UK Moves to Outlaw 'Hacker Tools' 308
twitter writes "New guidance rules for the UK's controversial Computer Misuse Act do not allay fears of impracticality, or of the banning of legitimate IT software: 'The government has come through with guidelines that address some, but not all, of these concerns about dual-use tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.'" Somewhat similar legislation recently became law in Germany.
Re:I use these 'myminicity links' (Score:2, Interesting)
Also,
Re:IDEs too? (Score:3, Interesting)
I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools....
Outlaw politicans who make stupid laws about tech (Score:4, Interesting)
Whilst the law was going through Parliament the Home Office suggested that "likely" would be a 50% test.. Anyway, that guidance is now out -- and there's no mention, surprise, surprise, of "50%"
If over 50% of the laws they make are nonsense, can we ban the politicians?
Reminds me of the middle ages (Score:4, Interesting)
Hopefully this mistake won't take 400 year to remedy.
Just for the sake of argument- (Score:5, Interesting)
Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.
The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.
Still available for legitimate use? (Score:3, Interesting)
Quick! Outlaw Pencils and Paperclips! (Score:3, Interesting)
Thought Tools (Score:5, Interesting)
WIth 'bad' being relative to the administration in charge at the time in said country.
Will they be outlawing FTP or HTTP as well?
Re:It's not about security. (Score:3, Interesting)
Instead they just criminalise the capability to commit a crime. No matter whether there may be a legitimate use for something, or whether there may be enthusiasts who take pleasure from understanding how security works. Of course, they're not going to actually prosecute people who they think probably aren't going to commit a real crime. Just those who probably are but the police aren't capable of proving without some of that pesky "reasonable doubt" stuff getting in the way.
99% of these tools get made as needed (Score:0, Interesting)
As i can attest gov't coders are lame sad and very poor at creativity. The kind of personality that creates hacker tools is not one that leads itself to a gov't job.
Now the UK and 4 other countries are on that WORST privacy list. When there becomes a massive abuse and it goes public, then people may question if they live in a democracy or a facist state. It was hitler who bruned knowledge ( books ) .
BIG BROTHER is here folks. The question now is do you trust politicians that are lobbied to power by mpaa/riaa/BREIN/corporates. AT least in the cold war the corporations had to make it look like capitalism was better then communism. Now that the cold war is over it would be interesting to see how are rights are being widled away and the corporate power grows.
It is an apocalyptic war that will have them with all the tech and if we don't hold onto the hacker tools and texts we will all lose.
Re:IDEs too? (Score:3, Interesting)
Another thing that always pops into my mind when I read about such a proposed bit of legislation... let's say that they did make nmap illegal, but not IDE's (or at least not compilers). I *can* write my own (admittedly inferior) version of nmap with a little bit of time, based on the knowledge I've gleaned from reading "TCP/IP Illustrated". As stupid as outlawing the distribution of nmap is in and of itself, I wonder (seriously wondering, not "what's next are they going to ban cars?" slashdot-style hyperbole-ing here) if they're going to move to have distribution of books like this limited as well? If *not*, then one could simply post the nmap source code, in book form if necessary...
One thing my 33 years in the 20th & 21st centuries have taught me is that politicians don't just stop at stupid, they constantly find new ways to redefine the concept.
Re:Just for the sake of argument- (Score:3, Interesting)
New IT professionals officially 'apprentice' grade or somesuch until they're take the same exam and perhaps some mandatory formal education.
Re:Just for the sake of argument- (Score:1, Interesting)
Lockpicking is a skill that's used by a) nefarious types, b) locksmiths, c) a few people who have a private interest in the subject. Now, the people in (c), if they want to distribute their work legitimately will probably set themselves up (b), a locksmith. On the other hand, someone who has a private interest in fiddling with network security may well continue with their day job and just do the computer fiddling on the side - that doesn't mean that it's not a harmless private activity though.
The Renaissance is, for physical sciences (and lockpicking) over, no-one spends a few years locked in their study doing science for personal interest, which is why, when someone says that they do lockpicking research out of a personal interest, they're not taken seriously. On the other hand, the versatility, reuseability and near zero ongoing-cost of computers means that private computer research is entirely possible - anyone can get a linux installation, python, perl, a wodge of virtual machines, and play incessantly as a hobby. Fiddling with computers is the new alchemy. The problem is that people keep looking at computing research and scoffing because they think of it like physical research and assume that it's the preserve of a few cranks and retired professors who no doubt have copious amounts of facial hair and smoke a pipe, not the one area of research that can still be done by a private individual on a personal basis.
Perhaps what needs to happen is that people who fiddle with computers in their spare time need to start writing papers on what they discover/invent and generally put around the idea that legitimate research in the field of computing can still be carried out by private individuals for personal interest, and not just by nefarious types.
Conclusion: Don't compare hacking tools to physical situations like lock picking.
Re:Still available for legitimate use? (Score:3, Interesting)
And what happens when some enterprising criminals decides they want to get a license to look legit? Do we raise the license fees so anyone wanting to possess a programing IDE has to have a backer and a multi million dollar bond on them like some areas require for explosives work? Then all the software can come from large companies and we will be happy with whatever they innovate?
Requiring registration and licensing is only going to create a mess. Hacker programs aren't that dangerous compared to explosives and should be considered even close to the same thing. Hacker tools could be anything you could use or create something that someone could use for mischief. The issue is the intent and proving it. The easiest way to prove intent is to show where you documented something or made a statement about something. So more then anything, this is a law that would make it illegal to talk about doing anything with a computer or a computer program that isn't approved by the manufacturers (eg, Microsoft or whoever). And the worse part about it is, if you think that this law and what it entails is perfectly fine, then see a program that could be used for hacking but isn't being represented that way, you could find yourself in trouble for simply reporting it in the wrong way. If you posted your observations to a website or to the wrong authorities, you could be busted for creating hacking tools and techniques and making them available. It is simply amazing if you ask me.
Re:NMAP (Score:3, Interesting)
I have basic DHCP server that gives out dynamic IP addresses. I also have a couple of machines without monitors which I can connect to via VNC or SSH such as a G4 Mac which I use for running OS 9 applications which never got ported to the Intel OS X world, on boot it starts the VNC server. I can then use nmap to find out the IP address and log into it graphically from my main Linux computer.
Re:IDEs too? Oh yes, and what about OO Design? (Score:4, Interesting)
Or maybe your logic just isn't.
Re:IDEs too? Oh yes, and what about OO Design? (Score:4, Interesting)
I'm not sure most people honestly think they have nothing to hide. They've been trained, however, to think that failure to act like one has nothing to hide will reveal what they have to hide.
I think it's likely a result of a culture obsessed with cop fantasy shows in which the cops can do pretty much anything they want to solve the crime, justified by depictions of the people the fantasy cops zero in on as nearly always guilty.
Re:Historical Precedent (Score:1, Interesting)
That's a common argument used by anti-gun people, but it does not bear close inspection.
In the USA, one of the common conditions of a license to carry a concealed handgun in public places is that you get up the right to allow yourself to become intoxicated while doing so. You are prohibited from entering any tavern, bar, and in a few states any restaurant that serves alcohol.
In effect, you have the choice of being a drunken idiot, or being able to carry a concealed handgun. What's more, if you are caught being drunk (or even being in a tavern or bar) with a concealed handgun, not only do you lose your license but you're stripped of the right to possess any kind of gun for life.
Those Americans who are licensed to carry concealed handguns take this very seriously. For good reason. Very few licenses ever get revoked, because the people who submit to the procedure (which almost always includes fingerprinting) are the most law-abiding segment of society.
The American gun crime that you read about almost invariably are people who are not licensed in any way, and in many cases are prohibited from owning any kind of firearm due to past criminal convictions.
Remember: the bad guys can always get guns. Gun bans only affect the good guys.
Compared to today, Britain's murder rate was lower when it was legal to carry concealed handguns in public places.
That doesn't mean that the legality of carrying concealed handguns in public places made Britain's murder rate lower; it means that there is no causality between the two.
Ask yourself: would you rather that your girlfriend/wife/daughter explain to the police why she had to shoot someone who attacked her, or that you have to go to the morgue to identify her after she was raped and strangled with her own panty hose?
None of this is to say that legalizing concealed handguns is right for Britain. But there's a lot of myths about the USA's laws in Britain which bear no relationship to reality.
And the most useful Hacker tool is... (Score:3, Interesting)
Re:IDEs too? (Score:1, Interesting)
Yes. That's the point. And while I'm against outlawing 'hacker tools', I think there's something to be said for banning guns. Imagine a burglar. If our burglar wants to rob a house in, let's say, the U.S., he'd better bring a gun. Because whoever he is robbing may also own a gun. At some point, the burglar is going to get caught, and either he or the inhabitant of the house is going to get shot. If, however, our burglar wants to rob a house in , he knows his victim is very unlikely to own a gun. Therefor he can just stick to a knife. Even if he chooses to bring a gun (an instance where only the outlaw has a gun) and gets caught, a fight is unlikely to start because one of the parties involved (the burglar) clearly has the advantage.
If someone wants to kill people, he is going to be able to do wether guns are outlawed or not.