back to article UK gov sets rules for hacker tool ban

The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called "hacking tools". The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006. However, the ban along with measures to increase the maximum …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    meh

    The real security people should just give up - Western governments have no interest in the truth only catchy headlines and flashy soundbites.

    We should all move to an honest nation like China.

  2. dave
    Thumb Down

    More nulabour authoritrian BS legislation

    nuLabour know best! No need for public consultation, they just blindly churn out bad law after bad law. Just like the fact you cant take a picture of your own kid in public, they are doing a blanket ban on the majority instead of actually targeting the very small minority of criminals. They are fascist, authoritarian and they make me and a lot of people sick with disgust at what they have done to this country.

  3. Anonymous Coward
    Jobs Horns

    Mmm who will use this first

    My money is on Steve "Apple is perfect and we'll sue anyone who says otherwise" Jobs, closely followed by Larry "Oracle is perfect and we'll sue anyone who says otherwise" Ellison

  4. Anonymous Coward
    Thumb Down

    So....

    "This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers."

    So does that mean they can prosecute Woolworths for selling that hammer then?

  5. Anonymous Coward
    Anonymous Coward

    When is a kitchen knife a weapon of mass destrustion!

    When I read things like this I feel assured that the law makers know as much about computer security than they do kitchen knifes. One mans security audit tool is anothers hacking tool. Thats a line that needs to be defined and given the `reasonable doubt` bottom line then any computer buff could argue enough to get that verdict and as such get off any charges under this law. What is sad is that because its so poorly defined for what it is entended for it actualy goes against making computer more secure and will only waste valuable resources and courts chassing cases that shouldn't of even been there were the ones that should be get delayed and increase public exposure as a consiquence.

    So when is a kitchen knife a weapon of mass destruction given in the computer world there is no kitchen defined, nor valid uses of said knifes.

    Well its down to use, which given we already have laws that cover wrong doing makes this new law a lamentable farce in that the only people it will effect are the people who do no wrong and help security as a whole even if they dont have some expensive members club card to security work.

  6. supermeerkat
    Go

    @Dave

    "They are fascist, authoritarian and they make me and a lot of people sick with disgust at what they have done to this country."

    Can you expand on what you mean by "facist"?

  7. Anonymous Coward
    Anonymous Coward

    Ummm

    I'd recommend using screwdriver and screws to put up a shelf, not a hammer and nails!

  8. Anonymous Coward
    Jobs Horns

    Eh?

    Does that mean I can get locked up if I'm caught using DOS edlin to modify a file when I'm doing my system administration bit then?

    Thank goodness we have such a caring government looking after our every needs. I feel I can sleep safely at night knowing they are keeping an eye on the rascals who are just doing their job.

    It'll be even better when we get our ID cards, as then we can all be comfortable that the last person who went to the loo was trustworthy.

    Andrew

  9. James
    Flame

    Prosecuting the innocent

    This, like many laws will only end up making it difficult for legitimate users. These users will find it difficult to use/create/distribute these programs without being on the wrong side of the law. The actual criminals will continue doing what they do now with little or no extra hassle.

  10. Aaron

    Another stupid law

    Well from the sounds of things this is another badly thought out law made by people who dont really understand what they are trying to ban, When this comes into law, if it stays as it is, it will turn a whole load of people overnight into criminals for doing nothing wrong.

    Sure there are tools out there that can be used for wrong but the same tools have very good and important uses. Who decides whats acceptable and whats not? Some people might say a port scanner isn't acceptable yet many network admin's use such tools all the time.

    But I guess thats our government for you manking criminals out of everyday good people, and often having no real impact of the people the laws were originally meant to target.

  11. Anonymous Coward
    Anonymous Coward

    Fascism

    "A system of government marked by centralization of authority under a dictator, stringent socioeconomic controls, suppression of the opposition ..."

    "A social and political ideology with the primary guiding principle that the state or nation is the highest priority, rather than personal or individual freedoms."

    Are both pretty good definitions.

  12. Paul Donnelly

    Hackers eh?

    Well, all we in the computing world know what a hacker is. A hacker is someone who tries to break into a computer system or network. Strictly speaking, there's not actually anything wrong with 'hacking'.

    What these people mean are the people we might call 'phreakers' and 'crackers' who try to break into systems/networks/software with malicious intent.

    That little bit about malicious intent is important. A 'hacker' doesnt have that malicious intent. It is a challenge, plain and simple. I might enjoy a walk in a maze - eventually I'd find the correct path to the goal, much like a hacker might find the right doorway to a system......

    Trying a door handle isnt the same as smashing it down, nicking all the stuff on the other side, and running for it...much like owning a linux machine isnt exactly the same as being a supervillan (unless its a linux box with a 'proprietory' frontend like say, OSX).

    Anyways, damn this pathetic government... I think everyone should make sure they possess as much open source hacking software as possible.... this new law is as stupid as lots of the other newer laws have been.

    I'll get me coat (and maybe leave the country cause its going down the pan)

  13. Anonymous Coward
    Anonymous Coward

    Twats !

    Here go the incompetent Government yet again sticking their oar into things they dont understand. Perhaps instead they should make "losing data through stupidity" illegal but of course they would'nt want to put themselves in the frame. They need to add something into the draft law such as would be required in the real world, such as PROVING "possessing with intent " or "going equipped to break into computers illegally" or similar ,so that it will be harder to prove yet ensure innocent use is not made illegal.

    I think it is real shame this Government spends its time making laws and and starting wars, yet cannot give us decent NHS,Transport, Education etc services. Vote them out next time.

  14. Jonathan McCulloch
    Coat

    @supermeerkat

    One presumes "facist" is someone who discriminates against those with faces.

    -- Jon

  15. James
    Thumb Down

    I wish...

    ...that politicians would stop meddling in things they know nothing about.

    hax0rs use the bus as much as they use nmap. We'd better outlaw the use of buses now too.

  16. Phil Rigby
    Paris Hilton

    Typical UK Government

    Ok so by the same line of reasoning, if I run 10 people over in my car does that mean the manufacturer is to blame?

    Damn, I'm glad I moved to the US.

    Paris Hilton icon because... well, just because.

  17. regadpellagru

    gov = Perl script

    1- "a man agresses another with a screwdriver"

    2- "the gov. bans the use and distribution of screwdrivers"

    Replace screwdrivers by anything from dildos to knifes, mp3 players, bretzels (it's been proved it could shortly fail of killing one US president, some time ago :-).

    I think a simple perl script can replace the gov to automate laws generations ;-)

  18. James Wade
    Stop

    "Security Tools"

    What's to stop so called "hackers" from releasing them as "security tools" and selling them at a reasonable price, only to then be distributed via bit torrent?

    Dumbest idea for a law ever...

  19. kissingthecarpet
    Pirate

    They're all the same(almost)

    The problem with the main alternative (the Tories) is that I seem to remember they knew just as little as the current bunch, and they didn't manage the economy very well either. Also whilst I find that Labour incompetence is wearisome, they don't induce the same gut-churning hatred that some Tories did - remember Nick Ridley, Aitken, Archole, and the Maggon herself - God they were awful!

  20. Anonymous Coward
    Black Helicopters

    Little niggling thought

    It's now almost impossible not to be a terrorist/subversive/hacker in the eyes of the law.

    That makes it easy for the protectors of the nations virtue to entangle anyone who annoys them in a net of legal interpretation, providing years of lucrative enjoyment for our learned friends and fiscal ruin to the "defendant" who has to prove his activities are innocent to a judge and jury whose chief source of information has been the Times, Telegraph, Sun or Daily Mail.

  21. dave hands

    linux distributors

    Does this mean that every Linux distro that comes with such tools is then illegal?

    Are the government going to ban RedHat, Slackware and Ubuntu etc etc etc?

    Is the grubby hand of MS in this somewhere (probably up someones nether regions)?

    In reality this is largely unenforcable, especially as the police will need buckets full of forensic IT specialists to sift through Linux boxes to determine whether said tools have ever been used - a cost I can't see them being likely to bear.

  22. Anonymous Coward
    Anonymous Coward

    @Paul

    Hackers, technically are just people who like to figure out how things work.

    Phreakers was a side name for people that hacked telephones.

    Crackers were traditionally people who got around security in games, media and other software things.

    Script Kiddies were people that took the work of the other 3 to cause mayhem.

    Dangerous Criminals are the people who took the work of the first three, added their own magic and started making a business out of it all.

    However their all pretty rubbish titles to describe diverse groups. You could often throw in the terms, idiots, genious, mad men, losers, visionaries. Depending.

  23. Luther Blissett

    Fascism

    An economic definition: "a regime which guarantees profits for business".

    Not at the 'shopkeeper' end of the spectrum, but at the 'capitalist' end. Sometimes the guarantee is in the form of idemnity (e.g. subsidy), and sometimes it is achieved by regulation. Want to start a bank, say? Tough. OK, how about a credit union? Even tougher. Government IT contracts - now we're talking!

  24. Mark
    Joke

    @kissingthecarpet

    Tories didn't manage the economy well either ???

    ROFL

    Nu Liemore makes the tories look like the economic superpower of that past century. Seriously do some research and get a fecking clue before you start typing drivel.

    The Tories were bad in many ways, but economics was not one of them. Nu Liemore have all but destoryed the economy of this country by pissing all the money we have up the wall while creating more and more debt and stealing all the cash from pensions + raising taxes i an attmept to pay for it.

  25. This post has been deleted by a moderator

  26. Phil

    @dave

    Contrary to what people believe, not only is it perfectly legal to take pictures of your own children, it's also perfectly legal to take pictures of other peoples children in public places.

    UK photograpers rights can be found here

    http://www.sirimo.co.uk/ukpr.php

    PHOTOGRAPHY IN PUBLIC PLACES

    You are reminded that under English law :

    there are no restrictions on taking photographs in a public place or on photography of individuals, whether they are adults or minors;

    there is no right to privacy in a public place, although photographers are of course subject to the usual libel laws in the same way as other citizens and should observe them;

    equipment or film may not be confiscated, or images deleted, by any person or officer unless a warrant for such action is issued.

    Any attempt without a warrant is considered assault under English law.

    Interesting thread relating to this here

    http://www.ephotozine.com/topic/t-54561/p-0

    A thread relating to pics of children here

    http://www.ephotozine.com/topic/t-37856/p-0

  27. Peter Sommer

    Who interprets?

    The problem is - the document is simply guidance to the CPS on the circumstances in whch a prosecution should be brought. But each prosecutor makes up his/her own mind. Once the charges have been laid, the test for guilt will not be the CPS Guidance but how a trial judge interprets the wording of the statute when he instructs the jury about the law.

    The hacking tools law was brought in, not because there is a wealth of cases where no other prosecutorial route was available but as a result of an obligation to provide a UK equivalent to a provision within the CoE CyberCrime Treaty. Almost certainly we could cover the position with incitement and "aiding and abetting" charges. But it was felt that a more visible form of Treaty conformance was required - although it has been clear to civil servants for a long time that there were considerable difficulties in finding words which differentiated between legitimate and malign motivations in deploying dual use tools

  28. Anonymous Coward
    Pirate

    @Dave Hands

    This grubby hand of MS you speak of Dave, close relative is he? Unfortunate choice of wording IMHO. Mind you, wouldn't be (allegedly) the first time a government minister had been accused of having a hand up his nether region if Julian Clary is to be believed.

  29. Anonymous Coward
    Unhappy

    Get worried

    Consider a hypothetical case: a freelance computer "security researcher" specialising in Open Source migration. He gets a contract with a company currently using Microsoft Windows and Office, and shows them how they could save a lot of money moving to Linux and OpenOffice.org. A migration strategy is agreed, and a suitably lavish corporate celebration ensues. At some point between bars, or maybe on the way home, our hapless "security researcher" gets caught short, thanks to the local council's ongoing policy of closing public toilets.

    He's now earned himself a place on the Sex Offenders' Register, and is about to get his home computers confiscated for deep forensic examination.

    I really, really wouldn't want to be in that guy's shoes.

  30. Anonymous Coward
    Paris Hilton

    @Hackers eh

    "Trying a door handle isnt the same as smashing it down, nicking all the stuff on the other side, and running for it..."

    No it isn't, but I'd like to think that if someone had opened my front door, rooted through all my kitchen cupboards, opened up a few of my utility bills and was sat down watching my TV when I came home, that there'd be some kind of law against it.

    And that's regardless of whether I'd locked my front door or not. Hacking isn't fun or a game. It's intrusive even if it isn't destructive and should be punished accordingly and appropriately.

    Any time that Paris wants to come round and watch TV is fine with me though.

  31. Keith T
    Thumb Up

    It should be as it is for locksmiths in the physical world

    For ordinary users, the question is, do they want to have to keep buying more powerful computers while having that power gobbled-up by the ever increasing overhead of parameter checking by applications, increased overhead of signature and heuristic antivirus programs, and software firewalls?

    Or do ordinary users want to put hackers and script kiddies in jail, leaving more power available to applications.

    Registered professionals should be able to have and use security tools for their work.

    It should be the same in the physical and the cyber worlds. If you want to be a locksmith, take the course, sign a code of ethics, get a license, and you can have the tools.

    The current situation, where there is no security on the internet suits many security companies just fine. The more security problems, the busier they are, the more they can bill.

    Increased internet security will mean a decreased need for the services of security companies. But it is all for the greater good. I'm tired of spending so much time, money, disk space and CPU power on security.

    Put the script kiddies and those who provide them tools in jail for a few months.

  32. P. Lee Silver badge
    Coat

    Facist

    A facebook user?

  33. Keith T
    Thumb Up

    There is nothing newly restrictive in this

    This legislation should just be bringing the existing rules of the physical world to bear on the cyber world. It is just common sense to do this. It is not really a new restriction on our liberties, so long as the law is properly worded.

    The question in the cyber and physical world is, what is the overall use of the tool, what are the risks in allowing general access to it, and what redemming abilities does it provide.

    So screwdrivers and hammers can be owned by anyone in any country.

    Only professionals with a need can legally own fully automatic weapons (in most countries).

    Only governments can legally own weapons of mass destruction.

    It should be the same with software tools.

    - Some tools have little potential for malicious use, and are needed in common use.

    - Other tools have little use in the home or for hobbiests, have a great potential for misuse, but are sometimes essential, and should probably be controlled.

    For example, MS Word password crackers and encryption crackers. It is probably worth the increase in security for a small company to pay to have an outside person come in to apply the tool, rather than allowing the local admin to apply the tool whenever and whereever he or she wants. (I'm sorry local admins, but you are a security risk just like any one else.)

    - Other tools have little use except for hacking, for example trojan toolkits. Their possession should perhaps be restricted to those doing research and development for recognized AV companies.

    As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change.

    Forcing a lock or jimmying a window to access and explore someone else's home or business, without permission, in a physical or cyber manner, should be considered criminal by all ethical computer professionals, hobbiests, amateurs, and regular users -- regardless of the reason. This should be taught in mainstream schools, and re-taught in IT professional education.

  34. Anonymous Coward
    Anonymous Coward

    Bloody typical

    Why do lawmakers keep on assuming that a criminal will not want to break the law a little bit more in order to continue breaking the law in the same larger way they had been? Stupid, stupid, stupid!

    "This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers"

    Where does this distinction stop? It becomes harder to get a copy of nmap, so the "hacker" fires up their preferred weapon of code editing and writes something which sorta kinda works the same way. Do you then declare that all compilers and interpreters are illegal as a criminal might use them to write a "hacking" tool? Ban pens, pencils, paper and CPU instruction set listings because a "hacker" might be able to write a malicious tool in assembler and hand assemble it, old-school style, from the mnemonic listings? Ban MS Windows, because God knows *that* gets abused by "hackers" often enough?

  35. Jim Noeth

    And I thought we had a monopoly on stupid legislation on this side of the pond

    Sounds like a law that would come about on the this (left) side of the pond.

  36. amanfromMars Silver badge
    Pirate

    Common Sense Really

    "He's now earned himself a place on the Sex Offenders' Register, and is about to get his home computers confiscated for deep forensic examination."

    Yeah, it gets personal at the sharp end of IT, but that doesn't necessarily have to be bad if your Sexuality is Sought out for XPosure. It all depends upon how well you manage Proxy Change ...which you will have to admit is the natural daily default .... as to expect anything living to remain the same is clearly madness.

    And our Thinking Evolves to Higher Planes too leaving behind all those Money making schemes.

    You don't need Money for Dreams but as Henry Ford/Walt Disney et al discovered and constantly abused ... You need Dreams for Money.

    No Viable Dreams.... No Real Money ........ The Sub-Prime Credit Crunch Sting/Low Blow. A Scam Grotesque.

  37. Anonymous Coward
    Black Helicopters

    1984 here we are

    In a police state, everyone is a criminal. That's how it works.

  38. Olof P

    Re: Keith T

    Well, do you for one moment think this'll stop any "bad guys" in the UK from being able to download these tools anyway? If not, it's merely a way to put them in jail (gaol) for slightly longer after they are caught (and hence the damage is already done). Restricting physical goods is a lot easier, if it's digital online there will be hundreds of sources within a couple of minutes spent searching online, if you know what you're looking for. And that won't change unless you also propose some kind of Great Firewall (which can also easily enough be circumvented through SSH tunnelling and proxies).

  39. heystoopid
    Paris Hilton

    So

    So this means that all those recovery CD's , Universal Boot Disc's and anti viral disinfectant agents supplied by the notebook factory to reload OEM software on any laptop is now technically illegal and not forgetting to include all those live Linux CD's/DVD's too which have hacking tools incorporated at kernel level !

    So now we have a new class of 20 million plus felons in the UK daily using laptops and notebooks who should be in jail or at least deported for possession of hacking tools or whatever the severe penalty may be !

    Not forgetting all those computer technicians fixing any computer due to owner self induced stupidity are equally guilty of said crime as well !

    At this rate one would have to erect a ten metre high razor wire fence around the country and at all ports as well replete with a new batch of prison guards to house all these new miscreants and computer felons !

    Nuts , "Idiocracy" truly rules in this new century of propaganda !

    These adherents of the "Peter Principle" are multiplying at an incredible rate !

  40. Andy
    Paris Hilton

    Erm..

    So you make nmap illegal, which ironically is a tool used by both criminal and security activities. .. The security people can't use it due to the law and the criminals will just stop using it also? Utter nonsense, I wish the government would employ people who actually know the difference between reality and stupidity instead of just asking a 'suit' for an uninformed opinion.

    Ultracrepidarians the lot of them. (including Paris)

  41. Lee
    Stop

    Is there a legal paradox in this?

    If tools for hacking and the actual hacking regardless of intent are made illegal then would not forensic scientists, the security services and other governmental hacking protagonists become prosecutable were they to use computer technology to forcefully access other hardware and software? And how would the law that forces a person to reveal decryption keys be interpreted? Surely that same law is tantamount to hacking: it may not entail software utilization to obtain any decryption key but the principle is the same as that of hacking; namely, to forcefully access software by circumventing protection mechanisms.

    On a lighter note, in an online game, when someone hacks a virtual computer (as part of the game) would that person be prosecutable? Laws and regulations governing cyberlife need to be developed within its Cyberworld context using a totally new concept: commonsense. Only those whom have gained Cyberworld citizenship through long term experience can truly develop those Cyberworld laws and regulations. Geeks are the ruling class of Cyberworld and as such should guide governance of it.

    Would America allow an Indian citizen to govern American law; would the EU allow an American to govern EU law; would any country allow a non-citizen to vote in its elections or even become an elected member of state governance? No. Why? Because only longtime members of a state can understand the workings of that state. And likewise with any other group and discipline. Computer technology is best understood by its practitioners (and five year olds); and cyberlife is best understood by those that live it often. Should a group of geeks ever declare intention to gain independence of Cyberworld from the physical world then I will support them.

  42. Chris Ellis
    Pirate

    Free ?

    I used to think that this country was free and stood for ideals. However I am sadly mistaken over this illusion. What I'd like to see is this country run by democracy and not the current dictatorship which is Labour.

  43. Rik Silver badge
    Alert

    @Keith

    Locksmiths have a handicap, as it were, in having to be physically present at the door they're working on, and therefore tend to be within the jurisdiction the law on locksmithing applies to when you want to invoke that to keep your door closed.

    The script kiddie trying to get into your computer systems can be in the Ukraine, Sri Lanka or Argentina, and do they care about whether there's some British law prohibiting their activities?

  44. Andy
    Dead Vulture

    ban these evil "com-pewters"!

    Keith T: "Or do ordinary users want to put hackers and script kiddies in jail, leaving more power available to applications."

    Absolutely mate, it' s gonna be grate when they lock up all the script kiddies and make all that nasty "hacking software" illegal - it'll be just like that time when they made guns illegal, and now there are NO GUNS IN BRITAN!! FACT.

    Sadly I hear there is this thing called a "computer" that can be used to hack into peoples internets - if only we could make possesion of one of these demonic boxes a crime, and lock up all these so-called "computer users" there'd be no more computer crime EVOR.

    (belms)

  45. Stephen Jenner
    Pirate

    @kissingthecarpet and others

    The problem is not the politicians, or the parties. The problem is the system that they perpetuate in order to butter their swollen egos.

    Remember, you only take up politics when you realise you have no other talent, other than lying beautifully, and some of them can't even do that. They are just about the only employees that ritually ignore their employers.

    What we need to do is to modify the system that politicians euphemistically call democracy, so that politicians are reduced to a purely functional role. The system exists and is fairly successfully used in Switzerland, it is called direct democracy. The system works by employing two powerful tools, known as referendum and popular initiative.

    The trouble is that under our present system, we would have to depend on a political party that has a realistic chance of being the governing party to pass the necessary legislation.... like turkey's voting for Christmas really!

    Instead, they would rather spend our money interfering in everyone else's business, and always getting it wrong.

    DICK HEADS!

  46. Anonymous Coward
    Anonymous Coward

    @Anon. Cow @Paul

    And "Government" is when a clueless 3rd party can practically hand over on a silver platter the data to the "Dangerous Criminals" and get away with it scot-free

  47. Soruk
    Linux

    @Bloody typical

    "Ban MS Windows, because God knows *that* gets abused by "hackers" often enough?"

    Now you're beginning to make sense.

  48. Anonymous Coward
    Anonymous Coward

    So if you want to get an annoying colleague sacked...

    ...all you'd have to do is copy something like nmap onto their notebook (to a folder where they wouldn't normallly look) and then grass them up to the local plod (anonymously of course).

    I'm happy to be living and working in another country.

  49. Mother Hubbard
    Boffin

    Re: There is nothing newly restrictive in this

    The good news is, Keith, that your subject is right .

    There's no border more porous than the Internet - so netcat et al are all just an FTP, HTTP, SCP, NNTP (uuencode, etc), Rsync, SMTP, etc, (or even an NSTX, ICMP payload, etc) away from a usable state. Assuming you want a binary copy, of course.

    What's particularly disappointing about your argument is that you seem to ignore the fact that the UK is already a "participating state" to the Wassenaar Arrangement [http://www.wassenaar.org/introduction/index.html] which provides international guidance on export controls for munitions, including dual use goods, and including computer technology and software (particularly "information security" per chapter 5, part 2); surely a superb guide for those participating states seeking to draft domestic policy on the topic. I could, however, understand your omission given that even the regulatory framework for international munitions admits;

    Controls do not apply to "technology" "in the public domain", to "basic scientific research" or to the minimum necessary information for patent applications. [WA-LIST (07) 2 Corr. 6-12-2007; GENERAL TECHNOLOGY NOTE]

    The Lists do not control "software" which is either: [...] or 2. "In the public domain". [WA-LIST (07) 2 Corr. 6-12-2007; GENERAL SOFTWARE NOTE]

    Where the following definitions are key;

    "Basic scientific research" - Experimental or theoretical work undertaken principally to acquire new knowledge of the fundamental principles of phenomena or observable facts, not primarily directed towards a specific practical aim or objective. [WA-LIST (07) 2 Corr. 6-12-2007; DEFINITIONS]

    "In the public domain" - This means "technology" or "software" which has been made available without restrictions upon its further dissemination. Note Copyright restrictions do not remove "technology" or "software" from being "in the public domain". [WA-LIST (07) 2 Corr. 6-12-2007; DEFINITIONS]

    This would seem to be a far more pragmatic condition-set to be considered against the "article" of software, particularly before the "likelihood" of misuse or intent to misuse was tested against a given defendant.

    As for your further consideration;

    >> As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change.

    Given your predisposition to aligning computer concepts to UK law, I'd be interested to know why you wouldn't want hackers to be able to replace a given system MOTD message with a Section 6 statement (as in Section 6 of the Criminal Law Act 1977, as amended by Criminal Justice and Public Order Act 1994) in order to legally validate a computer version of Squatting.

    This would, in-turn, validate adverse possession of a computer system. As such, after 10 years of possession, a hacker must apply to a Computer Registry (the Internet already has the NIC structure in place) to have their title recognised as the owner in fee simple. The original owner of the computer system will receive notification from the Registry and will be able to defeat the application by simple objection.

    Though this may not agree with your "buffet meal" argument.

  50. E

    @ supermeerkat

    I can't speak for Dave, but:

    Mussolini said of fascism that it should have been called 'corporatism' because it really is a political system that merges of political and business interests and enshrines the rights of the result above all others.

    This law defines right as a function of how the software or hardware is distributed: if through business channels then the product is not a hacking tool, if not through business channels the product is a hacking tool.

    Given that business channels and open source are essentially mutually exclusive, this law serves to enshrine the business system's rights above those of open source / free speech/ whatever-you-call-it.

    Thus, it is a fascist law.

  51. Gary

    Cameras- A basic course in anal insertion

    You are reminded that under English law :

    there are no restrictions on taking photographs in a public place or on photography of individuals, whether they are adults or minors;

    How true that is. However, I have to say that with all the CCTV, press, and other wackos pushing cameras and other devices into peoples faces ,any one doing it in this neck of the woods (ie South Wales) is inviting the insertion of said device where there is VERY little light, and a lot of smell!!

    Pizzdorf

  52. Anonymous Coward
    Anonymous Coward

    I am Spartacus - we need a Guild

    IT is the only profession in the UK without a proper hard nosed guild.

    We need one which enforces a minimum wage, records those companies that outsource any IT and have them boycotted for any local IT support. And if the government pulls a fast one like this can organise a nationwide strike. I think we could include developers, admin and hey, why not IT sales staff, we could even let a few IT Journos and Graphic designers slip in.

    With the embedded nature of IT in today's society we could send this country back to the stone age. With only those capable of coding the machines effectively being able to use the machines we could shift the economy and land into our hands.

    Want to have an account with a bank with no IT support, no thanks I will go to the Developers Bank where all the tech stuff works. Want to buy food from a shop that has no automated stock control, no thanks I will buy from the Developer Shop that has lower prices due to computerization. Fancy using electricity, well hard to run a power plant without computers, may have to buy from the Developers Power Inc. It is just limitless if we formed a guild. Wish to trade shares on a stock market, might be better to use the Developers Exchange little bit faster.

    Nearly everything would be affected, leaving the path clear for us to establish new businesses that would out compete those existing ones without access to IT. But with us at the head of those companies and the carcasses of the old businesses for us to cherry pick from.

    Currently the BMA is the strongest guild in the UK and see what fun they are having; GPs get about 120K per annum, they have banned smoking nearly, about to get rid of booze, and building a database of all the people in the country. They get a nice kick back from the pharmaceuticals, because they own the keys to drug dispensing.

    Imagine what we could achieve:

    We could enforce a computing license. Audits on government departments, they're the ones who need the IT security it would seem, but they should pay through the nose for it. Special discounts on IT equipment for those in the Guild, IT manufacturers would have to start to woo us. We could also use the electrician's scam, and make it illegal to deploy a machine that has not been accredited by the Guild. Or even, have powers like Health and Safety where we can shutdown a place until it gets its IT security in order. The sky is the limit.

    We probably need a strike for about one month to drive the message home, think of it as a holiday. By the time the strike is over salary negotiation would be interesting, and probably more than make up for the missed month of work. And you could also use the time to build up a new business, there will be quite a lot of gaps in the market.

    So, who is with me? :)

  53. Ole Juul Silver badge

    Nothing new

    There is always a government/corporate interest in taking control away from the populace and giving it to their friends. I know it doesn't make sense in a digital world because resources can be created out of nothing, but I can see them working at it for a long time to come.

    A few years back we started to see the same thing happening with chemicals and various kinds of physical matter. It became difficult to get uranium compounds for pottery and glasswork. Acids of various kinds had to be gotten from a chemical supply house who often required you to show a commercial laboratory license. More recently it has become difficult to get nitrates. Experimenters, and even everyday gardeners, are having a difficult time getting what used to be common chemicals. Many suppliers won't even sell relatively beneign compounds if they contain lead. Funnily enough, should you want to, you can still easily purchase some of the most dangerous, but less commonly know, poisons. Go figure. With a little difficulty, over the years, I've been able to source my needs (with the exception of uranium for glaze) but it gets increasingly difficult. There is definately a strong government desire to keep technology away from people.

    It's all a bunch of bullshit brought on by politicians who say they are making the world a safer place. That's not happening, but the loss of individual freedom is.

  54. amanfromMars Silver badge
    Alien

    Advanced IntelAIgent Virtual Defence ........ AIdDutch Treat. ..B.I.G.C.H.E.E.S.E*

    "Should a group of geeks ever declare intention to gain independence of Cyberworld from the physical world then I will support them."

    Lee,

    CyberSpace/Cyberworlds are independent. So any mickey mouse legislation is merely some lower level hicks trying to muscle in on unknown virgin territory...... It's a mutant clone of the old Wild West ploy of Cowboys and Cavalry stealing native lands and introducing alien practices and concentration camps/Indian reservations.

    To hide/withold information is tantamount to blackmail for obviously some information is valuable and is witheld for monetary/political advantage. Such secrecy though, does encourage, for a socially responsible, larger shared monetary/political advantage, search for all such information rather than it remaining an exclusive property/item. Abuse of such Exclusive facilities for Collateral Enrichment is just too easy and prevalent.

    It could then be argued that in the Virtual Environment of Computer Carried Codes , hacking and cracking codes Ethically, is Mandatory Control Practice, so that Back Door Trojans/ Covert Power Bases are Impossible.

    The jokers are 'avin' a larf because they have lost the Plot and too late they realise that they have neither the brains nor the XXXXPertEase to handle CyberIntelAIgents ...... A NeuReal Breed of Binary Thinkers/Apache Scout/ESPecial Forces Questioning their Sanity and Right to Think to Impose Punitive Earthly Rules of Censure to Protect against Discovery of Systemic Abuses.

    The idiots and fawning fools may strut their stuff down on the Ground but in the Communication Space of Future Thought Transfer they are as nobodies and dogsbodies/lackeys to an old Analogue System..... crumbling and riddled with windows and holes.

    *Business Intelligence Google Copernicus Hosting Environment and Experiment in Search Engineering .... Sergey and Brin getting more than an Adult Education.

    I wonder if ITs Learning Seeds are cast upon Stoney Ground. Silence will tell its accurate tale.

    http://www.google.com/jobs/lunar_job.html .... Hiding in full sight and disguised behind preposterously outrageous ramblings ...... the Simple Truth being further XXXXPlored. 42 Be No 1 Source of Future Information for Simpler Programming of Assets.

    Well, that what Analien HyperRadioProActivity for NIRobotIQs and NEURobotIQs is all about ........ Simply Complex Binary Code rotation so that Machine Readable Codes become More Human Readable and as they become more Simply Complex and Human Readable will Beta Programmed Network InterNetworking RobotIQs/NIRobotIQs and their Sister Mastering Units/NEURobotIQs take Lead Decisions. Or is that the same as brainwashing/spin ..... with new technology possibilities for a Global Hold rather than any just a slam dunk at home.

    IT is definitely Holy Grail stuff.

    .

  55. Mahou Saru

    Ban encryption too

    They should ban encryption as that is what the ban guys will use to hide their data. No law abiding agency would use something like that anyway ^__^

    By banning all those nasty hacker tools, I guess most networks will fall into disarray and be swamped by those Chinese hackers. If they aren't then arrest the admin for breaking the law

  56. Geoff Mackenzie

    Re: Ummm

    Screwdriver fanboy! Microsoft Hammer(TM) is ideal for putting up shelving.

  57. Anonymous Coward
    Unhappy

    @ Keith T

    I am the IT department for a small City of London company, owned by an overseas bank. The whole office in the UK is less than 10 and 2/3 of my time is spent on non-IT stuff as the MD needs us all to work hard to keep things going. I would like to spend more time on IT but cannot. I certainly couldnt spend time or money on becoming a "registered" security professional, with all the attendant compulsory exams and form-filling that would follow (to pay for either the civil servants administerting this or the salaries of the self appointed quanqo) and so would lose use of these tools if I needed them. This means that more or all of the IT support would be done from overseas, where its cheaper.

    Lots of small companies couldnt afford this, it simply counts as more red tape. That doesnt make the government/CPS guidance any less of a problems, but your solution just becomes "jobs for the boys (well, those in the clique)" and will drive some work offshore.

  58. andy
    Alert

    Hold up!

    Anonymous Coward - "Perhaps instead they should make "losing data through stupidity" illegal"

    Your wish shall be granted AC:

    http://news.bbc.co.uk/1/hi/uk_politics/7168588.stm

  59. Angus Bell
    Linux

    Another nail in the UK coffin

    Soon they will role out the last straw that will break this camel's back. We will revolt, escape or be fully assimilated.

    Remember, it is not too late, resistance is not futile. Vote for no one by spoiling your ballet paper.

    Think it like this:

    If a 'facist' government wants to control its people, it must control communications and it must be able to watch everything we do. Not dissent will be tolerated (witness the 'debate' on global warming).

    Tools to help with this plan:

    Security forces armed with laws that prevent us testing the security of our systems.

    Microsoft Windows

    Government partnerships with commercial software firms

    It is important as someone above said, to implement their master plan, that hobbyists/ amateur/open source developers are not allowed to use these tools to test anything. These facilities must remain with the government's commercial software/backdoor/vulnerability developing partners.

    Remember:

    Orwell wrote a warning but the Labour Party have mistaken it for an instruction manual!

  60. richard
    Unhappy

    Thisi is plain insanity

    I saw this happen in Germany - never thought it would happen here. Fascist indeed.

    Thing is - how do we stop the insanity?

  61. Keith T Silver badge
    Black Helicopters

    There's more than one of me?

    Hmm, I appear to be here already.

    I'd not posted anything to this thread.

    Just who is this 'Spartacus' bloke anyway?

  62. amanfromMars Silver badge

    Make a Killing inventing AIMarket and retire to AIdDeserted Kingdom .....

    .... Perfumed Garden/Amazoned Jungle to Run ITs Universal Empire, Virtually, with nothing more than an Internet Connection. If you know what you are doing, the Technology is quite Coincidental and Collateral, merely a Modern Tool, for CyberIntelAIgent Beta Use of Shared Greater Intelligence. As we learn more and more from ever more and more does Intelligence become More Artificial than Real for obviously some XXXXPeriences Shared may be considered not normal/bizarre, although if they are human responses, would that define all humans as being of sub-prime intelligence capability? The Dangerous Fool with a Faulty Brain?

    Thank Goodness for AI, eh. No more Idiots 'r' Us to blame for Corporate Meltdown.

    " And you could also use the time to build up a new business, there will be quite a lot of gaps in the market.

    So, who is with me? :)"

    AC,

    The System is more than just a little aware of their precarious Plight, which as you rightly surmise has shifted the Balance of Power to IT Savvy Controls/Controllers.

    And if you/they have built up a new business to take full advantage of the Change and ITs Virtual Market Place, then a Danegeld Contribution/Golden Hello would be most appropriate from compromised and naked "customers". Pay plenty and who's to say IT will not pay Dividends and Benefits.

    For all those who would expect nothing to Change in the Light of Advanced IT Knowledge and Practical Applications in Pragmatic Programming from Semantic Analysis of Read MetaData .......... take your head out of where the sun doesn't shine and smell the JavaBean coffee.

    Plan A [the title of this Post] has a certain "Je ne sais quoi" charm which would appeal to the Wild Card Professional Poker Player Entrepreneur Inventor for he would be betting on a Future known but not yet Shared........ and a Bank and/or Casino in League with such Gents ....... would Create a Holy Trinity for Future Intrigue.

    Thank Goodness for AI? I wonder if the Status Quo sees that as written on the Door Mat or carved to read at the end of the Gang Plank. Their Choice most definitely.

  63. Scott
    Thumb Up

    RE: I am Spartacus - we need a Guild

    I'm in.

  64. amanfromMars Silver badge

    @RE: I am Spartacus - we need a Guild

    ...... with Open Discourse Registered for InterNetional Executive Block Action ..... AI De Facto Veto of Fantastic Fascist Follies ....which merely highlight the SS clones and their Ministries and Administrators.

  65. Dan B
    Stop

    really... if the government are that bad

    Then why not vote lib dem. I know I am.

    Regardless of the mindset of the general public, your own votes do make a difference. I know I'm sick of the current lot of fascists, and the conservatives are no better. Whilst they have some policies I disagree with, I think I'm ready to put a group of people in power that haven't already proven themselves to be incompetent and sleazy, at least give them the chance. :-)

    If you vote for labour, or don't vote at all, then you have no right to complain about our ever dwindling personal freedoms, infact you deserve to lose them.

  66. Tim Nicholls

    So every Linux distribution I possess...

    ...that comes with tcpdump will be illegal?

    Genius.

  67. Dan B
    Happy

    @Spartacus

    Yah. I'm in too.

    Just think of how much power a national IT guild or union would have.

    Our profession keeps the world spinning, and it's time people recognised this.

    Shame something like this will never happen :o)

  68. Anonymous Coward
    Gates Halo

    creativitiy, inteligence, freedom of thought and expression

    creativitiy, inteligence, freedom of thought and expression

    why doesnt the government just not have done with and ban the lot!

    that way it could arresst any dissenter under thought crime laws and the arrest the rest for being persisitantly enthnic in a built up area!

    i am sure this would make the governments life much easier!

    especailly if we reset the clock back to year 1

  69. Anonymous Coward
    Thumb Up

    hmm.. most people on the reg cannot read it seems... including the reg themselves

    if one reads the 1990 act amendment, you'll notice that it states that the offence only applies IF the accused *knowingly* adapts or supplies the application for use in a criminal offence... i.e. it's not what the software can do for you, but what you are guilty of using it for, with intent...

    so... carry on writing and distributing nmap and nessus peeps... just do it for good reasons m'kay...

    nothing to see here other than a law which states "if you give a hammer to someone when they've said they're going to use it for a crime, then you are assisting them"

    seems quite a sane law that...

  70. George Johnson

    Funky!

    So the good guys can't have the tools and the bad guys, who couldn't give a monkey's about the law, will still have the tools like they always did! Sounds just like those things, ermmm, you know black, with handles, have bullets in them, go bang a lot. No I'm not advocating gun ownership!

    Just another fine example of a pointless policy that has no affect other than to deny honest useful application of dodgy technology.

  71. Cameron Colley
    Black Helicopters

    RE: 1984 here we are

    Nail on the head there. We're all criminals now, so if we step out of line any one of us can be arrested and charged at the drop of a hat. It's much easier to rule a country when you can remove any members of the population that speak out against you.

    I would happily join a guild, but I'd need to find another place to work before I did, The Firm I work for would just move their IT to another country.

    Dan B: While the idea of voting Lib Dem does have some appeal -- why the fuck should I vote for the lesser of three evils? I don't vote because I don't recognise the authority of the government -- the country has been stolen by advertisers using brainwashed hordes of zombie voters -- I follow their laws because I don't want to be married to the guy with the most cigarettes. The only way to deal with this is to refuse to vote, and start a revolution -- and that just will not happen in our lifetime.

  72. Mike Smith
    Pirate

    Re: Another nail in the UK coffin

    "Remember, it is not too late, resistance is not futile. Vote for no one by spoiling your ballet paper"

    Bad, bad, BAD idea. Just forget about "sending messages", "none of the above", "not in my name" or any tripe like that. If you spoil your paper, or don't even bother to vote, you might as well just bend over, drop your daks and wait for the red hot spike again. "We didn't vote for Labour" is a common cry. No, most people didn't. But there they are, and there's nowt we can do about it until possibly even 2010.

    Our first past the post system means that only valid votes are counted and spoiled papers are just ignored. When you get a result like this:

    Cholmondelely Ffoulke-Witt (Conservative Party): 3,115

    Wayne Swampy Bancars (Liberal Democrat Party): 1,142

    Martin Bormann (Labour Partei): 3,116

    Spoiled papers: 38,963

    I hereby declare the aforesaid Martin Bormann elected as Member of Parliament for Henley-On-Thames. Unt Herr Bormann vill not give ein monkey's about ze spoiled papiers. He's in Parliament for a five year jolly now, so hard luck Joe Public.

    So, no paper spoiling, boys and girls. What's needed is a big swing to tactical voting. Two simple rules:

    1. Vote for an extremist, or a crank. A dozen BNP members facing off to the Alliance for Green Socialism or the Official Monster Raving Loony Party would make for thoroughly entertaining politics, absolutely no chance of consensual voting except in real emergencies and also (the real aim) would force the big three parties to either put forward strong leaders or die. Either would be acceptable.

    2. Vote for the party that came third last time. The one to follow if there aren't any nutters standing. That would also see a lot of the big noises in Westminster unseated. Tory Blair, Gordy and Sick Boy ousted by the Liberal Democrats - what a lovely idea.

    So there you go. Vote according to your beliefs if you can, or vote tactically if you can't. But don't stick your head in the sand because that's how we got here in the first place.

  73. This post has been deleted by a moderator

  74. This post has been deleted by a moderator

  75. triky

    @ Stephen Jenner

    Switzerland may have an ideal type of government but watch out for those nationalist right wingers... i should know, i'm a foreigner living there and there are certainly too many Blocher supporters (even if he was ousted from the Council) and UDC lovers to make any foreigner comfortable... It's sad that such a 'just' government should breed such narrow mindedness in it's people.

  76. Anonymous Coward
    Anonymous Coward

    Penus

    Soon they will ban your manhood, as it can be used to rape.

  77. Dave
    Thumb Down

    The blind leading the clueless......

    Yet another pure example of the clueless making a wild stab at trying to lead the blind - or is that the blind leading the clueless.......

    Oh – I know it’s a knee jerk reaction because of the inept skills the current government have in keeping information safe.

    They should have banned shredders and electro magnetic disk wipers – it would have made more sense (if you know what I mean ;-) ).

    I've worked in the InfoSec business for years – you need to fight fire with fire – especially where the threat comes from outside of the UK where the computer misuse act doesn’t comply, that was well thought of.......no doubt they get a heavy pay rise, job move and full pension....

    It use to be "Blair blah blah"

    It's now "We're in the Brown stuff - the Gordon Brown stuff"

  78. Cameron Colley

    RE: S'funny that...

    Erm, while I don't know of any cases due to the DMCA, there ahve certainly been people arrested, detained and questioned due to similar laws in the UK (look for Mr Modchip). Along similar lines, there have been cases reported, here in the UK, of people being prosecuted under anti-terror laws for being in possession of certain electronic documents and not revealing encryption keys.

    Did you not hear of the disabled man being questioned by the police, under suspicion of being a terrorist, because he looked funny?

    So, Michael, what makes you think this law will be used differently?

    If a policeman were to see someone at a political demonstration who "looked funny", and found them to be carrying a digital camera with pictures of a train station on it, that person could be arrested under anti-terror laws and their PC searched. If any encrypted material were present on their PC, and they couldn't convince a court they really had forgotten the password, they could go to prison for 5 years. Since the possession of "hacker tools" is illegal, and the media hype hackers, if a copy of nmap were on their PC this may well be enough for the prosecution to convince a court they were withholding information.

    Explain where I went wrong with that thought experiment (in broad, IANAL), or why the imaginary person above should go to prison for 5 years and I'll butt out.

  79. Anonymous Coward
    Alien

    @Spartacus

    You're thinking too small.

    Consider a EUROPEAN guild, not only a national one. Given how dependant the world is on OUR it-services, we would be able to ENFORCE some intelligence in the laws. Neighter EU or any national or corporate interest would be able to tackle a Europe-wide IT-strike.

    Now, the question is: Where do we set up our systems to make sure we're not shut down before we even get started?

    (Posted anonymously, because an idea like a European guild may prolly be illegal due to "National Security")

  80. Gary
    Stop

    Does this mean....

    that any hacker found using XP as their OS will lead to Microsoft and Dixons being dragged up in front of the judge ????

    Sounds like a sensible law to me ;-)

    And while we're at it, how about prosecuting Dell, Lenovo for supplying the PCs and the Electricity companies for supplying power, without which none of these so called crimes could have been committed.....

  81. Anonymous Coward
    Coat

    How about...

    One of those e-petitions; because they're taken seriously!

    ...mine's got ticket number 7

  82. Anonymous Coward
    Happy

    RE: I am Spartacus - we need a Guild

    AC wrote: "IT is the only profession in the UK without a proper hard nosed guild."

    Don't know about the "hard-nosed" part but there's always the IAP, (http://www.iap.org.uk/), although - despite the URL - does have members throughout the globe. Maybe run for president next time the election comes around? :-D

    Meanwhile - on the main topic - as others have said, this is yet another plain daft piece of useless soundbite material from this govt. I would have thought that we had enough usable statutes on the books already without confusing with more. For example, would it not be feasible to state that someone selling/promoting script-kiddie kits is inciting their customers to commit an offence under the Computer Misuse Act. Not being a lawyer I'm not 100% on this, but it's something to think about.

    Meanwhile, this new act will do squat to stop the tide of external digital maliciousness, either individual or state-sponsored (China and Russia if the last newspaper article I read is to be believed). :'-(

  83. Bounty
    Linux

    here's the problem

    This is what the article says "create or distribute so-called "hacking tools" also "ownership and distribution" It also mentions "available on a wide scale commercial basis and sold through legitimate channels".

    I don't see any mention of intent, which seems wrong. This is the big thing.

    Did the author need to do more research first? I don't know. As reported, that's dramatic and sweeping. If I write a script to load test my website, and give it to a friend to test his website, who gives it to a blackmailer. Which one broke the law? How about if the blackmailer's intent was unknown to the friend?

    Most IT admins use [free] "hacking tools" to audit their networks at some point. I've used multiple windows of the built in ping.exe utility to 'DOS' other (my) boxes to test stability. So is M$ now guilty of creating hacking tools? Maybe they're ok but when I use BSD they're in trouble?

    Tools are not crimes. Ever watch "It takes a thief"? They don't use lockpicks. They use hammers. Randomly carrying a set of lockpicks breaks laws, but criminals don't use lock picks. Criminals would carry a hammer and walk around behind the building and break a window. I would like to carry picks, it's fun opening locks, it's a puzzle. Writing a program to break Vista is not a crime, it's not even immoral. Distributing it isn't either. (w/o malicious intent) Using it to break a system w/o permission is. Posting a 0day virus with a malicious payload should be. They should make a law/guidance for intent. Posting partial details of 0day to a security list after lenghty contact with the vendor, and full details to select responsible experts should be ok. Shows honest intent, help the users.

    Now, having said that, if I came across a system that had an elaborate virus on it designed to capsize an oil tanker, and display a ransom message to the oil comapny, wouldn't that violate existing laws already? Conspiracy to commit blackmail or something? Same should apply to the 0day thought experiment.

    (p.s. knocking on a door is not a crime. Intnet. Unless you do it every day for hours on end.)

    -Bounty

  84. Wayne
    Linux

    @Michael and the locksmith guy.

    A registry for people that could use network security tools? That'd be great. Every application is a security tool provided you have tcpdump. If you don't have tcpdump, good luck troubleshooting that slow DB problem due to a poorly implemented Nagle algorithm.

    Or what if the DHCP service on your home router stops? dhclient -d can tell you a lot about the network around you. Only someone completely ignorant in IT would propose such a preposterous solution... or someone bent on abusing the power such a ban would give, like mis-guided guild members.

    For Micheal's part, the DMCA made it illegal to watch DVD's on my laptop. That's quite enough isn't it? Or perhaps you think it's ok that you should be required to buy software from a particular cartel because it should be illegal to use a toaster oven to make shrinky-dinks?

    Although the law doesn't necessarily elevate tcpdump to De-CSS status, it does make one wonder... Where will they go next?

  85. Paul Banacks
    Flame

    I wish...

    ... we could get rid of this completely incompetent government who's answer to everything is either "Tax" or "Legislation." The spinning bottle obviously landed on the latter in this case.

  86. Paul Banacks
    Flame

    And furthermore...

    ... where are all the demonstrations about the implications of the government making laws such as these? Does nobody care about the immense loss of freedom associated with such badly written laws?

    Is it now illegal to distribute nmap? Isn't it? You don't know, you don't decide... the government does when they need to get rid of you for a while.

    In another piece of legislation... Own a mobile phone? Is it illegal to own an EEPROM programmer? Or sell one? You don't know, You don't decide, Mr Brown does.

    And theres plenty of other vague and badly written legislation such as this that's come from the arse of this government designed grant the government power by stealth. 1984 my arse. Today it's 1985. It's time we got rid of them pronto.

  87. Paul

    LOL!

    I really find myself amused at everyone who says "get rid of the goverment". It wont' solve the problems because quite frankly, politicians are normal people no matter which party they belong to! Unless we switched to a system of government that required compitancy to be proven before you could vote on particular issues or laws, how can they be expected to know what they're doing??

    Remember, the real secret to democracy is to talk to your MP, who I remind you is YOUR representative in government. If you disagree with a way a particular law is being phrased, or the fact it's being written at all, you have to take action and not just bitch about it on a forum or comments section!

  88. joe K
    Stop

    Techies take things far too seriously sometimes....

    Come on you guys, this stuff is written by llegal types, that computer security experts ( though helpfully they consulted some ). There has to be a law to enforce electronic security, as electronic fraud is a major problem and costs companies and individuals billions in money , wastes time resetting problems and makes some people stay off useful technology, like online payments, for fear of being defrauded somehow.

    If any of you know-it-alls can come up with a better set of 5 or so laws, give it a go. I'm all eyes . Just don't criticise and step back, that sort of thing shuld only happen in hairdressing saloons.

  89. James Cleveland
    Thumb Down

    Re: Techies take things far too seriously sometimes....

    But joe, you're missing the point. I doubt this bill will do anything to prevent e-crime. Why? Because most of the people actually doing damage are a) Overseas and b) Not afraid to commit crime anyway.

    All this will do is make our businesses softer targets as we are disadvantaged by cutting off our security resources.

  90. Dom
    Paris Hilton

    Hmmm..

    Hang on.....If this law comes in, I bet Sony won't be putting any more Rootkits on their CD's!

  91. Anonymous Coward
    IT Angle

    remote debuggers for UK

    I'm predicting a new business model to market in the UK; remote apps with the remarkable ability to "debug" software in any DRM controlled environment, locked up behind strong firewalls for only legitimate use of course.

  92. Chris Cook

    With intent

    There should be some kind of "with intent" clause, like there would be if some chav/hoodie was carrying knives/ladders/hammers at night sniffing round someones backyard.

    As has been said before, just about all these "hacking" tools have perfectly valid uses for a sys admin/power user, if only to check there computer is secure.

    However, it should be obvious that if your not a complete dip-stick, stay inside the law, and don't draw attention to yourself then they can't come snooping through your disks without a valid reason.

  93. Paul Banacks
    Unhappy

    Competency...

    Competency in this case is not pretending to know everything about everything but instead seeking opinion from those who do. This takes time and effort which is what we pay them to do. This government failed to do that, and the result before us is yet another badly made piece of legislation.

    Under this government, the records of 25 million families simply been "lost" with little if any protection. Competency in this case is ensuring that their departments protect OUR data from this kind of misuse.

    This same government hopes to run the most invasive Identity Card scheme in the world whilst at the same time telling us of their competence to do so?

    The list could go on and on and on...

    So It's not about getting rid of the government of the day to solve the occasional arbitrary problem. It's about getting rid of THIS government which has consistently shown that it is incompetent and is no longer fit for purpose.

  94. Lee
    Stop

    To all those who say..

    .."If you don't vote you can't complain." The problem with this thinking is that some people can not register to vote because doing so would open them to being located by debt collectors, people who threaten their lives, and the police. Not necessarily all three for any individual case. Remember that details on the Electoral Register are made available to credit rating agencies and anyone else whom wishes it.

    .."For who else can we vote? They are all the same; politicians are regular people like everybody else." Firstly, politicians tend to be people who feel disaffected by society, seek power for themselves, are unscrupulous when they need to be, are two faced and are compelled to see others skeptically. Secondly, some people are different. They are called Libertarian. Have a look at http://www.individualist.org.uk/the-individual-2002-2007.htm

    .."Spoiled ballet papers achieve nothing." I agree, so if you have a right to vote (as do everybody who is not restricted through mental health and some other causes) and if you are in a position to register your details on the Electoral Role (assuming you have proof of ID and a fixed abode), vote for an independent.

    .."All laws that have been passed over the last few years have been decried by someone or other as being an infringement on civil liberty." Well, laws have to be kept in check, all facets and consequences have to reviewed and allowed for before placement into the legal system. Reservations have to be aired, heard and acted upon. At the moment, all the laws required to arrest anyone for any reason whatsoever are available for use by law enforcement agencies. Just because those laws are not being implemented, yet, does not mean they never will. I'm waiting for the U.K gov to announce to the U.N that the U.K is so rife with crime that safe areas have been set-up so that everywhere else can be locked-down by barriers and security personnel.

    Personally, I don't like to be in the U.K so I tend to live outside of it. Every time I visit, people here always seem more timid, less healthy, less in control of their lives and more fearful of the outside world. Could just be me but a lot of other people who live outside of the U.K see the U.K the same way. Maybe, if a new government is put into public service, the ambiguous, unnecessary and ineffectual legislation and red-tape concocted by New Labour will be burned and the ticking of civil freedom and political democracy will be restarted. Remember that "Those who trade some of their freedoms for security deserve neither freedom nor security."

  95. Stephen Jenner
    Happy

    @triky

    I understand what you are saying, but as I see it, the Swiss have got the government that they want, up to a point, they seem to want Blocher, he led his party to a massive victory in their last general election. The thing is, if he tried to institute laws that the citizens did not support, they could knock them back.

    Remember that the vast majority of Swiss people are of Germanic descent, so they have got a German government at confederate level. As for Blocher, he was removed by inter party warfare, so he may well be back sometime soon.

    I don’t get what you are saying about being a foreigner, surely, if you are a foreigner or a guest, you just play the game, if you stay for fifteen years, you can apply for citizenship, and cease to be a foreigner?

    Anyway, the main point about Swiss democracy, is that it works from the bottom up, unlike any other system in the world, and given that scenario, it is not long before stupid legislation gets repealed.

  96. triky

    Agreed

    I do see what you are saying and I agree. What I wanted to say was that relative to laws on foreigners, Blocher's main argument for his party was centered on the expulsion of foreign criminals. I find that extremely un-democratic in the sense that foreigners pay a very high price for living and working in Switzerland, what with work and living permits among other taxes. And yet, the UDC would have liked to expulse foreigners committing crimes in Switzerland. So it's alright for foreigners to pay a fortune to the government and canton, but in return, they are not guaranteed justice but expulsion.

    I have had many a heated debate with swiss (and swiss germans are the most adamant on this subject) that this policy is necessary in order to keep Switzerland swiss! And if the majority feel this way, then that is the way they will vote in a referendum.

    So, yes, I do agree that they have a good system of government, but it is unfortunate that such nationalistic feelings should prevail in spite of (or pehaps because of) the wealth of the country.

  97. John
    Stop

    stupid nuLabour

    What a bunch of morons. This will actually make people less secure.

    I use nmap to make sure that only the ports I want are open on my PC's and use kismet and ethereal to moniter whats going on with my wireless and wired networks.

    Start making this stuff illegal because Jackie Smith is scared that people might acually care about their own security and we'll all be part of botnets by the end of the year (at least my windows users anyways).

  98. This post has been deleted by a moderator

  99. spezzer
    Alien

    Great! another law...

    ...but what about enforcing the law? As the law rule book gets fatter and fatter how do the government propose to ensure that the country's population is abiding by the law. If logic prevails (as it always does) then the more rules per person we have the thinner the law-men are spread. The thinner the law-men are spread the fewer criminals they will catch. The fewer criminals they catch the more the law is broken. The more the law is broken......you know where I'm going! So, more rules mean more rule-breaking - simple! Except....if a bigger investment is made in policing the law....hmmm.....that aint gonna happen. And thats the problem with rules!

    I chose alien coz my mind works differently!

  100. Adam Collett
    Happy

    How?

    How are they actually going to find out that we are using these tools?

    Also, any IT bod with half a brain will just use a VISA or Mastercard and pay for their hosting is the US, Sweden or anywhere that this law doesn't cover! :)

  101. Chewy

    Career Politicians

    The problem is there are more and more career politicians on all sides of the political equation (well the centre-right as we have in the UK), who have never worked outside politics for long. Is it really surprising that all parties just want to have sound bites for the populist press?

    @Mark - so what about Black Wednesday then if you believe the Tories never did anything wrong in the economy? Whether you like it or not the economy consists of peaks and troughs. Both Maggie and Tony enjoyed massive peaks while their successors were left with the trough.

  102. Paul Buxton

    @Keith T

    "As for the comment that there is really nothing wrong with breaking into and exploring other people's networks provided there is no malicious intent: The failure to recognize this attitude as a criminal attitude is another part of what needs to change."

    The "attitude" of which you speak is inquisitiveness. Every human's psychological makeup includes a very large portion of inquisitiveness. It's what allows us to progress as a species. You think that inquisitiveness should be outlawed? The failure to recognise that everything you think you know is almost definitely wrong is what really needs to change.

  103. kev whelan

    What about all the tools that come with operating systems

    which can be abused ?

    traceroute

    ping

    netstat

    sendmail

    nslookup, dig etc

    tcpdump

    Will we see Microsoft and Unix outfits in the dock ?

    What about a C Compiler or Perl, think of the trouble you could cause ? Prosecute the guilty ! Name them, shame them !

  104. Martin Proffitt
    Linux

    Where does it end?

    A few of the comments have already pointed out that hammers are used to break into houses (cars, vans, etc...) or may be used to bludgeon a person to death. Likewise, screwdrivers, chisels, planes and even spirit levels can cause significant damage if used inapropriately.

    If I was walking home from B&Q with a new hammer and the police happened to stop me, I would expect them to at least ask me why I was walking through a residential area with a hammer but I wouldn't expect to be arrested for it. However if I was walking home with my laptop strung over my shoulder I would be rightly annoyed if I was stopped and questioned by the police.

    As it happens, my laptop runs Linux and understandably so has an arsenal of security tools installed. They are essential to the course I am undertaking at University, which incidently is Computing Forensics and Network Security, under this new proposal, I guess it would then become fair game for me to be arrested for simply walking down the street carrying my laptop. After all, who is to say that my laptop isn't running in with the wireless enabled in monitor mode effecting a type of `war-driving'?...

    On my systems, I must have half a dozen different versions of each `security' tool available for Linux, to say nothing of the number of Live disks I own, half of which are designed solely for the purpose of computing forensics and carry tools which are not always shipped with standard Linux distros. On top of this, I do a great deal of programming so have development libraries such as Crypt++ and pcap as well as languages such as PERL and Python installed on my system(s). Theoretically libraries and languages such as these can be used to write `hacking' sofware. Does this mean that I can be arrested for `intent to develop software for the purpose of carrying out malicious attacks against remote systems'?

    There is a very fine line between what is classed as legal and illegal use of any tool no matter what trade you are in. As I walk home with my hammer, my intent is to get home and use it to drive nails in to wood for a new partitioning wall. However the police may percieve my intent as being that of breaking into that brand spanking new Mercedes Benz parked 300 yards up the road.

    The keyword here is perception. The government sees network security tools as being a threat to the security of systems whether their own, commercial or personal. Crackers see security tools as a means to breaking into systems which they have no right to access, the average user doesn't even understand (or care) what these tools really are so will probably vote with the government regardless of which party proposed the bill and as for the rest of us, well I guess that makes us outlaws then.

    The question is, with this bill in place, does that mean the government is going to imprison its own IT department? Or shut down MI5? Because I bet they use these tools every single day!

  105. Ishkandar
    Coat

    Re: Techies take things far too seriously sometimes....

    Well, yes. The first law will be that we will nuke any country that harbours a hacker !!

    Oops, wait !! I've just been attacked by a hacker from the US of A .....

  106. Name

    To further the hammer analogy....

    My friend worked a temp-job at a car airbag factory in Warwickshire, her job was to check every 5th one of some part to check for bad welds - by hitting it with a hammer.

    So a hammer really can be a security auditing tool!

  107. Dennis
    Thumb Down

    Re: hmm.. most people on the reg cannot read it seems... including the reg themselves

    @martin

    "if one reads the 1990 act amendment, you'll notice that it states that the offence only applies IF the accused *knowingly* adapts or supplies the application for use in a criminal offence... i.e. it's not what the software can do for you, but what you are guilty of using it for, with intent..."

    Reading Section 37 of The Police And Justice Act 2006

    http://www.opsi.gov.uk/acts/acts2006/ukpga_20060048_en_7#pt5-pb2-l1g37

    The word "knowlingly" doesn't appear.

    The problem we face is with the new section 3A(2).

    "A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence"

    So I write a new improved vulnerability scanner. Can I circulate it around bugtraq for pier review? While I know it will be used responsibly by many people I also know that it will be used by some Bad Guys(TM) to find systems they can hack into.

    The problem faced by the open source and free tool community is how to avoid "believing that it is likely to be used to commit an offence". If we create a tool and circulate it openly it *will* be picked up by someone and used to do bad things.

    In the CPS guidance we see: "what, if any, thought the suspect gave to who would use it; whether for example the article was circulated to a closed and vetted list of IT security professionals or was posted openly". This seems to imply that posting a tool openly risks a charge under Section 3A.

  108. Brendon Lucas

    Tell the PM's office

    It's taken a fortnight but the petition against these provisions to the Computer Misuse act has been approved and can be signed here:

    http://petitions.pm.gov.uk/pentest/

    To sign the petition you need to be British citizen or an expatriate, in an overseas territory, a Crown dependency or in the British Armed Forces.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019