Forgot your password?
typodupeerror
The Internet Your Rights Online

Aussie Bill Would Ban Hacking Tools, Virus Code 213

Posted by timothy
from the only-criminals-object-to-stripsearches dept.
rtscts writes: "The Australian govt. is at it again: 'Under the bill, which proposes seven new computer offences carrying jail terms of up to 10 years, it is illegal to possess hacker toolkits, scanners and virus code.'" The bill is called the Cybercrime Bill 2001; according to this article, it "does allow the Defence Signals Directorate (DSD) and Australian Security Intelligence Organisation(ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information."
This discussion has been archived. No new comments can be posted.

Ausssie Bill Would Ban Hacking Tools, Virus Code

Comments Filter:
  • by Anonymous Coward
    I think you can define "hacking tools" anyway it suits them. The sky is the limit.
  • by Anonymous Coward

    I'm not from Oz, but if such a law was passed in my own country...

    Prosecutors would suddenly have more scary and realistic threats to wave at caught vandals in court. This is fine, if you make the (unfortunately dubious) assumption that the state is able to effectively distinguish between malicious vandals and the merely curious.

    As a side effect, occasional sad legal misfirings might crop up as security and IT professionals run the risk of being mislabeled as criminals.

    This comment addresses only the criminalization of hacking tools, not the law's other measures.

  • by Anonymous Coward
    The offense is in section 478.3, and is entitled "Possession or control of data with intent to commit a computer offense":

    478.3 Possession or control of data with intent to commit a computer offence

    (1) A person is guilty of an offence if:
    (a) the person has possession or control of data; and (b) the person has that possession or control with the intention that the data be used, by the person or another person, in:
    (i) committing an offence against Division 477; or
    (ii) facilitating the commission of such an offence.
    10 Penalty: 3 years imprisonment.

    I think the key here is "intent". To be convicted of this offence it would have to be proved that you intended to use them to commit a crime. A security specialist would have a legitimate reason to possess such tools. I have some myself.

    Certainly it could be worrisome, but it's no worse than the existing law which makes it illegal to carry burglars tools -- a crowbar is not illegal, but if you are caught with one prowling the neighbourhood then you could expect to be in trouble!
  • by Anonymous Coward
    Will computer security professionals be licensed to have and use tools? Of course. The Austrialian Police are allowed to carry weapons even though the citizens have been disarmed. Austrialia has become, by definition, a Police State, in which only police have rights. Next they'll outlaw Boogy Bears because some 7 year old is afraid of them. And, during hearings, several members of the "Ban the Boogy Bear" PAC will testify that they have statistics proving that several children have already suffered irrepairable harm and even death after being frightened by a Boogy Bear.

    "We do it for the Children" (tm)

    Thank the US Supreme Court. They prevented a high-jacking of the Florida election! The Dems would have won Florida if their county rep hadn't been caught illegally possessing a Votamatic so early in the evening.

  • by Anonymous Coward
    As a matter of fact, given the legitimate usefulness of most 'cracker' tools, it seems that it would be quite difficult to prove that anyone was going to commit a crime unless you had a smoking-gun e-mail or other clear evidence of intent.

    Well, the cops can just say posession itself proves intent. Like in California posession of 'burglar tools' in itself may constitute proof you were going to use them for burglary.

    Many people would agree with this. Are the cops supposed to wait around until a guy with a crowbar actually prys open a door?

    My answer is probably yes. The dangers of implied motive are subject to hysteria and abuse. The fire chief in my town was arrested for having bomb-making materials. The materials? A collection of plumbing pipes in his garage.

  • by Anonymous Coward
    We love you too. That's why we bailed you guys out of two world wars. And we even forgave all your war debts too.. except for FINLAND, which has the DECENCY to pay us back.

    We're serious about loving you guys though... after all alot of us came from Europe. Fleeing oppressive regimes and starvation, that is.

    I suppose you're probably FOR having hacking tools though. How Ironic.

    "What luck for rulers, that men do not think." --Adolf Hitler

    "Politically popular speech has always been protected: even the Jews were free to say 'Heil Hitler'". .
    -- Isaac Asimov

    ". . . the most brilliant propaganda technique will yield no success unless one fundamental principle is borne in mind constantly and with unflagging attention. It must confine itself to
    a few points and repeat them over and over. Here, as so often in this world, persistence is the first and most important requirement for success.
    ". . . a slogan must be presented from different angles, but the end of all remarks must always and immutably be the slogan itself.
    ". . . At first the claims of the propaganda were so impudent that people thought it insane; later, it got on people's nerves; and in the end, it was believed."
    -- Adolf Hitler, 'Enemy War Propaganda', MEIN KAMPF
  • by Anonymous Coward on Saturday July 07, 2001 @12:24AM (#102480)
    Doesn't this sort of make Unix illegal? I mean, every unix I've heard of pretty much comes with a suit of network utilities, of which scanners are a usual componenet.
  • Isn't it interesting that at the same time the .au government is pushing to give its thugs, sorry, security forces, the right to attack systems, so are the governments of .uk and .nz. And the FBI is pushing for Carnivore.

    Don't you love the governments of the "free world" conspiring to legalise attacks on the citizenry by covert organisations?

  • A search on Google for Tierney Gearon will reveal the fuss in the UK recently about some innocent holiday-type snaps of kids being (temporarily) deemed as indecent. Gearon is an artist, and these photos were included in an exhibition at the Saatchi gallery.

    Although the charges were dropped, it did temporarily open the possibility of almost everyone having indecent photos in their possession.

    The best part of it all, was The Guardian [guardian.co.uk] publishing the photo in question in full colour on the front page on the first day of the fuss, when this photo was still being called indecent by the authorities. I was impressed they were willing to so dramatically state their position and hold firm.
  • I am SO tired of distinguished groups softpedaling and using terms like 'distressing' or 'draconian' to describe shit like this.

    What would happen if press releases from big time professional and other groups were to just take off the gloves, and brazenly engage in terminology like 'inane', 'stoopid', 'brain-damaged', 'moronic', and 'retarded'?

    Methinks that might bring the message home to the public much more effectively.

    Screw diplomacy, people. This Is War!

  • by Millennium (2451) on Saturday July 07, 2001 @04:45AM (#102484) Homepage
    Child pornography is very different. The reason: the making of child pornography pretty much by definition involves one of the most hideous abuses of another human being possible: sexual exploitation of a child.

    Now, before you say "why not just go after the makers?" consider this: child porn is not given out for nothing. Usually it involves paying money. Other times it's done in a trade. Even if no cost is involved, you're showing demand for the stuff. So by obtaining it, you've financed the operation, directly (by paying money) or indirectly (by providing more goods, which can later be sold, or by showing demand, which motivates further production). Under most legal definitions, that would make you an accomplice or accessory to the crime. That seems to be a fair enough reason to criminalize the stuff.

    Now, things do get stickier in the case of hand-drawn or computer-generated child pornography, in which case it's quite possible (even probable, in the case of CG) that no living beings were ever used in the creation of the work. I don't know if this has been tested in a legal system or not. It would be interesting to see the results of such a case.
    ----------
  • Okay, from my reading of the Bill (PDF), it seems that the new offence is possession with intent. Means they have to prove you were going to commit a crime with the tool.
    Still, that seems almost as bad to me. Is this not just an excuse to arrest someone they think is up to no good? (same as the marijuana laws)

    "What do we have here? A scanner! You finally slipped up, junior. Take him away boys."

  • by dew (3680)
    I find it interesting to note that OS/X comes with an SSH (secure shell) server and client for encrypted connections; but further yet (and relevant to this article) it comes with a very pretty port scanner. That's right, each and every copy of OS/X could be illegal in Australia if scanners are made illegal. Hm. Wonder if Apple has the heads up on that?

    Further yet, is it illegal for you in the US to make available hacking tools to Australians? (Legislation is pushing that way, yes?) If not now, might it be soon?

    David E. Weekly [weekly.org]

  • "A spokesperson for the Minister for Justice and Customers Senator Chris Ellison was unavailable for comment but said in a statement: "The large amount of data that can be stored on computer drives and disks and the complex security measures, such as encryption and passwords, which can be used to protect that information present particular problems for investigators. The legislation will enable police powers to copy computer data and examine computer equipment and disks off-site and enable them to obtain assistance from computer owners."emphasis added

    That makes it sound as though instead of hauling away everything you own that has anything to do with computers (and eventually auctioning it off and pocketing the proceeds--that's why they seize the speakers and monitors and power cords and keyboards, they get more money selling compete systems), they could just copy everything you have on any and all storage media, and crack into it back at the station house, without leaving you unable to persue any legal and legitimate computer use. After all, you might be innocent, and this way they inconvenience you the least while still investigating.

    Unfortunately this makes sense, respects individual rights, forgoes photo-ops of officers rendering the "danger to society hacker" impotent by taking away all that "sophisticated hardware" that was no doubt financed by selling drugs and dirty pictures to pre-schoolers, and creates less opportunity to augment department budgets with auction proceeds, so don't hold your breath.

  • Yeah, but it would have made more sense if I'd said "selling complete systems" instead of "selling compete systems". :-)
  • There's also a Senate Legal and Constitutional Committee inquiry into the legislation, at:

    2600 Australia will be making a submission to this committee. If you'd like to discuss this legislation prior to our submission (which must be lodged by the 20th of July), please join the 2600-law mailing list, by sending an empty email to 2600-law-subscribe@wiretapped.net [mailto]. There are also public hearings in Sydney on 19th July and in Canberra on 9th August.

  • ...at least, it's a DDoS client in two lines if you don't have the latest patches for it.

    Seriously, I take exception to the gummint banning the tools which I must have for making sure that the boxes I administer are secure from overseas crackers (after all, since we're every man jack of us law abiding citizens here, no other Aussies could possibly crack my machines, although it seems that some legislators are actually smoking it - crack, that is).
  • Just move to the best and most free country
    in the world, the USA.
  • by merlyn (9918) on Saturday July 07, 2001 @02:29PM (#102492) Homepage Journal
    As an example of succesfully proving an "intent" circumstantially where there was none in fact, take a look at my ongoing case [stonehenge.com].

    As a fellow computer professional, would it make more sense to you to "hack in to get my own email" as the prosecutor offered, or to believe me when I say that I was doing this to show that my former sysadmin group was failing to maintain proper security? Yeah, I thought so.

    To this day, the prosecutor still claims that he doesn't understand the case. And yet, he managed to share that confusion with the jury in such a way that I'm still a felon, awaiting yet another round of appeals to support a greater common good.

    Yes, my methods may have been lousy, and I certainly didn't get prior approval for what I thought would be a no-brainer, but my intent was to help the people that had paid my bills for five years, not harm them.

  • When material is criminalized solely based on the purposes it could be used to accomplish (the most common reason given for criminalizing child pornography), child pornography is in exactly the same boat as "cracking tools" are.

    Are you on drugs? Please explain to me what illegal purposes people use child pornography for. Why...NONE!

    Possession of it is illegal because making it is illegal. It has nothing to do with what people use it for.

    And I'm glad the CSC actually looked at the laws with some sense, and said 'If the sex wasn't illegal in the first place, the result isn't automatically illegal'. I've always thought it stupid people under 18 could logically be arrested for carrying nude pictures of themselves or people they have legally had sex with.

    However, this has very little bearing, as most child pornography is illegal to make, involving either child molestation or statutory rape, not to mention child labor laws and getting consent of the parents.

    Regardless of that, child pornography is NOTHING like 'a tool that can be used to commit a crime', it's 'the result of a crime that has probably been commited'. It's not selling guns, a tool that can be used for evil, it's selling decapitated heads. Which is also illegal.

    -David T. C.

  • I cannot believe this dumbass pleaded guilty to this.

    -David T. C.
  • Actually, if the police have a search warrent of your place, you still don't have to let them in.

    Of course, if you don't, they'll bust down the door and go in anyway, so it's easier just to open it.

    -David T. C.

  • They cannot make you hand over the key to a safety deposit box or the combination to a safe in the US. (Well, if you're in possession of a key, and they find it, they'll take it from you. But you can't be forced to say where the key is.)

    The police cannot force us to reveal any information at all if we're a suspect, and cannot threaten us with punishment if we don't help them.

    Note 'not helping' is not the same as 'actively subverting'. It would be illegal for us to, say, tamper with the contents of a safe simply because they're off looking for a way to blow it. Unless, of course, they haven't found the safe yet, and thus it's not evidence yet.

    -David T. C.

  • Um...how does the Australian government violate an American right?

    -David T. C.
  • I don't think not opening the door would open you up to those charges, but shutting and locking the door in their face might.

    -David T. C.
  • On a more serious note, it looks like this means a company like Symantec cannot operate there as they will not be able to store "virus code" for analysis.

    Plus all the others. However, the further implication could be it would be illegal to use anti-virus software (esp. of the adaptive kind), since they have virus signatures and whatnot...

  • by Enthrad (11463)
    In fact, I quite enjoy living here, thank you.
  • The AU Government, wishing to serve the people in it's full capacity and competence, and seeking to employ the most technically sound and logically considered data attainable, has assembled a task force of experts charged with the duty of identifying clearly and without doubt, those "tools" which are the most serious and effective aids to the operation and infiltration of computer networks by criminals.

    "Our data, as set forward in our considered report, "Keep your mits on", has conclusively shown that in a vast majority, and we are making no exageration here, for we found said "tools" to be in the "hands" of 99% of not only hackers, but also criminals in general, of cases, the "fingers" were the single most pervasive means with which criminals were able to persue their illegal activities."

    Citizens are free to study the newly published report, wherein they will find details of scientifically conducted tests where criminal hackers were left totally unsupervised, alone in a room, with a computer terminal, having had his or her fingers removed. The data found is so strong, that any even half-educated sheep farmer could plainly see that the chances of the hacker being able to purse a horrible and dangerous criminal activity online was rendered almost completely impossible without the aforementioned tools, the "fingers".

    However, the authors of the study wish to deepen their understanding of the "hacker", and recommend a further study into some discrepacies in the data. Partiularly in one case, one criminal individual was found to have, it appears, by means of a pencil held in his teeth, to have actually operated the computer, as evidenced by the words "help me" clearly visible on the screen in an e-mail program. As already stated, for reasons of national security, we recommend further studies into the potential criminal activities of hackers armed with pencils but no fingers.

  • by dr_labrat (15478) <spooner AT gmail DOT com> on Saturday July 07, 2001 @12:55AM (#102502) Homepage
    By owning a DVD you can theoretically go to jail, because you can be ordered to reveal the key that encrypts the data...

    That puts most people between a rock and a hard place, because then they would have to use hacking tools (DeCSS) to get the key...

  • by Eli (16462)
    ssuckss dood
  • Newsflash for all you gun nuts:

    The government doesn't need to take your guns away to have complete and absolute power over you. Look at the insanity of the drug war:

    If the government really wants to arrest you, does it matter how many guns you have?

    However many you have, they will *always* have more. Having those guns just makes it more likely that you will end up dead. The only way guns protect you from an oppressive government (which the USA already has, BTW) is if the people have more firepower than the feds, something which would never happen in the USA.
  • by cantanker (18364) on Saturday July 07, 2001 @02:15AM (#102506)
    You can read the Full Text [aph.gov.au] and an Explanatory Memo [aph.gov.au] from the Australian Parliament Legislation [aph.gov.au] page.
  • Like Britain....
    --
  • .. someone read the article and realized that they are already acknowledging that system admins and other professionals need "hacker tools" and before the bill is accepted, there would be adjustments to the bill because of this very reason.

    Also, if you encrypt your hard drive, then get somehow arrested for say.. distributing child porn, the police would tell you to give them the key to open the encryption. If you just say "nope.. I won't do it", I'm pretty sure you get into a lot of trouble in ANY country - not just Australia. You SHOULD be in a lot of trouble too!

    So what is it that is so bad about this bill? And YES I've read 1984 and NO, this is nothing like that.
  • "You can have my keys, they are useless without my pass phrases and you can have my pass phrases, when you extract them from my cold dead brain (using mnemonic sensors, probably)."

    Wow! You got a little carried away there, didn't you? Totally missed my point too, didn't you?

    I was talking about being arrested for a crime and then not cooperating with the police. That's probably illegal in any country - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it.

    I think you need to relax a little.. You don't need to check if your doors are locked 10 times before you go to bed either. There is no black van outside your window.
  • Our mission against black hat hacking is problematic enough. The single best tool we have ever developed to keep hackers out is the openness with which techniques of hacking are discussed, and the sharing and free distribution of those tools.

    Aside from the obvious difficulties in the application of the law, which invites unbalanced and unreasonable application by clueless authorities, the primary harm of this law is the obvious chilling effect that it will have on promoting the progress of anti-hacking technique.

    It is only our prodding and poking at our own systems that keeps us as many steps as we are in front of (or behind) the hackers as we may be. Only by "standing on ye shoulders of giants," can we hope to adequately understand and to secure our present systems. If our giants are hidden or made contraband -- then we are left to the mercy of those who live in more (or less) enlightened societies.

    In short, hackers have never had so good a friend as the Australian government. A nation disarmed for the picking by those who are not blinded by their own ignorance.

    If we outlaw hacker tools, then only hackers shall have rootkits.
  • Dude, take some valium and pull your head out of your ass. . . . Leave the law to the lawyers, because if you, timothy and taco got together and worked real hard on it, you'd be able to understand enough of it to get yourselves laughed out of court.

    I may indeed have my head up my ass, but I also have the law degree and techno-litigation experience [carltonfields.com] you seem to require. If you have an argument on the merits, feel free to show where you think I was mistaken, and we shall see who is making the frivolous argument. But until you do, why not leave the name-calling to yourself?
  • Right in theory, but you overestimate a jury's capacity to see possession of a "hacker tool" as a salutary and ordinary thing, such as holding a kitchen knife.

    Again, the issue is whether possession of the contraband will be deemed by an average juror to evidence an intent to use it. (It will, 99-100% of the time.) Then, whether the juror will understand *and* buy the testimony from experts suggesting that one doesn't use hacker tools only to hack evil, or buy or be confused by the clueless prosecutor who represents the state.

    Then, weigh whether you are willing to risk your freedom and liberty to discover the answer, or accept a plea and do whatever the state requests.
  • So I guess we're in more trouble than I originally thought. :(

    That's all I'm saying. If we make possession of hacker tools illegal, only criminals will have rootkits.
  • by werdna (39029) on Saturday July 07, 2001 @09:15AM (#102521) Journal
    Most crimes have both a factual component (actus reus) and a state of mind component (mens rea). The Mens Rea for a crime may be intent, knowledge, recklessness, negligence and at times (such as for statutory rape) strict liability.

    In theory, a state of mind must be proved just as the factual elements, beyond a reasonable doubt. In practice, a jury is instructed by the judge that they may infer intent from any of the circumstances in which the crime was committed. Unless the defendant takes the stand in her own defense and convinces the jury to the contrary, and thereby submitting herself to a blistering cross-examination, the prosecutor will simply ask the jury to ask themselves any number of rhetorical questions.

    Mens rea is a non-issue. With enough stuff on your disk, intent can be "proved" by twisting circumstantial evidence to the satisfaction of the jury. To a jury -- the mere fact of the trial is taking place evidences (which would not otherwise be admissible) the proposition that the government thinks the defendant is guilty.

    "with intent" is better than strict liability. But in practice, its grievously dangerous. Anyone possessing tools is ultimately at the mercy of the whim of the authorities. The cost of a criminal defense (which no intelligent person, however good an advocate, should attempt to do by themselves) will never be compensable and can itself be more ruinous than any fine.

    In short, this law an authoritarian nightmare -- it serves no good purpose, will actually chill productive anti-hacking technology.
  • welcome to the information super outback!
  • shoddy journalism at its best here folks.
  • just ship them half way around the world to build your railroads, tend your farms and be discrimated against after you finally figure out that slavery is wrong.
  • If you just say "nope.. I won't do it" ... You SHOULD be in a lot of trouble

    You can have my keys, they are useless without my pass phrases and you can have my pass phrases, when you extract them from my cold dead brain (using mnemonic sensors, probably).
  • Dont you think for just one moment that this bill provides a provision that says "excluding registered computer virus researchers", like every other computer related law on the books in Australia? Anyone who knows anything about the antivirus industry knows full well that it is a cartel. Symantec and the other members of CARO would like nothing better than everyone else to be excluded from antivirus research. It helps them maintain their power. As for the bill itself, have you even read it? If so, I would really like a copy cause yet again an online "journalist" has failed to provide basic references. Please dont tell me you're forming your opinion on the three lines printed in the article or the poor attempt at a sentence provided in the summary on Slashdot.
  • >If they are single purpose cracking tools they can IMHO be banned.

    A few years back, I was the manager for Data Security for KPMG's electronic commerce group, and I can attest that there is indeed a legitimate use for any cracking tool you can name, even the DOS hacks.

    I routinely use cracking tools to probe my own systems, since I have exactly ZERO confidence that script kiddies will leave me alone just because there's a law against what they're doing.

    One obvious legit use of a DOS hack is to test your firewall, and make sure it doesn't just crash when it gets way more traffic than it can handle.

    When governments think they can prevent behaviour just by passing a law against it, I simply refer them to all of the drug wars we've ever had.

    If we want secure systems, then what we need to do is tell all of our governments to FUCK OFF and quit trying to legislate an engineering problem.

    -jcr
  • the "Liberals"; similar to the US Republicans but more socially conservative

    Australia doesn't have a mainstream party which is more socially conservative than the US Republicans. It just sometimes seems that way. :-)

    The Australian Liberal Party is actually much closer to a European "conservative" party: close to the US Democrats, but a little more conservative. The closest thing we have to the Republican party in Australia is the National Party, whose support is mostly from rural areas. The problem is that when the Liberal Party is in power, it's almost always in coalition with the National Party, so coalition governments often pass National Party-esque laws such as this one.

  • Don't kid yourself. While they're not as socially conservative as the Republicans yet, they are headed that way. It's just wishful thinking to say otherwise.

    Maybe. The Liberal Party is always conscious of differentiating themselves from One Nation, so what you suggest would only happen once One Nation's fifteen minutes are up. This may come quite soon.

    As for motive, it would only happen if the National Party went under; the Liberals would be politically obliged to pick up their supporter base. This may also come quite soon.

  • Well, part of the CA's last campaign was "Vote us because we're good Christians, and We'll get God back into Canada.

    We have an equivalent (Christian Democratic Coalition, run by the ever-outspoken Fred Nile), but it's not very mainstream.

    Do you elect your Senators?

    Yes. Strangely, we use the same names as the US for our chambers ("house of representatives" and "senate") despite having a pretty standard Westminster parliament.


  • We all have to stop and admire how paranoid governments are getting which is clearly demonstrated through all their so called tough new laws. Paranoid I say because they never seem to get it right, and oppression of that nature (of information) is likely to lead to higher incidences of anarchy. e.g. Mischievious teens with too much time on their hands are now sentenced to ten years for learning about computer security... Guess that profession will be out of the question there.

    I wonder what would/can the AU government do to say someone who has a shell in another country and performs `scans` and runs a security based website with Virii as content? AU laws definitely don't apply here so I don't see what they intend to do when instances like these arise. Wouldn't it be sort of similar to someone leaving AU and moving to another country? So what do they intend to do, shaft someone in hopes no one notices. (trust me it happens)

    Aside from that who cares if a provider tells encryption methods. Create a PGP key on your machine, in fact create 2 signing keys, your provider can surely know you're using PGP, now should any message you send be decrypted by anyone other than the recipient, the entire security world would be turned upside down, and cypherpunks would be hitting the keys to create the next best thing.
  • with hacker tools such as the hex editor and the scientific calculator banned, how would you teach comp sci at uni?

    seriously tho, the bill would probably not be passed in its present form, given the many obvious problems with it.

    the main problem is that the it ministers on both our major parties have no clue. in fact, i'm not sure there's a single politician here who has a clue about IT. at least none that has spoken out in public


    ---
  • The aussie 2600 site http://www.2600.org.au/ [2600.org.au] has more on this issue including a mirrored copy of the bill, as well as explanatory memoranda. It also has a response to some of the issues brought up in the bill such as the fact that many of the proposed new crimes are already covered in part by existing laws in the Crimes Act.
  • Another one that didnt read the bill. You need to prove intent for it to be an offence to have such software.
  • The new offenses that are proposed by the bill are:

    477.1 Unauthorised access, modification or impairment with intent to commit a serious offence

    477.2 Unauthorised modification of data to cause impairment

    477.3 Unauthorised impairment of electronic communication

    478.1 Unauthorised access to, or modification of, restricted data

    478.2 Unauthorised impairment of data held on a computer disk etc.

    478.3 Possession or control of data with intent to commit a computer offence

    478.4 Producing, supplying or obtaining data with intent to commit a computer offence

    They are further defined in the actual bill; the url of which is posted earlier.

    I do not believe in my mind that port scanning directly offends against any of the 477 crimes, the only one it could possibly apply to is 478.4, and then there is probably not enough evidence to prove intent.

  • by skware (78429) on Saturday July 07, 2001 @07:24AM (#102558) Homepage
    The problem with that is that the arresting constable must have a reasonable suspicion in order to make a legal arrest. The quality and quantity of cops that actually know anything about what they are doing in relation to computers is extremely negligible. A reasonable defence would be to say that the cop did not understand the software and thus was unable to form a resonable suspicion as to your intentions.

  • by skware (78429) on Saturday July 07, 2001 @01:54AM (#102559) Homepage
    that link doesnt work, it's a search that has expired. Try this instead: http://search.aph.gov.au/search/ParlInfo.ASP?actio n=browse&Path=Legislation/Current+Bills+by+Title/C ybercrime+Bill+2001&Start=4&8cD#top [aph.gov.au]
    also there is some more stuff on http://www.2600.org.au/ [2600.org.au]
  • by skware (78429) on Saturday July 07, 2001 @01:26AM (#102560) Homepage
    These are the 2600.org.au mirrors of the bill, they are probably available somewhere on http://www.austlii.edu.au/ [austlii.edu.au] Australia's awesome law resource with searchable case law and legislation, reportedly the best law site in the world.
    http://www.2600.org.au/misc/cybercrime/cybercrime- bill-2001-firstreading.pdf [2600.org.au]
    http://www.2600.org.au/misc/cybercrime/cybercrime- bill-2001-explanatory-memoranda.pdf [2600.org.au]
  • Does this mean the posession of Linux will be a federal offense? If the codebase is GPL'd and the GPL is a virus...
  • by Ukab the Great (87152) on Saturday July 07, 2001 @01:20AM (#102564)
    Banning all products that allow people to do naughty stuff computers isn't cool. Many people like Outlook Express.

  • And force all citizens to get a frontal lobotomy. After all, the human brain is the device from which all Evil springs.
  • It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information.

    This is more than just comic stupidity. This appears to be the Aussie Liberals doing their darndest to get right smack into the same disputes that the EU and the US are having over data and privacy rights. Think about the implications this has for corporations that have connected Aussie offices to the corporate WAN. If having an Aussie office means you have to give up all hope of corporate security to the Aussie cyber cops, you're faced two options. Option 1: bet your company's IT strategy on the dubious notion that the Aussie cyber cops are smarter and/or more reliable than the morons who wrote this bit of lunacy; or disconnect the Aussie office from the WAN.

    And funny thing! If that's what happens, doesn't that all of a sudden cripple the Aussie office, and give the local competition a big edge?

    If the Aussies say that they're entitled to hack into the network, wherever the network takes them, they're fomenting a trade war. If they say that they're only interested in data stored in Australia, they're just going to clobber IT jobs in Australia, because every multinational will move data and jobs offshore.

    When will governments learn? One of the reasons we buy door locks is to protect ourselves from the police.

  • by Troed (102527) on Saturday July 07, 2001 @01:53AM (#102571) Homepage Journal
    Why should I be in a lot of trouble for not giving up access to my encrypted partitions - containing personal information given to me by close friends that I've promised to never let anyone else see/read etc?

    My passphrases are >32 characters long. Ooops, seems the brutality of the police caused a trauma that made me forget one or two. How sad.

  • This is going to sound odd, but... how is this different from the laws (which exist around the world) banning possession of child pornography?

    In neither case does the mere fact of possession cause harm to anyone, in both cases there are very real reasons why people might want to possess them, and yet in both cases they are considered "paraphernalia" associated with criminal activity (abuse).

    If we're going to complain about cracking tools being made illegal when they are obviously useful for non-cracking activities, why aren't we all complaining about child pornography being illegal when it is in many cases of worthy artistic value?
  • Possession of child pornography on the other hand is illegal because making it is illegal.

    The creation of child pornography is not necessarily illegal simply by virtue of the acts being recorded. A recent case at the Canadian Supreme Court demonstrated this clearly in striking down certain portions of Canada's criminal code provisions against child pornography.

    The Canadian Supreme Court restricted the law so that (paraphrased) "creation and possession of child pornography shall not be illegal if the material depicts legal acts between consenting persons, the material is intended for personal use only, and the material is not distributed". Even with this ruling in place, the law clearly states that the depiction of *perfectly legal acts* (for example, two 17 year olds having sex) may not legally be possessed by any other person.

    If the laws only existed to criminalize possession of depictions of illegal acts, that would be reasonable. Similarly I don't think there would be very major objections raised to criminalizing the possession of "cracking logs" journaling the defacing of web sites (although that would be a rather bizzare law). When material is criminalized solely based on the purposes it could be used to accomplish (the most common reason given for criminalizing child pornography), child pornography is in exactly the same boat as "cracking tools" are.
  • Let me start by saying that I think this Ausiie bill is ridiculous, and must have been proposed by some severely tech-illiterate people. But I think that your comparison of the bill to child pornography laws is not valid. In the case of child pornography the possession occurs after the fact, the actual material is a consequence of someone commiting th (IMHO disgusting) crime of forcing a child to participate. And obtaining this consequence of that crime encourages more criminal activity to produce more child pornography thus perpetuating the original crime.

    In the case of hacking tools (which I'll spare everyone the rant on why they should not be called 'hacking' tools in the spirit that is intended) you have a case where possession of the material in question comes before a crime. Yes it is possible to commit a crime with these tools it is not a necessary consequence of possession. Additionally it is even in question whther or not the use of many of these tools is criminal. For exapmple, take port scanning, I fail to see how this is an illegal activity. If you choose to place a server on a public network, you have no right to complain when people 'look' at it.

    The fact has already been mentioned that there are numerous legitimate uses of these tools. Namely to help protect a network from attack. As a software engineer I use these tools to track down flaws in software design when it doesn't work across a network. While these tools do have very real reasons why people would use them there is no reason to own child pornography. In our society child pronography is taboo, not necessarily because of any inherent wrongness in the act itself but because that's a pattern of behavior we, as a whole, believe is destructive to our culture. You mention that some child pornography is worthy of artistic value, this is a faulty statement by the definition of the word pornography. There is a world of difference between a sexually explicit picture of children and an peice of art that contains a nude child as the subject matter. The line is very thin and I'd imagine easy to cross I'm sure but it does exist.

    Besides all of this we have the free speech issue. The creation of cracking tools is my right. I have not harmed anyone in the process, especially if I have not distributed or used the tools in any way (though should I choose to distribute them I believe that that is also my perogative). Should I choose to create child pornography, while I am expressing myself how I choose, I am taking my free speech to a level where there is in-escapable implicit harm being done, the exploitation of children.

  • I'm coming in on this thread too late to be seen by many, but I'd like to make one objection anyways.

    But when a tool only use (reasonable use) is doing something illegal, yes I think the tool can be outlawed. That covers also the DOS tools. If they are general purpose, they are OK. If they are single purpose cracking tools they can IMHO be banned.
    The problem here is, there are very few if any cracking tools which have only one reasonable use. I'm going to take your example, DOS tools. Joe Random Sysadmin is going to be launching a site, and expecting, say, 50k pageviews/day, and wants to test whether his webserver will be able to handle the load. So he takes 50 machines around the office, and signals each of them to load the main page 1000 times. Of course, he doesn't do this by hand, he finds a tool to do it, and controls it from his terminal. What exactly is this tool doing? That's right, it's taking a bunch of machines and signalling them to flood a server with traffic, just like a DOS tool would.

    What makes the difference is a matter of intent, which is extremely difficult to prove. If the user used the tool for a legit purpose, or just checked the box on a package list when installing his distro, then the tool is legitimate. If the user intended to or did use the tool for a destructive purpose, then it is not legit.
    ------------------
    A picture is worth 500 DWORDS.
  • by wolvie_ (135527) on Saturday July 07, 2001 @01:52AM (#102586)
    The current Liberal government [liberal.org.au] in power don't understand technology, and have been making this evident for years in every piece of legislation relating to the Internet. They fail to consider the technological, privacy, or fair competition implications of anything they do. A few examples:

    For what it's worth, even Microsoft realise they are hopeless [slashdot.org]. Hopefully they'll be voted out at the next election (probably later this year?), and this insanity will end.

  • by TekPolitik (147802) on Saturday July 07, 2001 @06:30PM (#102590) Journal
    The text of the bill is available here [aph.gov.au].

    The bill doesn't make any of the things listed in this article illegal on their own - you have to be using them for, or intending to use them for, committing another federal crime. There is no requirement to divulge passwords, just to assist law enforcement in effecting the execution of a warrant. Without this they'll just seize the equipment anyway, so it's actually in the interests of the person owning the equipment to provide this assistance as it allows them to take just the relevant data.

    Of course it does sound a lot more interesting to say it bans the posession of tools that are being used for legal purposes, but the bill explicitly mentions that there must be a use for, or an intent to use for, an otherwise illegal activity.

  • by andr0meda (167375) on Saturday July 07, 2001 @02:36AM (#102598) Homepage Journal

    You laugh, but you'll laugh even harder with this article [computerworld.com.au] basicly saying email is the no1 threat for australian companies.

    This shows how rigid they are in their thinking. I mean, if people used propper policies and security protection, there was no need for the digital witch-hunt they are now proclaiming.

    Now I don't agree with the way things are now, for instance I don't think security firms SHOULD exist, but this kind of artisanal malpractice where the trade itself corrupts and starts to sustain itself, is present in all sorts of professions. You see it in law, you can see it in the medical department of hospitals, you can see it in university research labs looking for ever more funding, and you have it in the IT world. I think this is where the real issue is.

    The abuse in the profession leads to a perverse effect of self sustainability, which is ofcourse exploited without any regulatory force, usually because the knowledge in the field is a barrier on itself, preventing people to get in, unless they comply to the practices of the trade, after which they are absorbed in the system, which will take good care of them.

    That's a little abstract, but to give an example, if there weren't any people hacking and cracking, there would not be a need for security. But companies are about money, and are ths subject to hacking/cracking/virus/worms etc, giving existance to security companies. And who works for these companies ? Presto, there's your self-sustainability.

    And no I'm not an anticapitalist or communist, or in security or cracking or hacking or law or medicine myself, these issues have been roaming my overly concerned mind for quite some time. Considering my signal to noise ratio, this post probalby won't mean much either way..

    ah well..

  • by andr0meda (167375) on Saturday July 07, 2001 @02:12AM (#102599) Homepage Journal

    That's what the article says, allthough UNIX itself probably is not illegal, but the sysadmin/company owning it is. If Sysadmins are not supposed to be able to test their own machines with scanners, how on earth can they be made secure ? If Anti-virus software makers are left with this law, how on earth can they design antidotes and detectors and scanners ? If tools and sourcecode hacks didn't surface, how can OS vendors fix loopholes in their software ? I'm sorry, but this is really a ticket to the stoneage. Seems the only thing lawyers are interested in these days is 'control', 'control' and even more 'control', who cares how idiot their laws may sound to a softwareworld that appears to be running away with allmost anything. As if digital crime is suddenly going to stop right at their borders. Gimme a break.

  • In theory, a state of mind must be proved just as the factual elements, beyond a reasonable doubt. In practice, a jury is instructed by the judge that they may infer intent from any of the circumstances in which the crime was committed.

    True, but surely that's dependent on the nature of the offence. With crimes such as assault, break and enter, etc, it would be relatively easy to infer intent from the circumstances, but possession is a different matter. Mere possession of a kitchen knife is not sufficient to say you intended to commit an offence, but wielding it in a threatening manner would be. Of course, there are enough offences with respect to going armed, carrying a concealed weapon, etc, to give me pause.

    I am but a first-year law student, and my knowledge of criminal law is very poor, so I will bow to you on this.

  • However, Natasha Stott Despoja (who, interestingly, seems to be as despised by the hard left as she is by the right) did submit a fairly insightful dissenting opinion in response to the net censorship bill.

    Yes, but that was rather offset by the fact that she supported the recent amendments to the Copyright Act. Wouldn't have anything to do with her having lots of friends in the media and publishing, oh no...

    To my mind, Labor's Kate Lundy is probably the best-informed federal politician when it comes to tech issues (her Second Reading speech for the Digital Agenda Bill was the most insightful, and included references to Free p2p projects like Gnutella), but she's encumbered by a party machine that still hasn't woken up yet.

  • As an example of succesfully proving an "intent" circumstantially where there was none in fact, take a look at my ongoing case.

    I agree that intent is a difficult area, especially in fields so poorly understood by the legal system as IT is, but as I put to werdna, possession may be treated differenly to action.

    Your case is an example of what happens when the law fails, but I'm not going to argue about the merits of the American legal system, since my knowledge of it is very poor. I can only hope that when a case is brought against an innocent party under this new law that Australian courts will set an appropriate precedent. I still have enough faith in my legal system to think that they will.

  • Fair enough, but unfortunately I don't see this bill getting knocked back, so our only hope lies with an innocent defendant willing to take the matter to appeal. Then you have all the usual problems with appeals against findings of fact.

    So I guess we're in more trouble than I originally thought. :(

  • by cthugha (185672) on Saturday July 07, 2001 @01:41AM (#102612)

    Okay, from my reading of the Bill (PDF) [aph.gov.au], it seems that the new offence is possession with intent (Schedule 1 lists the relevant amendments to the Criminal Code, you're looking for Part 10.7, Division 478.3). Means they have to prove you were going to commit a crime with the tool. It's a bit hard to prove that a sys admin who uses a particular tool for legit purposes was going to commit a crime.

    As a matter of fact, given the legitimate usefulness of most 'cracker' tools, it seems that it would be quite difficult to prove that anyone was going to commit a crime unless you had a smoking-gun e-mail or other clear evidence of intent.

  • by lucius (189447) on Saturday July 07, 2001 @02:01AM (#102615)
    ASIS stands for the Australian Secret Intelligence Service, essentially the Australian foreign spies. I'm not sure but I believe they have no jurisdiction to operate within Australia, but I might have that wrong. They are not, BTW, held accountable in any public forum, even Parliament (?!)

    ASIO is the Australian Security and Intelligence Organisation. They are *only* allowed to operate withing Australia and I believe the article refers to them.

    DSD is the Defence Signals Directorate, essentially a (much smaller) analogue of the NSA.

    Dave
  • There are many non-malicious reasons for wanting to possess cracking tools, not the least of which is the ability to examine them and see how they work, as well as testing your own system. It's not necessarily malicious to make cracking tools, and it's not necessarily malicious to possess them.

    Possession of child pornography on the other hand is illegal because making it is illegal. Possessing it encourages making it, and making it victimises children. (Although some argue that it doesn't.)

    Depending on what you consider artistic, I'm not sure if it always qualifies as child porn, except for in the eyes of some more conservative groups. Showing naked children isn't necessarily the same as distributing photos of 5 year old girls being raped by grown men, or young boys being made to touch each others' private parts for example.

    From what I've seen, that's mainly what is targeted by child pornography legislation. It doesn't mean they raid houses of naturist families for taking and showing people family photos.

    To me this seems more like an absolute ban on firearms, except (IMHO) a lot sillier. Similar arguments would apply, though.


    ===
  • by TheOutlawTorn (192318) on Saturday July 07, 2001 @12:32AM (#102617)
    Australian officals have been puzzled by the sudden mass migration of technical personnel off the island continent. When asked to comment, Professor Lambert of Syndey U. stated "Usually we only see this sort of behaviour in rodents; and then only when there is some kind of immediate danger, such as a sinking ship..."


  • bearing arms is not a human right [unhchr.ch]

    as to that being an American right, even that is a stretch. The American Constitution [midnightbeach.com] clearly states in the Second Amendment [midnightbeach.com] - "A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms, shall not be infringed"

    You might wish it meant otherwise, but that seems pretty clearly aimed at the state armed forces, not civilians. Specifically a well-regulated armed force.

  • i think the 'question' here is maybe based on the fact that you have the source code to a virus (which, is something symantec et al dont have on file).

    They certainly decompile the virus and re-create the source code as part of analysis.

  • Granted, there might not be a lot, but there are some. Would a virus like KOH [llnl.gov] which asks if you'd like to encrypt and protect your information be illegal? The encryption [inet-one.com] can be fairly robust even.

    If American sites are liable in Austrailian courts what can be done about a site more informative than this one [llnl.gov]? Would my link of this site [aquanet.co.il] where one can chose to download KOH for their MSDOS 3.1 machine or one of the other less friendly viruses be a no no? Who gets the 10 years, me or CmdTaco? Is hyperbole the primary cause of a receeding hair line?

    But enough about viruses. What about trojans? Back Orifice has features similar to carbon copy and pcAnywhere. The primary difference being that the creators gave both the source and program away for free. Not to mention that it uses less resources, and can typically do more (for good or ill). Is it illegal because it doesn't cost $50 dollars and come in a non-returnable shrinkwrapped box? To say nothing of spyware.

    Personally, I think the world could use a few more good viruses. I think a nice macro virus that effectivly muted spam could be a wonderful gift to all those outlook express users.

  • "with hacker tools such as the hex editor and the scientific calculator banned, how would you teach comp sci at uni?"

    How do you know that ignorance isn't the ultimate aim of those who want to grab such power for the State? After all, an uneducated and ignorant populace is easier to cow.

    I find it no coincidence that Government schools tend to produce brainwashed individuals who are uneducated and ready to accept whatever the Statists wish them to. Did you see the Stossel special on ABC, about the brainwashing that elementary school children are getting in "Global Warming"?

    Keeping the people ignorant is one way that those in power seek to stay in power. And State control over information systems (which is exactly what such powers as this proposed Australian law gives it) is an obvious goal for those who favor powerful federal government.

    "seriously tho, the bill would probably not be passed in its present form, given the many obvious problems with it."

    Really? These are the same obvious problems that were in the various "net censorship" bills the Australian government has bassed. And the same ones that the Brits overlooked when passing RIP.

    Don't be too sure of that. If you live in Australia, the only way to NOT get such a law passed is to start spreading the word, and get your fellow citizens out in front of the Parlaiment building with pitchforks, so to speak.
  • "Do you see having to prove your innocence as being substantially different from 1984? How?"

    Exactly... Which is why any government that presumes guilt (instead of innocent until proven guilty) in criminal cases is not free.

    The burden of proving a negative is onerous. It's FAR harder a burden to prove that you didn't do something, especially when the police (in the case of this bill) are given the power to more or less force your co-operation at gunpoint.

    ALL government power, no matter how seemingly benign, flows from the barrel of a gun. Remember that. Violation of ANY law, no matter how slight, will ultimately result in the State enforcing it with guns.
  • "Actually, if the police have a search warrent of your place, you still don't have to let them in.
    Of course, if you don't, they'll bust down the door and go in anyway, so it's easier just to open it."

    True, though not letting them in when they have a valid warrant would likely open yourself up to being charged with "obstruction of justice", which would only make things worse.

  • "I was talking about being arrested for a crime and then not cooperating with the police. That's probably illegal in any country"

    110% WRONG! In the United States, you have a 5th Amendment protection against self-incrimination. That includes the right to NOT co-operate with the police, as codified in the "Miranda" rights that all arresting officers have to read to the person being arrested.

    It's up to the police/prosecutors to prove your guilt, and they have NO right to your assistance in that task.

    Now, I'm not saying that there haven't been recent law, etc, where the police lobby hasn't been attacking those rights, but until the Bill of Rights is repealed, they are still there.

    " - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it"

    The police in the USA can very well get a search warrant for such a safety deposit box, or your home, and may search them. However, again, you DO NOT have any obligation to do anything other than let them in, you do not have to lead them on a "guided tour". Again, the 4th and 5th Amendments cover this.

    This Australian law sounds very much like the odious "RIP" law in the UK, which basically gives more or less ANY cop the power to forcibly hand over your security to them, without any oversight (and in the case of RIP, you can even be jailed for letting anyone KNOW they did this to you).

    There is no place for such laws in a free society. A people who will tolerate such enormous State power over their persons and property are in effect, tolerating State ownership of all their information and property.

    And we all know governments are ALWAYS 100% trustworthy, and would never murder innocents (Waco, Ruby Ridge), and individuals within it would never abuse their power to politically persecute ideological or religious "enemies" (Keith Henson)...

    The United States was founded by wise men who feared the power and abuse wrought by too-powerful federal governments. Unfortunately, there aren't many such men in power today.
  • by DoubleTake (257889) on Saturday July 07, 2001 @12:41AM (#102639)

    I'm from Australia. There's a federal election coming up and the incumbents (the "Liberals"; similar to the US Republicans but more socially conservative) are worried they might lose due to a botched introduction of a goods and services tax. They've been clutching at straws and more Internet legislation looks like just the ticket to distract the population and also make the Liberals look forward thinking and progressive.

    I wish. I'm going to take great pleasure in putting Senator Alston last on my ballot paper.

  • by perlchimp (263475) on Saturday July 07, 2001 @12:46AM (#102642)
    They might need to start a penal colony, maybe on a large island or something, to put all the offenders.
    • I fail to see how's that so different from lockpicking tools possession being illegal, or having to open your safe for police inspection if a judge mandates it.

    Lockpicking tools? OK, let's put locksmiths (professional and hobbyist) out of business. While we're at it, when I locked myself out of my house, I was both relieved and horrified to discover that I could open the lock on my back door with a screwdriver and a pin (plus plenty of time and incentive). So, we should ban screwdrivers and pins, right?

    Similarly, I can "scan" networks using ping/telnet and a shell script. Hell, I can even do it using standard DOS tools. Better ban those too!

    "The legislation will enable police powers to copy computer data and examine computer equipment and disks off-site and enable them to obtain assistance from computer owners."

    The article isn't entirely clear, but recent Ozzie precedent is to give the police (not courts) the power to do whatever the hell they want when dealing with the feared and accursed computers. This doesn't look to be any different.

    The counter to all this paranoia is the argument that these powers probably won't be used that much, so don't get so het up.

    Fine. So why grant them?

    • So what is it that is so bad about this bill? And YES I've read 1984 and NO, this is nothing like that.

    Because there's no mention of intent, merely possession. Also, licensing "authorised" possession is a shoddy way of doing it: I need to get a license if I want to download tools for hobbyist purposes? I need to a priori prove my innocence?

    Do you see having to prove your innocence as being substantially different from 1984? How?

    • it seems that the new offence is possession with intent

    Note to self: read all articles before deciding whether to post rather than mod. This is the only worthwhile post in this thread. Please moderate it up.

    • I've just caught this Love Bug virus on my Windoze machine. How do I stop getting thrown into jail for having this "virus code" on my machine?!

    I recommend fdisk. ;)

    Oooh, wait, a thought occurs. Why is Microsoft pushing GPL as "viral"?

    New crime: Installing GNU/Linux with intent. "I swear, it's for personal use only! I wasn't dealing, man!" ;)

  • Did you read the act ... probably not
    478.3 Possession or control of data with intent to commit a computer offence
    478.4 Producing, supplying or obtaining data with intent to commit a computer offence

    hmmm ...
  • Of course I don't like the sound of it. But I also fail to see how's that so different from lockpicking tools possession being illegal, or having to open your safe for police inspection if a judge mandates it.

    --

    P.S.: I wasnt's so sure of the spelling of "possession", so I used Google. Results : "possession" 30000 results, "possesion" 39100 results, "posession" 33400 results, "posesion" 45300 results. Fortunately I also have a dictionary :o)

    --

  • by OpenSourced (323149) on Saturday July 07, 2001 @03:46AM (#102656) Journal
    So, we should ban screwdrivers and pins, right?

    No, as knives shouldn't be banned just because you can kill somebody with them. But when a tool only use (reasonable use) is doing something illegal, yes I think the tool can be outlawed. That covers also the DOS tools. If they are general purpose, they are OK. If they are single purpose cracking tools they can IMHO be banned.

    Exception being if you are a computer security specialist (that's the locksmith in the metaphor). I admit I have no clear solution for the hobbyist locksmith, or hobbyist computer-security expert.

    I was not trying to defend that law, not particularly. But sometimes when treading into computer or internet laws, there is a big load of paranoia going around. And the fact that the same kind of problems and imperfect solutions have been around for centuries is overlooked. The world is, has been and will keep on being an imperfect place. That's not to say we should not try to fight, for it to be better (or at least not worse), but I think we should choose our battles with a little bit more forethought.

    --

  • by Glorat (414139) on Saturday July 07, 2001 @12:29AM (#102661)
    Help! I've just caught this Love Bug virus on my Windoze machine. How do I stop getting thrown into jail for having this "virus code" on my machine?!

    Glorat
  • by Glorat (414139) on Saturday July 07, 2001 @12:32AM (#102662)
    On a more serious note, it looks like this means a company like Symantec cannot operate there as they will not be able to store "virus code" for analysis. Someone down under there really doesn't understand the implications here

    Of course, the people who would have the best expertise at "correcting" this policy are those right here at /.!

  • by kraf (450958)
    to move to China ?

    China is the land of the free except when you get executed so they can sell your organs.
  • Well here's a bill that's likely to have some unintended consequences. In outlawing so much of the software which they feel is a threat to "the national information infrastructure", they've also made it difficult for computer professionals to use the tools they need to test and evaluate the security of that same infrastructure. Computer security experts, it seems, will have to work for the government -- either that or have to consult lawyers on a daily basis to avoid inadvertently breaking the law in the course of their duties. As a result Australia will end up with some of the most insecure networks in the world.

  • by sporkraper (465743) on Saturday July 07, 2001 @12:25AM (#102684) Homepage
    It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information.

    If they have to reveal all passwords and whatnot, hacker tools aren't needed. Just go to the part of their site where it will say somthing like "By law we are required to post the root passwords to all of our boxes here..." and you will have all the info you need.
  • by sporkraper (465743) on Saturday July 07, 2001 @12:41AM (#102685) Homepage
    Who defines what is a hacker toolkit or virus code? Many legitimate applications and utilities can be used for evil. Would this affect people/organizations that mirror linux distros that include these programs? And what about virus code? If they ignorantly mean source code, then they will have a problem because all of the popular (mainstream popular of course) viruses are written in VBS or a similar interpreted language. So anyone infected could be guilty of a crime. The potential for abuse by vindictive law enforcement agents is obvious. If your neighbor Officer Jack decides he dislikes you, he could release a VBS worm on his own machine which would email everyone in the outlook address book (assuming you are on the list here). Then he could come and arrest you and do whatever he can to ensure that you recieve a severe penalty as a dangerous hacker.

"Our reruns are better than theirs." -- Nick at Nite

Working...