an NSTX, ICMP payload, etc) away from a usable state. Assuming you want a binary copy, of course.
What's particularly disappointing about your argument is that you seem to ignore the fact that the UK is already a "participating state" to the Wassenaar Arrangement [http://www.wassenaar.org/introduction/index.html] which provides international guidance on export controls for munitions, including dual use goods, and including computer technology and software (particularly "information security" per chapter 5, part 2); surely a superb guide for those participating states seeking to draft domestic policy on the topic. I could, however, understand your omission given that even the regulatory framework for international munitions admits;
Controls do not apply to "technology" "in the public domain", to "basic scientific research" or to the minimum necessary information for patent applications. [WA-LIST (07) 2 Corr. 6-12-2007; GENERAL TECHNOLOGY NOTE]
The Lists do not control "software" which is either: [...] or 2. "In the public domain". [WA-LIST (07) 2 Corr. 6-12-2007; GENERAL SOFTWARE NOTE]
Where the following definitions are key;
"Basic scientific research" - Experimental or theoretical work undertaken principally to acquire new knowledge of the fundamental principles of phenomena or observable facts, not primarily directed towards a specific practical aim or objective. [WA-LIST (07) 2 Corr. 6-12-2007; DEFINITIONS]
"In the public domain" - This means "technology" or "software" which has been made available without restrictions upon its further dissemination. Note Copyright restrictions do not remove "technology" or "software" from being "in the public domain". [WA-LIST (07) 2 Corr. 6-12-2007; DEFINITIONS]
This would seem to be a far more pragmatic condition-set to be considered against the "article" of software, particularly before the "likelihood" of misuse or intent to misuse was tested against a given defendant.
As for your further consideration;
>> As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change.
Given your predisposition to aligning computer concepts to UK law, I'd be interested to know why you wouldn't want hackers to be able to replace a given system MOTD message with a Section 6 statement (as in Section 6 of the Criminal Law Act 1977, as amended by Criminal Justice and Public Order Act 1994) in order to legally validate a computer version of Squatting.
This would, in-turn, validate adverse possession of a computer system. As such, after 10 years of possession, a hacker must apply to a Computer Registry (the Internet already has the NIC structure in place) to have their title recognised as the owner in fee simple. The original owner of the computer system will receive notification from the Registry and will be able to defeat the application by simple objection.
Though this may not agree with your "buffet meal" argument.
I can't speak for Dave, but:
Mussolini said of fascism that it should have been called 'corporatism' because it really is a political system that merges of political and business interests and enshrines the rights of the result above all others.
This law defines right as a function of how the software or hardware is distributed: if through business channels then the product is not a hacking tool, if not through business channels the product is a hacking tool.
Given that business channels and open source are essentially mutually exclusive, this law serves to enshrine the business system's rights above those of open source / free speech/ whatever-you-call-it.
Thus, it is a fascist law.
You are reminded that under English law :
there are no restrictions on taking photographs in a public place or on photography of individuals, whether they are adults or minors;
How true that is. However, I have to say that with all the CCTV, press, and other wackos pushing cameras and other devices into peoples faces ,any one doing it in this neck of the woods (ie South Wales) is inviting the insertion of said device where there is VERY little light, and a lot of smell!!
IT is the only profession in the UK without a proper hard nosed guild.
We need one which enforces a minimum wage, records those companies that outsource any IT and have them boycotted for any local IT support. And if the government pulls a fast one like this can organise a nationwide strike. I think we could include developers, admin and hey, why not IT sales staff, we could even let a few IT Journos and Graphic designers slip in.
With the embedded nature of IT in today's society we could send this country back to the stone age. With only those capable of coding the machines effectively being able to use the machines we could shift the economy and land into our hands.
Want to have an account with a bank with no IT support, no thanks I will go to the Developers Bank where all the tech stuff works. Want to buy food from a shop that has no automated stock control, no thanks I will buy from the Developer Shop that has lower prices due to computerization. Fancy using electricity, well hard to run a power plant without computers, may have to buy from the Developers Power Inc. It is just limitless if we formed a guild. Wish to trade shares on a stock market, might be better to use the Developers Exchange little bit faster.
Nearly everything would be affected, leaving the path clear for us to establish new businesses that would out compete those existing ones without access to IT. But with us at the head of those companies and the carcasses of the old businesses for us to cherry pick from.
Currently the BMA is the strongest guild in the UK and see what fun they are having; GPs get about 120K per annum, they have banned smoking nearly, about to get rid of booze, and building a database of all the people in the country. They get a nice kick back from the pharmaceuticals, because they own the keys to drug dispensing.
Imagine what we could achieve:
We could enforce a computing license. Audits on government departments, they're the ones who need the IT security it would seem, but they should pay through the nose for it. Special discounts on IT equipment for those in the Guild, IT manufacturers would have to start to woo us. We could also use the electrician's scam, and make it illegal to deploy a machine that has not been accredited by the Guild. Or even, have powers like Health and Safety where we can shutdown a place until it gets its IT security in order. The sky is the limit.
We probably need a strike for about one month to drive the message home, think of it as a holiday. By the time the strike is over salary negotiation would be interesting, and probably more than make up for the missed month of work. And you could also use the time to build up a new business, there will be quite a lot of gaps in the market.
So, who is with me? :)
There is always a government/corporate interest in taking control away from the populace and giving it to their friends. I know it doesn't make sense in a digital world because resources can be created out of nothing, but I can see them working at it for a long time to come.
A few years back we started to see the same thing happening with chemicals and various kinds of physical matter. It became difficult to get uranium compounds for pottery and glasswork. Acids of various kinds had to be gotten from a chemical supply house who often required you to show a commercial laboratory license. More recently it has become difficult to get nitrates. Experimenters, and even everyday gardeners, are having a difficult time getting what used to be common chemicals. Many suppliers won't even sell relatively beneign compounds if they contain lead. Funnily enough, should you want to, you can still easily purchase some of the most dangerous, but less commonly know, poisons. Go figure. With a little difficulty, over the years, I've been able to source my needs (with the exception of uranium for glaze) but it gets increasingly difficult. There is definately a strong government desire to keep technology away from people.
It's all a bunch of bullshit brought on by politicians who say they are making the world a safer place. That's not happening, but the loss of individual freedom is.
"Should a group of geeks ever declare intention to gain independence of Cyberworld from the physical world then I will support them."
CyberSpace/Cyberworlds are independent. So any mickey mouse legislation is merely some lower level hicks trying to muscle in on unknown virgin territory...... It's a mutant clone of the old Wild West ploy of Cowboys and Cavalry stealing native lands and introducing alien practices and concentration camps/Indian reservations.
To hide/withold information is tantamount to blackmail for obviously some information is valuable and is witheld for monetary/political advantage. Such secrecy though, does encourage, for a socially responsible, larger shared monetary/political advantage, search for all such information rather than it remaining an exclusive property/item. Abuse of such Exclusive facilities for Collateral Enrichment is just too easy and prevalent.
It could then be argued that in the Virtual Environment of Computer Carried Codes , hacking and cracking codes Ethically, is Mandatory Control Practice, so that Back Door Trojans/ Covert Power Bases are Impossible.
The jokers are 'avin' a larf because they have lost the Plot and too late they realise that they have neither the brains nor the XXXXPertEase to handle CyberIntelAIgents ...... A NeuReal Breed of Binary Thinkers/Apache Scout/ESPecial Forces Questioning their Sanity and Right to Think to Impose Punitive Earthly Rules of Censure to Protect against Discovery of Systemic Abuses.
The idiots and fawning fools may strut their stuff down on the Ground but in the Communication Space of Future Thought Transfer they are as nobodies and dogsbodies/lackeys to an old Analogue System..... crumbling and riddled with windows and holes.
*Business Intelligence Google Copernicus Hosting Environment and Experiment in Search Engineering .... Sergey and Brin getting more than an Adult Education.
I wonder if ITs Learning Seeds are cast upon Stoney Ground. Silence will tell its accurate tale.
http://www.google.com/jobs/lunar_job.html .... Hiding in full sight and disguised behind preposterously outrageous ramblings ...... the Simple Truth being further XXXXPlored. 42 Be No 1 Source of Future Information for Simpler Programming of Assets.
Well, that what Analien HyperRadioProActivity for NIRobotIQs and NEURobotIQs is all about ........ Simply Complex Binary Code rotation so that Machine Readable Codes become More Human Readable and as they become more Simply Complex and Human Readable will Beta Programmed Network InterNetworking RobotIQs/NIRobotIQs and their Sister Mastering Units/NEURobotIQs take Lead Decisions. Or is that the same as brainwashing/spin ..... with new technology possibilities for a Global Hold rather than any just a slam dunk at home.
IT is definitely Holy Grail stuff.
They should ban encryption as that is what the ban guys will use to hide their data. No law abiding agency would use something like that anyway ^__^
By banning all those nasty hacker tools, I guess most networks will fall into disarray and be swamped by those Chinese hackers. If they aren't then arrest the admin for breaking the law
I am the IT department for a small City of London company, owned by an overseas bank. The whole office in the UK is less than 10 and 2/3 of my time is spent on non-IT stuff as the MD needs us all to work hard to keep things going. I would like to spend more time on IT but cannot. I certainly couldnt spend time or money on becoming a "registered" security professional, with all the attendant compulsory exams and form-filling that would follow (to pay for either the civil servants administerting this or the salaries of the self appointed quanqo) and so would lose use of these tools if I needed them. This means that more or all of the IT support would be done from overseas, where its cheaper.
Lots of small companies couldnt afford this, it simply counts as more red tape. That doesnt make the government/CPS guidance any less of a problems, but your solution just becomes "jobs for the boys (well, those in the clique)" and will drive some work offshore.
Soon they will role out the last straw that will break this camel's back. We will revolt, escape or be fully assimilated.
Remember, it is not too late, resistance is not futile. Vote for no one by spoiling your ballet paper.
Think it like this:
If a 'facist' government wants to control its people, it must control communications and it must be able to watch everything we do. Not dissent will be tolerated (witness the 'debate' on global warming).
Tools to help with this plan:
Security forces armed with laws that prevent us testing the security of our systems.
Government partnerships with commercial software firms
It is important as someone above said, to implement their master plan, that hobbyists/ amateur/open source developers are not allowed to use these tools to test anything. These facilities must remain with the government's commercial software/backdoor/vulnerability developing partners.
Orwell wrote a warning but the Labour Party have mistaken it for an instruction manual!
.... Perfumed Garden/Amazoned Jungle to Run ITs Universal Empire, Virtually, with nothing more than an Internet Connection. If you know what you are doing, the Technology is quite Coincidental and Collateral, merely a Modern Tool, for CyberIntelAIgent Beta Use of Shared Greater Intelligence. As we learn more and more from ever more and more does Intelligence become More Artificial than Real for obviously some XXXXPeriences Shared may be considered not normal/bizarre, although if they are human responses, would that define all humans as being of sub-prime intelligence capability? The Dangerous Fool with a Faulty Brain?
Thank Goodness for AI, eh. No more Idiots 'r' Us to blame for Corporate Meltdown.
" And you could also use the time to build up a new business, there will be quite a lot of gaps in the market.
So, who is with me? :)"
The System is more than just a little aware of their precarious Plight, which as you rightly surmise has shifted the Balance of Power to IT Savvy Controls/Controllers.
And if you/they have built up a new business to take full advantage of the Change and ITs Virtual Market Place, then a Danegeld Contribution/Golden Hello would be most appropriate from compromised and naked "customers". Pay plenty and who's to say IT will not pay Dividends and Benefits.
For all those who would expect nothing to Change in the Light of Advanced IT Knowledge and Practical Applications in Pragmatic Programming from Semantic Analysis of Read MetaData .......... take your head out of where the sun doesn't shine and smell the JavaBean coffee.
Plan A [the title of this Post] has a certain "Je ne sais quoi" charm which would appeal to the Wild Card Professional Poker Player Entrepreneur Inventor for he would be betting on a Future known but not yet Shared........ and a Bank and/or Casino in League with such Gents ....... would Create a Holy Trinity for Future Intrigue.
Thank Goodness for AI? I wonder if the Status Quo sees that as written on the Door Mat or carved to read at the end of the Gang Plank. Their Choice most definitely.
Then why not vote lib dem. I know I am.
Regardless of the mindset of the general public, your own votes do make a difference. I know I'm sick of the current lot of fascists, and the conservatives are no better. Whilst they have some policies I disagree with, I think I'm ready to put a group of people in power that haven't already proven themselves to be incompetent and sleazy, at least give them the chance. :-)
If you vote for labour, or don't vote at all, then you have no right to complain about our ever dwindling personal freedoms, infact you deserve to lose them.
creativitiy, inteligence, freedom of thought and expression
why doesnt the government just not have done with and ban the lot!
that way it could arresst any dissenter under thought crime laws and the arrest the rest for being persisitantly enthnic in a built up area!
i am sure this would make the governments life much easier!
especailly if we reset the clock back to year 1
if one reads the 1990 act amendment, you'll notice that it states that the offence only applies IF the accused *knowingly* adapts or supplies the application for use in a criminal offence... i.e. it's not what the software can do for you, but what you are guilty of using it for, with intent...
so... carry on writing and distributing nmap and nessus peeps... just do it for good reasons m'kay...
nothing to see here other than a law which states "if you give a hammer to someone when they've said they're going to use it for a crime, then you are assisting them"
seems quite a sane law that...
So the good guys can't have the tools and the bad guys, who couldn't give a monkey's about the law, will still have the tools like they always did! Sounds just like those things, ermmm, you know black, with handles, have bullets in them, go bang a lot. No I'm not advocating gun ownership!
Just another fine example of a pointless policy that has no affect other than to deny honest useful application of dodgy technology.
Nail on the head there. We're all criminals now, so if we step out of line any one of us can be arrested and charged at the drop of a hat. It's much easier to rule a country when you can remove any members of the population that speak out against you.
I would happily join a guild, but I'd need to find another place to work before I did, The Firm I work for would just move their IT to another country.
Dan B: While the idea of voting Lib Dem does have some appeal -- why the fuck should I vote for the lesser of three evils? I don't vote because I don't recognise the authority of the government -- the country has been stolen by advertisers using brainwashed hordes of zombie voters -- I follow their laws because I don't want to be married to the guy with the most cigarettes. The only way to deal with this is to refuse to vote, and start a revolution -- and that just will not happen in our lifetime.
"Remember, it is not too late, resistance is not futile. Vote for no one by spoiling your ballet paper"
Bad, bad, BAD idea. Just forget about "sending messages", "none of the above", "not in my name" or any tripe like that. If you spoil your paper, or don't even bother to vote, you might as well just bend over, drop your daks and wait for the red hot spike again. "We didn't vote for Labour" is a common cry. No, most people didn't. But there they are, and there's nowt we can do about it until possibly even 2010.
Our first past the post system means that only valid votes are counted and spoiled papers are just ignored. When you get a result like this:
Cholmondelely Ffoulke-Witt (Conservative Party): 3,115
Wayne Swampy Bancars (Liberal Democrat Party): 1,142
Martin Bormann (Labour Partei): 3,116
Spoiled papers: 38,963
I hereby declare the aforesaid Martin Bormann elected as Member of Parliament for Henley-On-Thames. Unt Herr Bormann vill not give ein monkey's about ze spoiled papiers. He's in Parliament for a five year jolly now, so hard luck Joe Public.
So, no paper spoiling, boys and girls. What's needed is a big swing to tactical voting. Two simple rules:
1. Vote for an extremist, or a crank. A dozen BNP members facing off to the Alliance for Green Socialism or the Official Monster Raving Loony Party would make for thoroughly entertaining politics, absolutely no chance of consensual voting except in real emergencies and also (the real aim) would force the big three parties to either put forward strong leaders or die. Either would be acceptable.
2. Vote for the party that came third last time. The one to follow if there aren't any nutters standing. That would also see a lot of the big noises in Westminster unseated. Tory Blair, Gordy and Sick Boy ousted by the Liberal Democrats - what a lovely idea.
So there you go. Vote according to your beliefs if you can, or vote tactically if you can't. But don't stick your head in the sand because that's how we got here in the first place.
Switzerland may have an ideal type of government but watch out for those nationalist right wingers... i should know, i'm a foreigner living there and there are certainly too many Blocher supporters (even if he was ousted from the Council) and UDC lovers to make any foreigner comfortable... It's sad that such a 'just' government should breed such narrow mindedness in it's people.
Yet another pure example of the clueless making a wild stab at trying to lead the blind - or is that the blind leading the clueless.......
Oh – I know it’s a knee jerk reaction because of the inept skills the current government have in keeping information safe.
They should have banned shredders and electro magnetic disk wipers – it would have made more sense (if you know what I mean ;-) ).
I've worked in the InfoSec business for years – you need to fight fire with fire – especially where the threat comes from outside of the UK where the computer misuse act doesn’t comply, that was well thought of.......no doubt they get a heavy pay rise, job move and full pension....
It use to be "Blair blah blah"
It's now "We're in the Brown stuff - the Gordon Brown stuff"
Erm, while I don't know of any cases due to the DMCA, there ahve certainly been people arrested, detained and questioned due to similar laws in the UK (look for Mr Modchip). Along similar lines, there have been cases reported, here in the UK, of people being prosecuted under anti-terror laws for being in possession of certain electronic documents and not revealing encryption keys.
Did you not hear of the disabled man being questioned by the police, under suspicion of being a terrorist, because he looked funny?
So, Michael, what makes you think this law will be used differently?
If a policeman were to see someone at a political demonstration who "looked funny", and found them to be carrying a digital camera with pictures of a train station on it, that person could be arrested under anti-terror laws and their PC searched. If any encrypted material were present on their PC, and they couldn't convince a court they really had forgotten the password, they could go to prison for 5 years. Since the possession of "hacker tools" is illegal, and the media hype hackers, if a copy of nmap were on their PC this may well be enough for the prosecution to convince a court they were withholding information.
Explain where I went wrong with that thought experiment (in broad, IANAL), or why the imaginary person above should go to prison for 5 years and I'll butt out.
You're thinking too small.
Consider a EUROPEAN guild, not only a national one. Given how dependant the world is on OUR it-services, we would be able to ENFORCE some intelligence in the laws. Neighter EU or any national or corporate interest would be able to tackle a Europe-wide IT-strike.
Now, the question is: Where do we set up our systems to make sure we're not shut down before we even get started?
(Posted anonymously, because an idea like a European guild may prolly be illegal due to "National Security")
that any hacker found using XP as their OS will lead to Microsoft and Dixons being dragged up in front of the judge ????
Sounds like a sensible law to me ;-)
And while we're at it, how about prosecuting Dell, Lenovo for supplying the PCs and the Electricity companies for supplying power, without which none of these so called crimes could have been committed.....
AC wrote: "IT is the only profession in the UK without a proper hard nosed guild."
Don't know about the "hard-nosed" part but there's always the IAP, (http://www.iap.org.uk/), although - despite the URL - does have members throughout the globe. Maybe run for president next time the election comes around? :-D
Meanwhile - on the main topic - as others have said, this is yet another plain daft piece of useless soundbite material from this govt. I would have thought that we had enough usable statutes on the books already without confusing with more. For example, would it not be feasible to state that someone selling/promoting script-kiddie kits is inciting their customers to commit an offence under the Computer Misuse Act. Not being a lawyer I'm not 100% on this, but it's something to think about.
Meanwhile, this new act will do squat to stop the tide of external digital maliciousness, either individual or state-sponsored (China and Russia if the last newspaper article I read is to be believed). :'-(
This is what the article says "create or distribute so-called "hacking tools" also "ownership and distribution" It also mentions "available on a wide scale commercial basis and sold through legitimate channels".
I don't see any mention of intent, which seems wrong. This is the big thing.
Did the author need to do more research first? I don't know. As reported, that's dramatic and sweeping. If I write a script to load test my website, and give it to a friend to test his website, who gives it to a blackmailer. Which one broke the law? How about if the blackmailer's intent was unknown to the friend?
Most IT admins use [free] "hacking tools" to audit their networks at some point. I've used multiple windows of the built in ping.exe utility to 'DOS' other (my) boxes to test stability. So is M$ now guilty of creating hacking tools? Maybe they're ok but when I use BSD they're in trouble?
Tools are not crimes. Ever watch "It takes a thief"? They don't use lockpicks. They use hammers. Randomly carrying a set of lockpicks breaks laws, but criminals don't use lock picks. Criminals would carry a hammer and walk around behind the building and break a window. I would like to carry picks, it's fun opening locks, it's a puzzle. Writing a program to break Vista is not a crime, it's not even immoral. Distributing it isn't either. (w/o malicious intent) Using it to break a system w/o permission is. Posting a 0day virus with a malicious payload should be. They should make a law/guidance for intent. Posting partial details of 0day to a security list after lenghty contact with the vendor, and full details to select responsible experts should be ok. Shows honest intent, help the users.
Now, having said that, if I came across a system that had an elaborate virus on it designed to capsize an oil tanker, and display a ransom message to the oil comapny, wouldn't that violate existing laws already? Conspiracy to commit blackmail or something? Same should apply to the 0day thought experiment.
(p.s. knocking on a door is not a crime. Intnet. Unless you do it every day for hours on end.)
A registry for people that could use network security tools? That'd be great. Every application is a security tool provided you have tcpdump. If you don't have tcpdump, good luck troubleshooting that slow DB problem due to a poorly implemented Nagle algorithm.
Or what if the DHCP service on your home router stops? dhclient -d can tell you a lot about the network around you. Only someone completely ignorant in IT would propose such a preposterous solution... or someone bent on abusing the power such a ban would give, like mis-guided guild members.
For Micheal's part, the DMCA made it illegal to watch DVD's on my laptop. That's quite enough isn't it? Or perhaps you think it's ok that you should be required to buy software from a particular cartel because it should be illegal to use a toaster oven to make shrinky-dinks?
Although the law doesn't necessarily elevate tcpdump to De-CSS status, it does make one wonder... Where will they go next?
... where are all the demonstrations about the implications of the government making laws such as these? Does nobody care about the immense loss of freedom associated with such badly written laws?
Is it now illegal to distribute nmap? Isn't it? You don't know, you don't decide... the government does when they need to get rid of you for a while.
In another piece of legislation... Own a mobile phone? Is it illegal to own an EEPROM programmer? Or sell one? You don't know, You don't decide, Mr Brown does.
And theres plenty of other vague and badly written legislation such as this that's come from the arse of this government designed grant the government power by stealth. 1984 my arse. Today it's 1985. It's time we got rid of them pronto.
I really find myself amused at everyone who says "get rid of the goverment". It wont' solve the problems because quite frankly, politicians are normal people no matter which party they belong to! Unless we switched to a system of government that required compitancy to be proven before you could vote on particular issues or laws, how can they be expected to know what they're doing??
Remember, the real secret to democracy is to talk to your MP, who I remind you is YOUR representative in government. If you disagree with a way a particular law is being phrased, or the fact it's being written at all, you have to take action and not just bitch about it on a forum or comments section!
Come on you guys, this stuff is written by llegal types, that computer security experts ( though helpfully they consulted some ). There has to be a law to enforce electronic security, as electronic fraud is a major problem and costs companies and individuals billions in money , wastes time resetting problems and makes some people stay off useful technology, like online payments, for fear of being defrauded somehow.
If any of you know-it-alls can come up with a better set of 5 or so laws, give it a go. I'm all eyes . Just don't criticise and step back, that sort of thing shuld only happen in hairdressing saloons.
But joe, you're missing the point. I doubt this bill will do anything to prevent e-crime. Why? Because most of the people actually doing damage are a) Overseas and b) Not afraid to commit crime anyway.
All this will do is make our businesses softer targets as we are disadvantaged by cutting off our security resources.
There should be some kind of "with intent" clause, like there would be if some chav/hoodie was carrying knives/ladders/hammers at night sniffing round someones backyard.
As has been said before, just about all these "hacking" tools have perfectly valid uses for a sys admin/power user, if only to check there computer is secure.
However, it should be obvious that if your not a complete dip-stick, stay inside the law, and don't draw attention to yourself then they can't come snooping through your disks without a valid reason.
Competency in this case is not pretending to know everything about everything but instead seeking opinion from those who do. This takes time and effort which is what we pay them to do. This government failed to do that, and the result before us is yet another badly made piece of legislation.
Under this government, the records of 25 million families simply been "lost" with little if any protection. Competency in this case is ensuring that their departments protect OUR data from this kind of misuse.
This same government hopes to run the most invasive Identity Card scheme in the world whilst at the same time telling us of their competence to do so?
The list could go on and on and on...
So It's not about getting rid of the government of the day to solve the occasional arbitrary problem. It's about getting rid of THIS government which has consistently shown that it is incompetent and is no longer fit for purpose.
.."If you don't vote you can't complain." The problem with this thinking is that some people can not register to vote because doing so would open them to being located by debt collectors, people who threaten their lives, and the police. Not necessarily all three for any individual case. Remember that details on the Electoral Register are made available to credit rating agencies and anyone else whom wishes it.
.."For who else can we vote? They are all the same; politicians are regular people like everybody else." Firstly, politicians tend to be people who feel disaffected by society, seek power for themselves, are unscrupulous when they need to be, are two faced and are compelled to see others skeptically. Secondly, some people are different. They are called Libertarian. Have a look at http://www.individualist.org.uk/the-individual-2002-2007.htm
.."Spoiled ballet papers achieve nothing." I agree, so if you have a right to vote (as do everybody who is not restricted through mental health and some other causes) and if you are in a position to register your details on the Electoral Role (assuming you have proof of ID and a fixed abode), vote for an independent.
.."All laws that have been passed over the last few years have been decried by someone or other as being an infringement on civil liberty." Well, laws have to be kept in check, all facets and consequences have to reviewed and allowed for before placement into the legal system. Reservations have to be aired, heard and acted upon. At the moment, all the laws required to arrest anyone for any reason whatsoever are available for use by law enforcement agencies. Just because those laws are not being implemented, yet, does not mean they never will. I'm waiting for the U.K gov to announce to the U.N that the U.K is so rife with crime that safe areas have been set-up so that everywhere else can be locked-down by barriers and security personnel.
Personally, I don't like to be in the U.K so I tend to live outside of it. Every time I visit, people here always seem more timid, less healthy, less in control of their lives and more fearful of the outside world. Could just be me but a lot of other people who live outside of the U.K see the U.K the same way. Maybe, if a new government is put into public service, the ambiguous, unnecessary and ineffectual legislation and red-tape concocted by New Labour will be burned and the ticking of civil freedom and political democracy will be restarted. Remember that "Those who trade some of their freedoms for security deserve neither freedom nor security."
I understand what you are saying, but as I see it, the Swiss have got the government that they want, up to a point, they seem to want Blocher, he led his party to a massive victory in their last general election. The thing is, if he tried to institute laws that the citizens did not support, they could knock them back.
Remember that the vast majority of Swiss people are of Germanic descent, so they have got a German government at confederate level. As for Blocher, he was removed by inter party warfare, so he may well be back sometime soon.
I don’t get what you are saying about being a foreigner, surely, if you are a foreigner or a guest, you just play the game, if you stay for fifteen years, you can apply for citizenship, and cease to be a foreigner?
Anyway, the main point about Swiss democracy, is that it works from the bottom up, unlike any other system in the world, and given that scenario, it is not long before stupid legislation gets repealed.
I do see what you are saying and I agree. What I wanted to say was that relative to laws on foreigners, Blocher's main argument for his party was centered on the expulsion of foreign criminals. I find that extremely un-democratic in the sense that foreigners pay a very high price for living and working in Switzerland, what with work and living permits among other taxes. And yet, the UDC would have liked to expulse foreigners committing crimes in Switzerland. So it's alright for foreigners to pay a fortune to the government and canton, but in return, they are not guaranteed justice but expulsion.
I have had many a heated debate with swiss (and swiss germans are the most adamant on this subject) that this policy is necessary in order to keep Switzerland swiss! And if the majority feel this way, then that is the way they will vote in a referendum.
So, yes, I do agree that they have a good system of government, but it is unfortunate that such nationalistic feelings should prevail in spite of (or pehaps because of) the wealth of the country.
What a bunch of morons. This will actually make people less secure.
I use nmap to make sure that only the ports I want are open on my PC's and use kismet and ethereal to moniter whats going on with my wireless and wired networks.
Start making this stuff illegal because Jackie Smith is scared that people might acually care about their own security and we'll all be part of botnets by the end of the year (at least my windows users anyways).
...but what about enforcing the law? As the law rule book gets fatter and fatter how do the government propose to ensure that the country's population is abiding by the law. If logic prevails (as it always does) then the more rules per person we have the thinner the law-men are spread. The thinner the law-men are spread the fewer criminals they will catch. The fewer criminals they catch the more the law is broken. The more the law is broken......you know where I'm going! So, more rules mean more rule-breaking - simple! Except....if a bigger investment is made in policing the law....hmmm.....that aint gonna happen. And thats the problem with rules!
I chose alien coz my mind works differently!
The problem is there are more and more career politicians on all sides of the political equation (well the centre-right as we have in the UK), who have never worked outside politics for long. Is it really surprising that all parties just want to have sound bites for the populist press?
@Mark - so what about Black Wednesday then if you believe the Tories never did anything wrong in the economy? Whether you like it or not the economy consists of peaks and troughs. Both Maggie and Tony enjoyed massive peaks while their successors were left with the trough.
"As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change."
The "attitude" of which you speak is inquisitiveness. Every human's psychological makeup includes a very large portion of inquisitiveness. It's what allows us to progress as a species. You think that inquisitiveness should be outlawed? The failure to recognise that everything you think you know is almost definitely wrong is what really needs to change.
which can be abused ?
nslookup, dig etc
Will we see Microsoft and Unix outfits in the dock ?
What about a C Compiler or Perl, think of the trouble you could cause ? Prosecute the guilty ! Name them, shame them !
A few of the comments have already pointed out that hammers are used to break into houses (cars, vans, etc...) or may be used to bludgeon a person to death. Likewise, screwdrivers, chisels, planes and even spirit levels can cause significant damage if used inapropriately.
If I was walking home from B&Q with a new hammer and the police happened to stop me, I would expect them to at least ask me why I was walking through a residential area with a hammer but I wouldn't expect to be arrested for it. However if I was walking home with my laptop strung over my shoulder I would be rightly annoyed if I was stopped and questioned by the police.
As it happens, my laptop runs Linux and understandably so has an arsenal of security tools installed. They are essential to the course I am undertaking at University, which incidently is Computing Forensics and Network Security, under this new proposal, I guess it would then become fair game for me to be arrested for simply walking down the street carrying my laptop. After all, who is to say that my laptop isn't running in with the wireless enabled in monitor mode effecting a type of `war-driving'?...
On my systems, I must have half a dozen different versions of each `security' tool available for Linux, to say nothing of the number of Live disks I own, half of which are designed solely for the purpose of computing forensics and carry tools which are not always shipped with standard Linux distros. On top of this, I do a great deal of programming so have development libraries such as Crypt++ and pcap as well as languages such as PERL and Python installed on my system(s). Theoretically libraries and languages such as these can be used to write `hacking' sofware. Does this mean that I can be arrested for `intent to develop software for the purpose of carrying out malicious attacks against remote systems'?
There is a very fine line between what is classed as legal and illegal use of any tool no matter what trade you are in. As I walk home with my hammer, my intent is to get home and use it to drive nails in to wood for a new partitioning wall. However the police may percieve my intent as being that of breaking into that brand spanking new Mercedes Benz parked 300 yards up the road.
The keyword here is perception. The government sees network security tools as being a threat to the security of systems whether their own, commercial or personal. Crackers see security tools as a means to breaking into systems which they have no right to access, the average user doesn't even understand (or care) what these tools really are so will probably vote with the government regardless of which party proposed the bill and as for the rest of us, well I guess that makes us outlaws then.
The question is, with this bill in place, does that mean the government is going to imprison its own IT department? Or shut down MI5? Because I bet they use these tools every single day!
"if one reads the 1990 act amendment, you'll notice that it states that the offence only applies IF the accused *knowingly* adapts or supplies the application for use in a criminal offence... i.e. it's not what the software can do for you, but what you are guilty of using it for, with intent..."
Reading Section 37 of The Police And Justice Act 2006
The word "knowlingly" doesn't appear.
The problem we face is with the new section 3A(2).
"A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence"
So I write a new improved vulnerability scanner. Can I circulate it around bugtraq for pier review? While I know it will be used responsibly by many people I also know that it will be used by some Bad Guys(TM) to find systems they can hack into.
The problem faced by the open source and free tool community is how to avoid "believing that it is likely to be used to commit an offence". If we create a tool and circulate it openly it *will* be picked up by someone and used to do bad things.
In the CPS guidance we see: "what, if any, thought the suspect gave to who would use it; whether for example the article was circulated to a closed and vetted list of IT security professionals or was posted openly". This seems to imply that posting a tool openly risks a charge under Section 3A.
It's taken a fortnight but the petition against these provisions to the Computer Misuse act has been approved and can be signed here:
To sign the petition you need to be British citizen or an expatriate, in an overseas territory, a Crown dependency or in the British Armed Forces.
Biting the hand that feeds IT © 1998–2019