Slashdot Log In
Aussie Bill Would Ban Hacking Tools, Virus Code
Posted by
timothy
on Sat Jul 07, 2001 03:17 AM
from the only-criminals-object-to-stripsearches dept.
from the only-criminals-object-to-stripsearches dept.
rtscts writes: "The Australian govt. is at it again: 'Under the bill, which proposes seven new computer offences carrying jail terms of up to 10 years, it is illegal to possess hacker toolkits, scanners and virus code.'" The bill is called the Cybercrime Bill 2001; according to this article, it "does allow the Defence Signals Directorate (DSD) and Australian Security Intelligence Organisation(ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information."
Related Stories
[+]
Politics: Germany Declares Hacking Tools Illegal 299 comments
dubbelj writes "Germany has updated their computer crime law to declare 'hacking tools' illegal. This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]). Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal.' We discussed a similar measure in January when Australia considered the same kind of legislation. How will this affect Linux distribution in Germany, as most standard Linux distributions come with these kind of 'hacking tools' installed by default?"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Define 'tools' (Score:5)
Re:Differences between cracking tools and child po (Score:2)
Although the charges were dropped, it did temporarily open the possibility of almost everyone having indecent photos in their possession.
The best part of it all, was The Guardian [guardian.co.uk] publishing the photo in question in full colour on the front page on the first day of the fuss, when this photo was still being called indecent by the authorities. I was impressed they were willing to so dramatically state their position and hold firm.
Re:"Criminal paraphernalia" (Score:3)
Now, before you say "why not just go after the makers?" consider this: child porn is not given out for nothing. Usually it involves paying money. Other times it's done in a trade. Even if no cost is involved, you're showing demand for the stuff. So by obtaining it, you've financed the operation, directly (by paying money) or indirectly (by providing more goods, which can later be sold, or by showing demand, which motivates further production). Under most legal definitions, that would make you an accomplice or accessory to the crime. That seems to be a fair enough reason to criminalize the stuff.
Now, things do get stickier in the case of hand-drawn or computer-generated child pornography, in which case it's quite possible (even probable, in the case of CG) that no living beings were ever used in the creation of the work. I don't know if this has been tested in a legal system or not. It would be interesting to see the results of such a case.
----------
Re:Calm down people *please* (Score:2)
"What do we have here? A scanner! You finally slipped up, junior. Take him away boys."
OS/X? (Score:2)
Further yet, is it illegal for you in the US to make available hacking tools to Australians? (Legislation is pushing that way, yes?) If not now, might it be soon?
David E. Weekly [weekly.org]
Down at the bottom of the article (Score:2)
That makes it sound as though instead of hauling away everything you own that has anything to do with computers (and eventually auctioning it off and pocketing the proceeds--that's why they seize the speakers and monitors and power cords and keyboards, they get more money selling compete systems), they could just copy everything you have on any and all storage media, and crack into it back at the station house, without leaving you unable to persue any legal and legitimate computer use. After all, you might be innocent, and this way they inconvenience you the least while still investigating.
Unfortunately this makes sense, respects individual rights, forgoes photo-ops of officers rendering the "danger to society hacker" impotent by taking away all that "sophisticated hardware" that was no doubt financed by selling drugs and dirty pictures to pre-schoolers, and creates less opportunity to augment department budgets with auction proceeds, so don't hold your breath.
Re:Down at the bottom of the article (Score:2)
Well, IIS is a cracking tool... (Score:2)
Seriously, I take exception to the gummint banning the tools which I must have for making sure that the boxes I administer are secure from overseas crackers (after all, since we're every man jack of us law abiding citizens here, no other Aussies could possibly crack my machines, although it seems that some legislators are actually smoking it - crack, that is).
Re:No, its still a problem (Score:3)
As a fellow computer professional, would it make more sense to you to "hack in to get my own email" as the prosecutor offered, or to believe me when I say that I was doing this to show that my former sysadmin group was failing to maintain proper security? Yeah, I thought so.
To this day, the prosecutor still claims that he doesn't understand the case. And yet, he managed to share that confusion with the jury in such a way that I'm still a felon, awaiting yet another round of appeals to support a greater common good.
Yes, my methods may have been lousy, and I certainly didn't get prior approval for what I thought would be a no-brainer, but my intent was to help the people that had paid my bills for five years, not harm them.
Gov't Bans "Fingers" (Score:2)
The AU Government, wishing to serve the people in it's full capacity and competence, and seeking to employ the most technically sound and logically considered data attainable, has assembled a task force of experts charged with the duty of identifying clearly and without doubt, those "tools" which are the most serious and effective aids to the operation and infiltration of computer networks by criminals.
"Our data, as set forward in our considered report, "Keep your mits on", has conclusively shown that in a vast majority, and we are making no exageration here, for we found said "tools" to be in the "hands" of 99% of not only hackers, but also criminals in general, of cases, the "fingers" were the single most pervasive means with which criminals were able to persue their illegal activities."
Citizens are free to study the newly published report, wherein they will find details of scientifically conducted tests where criminal hackers were left totally unsupervised, alone in a room, with a computer terminal, having had his or her fingers removed. The data found is so strong, that any even half-educated sheep farmer could plainly see that the chances of the hacker being able to purse a horrible and dangerous criminal activity online was rendered almost completely impossible without the aforementioned tools, the "fingers".
However, the authors of the study wish to deepen their understanding of the "hacker", and recommend a further study into some discrepacies in the data. Partiularly in one case, one criminal individual was found to have, it appears, by means of a pencil held in his teeth, to have actually operated the computer, as evidenced by the words "help me" clearly visible on the screen in an e-mail program. As already stated, for reasons of national security, we recommend further studies into the potential criminal activities of hackers armed with pencils but no fingers.
Interesting... (Score:5)
That puts most people between a rock and a hard place, because then they would have to use hacking tools (DeCSS) to get the key...
Re:Differences between cracking tools and child po (Score:2)
The government doesn't need to take your guns away to have complete and absolute power over you. Look at the insanity of the drug war:
If the government really wants to arrest you, does it matter how many guns you have?
However many you have, they will *always* have more. Having those guns just makes it more likely that you will end up dead. The only way guns protect you from an oppressive government (which the USA already has, BTW) is if the people have more firepower than the feds, something which would never happen in the USA.
Text of the bill (Score:3)
Re:Hmmm... (Score:2)
--
Wouldn't it be nice if.. (Score:2)
Also, if you encrypt your hard drive, then get somehow arrested for say.. distributing child porn, the police would tell you to give them the key to open the encryption. If you just say "nope.. I won't do it", I'm pretty sure you get into a lot of trouble in ANY country - not just Australia. You SHOULD be in a lot of trouble too!
So what is it that is so bad about this bill? And YES I've read 1984 and NO, this is nothing like that.
Re:Wouldn't it be nice if.. (Score:2)
Wow! You got a little carried away there, didn't you? Totally missed my point too, didn't you?
I was talking about being arrested for a crime and then not cooperating with the police. That's probably illegal in any country - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it.
I think you need to relax a little.. You don't need to check if your doors are locked 10 times before you go to bed either. There is no black van outside your window.
Outlaw tools, then only outlaws will have rootkits (Score:2)
Aside from the obvious difficulties in the application of the law, which invites unbalanced and unreasonable application by clueless authorities, the primary harm of this law is the obvious chilling effect that it will have on promoting the progress of anti-hacking technique.
It is only our prodding and poking at our own systems that keeps us as many steps as we are in front of (or behind) the hackers as we may be. Only by "standing on ye shoulders of giants," can we hope to adequately understand and to secure our present systems. If our giants are hidden or made contraband -- then we are left to the mercy of those who live in more (or less) enlightened societies.
In short, hackers have never had so good a friend as the Australian government. A nation disarmed for the picking by those who are not blinded by their own ignorance.
If we outlaw hacker tools, then only hackers shall have rootkits.
Dood, I *AM* a lawyer (Score:2)
I may indeed have my head up my ass, but I also have the law degree and techno-litigation experience [carltonfields.com] you seem to require. If you have an argument on the merits, feel free to show where you think I was mistaken, and we shall see who is making the frivolous argument. But until you do, why not leave the name-calling to yourself?
Re:No, its still a problem (Score:2)
Again, the issue is whether possession of the contraband will be deemed by an average juror to evidence an intent to use it. (It will, 99-100% of the time.) Then, whether the juror will understand *and* buy the testimony from experts suggesting that one doesn't use hacker tools only to hack evil, or buy or be confused by the clueless prosecutor who represents the state.
Then, weigh whether you are willing to risk your freedom and liberty to discover the answer, or accept a plea and do whatever the state requests.
Re:No, its still a problem (Score:2)
That's all I'm saying. If we make possession of hacker tools illegal, only criminals will have rootkits.
No, its still a problem (Score:5)
In theory, a state of mind must be proved just as the factual elements, beyond a reasonable doubt. In practice, a jury is instructed by the judge that they may infer intent from any of the circumstances in which the crime was committed. Unless the defendant takes the stand in her own defense and convinces the jury to the contrary, and thereby submitting herself to a blistering cross-examination, the prosecutor will simply ask the jury to ask themselves any number of rhetorical questions.
Mens rea is a non-issue. With enough stuff on your disk, intent can be "proved" by twisting circumstantial evidence to the satisfaction of the jury. To a jury -- the mere fact of the trial is taking place evidences (which would not otherwise be admissible) the proposition that the government thinks the defendant is guilty.
"with intent" is better than strict liability. But in practice, its grievously dangerous. Anyone possessing tools is ultimately at the mercy of the whim of the authorities. The cost of a criminal defense (which no intelligent person, however good an advocate, should attempt to do by themselves) will never be compensable and can itself be more ruinous than any fine.
In short, this law an authoritarian nightmare -- it serves no good purpose, will actually chill productive anti-hacking technology.
Re:Yeah right... (Score:2)
Anyone have a copy of the bill? (Score:2)
Or you know.. (Score:2)
Re:Wouldn't it be nice if.. (Score:2)
You can have my keys, they are useless without my pass phrases and you can have my pass phrases, when you extract them from my cold dead brain (using mnemonic sensors, probably).
Basic common sense aludes another Slashdotter (Score:3)
Speaking as the former Global Data Security Manage (Score:2)
A few years back, I was the manager for Data Security for KPMG's electronic commerce group, and I can attest that there is indeed a legitimate use for any cracking tool you can name, even the DOS hacks.
I routinely use cracking tools to probe my own systems, since I have exactly ZERO confidence that script kiddies will leave me alone just because there's a law against what they're doing.
One obvious legit use of a DOS hack is to test your firewall, and make sure it doesn't just crash when it gets way more traffic than it can handle.
When governments think they can prevent behaviour just by passing a law against it, I simply refer them to all of the drug wars we've ever had.
If we want secure systems, then what we need to do is tell all of our governments to FUCK OFF and quit trying to legislate an engineering problem.
-jcr
Liberal party (Score:2)
Australia doesn't have a mainstream party which is more socially conservative than the US Republicans. It just sometimes seems that way. :-)
The Australian Liberal Party is actually much closer to a European "conservative" party: close to the US Democrats, but a little more conservative. The closest thing we have to the Republican party in Australia is the National Party, whose support is mostly from rural areas. The problem is that when the Liberal Party is in power, it's almost always in coalition with the National Party, so coalition governments often pass National Party-esque laws such as this one.
Re:Liberal party (Score:2)
Maybe. The Liberal Party is always conscious of differentiating themselves from One Nation, so what you suggest would only happen once One Nation's fifteen minutes are up. This may come quite soon.
As for motive, it would only happen if the National Party went under; the Liberals would be politically obliged to pick up their supporter base. This may also come quite soon.
Re:Liberal party (Score:2)
We have an equivalent (Christian Democratic Coalition, run by the ever-outspoken Fred Nile), but it's not very mainstream.
Yes. Strangely, we use the same names as the US for our chambers ("house of representatives" and "senate") despite having a pretty standard Westminster parliament.
Re:Calm down people *please* (Score:3)
Re:Calm down people *please* (Score:4)
also there is some more stuff on http://www.2600.org.au/ [2600.org.au]
Re:Anyone have a copy of the bill? (Score:5)
http://www.2600.org.au/misc/cybercrime/cybercrime
http://www.2600.org.au/misc/cybercrime/cybercrime
This proposed ban is senseless (Score:3)
Re:Wouldn't it be nice if.. (Score:3)
My passphrases are >32 characters long. Ooops, seems the brutality of the police caused a trauma that made me forget one or two. How sad.
The Australian government are clueless (Score:5)
For what it's worth, even Microsoft realise they are hopeless [slashdot.org]. Hopefully they'll be voted out at the next election (probably later this year?), and this insanity will end.
Text of the bill, what it really does (Score:4)
The bill doesn't make any of the things listed in this article illegal on their own - you have to be using them for, or intending to use them for, committing another federal crime. There is no requirement to divulge passwords, just to assist law enforcement in effecting the execution of a warrant. Without this they'll just seize the equipment anyway, so it's actually in the interests of the person owning the equipment to provide this assistance as it allows them to take just the relevant data.
Of course it does sound a lot more interesting to say it bans the posession of tools that are being used for legal purposes, but the bill explicitly mentions that there must be a use for, or an intent to use for, an otherwise illegal activity.
Self corruption of professions.. (Score:3)
You laugh, but you'll laugh even harder with this article [computerworld.com.au] basicly saying email is the no1 threat for australian companies.
This shows how rigid they are in their thinking. I mean, if people used propper policies and security protection, there was no need for the digital witch-hunt they are now proclaiming.
Now I don't agree with the way things are now, for instance I don't think security firms SHOULD exist, but this kind of artisanal malpractice where the trade itself corrupts and starts to sustain itself, is present in all sorts of professions. You see it in law, you can see it in the medical department of hospitals, you can see it in university research labs looking for ever more funding, and you have it in the IT world. I think this is where the real issue is.
The abuse in the profession leads to a perverse effect of self sustainability, which is ofcourse exploited without any regulatory force, usually because the knowledge in the field is a barrier on itself, preventing people to get in, unless they comply to the practices of the trade, after which they are absorbed in the system, which will take good care of them.
That's a little abstract, but to give an example, if there weren't any people hacking and cracking, there would not be a need for security. But companies are about money, and are ths subject to hacking/cracking/virus/worms etc, giving existance to security companies. And who works for these companies ? Presto, there's your self-sustainability.
And no I'm not an anticapitalist or communist, or in security or cracking or hacking or law or medicine myself, these issues have been roaming my overly concerned mind for quite some time. Considering my signal to noise ratio, this post probalby won't mean much either way..
ah well..
Re:Define 'tools' (Score:4)
That's what the article says, allthough UNIX itself probably is not illegal, but the sysadmin/company owning it is. If Sysadmins are not supposed to be able to test their own machines with scanners, how on earth can they be made secure ? If Anti-virus software makers are left with this law, how on earth can they design antidotes and detectors and scanners ? If tools and sourcecode hacks didn't surface, how can OS vendors fix loopholes in their software ? I'm sorry, but this is really a ticket to the stoneage. Seems the only thing lawyers are interested in these days is 'control', 'control' and even more 'control', who cares how idiot their laws may sound to a softwareworld that appears to be running away with allmost anything. As if digital crime is suddenly going to stop right at their borders. Gimme a break.
Calm down people *please* (Score:5)
Okay, from my reading of the Bill (PDF) [aph.gov.au], it seems that the new offence is possession with intent (Schedule 1 lists the relevant amendments to the Criminal Code, you're looking for Part 10.7, Division 478.3). Means they have to prove you were going to commit a crime with the tool. It's a bit hard to prove that a sys admin who uses a particular tool for legit purposes was going to commit a crime.
As a matter of fact, given the legitimate usefulness of most 'cracker' tools, it seems that it would be quite difficult to prove that anyone was going to commit a crime unless you had a smoking-gun e-mail or other clear evidence of intent.
Re:ASIS v ASIO (Score:3)
ASIO is the Australian Security and Intelligence Organisation. They are *only* allowed to operate withing Australia and I believe the article refers to them.
DSD is the Defence Signals Directorate, essentially a (much smaller) analogue of the NSA.
Dave
And in other news.... (Score:5)
Re:Wouldn't it be nice if.. (Score:4)
110% WRONG! In the United States, you have a 5th Amendment protection against self-incrimination. That includes the right to NOT co-operate with the police, as codified in the "Miranda" rights that all arresting officers have to read to the person being arrested.
It's up to the police/prosecutors to prove your guilt, and they have NO right to your assistance in that task.
Now, I'm not saying that there haven't been recent law, etc, where the police lobby hasn't been attacking those rights, but until the Bill of Rights is repealed, they are still there.
" - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it"
The police in the USA can very well get a search warrant for such a safety deposit box, or your home, and may search them. However, again, you DO NOT have any obligation to do anything other than let them in, you do not have to lead them on a "guided tour". Again, the 4th and 5th Amendments cover this.
This Australian law sounds very much like the odious "RIP" law in the UK, which basically gives more or less ANY cop the power to forcibly hand over your security to them, without any oversight (and in the case of RIP, you can even be jailed for letting anyone KNOW they did this to you).
There is no place for such laws in a free society. A people who will tolerate such enormous State power over their persons and property are in effect, tolerating State ownership of all their information and property.
And we all know governments are ALWAYS 100% trustworthy, and would never murder innocents (Waco, Ruby Ridge), and individuals within it would never abuse their power to politically persecute ideological or religious "enemies" (Keith Henson)...
The United States was founded by wise men who feared the power and abuse wrought by too-powerful federal governments. Unfortunately, there aren't many such men in power today.
Elections and clutching at straws (Score:3)
I'm from Australia. There's a federal election coming up and the incumbents (the "Liberals"; similar to the US Republicans but more socially conservative) are worried they might lose due to a botched introduction of a goods and services tax. They've been clutching at straws and more Internet legislation looks like just the ticket to distract the population and also make the Liberals look forward thinking and progressive.
I wish. I'm going to take great pleasure in putting Senator Alston last on my ballot paper.
Hmmm... (Score:5)
Re:I don't see the difference (Score:3)
No, as knives shouldn't be banned just because you can kill somebody with them. But when a tool only use (reasonable use) is doing something illegal, yes I think the tool can be outlawed. That covers also the DOS tools. If they are general purpose, they are OK. If they are single purpose cracking tools they can IMHO be banned.
Exception being if you are a computer security specialist (that's the locksmith in the metaphor). I admit I have no clear solution for the hobbyist locksmith, or hobbyist computer-security expert.
I was not trying to defend that law, not particularly. But sometimes when treading into computer or internet laws, there is a big load of paranoia going around. And the fact that the same kind of problems and imperfect solutions have been around for centuries is overlooked. The world is, has been and will keep on being an imperfect place. That's not to say we should not try to fight, for it to be better (or at least not worse), but I think we should choose our battles with a little bit more forethought.
--
What do I do? (Score:4)
Glorat
More seriously... (Score:4)
Of course, the people who would have the best expertise at "correcting" this policy are those right here at /.!
Who need them? (Score:4)
If they have to reveal all passwords and whatnot, hacker tools aren't needed. Just go to the part of their site where it will say somthing like "By law we are required to post the root passwords to all of our boxes here..." and you will have all the info you need.
What (Score:4)