Aussie Bill Would Ban Hacking Tools, Virus Code 213
rtscts writes: "The Australian govt. is at it again: 'Under the bill, which proposes seven new computer offences carrying jail terms of up to 10 years, it is illegal to possess hacker toolkits, scanners and virus code.'" The bill is called the Cybercrime Bill 2001; according to this article, it "does allow the Defence Signals Directorate (DSD) and Australian Security Intelligence Organisation(ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information."
Same thing for debugers, compilers, etc. (Score:1)
What will happen (Score:1)
I'm not from Oz, but if such a law was passed in my own country...
Prosecutors would suddenly have more scary and realistic threats to wave at caught vandals in court. This is fine, if you make the (unfortunately dubious) assumption that the state is able to effectively distinguish between malicious vandals and the merely curious.
As a side effect, occasional sad legal misfirings might crop up as security and IT professionals run the risk of being mislabeled as criminals.
This comment addresses only the criminalization of hacking tools, not the law's other measures.
Having actually *read* the bill... (Score:1)
478.3 Possession or control of data with intent to commit a computer offence
(1) A person is guilty of an offence if:
(a) the person has possession or control of data; and (b) the person has that possession or control with the intention that the data be used, by the person or another person, in:
(i) committing an offence against Division 477; or
(ii) facilitating the commission of such an offence.
10 Penalty: 3 years imprisonment.
I think the key here is "intent". To be convicted of this offence it would have to be proved that you intended to use them to commit a crime. A security specialist would have a legitimate reason to possess such tools. I have some myself.
Certainly it could be worrisome, but it's no worse than the existing law which makes it illegal to carry burglars tools -- a crowbar is not illegal, but if you are caught with one prowling the neighbourhood then you could expect to be in trouble!
Re:Unintended consequences (Score:1)
"We do it for the Children" (tm)
Thank the US Supreme Court. They prevented a high-jacking of the Florida election! The Dems would have won Florida if their county rep hadn't been caught illegally possessing a Votamatic so early in the evening.
Re:Calm down people *please* (Score:1)
Well, the cops can just say posession itself proves intent. Like in California posession of 'burglar tools' in itself may constitute proof you were going to use them for burglary.
Many people would agree with this. Are the cops supposed to wait around until a guy with a crowbar actually prys open a door?
My answer is probably yes. The dangers of implied motive are subject to hysteria and abuse. The fire chief in my town was arrested for having bomb-making materials. The materials? A collection of plumbing pipes in his garage.
Re:Define 'tools' (Score:1)
We're serious about loving you guys though... after all alot of us came from Europe. Fleeing oppressive regimes and starvation, that is.
I suppose you're probably FOR having hacking tools though. How Ironic.
"What luck for rulers, that men do not think." --Adolf Hitler
"Politically popular speech has always been protected: even the Jews were free to say 'Heil Hitler'". .
-- Isaac Asimov
". . . the most brilliant propaganda technique will yield no success unless one fundamental principle is borne in mind constantly and with unflagging attention. It must confine itself to
a few points and repeat them over and over. Here, as so often in this world, persistence is the first and most important requirement for success.
". . . a slogan must be presented from different angles, but the end of all remarks must always and immutably be the slogan itself.
". . . At first the claims of the propaganda were so impudent that people thought it insane; later, it got on people's nerves; and in the end, it was believed."
-- Adolf Hitler, 'Enemy War Propaganda', MEIN KAMPF
Define 'tools' (Score:5)
The coordination is fascinating. (Score:1)
Isn't it interesting that at the same time the .au government is pushing to give its thugs, sorry, security forces, the right to attack systems, so are the governments of .uk and .nz. And the FBI is pushing for Carnivore.
Don't you love the governments of the "free world" conspiring to legalise attacks on the citizenry by covert organisations?
Re:Differences between cracking tools and child po (Score:2)
Although the charges were dropped, it did temporarily open the possibility of almost everyone having indecent photos in their possession.
The best part of it all, was The Guardian [guardian.co.uk] publishing the photo in question in full colour on the front page on the first day of the fuss, when this photo was still being called indecent by the authorities. I was impressed they were willing to so dramatically state their position and hold firm.
Time to ratchet up the public rhetoric (Score:1)
What would happen if press releases from big time professional and other groups were to just take off the gloves, and brazenly engage in terminology like 'inane', 'stoopid', 'brain-damaged', 'moronic', and 'retarded'?
Methinks that might bring the message home to the public much more effectively.
Screw diplomacy, people. This Is War!
Re:"Criminal paraphernalia" (Score:3)
Now, before you say "why not just go after the makers?" consider this: child porn is not given out for nothing. Usually it involves paying money. Other times it's done in a trade. Even if no cost is involved, you're showing demand for the stuff. So by obtaining it, you've financed the operation, directly (by paying money) or indirectly (by providing more goods, which can later be sold, or by showing demand, which motivates further production). Under most legal definitions, that would make you an accomplice or accessory to the crime. That seems to be a fair enough reason to criminalize the stuff.
Now, things do get stickier in the case of hand-drawn or computer-generated child pornography, in which case it's quite possible (even probable, in the case of CG) that no living beings were ever used in the creation of the work. I don't know if this has been tested in a legal system or not. It would be interesting to see the results of such a case.
----------
Re:Calm down people *please* (Score:2)
"What do we have here? A scanner! You finally slipped up, junior. Take him away boys."
OS/X? (Score:2)
Further yet, is it illegal for you in the US to make available hacking tools to Australians? (Legislation is pushing that way, yes?) If not now, might it be soon?
David E. Weekly [weekly.org]
Down at the bottom of the article (Score:2)
That makes it sound as though instead of hauling away everything you own that has anything to do with computers (and eventually auctioning it off and pocketing the proceeds--that's why they seize the speakers and monitors and power cords and keyboards, they get more money selling compete systems), they could just copy everything you have on any and all storage media, and crack into it back at the station house, without leaving you unable to persue any legal and legitimate computer use. After all, you might be innocent, and this way they inconvenience you the least while still investigating.
Unfortunately this makes sense, respects individual rights, forgoes photo-ops of officers rendering the "danger to society hacker" impotent by taking away all that "sophisticated hardware" that was no doubt financed by selling drugs and dirty pictures to pre-schoolers, and creates less opportunity to augment department budgets with auction proceeds, so don't hold your breath.
Re:Down at the bottom of the article (Score:2)
2600.org.au response to the CyberCrime Bill (Score:1)
There's also a Senate Legal and Constitutional Committee inquiry into the legislation, at:
2600 Australia will be making a submission to this committee. If you'd like to discuss this legislation prior to our submission (which must be lodged by the 20th of July), please join the 2600-law mailing list, by sending an empty email to 2600-law-subscribe@wiretapped.net [mailto]. There are also public hearings in Sydney on 19th July and in Canberra on 9th August.
Well, IIS is a cracking tool... (Score:2)
Seriously, I take exception to the gummint banning the tools which I must have for making sure that the boxes I administer are secure from overseas crackers (after all, since we're every man jack of us law abiding citizens here, no other Aussies could possibly crack my machines, although it seems that some legislators are actually smoking it - crack, that is).
It is time to move to a free country. (Score:1)
in the world, the USA.
Re:No, its still a problem (Score:3)
As a fellow computer professional, would it make more sense to you to "hack in to get my own email" as the prosecutor offered, or to believe me when I say that I was doing this to show that my former sysadmin group was failing to maintain proper security? Yeah, I thought so.
To this day, the prosecutor still claims that he doesn't understand the case. And yet, he managed to share that confusion with the jury in such a way that I'm still a felon, awaiting yet another round of appeals to support a greater common good.
Yes, my methods may have been lousy, and I certainly didn't get prior approval for what I thought would be a no-brainer, but my intent was to help the people that had paid my bills for five years, not harm them.
Re:Differences between cracking tools and child po (Score:1)
Are you on drugs? Please explain to me what illegal purposes people use child pornography for. Why...NONE!
Possession of it is illegal because making it is illegal. It has nothing to do with what people use it for.
And I'm glad the CSC actually looked at the laws with some sense, and said 'If the sex wasn't illegal in the first place, the result isn't automatically illegal'. I've always thought it stupid people under 18 could logically be arrested for carrying nude pictures of themselves or people they have legally had sex with.
However, this has very little bearing, as most child pornography is illegal to make, involving either child molestation or statutory rape, not to mention child labor laws and getting consent of the parents.
Regardless of that, child pornography is NOTHING like 'a tool that can be used to commit a crime', it's 'the result of a crime that has probably been commited'. It's not selling guns, a tool that can be used for evil, it's selling decapitated heads. Which is also illegal.
-David T. C.
Re:"Criminal paraphernalia" (Score:1)
-David T. C.
Re:Wouldn't it be nice if.. (Score:1)
Of course, if you don't, they'll bust down the door and go in anyway, so it's easier just to open it.
-David T. C.
Re:Wouldn't it be nice if.. (Score:1)
The police cannot force us to reveal any information at all if we're a suspect, and cannot threaten us with punishment if we don't help them.
Note 'not helping' is not the same as 'actively subverting'. It would be illegal for us to, say, tamper with the contents of a safe simply because they're off looking for a way to blow it. Unless, of course, they haven't found the safe yet, and thus it's not evidence yet.
-David T. C.
Re:The Australian government are clueless (Score:1)
-David T. C.
Re:Wouldn't it be nice if.. (Score:1)
-David T. C.
Anti-virus software illegal? (Score:1)
Plus all the others. However, the further implication could be it would be illegal to use anti-virus software (esp. of the adaptive kind), since they have virus signatures and whatnot...
Yes. (Score:1)
Gov't Bans "Fingers" (Score:2)
The AU Government, wishing to serve the people in it's full capacity and competence, and seeking to employ the most technically sound and logically considered data attainable, has assembled a task force of experts charged with the duty of identifying clearly and without doubt, those "tools" which are the most serious and effective aids to the operation and infiltration of computer networks by criminals.
"Our data, as set forward in our considered report, "Keep your mits on", has conclusively shown that in a vast majority, and we are making no exageration here, for we found said "tools" to be in the "hands" of 99% of not only hackers, but also criminals in general, of cases, the "fingers" were the single most pervasive means with which criminals were able to persue their illegal activities."
Citizens are free to study the newly published report, wherein they will find details of scientifically conducted tests where criminal hackers were left totally unsupervised, alone in a room, with a computer terminal, having had his or her fingers removed. The data found is so strong, that any even half-educated sheep farmer could plainly see that the chances of the hacker being able to purse a horrible and dangerous criminal activity online was rendered almost completely impossible without the aforementioned tools, the "fingers".
However, the authors of the study wish to deepen their understanding of the "hacker", and recommend a further study into some discrepacies in the data. Partiularly in one case, one criminal individual was found to have, it appears, by means of a pencil held in his teeth, to have actually operated the computer, as evidenced by the words "help me" clearly visible on the screen in an e-mail program. As already stated, for reasons of national security, we recommend further studies into the potential criminal activities of hackers armed with pencils but no fingers.
Interesting... (Score:5)
That puts most people between a rock and a hard place, because then they would have to use hacking tools (DeCSS) to get the key...
Ausssie (Score:1)
Re:Differences between cracking tools and child po (Score:2)
The government doesn't need to take your guns away to have complete and absolute power over you. Look at the insanity of the drug war:
If the government really wants to arrest you, does it matter how many guns you have?
However many you have, they will *always* have more. Having those guns just makes it more likely that you will end up dead. The only way guns protect you from an oppressive government (which the USA already has, BTW) is if the people have more firepower than the feds, something which would never happen in the USA.
Text of the bill (Score:3)
Re:Hmmm... (Score:2)
--
Wouldn't it be nice if.. (Score:2)
Also, if you encrypt your hard drive, then get somehow arrested for say.. distributing child porn, the police would tell you to give them the key to open the encryption. If you just say "nope.. I won't do it", I'm pretty sure you get into a lot of trouble in ANY country - not just Australia. You SHOULD be in a lot of trouble too!
So what is it that is so bad about this bill? And YES I've read 1984 and NO, this is nothing like that.
Re:Wouldn't it be nice if.. (Score:2)
Wow! You got a little carried away there, didn't you? Totally missed my point too, didn't you?
I was talking about being arrested for a crime and then not cooperating with the police. That's probably illegal in any country - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it.
I think you need to relax a little.. You don't need to check if your doors are locked 10 times before you go to bed either. There is no black van outside your window.
Outlaw tools, then only outlaws will have rootkits (Score:2)
Aside from the obvious difficulties in the application of the law, which invites unbalanced and unreasonable application by clueless authorities, the primary harm of this law is the obvious chilling effect that it will have on promoting the progress of anti-hacking technique.
It is only our prodding and poking at our own systems that keeps us as many steps as we are in front of (or behind) the hackers as we may be. Only by "standing on ye shoulders of giants," can we hope to adequately understand and to secure our present systems. If our giants are hidden or made contraband -- then we are left to the mercy of those who live in more (or less) enlightened societies.
In short, hackers have never had so good a friend as the Australian government. A nation disarmed for the picking by those who are not blinded by their own ignorance.
If we outlaw hacker tools, then only hackers shall have rootkits.
Dood, I *AM* a lawyer (Score:2)
I may indeed have my head up my ass, but I also have the law degree and techno-litigation experience [carltonfields.com] you seem to require. If you have an argument on the merits, feel free to show where you think I was mistaken, and we shall see who is making the frivolous argument. But until you do, why not leave the name-calling to yourself?
Re:No, its still a problem (Score:2)
Again, the issue is whether possession of the contraband will be deemed by an average juror to evidence an intent to use it. (It will, 99-100% of the time.) Then, whether the juror will understand *and* buy the testimony from experts suggesting that one doesn't use hacker tools only to hack evil, or buy or be confused by the clueless prosecutor who represents the state.
Then, weigh whether you are willing to risk your freedom and liberty to discover the answer, or accept a plea and do whatever the state requests.
Re:No, its still a problem (Score:2)
That's all I'm saying. If we make possession of hacker tools illegal, only criminals will have rootkits.
No, its still a problem (Score:5)
In theory, a state of mind must be proved just as the factual elements, beyond a reasonable doubt. In practice, a jury is instructed by the judge that they may infer intent from any of the circumstances in which the crime was committed. Unless the defendant takes the stand in her own defense and convinces the jury to the contrary, and thereby submitting herself to a blistering cross-examination, the prosecutor will simply ask the jury to ask themselves any number of rhetorical questions.
Mens rea is a non-issue. With enough stuff on your disk, intent can be "proved" by twisting circumstantial evidence to the satisfaction of the jury. To a jury -- the mere fact of the trial is taking place evidences (which would not otherwise be admissible) the proposition that the government thinks the defendant is guilty.
"with intent" is better than strict liability. But in practice, its grievously dangerous. Anyone possessing tools is ultimately at the mercy of the whim of the authorities. The cost of a criminal defense (which no intelligent person, however good an advocate, should attempt to do by themselves) will never be compensable and can itself be more ruinous than any fine.
In short, this law an authoritarian nightmare -- it serves no good purpose, will actually chill productive anti-hacking technology.
Re:Yeah right... (Score:2)
Anyone have a copy of the bill? (Score:2)
Or you know.. (Score:2)
Re:Wouldn't it be nice if.. (Score:2)
You can have my keys, they are useless without my pass phrases and you can have my pass phrases, when you extract them from my cold dead brain (using mnemonic sensors, probably).
Basic common sense aludes another Slashdotter (Score:3)
Re: (Score:2)
Liberal party (Score:2)
Australia doesn't have a mainstream party which is more socially conservative than the US Republicans. It just sometimes seems that way. :-)
The Australian Liberal Party is actually much closer to a European "conservative" party: close to the US Democrats, but a little more conservative. The closest thing we have to the Republican party in Australia is the National Party, whose support is mostly from rural areas. The problem is that when the Liberal Party is in power, it's almost always in coalition with the National Party, so coalition governments often pass National Party-esque laws such as this one.
Re:Liberal party (Score:2)
Maybe. The Liberal Party is always conscious of differentiating themselves from One Nation, so what you suggest would only happen once One Nation's fifteen minutes are up. This may come quite soon.
As for motive, it would only happen if the National Party went under; the Liberals would be politically obliged to pick up their supporter base. This may also come quite soon.
Re:Liberal party (Score:2)
We have an equivalent (Christian Democratic Coalition, run by the ever-outspoken Fred Nile), but it's not very mainstream.
Yes. Strangely, we use the same names as the US for our chambers ("house of representatives" and "senate") despite having a pretty standard Westminster parliament.
Victimizations and and all other *tions (Score:2)
We all have to stop and admire how paranoid governments are getting which is clearly demonstrated through all their so called tough new laws. Paranoid I say because they never seem to get it right, and oppression of that nature (of information) is likely to lead to higher incidences of anarchy. e.g. Mischievious teens with too much time on their hands are now sentenced to ten years for learning about computer security... Guess that profession will be out of the question there.
I wonder what would/can the AU government do to say someone who has a shell in another country and performs `scans` and runs a security based website with Virii as content? AU laws definitely don't apply here so I don't see what they intend to do when instances like these arise. Wouldn't it be sort of similar to someone leaving AU and moving to another country? So what do they intend to do, shaft someone in hopes no one notices. (trust me it happens)
Aside from that who cares if a provider tells encryption methods. Create a PGP key on your machine, in fact create 2 signing keys, your provider can surely know you're using PGP, now should any message you send be decrypted by anyone other than the recipient, the entire security world would be turned upside down, and cypherpunks would be hitting the keys to create the next best thing.
hacker tools (Score:2)
seriously tho, the bill would probably not be passed in its present form, given the many obvious problems with it.
the main problem is that the it ministers on both our major parties have no clue. in fact, i'm not sure there's a single politician here who has a clue about IT. at least none that has spoken out in public
---
More on this (Score:2)
Re:OS/X? (Score:2)
Re:Intent? (Score:2)
477.1 Unauthorised access, modification or impairment with intent to commit a serious offence
477.2 Unauthorised modification of data to cause impairment
477.3 Unauthorised impairment of electronic communication
478.1 Unauthorised access to, or modification of, restricted data
478.2 Unauthorised impairment of data held on a computer disk etc.
478.3 Possession or control of data with intent to commit a computer offence
478.4 Producing, supplying or obtaining data with intent to commit a computer offence
They are further defined in the actual bill; the url of which is posted earlier.
I do not believe in my mind that port scanning directly offends against any of the 477 crimes, the only one it could possibly apply to is 478.4, and then there is probably not enough evidence to prove intent.
Re:Calm down people *please* (Score:3)
Re:Calm down people *please* (Score:4)
also there is some more stuff on http://www.2600.org.au/ [2600.org.au]
Re:Anyone have a copy of the bill? (Score:5)
http://www.2600.org.au/misc/cybercrime/cybercrime
http://www.2600.org.au/misc/cybercrime/cybercrime
What about Linux? (Score:2)
This proposed ban is senseless (Score:3)
Why don't they just get on with it (Score:2)
Aussie Law = Trade Dispute (Score:2)
This is more than just comic stupidity. This appears to be the Aussie Liberals doing their darndest to get right smack into the same disputes that the EU and the US are having over data and privacy rights. Think about the implications this has for corporations that have connected Aussie offices to the corporate WAN. If having an Aussie office means you have to give up all hope of corporate security to the Aussie cyber cops, you're faced two options. Option 1: bet your company's IT strategy on the dubious notion that the Aussie cyber cops are smarter and/or more reliable than the morons who wrote this bit of lunacy; or disconnect the Aussie office from the WAN.
And funny thing! If that's what happens, doesn't that all of a sudden cripple the Aussie office, and give the local competition a big edge?
If the Aussies say that they're entitled to hack into the network, wherever the network takes them, they're fomenting a trade war. If they say that they're only interested in data stored in Australia, they're just going to clobber IT jobs in Australia, because every multinational will move data and jobs offshore.
When will governments learn? One of the reasons we buy door locks is to protect ourselves from the police.
Re:Wouldn't it be nice if.. (Score:3)
My passphrases are >32 characters long. Ooops, seems the brutality of the police caused a trauma that made me forget one or two. How sad.
"Criminal paraphernalia" (Score:2)
In neither case does the mere fact of possession cause harm to anyone, in both cases there are very real reasons why people might want to possess them, and yet in both cases they are considered "paraphernalia" associated with criminal activity (abuse).
If we're going to complain about cracking tools being made illegal when they are obviously useful for non-cracking activities, why aren't we all complaining about child pornography being illegal when it is in many cases of worthy artistic value?
Re:Differences between cracking tools and child po (Score:2)
The creation of child pornography is not necessarily illegal simply by virtue of the acts being recorded. A recent case at the Canadian Supreme Court demonstrated this clearly in striking down certain portions of Canada's criminal code provisions against child pornography.
The Canadian Supreme Court restricted the law so that (paraphrased) "creation and possession of child pornography shall not be illegal if the material depicts legal acts between consenting persons, the material is intended for personal use only, and the material is not distributed". Even with this ruling in place, the law clearly states that the depiction of *perfectly legal acts* (for example, two 17 year olds having sex) may not legally be possessed by any other person.
If the laws only existed to criminalize possession of depictions of illegal acts, that would be reasonable. Similarly I don't think there would be very major objections raised to criminalizing the possession of "cracking logs" journaling the defacing of web sites (although that would be a rather bizzare law). When material is criminalized solely based on the purposes it could be used to accomplish (the most common reason given for criminalizing child pornography), child pornography is in exactly the same boat as "cracking tools" are.
Re:"Criminal paraphernalia" (Score:2)
In the case of hacking tools (which I'll spare everyone the rant on why they should not be called 'hacking' tools in the spirit that is intended) you have a case where possession of the material in question comes before a crime. Yes it is possible to commit a crime with these tools it is not a necessary consequence of possession. Additionally it is even in question whther or not the use of many of these tools is criminal. For exapmple, take port scanning, I fail to see how this is an illegal activity. If you choose to place a server on a public network, you have no right to complain when people 'look' at it.
The fact has already been mentioned that there are numerous legitimate uses of these tools. Namely to help protect a network from attack. As a software engineer I use these tools to track down flaws in software design when it doesn't work across a network. While these tools do have very real reasons why people would use them there is no reason to own child pornography. In our society child pronography is taboo, not necessarily because of any inherent wrongness in the act itself but because that's a pattern of behavior we, as a whole, believe is destructive to our culture. You mention that some child pornography is worthy of artistic value, this is a faulty statement by the definition of the word pornography. There is a world of difference between a sexually explicit picture of children and an peice of art that contains a nude child as the subject matter. The line is very thin and I'd imagine easy to cross I'm sure but it does exist.
Besides all of this we have the free speech issue. The creation of cracking tools is my right. I have not harmed anyone in the process, especially if I have not distributed or used the tools in any way (though should I choose to distribute them I believe that that is also my perogative). Should I choose to create child pornography, while I am expressing myself how I choose, I am taking my free speech to a level where there is in-escapable implicit harm being done, the exploitation of children.
Re:I don't see the difference (Score:2)
The problem here is, there are very few if any cracking tools which have only one reasonable use. I'm going to take your example, DOS tools. Joe Random Sysadmin is going to be launching a site, and expecting, say, 50k pageviews/day, and wants to test whether his webserver will be able to handle the load. So he takes 50 machines around the office, and signals each of them to load the main page 1000 times. Of course, he doesn't do this by hand, he finds a tool to do it, and controls it from his terminal. What exactly is this tool doing? That's right, it's taking a bunch of machines and signalling them to flood a server with traffic, just like a DOS tool would.
What makes the difference is a matter of intent, which is extremely difficult to prove. If the user used the tool for a legit purpose, or just checked the box on a package list when installing his distro, then the tool is legitimate. If the user intended to or did use the tool for a destructive purpose, then it is not legit.
------------------
A picture is worth 500 DWORDS.
The Australian government are clueless (Score:5)
For what it's worth, even Microsoft realise they are hopeless [slashdot.org]. Hopefully they'll be voted out at the next election (probably later this year?), and this insanity will end.
Text of the bill, what it really does (Score:4)
The bill doesn't make any of the things listed in this article illegal on their own - you have to be using them for, or intending to use them for, committing another federal crime. There is no requirement to divulge passwords, just to assist law enforcement in effecting the execution of a warrant. Without this they'll just seize the equipment anyway, so it's actually in the interests of the person owning the equipment to provide this assistance as it allows them to take just the relevant data.
Of course it does sound a lot more interesting to say it bans the posession of tools that are being used for legal purposes, but the bill explicitly mentions that there must be a use for, or an intent to use for, an otherwise illegal activity.
Self corruption of professions.. (Score:3)
You laugh, but you'll laugh even harder with this article [computerworld.com.au] basicly saying email is the no1 threat for australian companies.
This shows how rigid they are in their thinking. I mean, if people used propper policies and security protection, there was no need for the digital witch-hunt they are now proclaiming.
Now I don't agree with the way things are now, for instance I don't think security firms SHOULD exist, but this kind of artisanal malpractice where the trade itself corrupts and starts to sustain itself, is present in all sorts of professions. You see it in law, you can see it in the medical department of hospitals, you can see it in university research labs looking for ever more funding, and you have it in the IT world. I think this is where the real issue is.
The abuse in the profession leads to a perverse effect of self sustainability, which is ofcourse exploited without any regulatory force, usually because the knowledge in the field is a barrier on itself, preventing people to get in, unless they comply to the practices of the trade, after which they are absorbed in the system, which will take good care of them.
That's a little abstract, but to give an example, if there weren't any people hacking and cracking, there would not be a need for security. But companies are about money, and are ths subject to hacking/cracking/virus/worms etc, giving existance to security companies. And who works for these companies ? Presto, there's your self-sustainability.
And no I'm not an anticapitalist or communist, or in security or cracking or hacking or law or medicine myself, these issues have been roaming my overly concerned mind for quite some time. Considering my signal to noise ratio, this post probalby won't mean much either way..
ah well..
Re:Define 'tools' (Score:4)
That's what the article says, allthough UNIX itself probably is not illegal, but the sysadmin/company owning it is. If Sysadmins are not supposed to be able to test their own machines with scanners, how on earth can they be made secure ? If Anti-virus software makers are left with this law, how on earth can they design antidotes and detectors and scanners ? If tools and sourcecode hacks didn't surface, how can OS vendors fix loopholes in their software ? I'm sorry, but this is really a ticket to the stoneage. Seems the only thing lawyers are interested in these days is 'control', 'control' and even more 'control', who cares how idiot their laws may sound to a softwareworld that appears to be running away with allmost anything. As if digital crime is suddenly going to stop right at their borders. Gimme a break.
Re:No, its still a problem (Score:2)
True, but surely that's dependent on the nature of the offence. With crimes such as assault, break and enter, etc, it would be relatively easy to infer intent from the circumstances, but possession is a different matter. Mere possession of a kitchen knife is not sufficient to say you intended to commit an offence, but wielding it in a threatening manner would be. Of course, there are enough offences with respect to going armed, carrying a concealed weapon, etc, to give me pause.
I am but a first-year law student, and my knowledge of criminal law is very poor, so I will bow to you on this.
Re:hacker tools (Score:2)
However, Natasha Stott Despoja (who, interestingly, seems to be as despised by the hard left as she is by the right) did submit a fairly insightful dissenting opinion in response to the net censorship bill.
Yes, but that was rather offset by the fact that she supported the recent amendments to the Copyright Act. Wouldn't have anything to do with her having lots of friends in the media and publishing, oh no...
To my mind, Labor's Kate Lundy is probably the best-informed federal politician when it comes to tech issues (her Second Reading speech for the Digital Agenda Bill was the most insightful, and included references to Free p2p projects like Gnutella), but she's encumbered by a party machine that still hasn't woken up yet.
Re:No, its still a problem (Score:2)
As an example of succesfully proving an "intent" circumstantially where there was none in fact, take a look at my ongoing case.
I agree that intent is a difficult area, especially in fields so poorly understood by the legal system as IT is, but as I put to werdna, possession may be treated differenly to action.
Your case is an example of what happens when the law fails, but I'm not going to argue about the merits of the American legal system, since my knowledge of it is very poor. I can only hope that when a case is brought against an innocent party under this new law that Australian courts will set an appropriate precedent. I still have enough faith in my legal system to think that they will.
Re:No, its still a problem (Score:2)
Fair enough, but unfortunately I don't see this bill getting knocked back, so our only hope lies with an innocent defendant willing to take the matter to appeal. Then you have all the usual problems with appeals against findings of fact.
So I guess we're in more trouble than I originally thought. :(
Calm down people *please* (Score:5)
Okay, from my reading of the Bill (PDF) [aph.gov.au], it seems that the new offence is possession with intent (Schedule 1 lists the relevant amendments to the Criminal Code, you're looking for Part 10.7, Division 478.3). Means they have to prove you were going to commit a crime with the tool. It's a bit hard to prove that a sys admin who uses a particular tool for legit purposes was going to commit a crime.
As a matter of fact, given the legitimate usefulness of most 'cracker' tools, it seems that it would be quite difficult to prove that anyone was going to commit a crime unless you had a smoking-gun e-mail or other clear evidence of intent.
Re:ASIS v ASIO (Score:3)
ASIO is the Australian Security and Intelligence Organisation. They are *only* allowed to operate withing Australia and I believe the article refers to them.
DSD is the Defence Signals Directorate, essentially a (much smaller) analogue of the NSA.
Dave
Differences between cracking tools and child porn (Score:2)
There are many non-malicious reasons for wanting to possess cracking tools, not the least of which is the ability to examine them and see how they work, as well as testing your own system. It's not necessarily malicious to make cracking tools, and it's not necessarily malicious to possess them.
Possession of child pornography on the other hand is illegal because making it is illegal. Possessing it encourages making it, and making it victimises children. (Although some argue that it doesn't.)
Depending on what you consider artistic, I'm not sure if it always qualifies as child porn, except for in the eyes of some more conservative groups. Showing naked children isn't necessarily the same as distributing photos of 5 year old girls being raped by grown men, or young boys being made to touch each others' private parts for example.
From what I've seen, that's mainly what is targeted by child pornography legislation. It doesn't mean they raid houses of naturist families for taking and showing people family photos.
To me this seems more like an absolute ban on firearms, except (IMHO) a lot sillier. Similar arguments would apply, though.
===
And in other news.... (Score:5)
sorry to rain on your American parade... (Score:2)
bearing arms is not a human right [unhchr.ch]
as to that being an American right, even that is a stretch. The American Constitution [midnightbeach.com] clearly states in the Second Amendment [midnightbeach.com] - "A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms, shall not be infringed"
You might wish it meant otherwise, but that seems pretty clearly aimed at the state armed forces, not civilians. Specifically a well-regulated armed force.
Re:Anti-virus software illegal? (Score:2)
They certainly decompile the virus and re-create the source code as part of analysis.
What about benevolent hacker tools and viruses? (Score:2)
If American sites are liable in Austrailian courts what can be done about a site more informative than this one [llnl.gov]? Would my link of this site [aquanet.co.il] where one can chose to download KOH for their MSDOS 3.1 machine or one of the other less friendly viruses be a no no? Who gets the 10 years, me or CmdTaco? Is hyperbole the primary cause of a receeding hair line?
But enough about viruses. What about trojans? Back Orifice has features similar to carbon copy and pcAnywhere. The primary difference being that the creators gave both the source and program away for free. Not to mention that it uses less resources, and can typically do more (for good or ill). Is it illegal because it doesn't cost $50 dollars and come in a non-returnable shrinkwrapped box? To say nothing of spyware.
Personally, I think the world could use a few more good viruses. I think a nice macro virus that effectivly muted spam could be a wonderful gift to all those outlook express users.
Re:hacker tools (Score:2)
How do you know that ignorance isn't the ultimate aim of those who want to grab such power for the State? After all, an uneducated and ignorant populace is easier to cow.
I find it no coincidence that Government schools tend to produce brainwashed individuals who are uneducated and ready to accept whatever the Statists wish them to. Did you see the Stossel special on ABC, about the brainwashing that elementary school children are getting in "Global Warming"?
Keeping the people ignorant is one way that those in power seek to stay in power. And State control over information systems (which is exactly what such powers as this proposed Australian law gives it) is an obvious goal for those who favor powerful federal government.
"seriously tho, the bill would probably not be passed in its present form, given the many obvious problems with it."
Really? These are the same obvious problems that were in the various "net censorship" bills the Australian government has bassed. And the same ones that the Brits overlooked when passing RIP.
Don't be too sure of that. If you live in Australia, the only way to NOT get such a law passed is to start spreading the word, and get your fellow citizens out in front of the Parlaiment building with pitchforks, so to speak.
Re:Wouldn't it be nice if.. (Score:2)
Exactly... Which is why any government that presumes guilt (instead of innocent until proven guilty) in criminal cases is not free.
The burden of proving a negative is onerous. It's FAR harder a burden to prove that you didn't do something, especially when the police (in the case of this bill) are given the power to more or less force your co-operation at gunpoint.
ALL government power, no matter how seemingly benign, flows from the barrel of a gun. Remember that. Violation of ANY law, no matter how slight, will ultimately result in the State enforcing it with guns.
Re:Wouldn't it be nice if.. (Score:2)
Of course, if you don't, they'll bust down the door and go in anyway, so it's easier just to open it."
True, though not letting them in when they have a valid warrant would likely open yourself up to being charged with "obstruction of justice", which would only make things worse.
Re:Wouldn't it be nice if.. (Score:4)
110% WRONG! In the United States, you have a 5th Amendment protection against self-incrimination. That includes the right to NOT co-operate with the police, as codified in the "Miranda" rights that all arresting officers have to read to the person being arrested.
It's up to the police/prosecutors to prove your guilt, and they have NO right to your assistance in that task.
Now, I'm not saying that there haven't been recent law, etc, where the police lobby hasn't been attacking those rights, but until the Bill of Rights is repealed, they are still there.
" - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it"
The police in the USA can very well get a search warrant for such a safety deposit box, or your home, and may search them. However, again, you DO NOT have any obligation to do anything other than let them in, you do not have to lead them on a "guided tour". Again, the 4th and 5th Amendments cover this.
This Australian law sounds very much like the odious "RIP" law in the UK, which basically gives more or less ANY cop the power to forcibly hand over your security to them, without any oversight (and in the case of RIP, you can even be jailed for letting anyone KNOW they did this to you).
There is no place for such laws in a free society. A people who will tolerate such enormous State power over their persons and property are in effect, tolerating State ownership of all their information and property.
And we all know governments are ALWAYS 100% trustworthy, and would never murder innocents (Waco, Ruby Ridge), and individuals within it would never abuse their power to politically persecute ideological or religious "enemies" (Keith Henson)...
The United States was founded by wise men who feared the power and abuse wrought by too-powerful federal governments. Unfortunately, there aren't many such men in power today.
Elections and clutching at straws (Score:3)
I'm from Australia. There's a federal election coming up and the incumbents (the "Liberals"; similar to the US Republicans but more socially conservative) are worried they might lose due to a botched introduction of a goods and services tax. They've been clutching at straws and more Internet legislation looks like just the ticket to distract the population and also make the Liberals look forward thinking and progressive.
I wish. I'm going to take great pleasure in putting Senator Alston last on my ballot paper.
Hmmm... (Score:5)
Re:I don't see the difference (Score:2)
Lockpicking tools? OK, let's put locksmiths (professional and hobbyist) out of business. While we're at it, when I locked myself out of my house, I was both relieved and horrified to discover that I could open the lock on my back door with a screwdriver and a pin (plus plenty of time and incentive). So, we should ban screwdrivers and pins, right?
Similarly, I can "scan" networks using ping/telnet and a shell script. Hell, I can even do it using standard DOS tools. Better ban those too!
"The legislation will enable police powers to copy computer data and examine computer equipment and disks off-site and enable them to obtain assistance from computer owners."
The article isn't entirely clear, but recent Ozzie precedent is to give the police (not courts) the power to do whatever the hell they want when dealing with the feared and accursed computers. This doesn't look to be any different.
The counter to all this paranoia is the argument that these powers probably won't be used that much, so don't get so het up.
Fine. So why grant them?
Re:Wouldn't it be nice if.. (Score:2)
Because there's no mention of intent, merely possession. Also, licensing "authorised" possession is a shoddy way of doing it: I need to get a license if I want to download tools for hobbyist purposes? I need to a priori prove my innocence?
Do you see having to prove your innocence as being substantially different from 1984? How?
Re:Calm down people *please* (Score:2)
Note to self: read all articles before deciding whether to post rather than mod. This is the only worthwhile post in this thread. Please moderate it up.
Re:What do I do? (Score:2)
I recommend fdisk. ;)
Oooh, wait, a thought occurs. Why is Microsoft pushing GPL as "viral"?
New crime: Installing GNU/Linux with intent. "I swear, it's for personal use only! I wasn't dealing, man!" ;)
Re:Wouldn't it be nice if.. (Score:2)
478.3 Possession or control of data with intent to commit a computer offence
478.4 Producing, supplying or obtaining data with intent to commit a computer offence
hmmm
I don't see the difference (Score:2)
--
P.S.: I wasnt's so sure of the spelling of "possession", so I used Google. Results : "possession" 30000 results, "possesion" 39100 results, "posession" 33400 results, "posesion" 45300 results. Fortunately I also have a dictionary :o)
--
Re:I don't see the difference (Score:3)
No, as knives shouldn't be banned just because you can kill somebody with them. But when a tool only use (reasonable use) is doing something illegal, yes I think the tool can be outlawed. That covers also the DOS tools. If they are general purpose, they are OK. If they are single purpose cracking tools they can IMHO be banned.
Exception being if you are a computer security specialist (that's the locksmith in the metaphor). I admit I have no clear solution for the hobbyist locksmith, or hobbyist computer-security expert.
I was not trying to defend that law, not particularly. But sometimes when treading into computer or internet laws, there is a big load of paranoia going around. And the fact that the same kind of problems and imperfect solutions have been around for centuries is overlooked. The world is, has been and will keep on being an imperfect place. That's not to say we should not try to fight, for it to be better (or at least not worse), but I think we should choose our battles with a little bit more forethought.
--
What do I do? (Score:4)
Glorat
More seriously... (Score:4)
Of course, the people who would have the best expertise at "correcting" this policy are those right here at /.!
Time (Score:2)
China is the land of the free except when you get executed so they can sell your organs.
Unintended consequences (Score:2)
Well here's a bill that's likely to have some unintended consequences. In outlawing so much of the software which they feel is a threat to "the national information infrastructure", they've also made it difficult for computer professionals to use the tools they need to test and evaluate the security of that same infrastructure. Computer security experts, it seems, will have to work for the government -- either that or have to consult lawyers on a daily basis to avoid inadvertently breaking the law in the course of their duties. As a result Australia will end up with some of the most insecure networks in the world.
Who need them? (Score:4)
If they have to reveal all passwords and whatnot, hacker tools aren't needed. Just go to the part of their site where it will say somthing like "By law we are required to post the root passwords to all of our boxes here..." and you will have all the info you need.
What (Score:4)