Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Government Privacy Security News IT

UK Moves to Outlaw 'Hacker Tools' 308 308

twitter writes "New guidance rules for the UK's controversial Computer Misuse Act do not allay fears of impracticality, or of the banning of legitimate IT software: 'The government has come through with guidelines that address some, but not all, of these concerns about dual-use tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.'" Somewhat similar legislation recently became law in Germany.
This discussion has been archived. No new comments can be posted.

UK Moves to Outlaw 'Hacker Tools'

Comments Filter:
  • by MozeeToby (1163751) on Thursday January 03, 2008 @05:23PM (#21900820)
    That list of every IP address I posted a while back.
  • IDEs too? (Score:3, Insightful)

    by RingDev (879105) on Thursday January 03, 2008 @05:24PM (#21900840) Homepage Journal
    So if I hack something while running my custom application in debug mode from an IDE like Eclipse or VS.Net, would that not make Eclipse and VS.Net hacker tools that should be stripped from the land?

    These laws are just retarded knee jerk reactions made by people who have no idea about what it is they are legislating on.

    • Re: (Score:3, Interesting)

      by hesaigo999ca (786966)
      I am so glad you mentioned VS.net...yes this tool can be used to do many "hacker" like things...
      I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools.... ;P
      • Re:IDEs too? (Score:5, Insightful)

        by Anonymous Coward on Thursday January 03, 2008 @05:43PM (#21901192)
        "I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools..."

        No, not a chance. What they really mean is if you wear tee shirt and create a dual-use tool in your basement, is contraband. But the same tool created by a person wearing a suit and tie in a corporation then it's okay.
    • Re: (Score:3, Informative)

      by timeOday (582209)
      Only if you could prove that the author of the IDE intended it to be used to commit computer crime. Actually this seems like a rather high barrier, since proving intent is hard. Of course if you tossed out this law and replaced it with a fictional one outlawing the creation of tools that could be used for crime, then it becomes absurd. Which is, I suppose, what the next 500 replies will do.
      • Will it actually come down to arresting me for code pieces like a TCP/IP transport routine that I contributed to an open source application - that somehow has been tied to whatever crime committed because they copied my source?

        When did my peers and people of my parent's age become such softcore fascists?

        • by Beardo the Bearded (321478) on Thursday January 03, 2008 @06:28PM (#21901898)
          When did my peers and people of my parent's age become such softcore fascists?

          When they got scared.

          The real truth is that there is no bogeyman, and that there's nothing to fear but fear itself. Even my four-year old knows that. ("[Girl Name], what do we have to be afraid of?" "Being afraid.")

          And now, some "crimes" are nearly impossible to prosecute. How can someone in the UK file suit against a "cracker" from Atiqua or Afghanistan? They could potentially steal your bank account information and steal your life savings, buy a handgun, rob a bank, and put you on death row. Now, when you assume - note that word - that the backwards savages outside your home country have to have help to break in, then clearly someone with brains - I mean a white guy - er, I mean someone from the homeland - er, someone reachable by our police - must have helped them. That's complete junk, but to some the point is valid. The bad guys must have help, so let's go after the help. Never mind that the "bad guys" get paid more than I do.

          And people are scared because they think things are the worst they've ever been. The fact is, the good old days were never here. Terrorists have been around since at least the Romans. We survive. The day of judgment will never come.

          But that's not enough. You can't tell people to calm down - you have to show them that you're doing something, anything.

          Seriously - people are attempting to legislate abstract concepts that they don't know about. I've seen laws suggesting watermarks in A/D conveters. One of the US Senators honestly thinks the Interweb is a series of tubes. He might not even be familiar with the concept of electricity. Imagine Ancient Greeks trying to pass legislation on the use of titanium in groundwater near nuclear power plants. If I give an opinion on civil engineering, I could be fined up to $25,000. If a politician does, he gets rewarded.

          Instead of demanding the removal of the clueless, people just revote for the same guy as last time - if they even voted - or "stay the course". When those in charge have literally no consequences for their actions and get paid to pass legislation from special interest groups. Is copyright theft something that ordinary people really care about? Are there people who are thinking, "man, I'd love to go to work today, but I'm afraid that someone, somewhere, is copying a DVD to take the ads out. If only our government would pass some laws to fix that problem." Okay, maybe if the guy works making DVDs, but that's not a normal guy.

          When the victims became criminals. Look at identity theft - it could be prevented with 100% accuracy if the credit bureaus updated their computers. All they have to do is add a picture to your report and require an automatic phone call to the last known phone number any time you want a change. That's it. It's now impossible to steal someone's ID. Of course, it's your fault for not buying title insurance, paying Equifax $25 a month for credit checks, and using your "internet thing" for banking.

          When people started getting used to the idea of "I have nothing to hide". You do. Everyone does. I have skeletons in my closet, and I want them to stay there.

          So what it really boils down to is that people are in general afraid of something, but they don't know what it is. So, they turn their wrath on anything that can possibly hold their ire. Immigrants, Hackers, ID thieves, the Russians, terrorists, etc. As long as the eye isn't on them, then they're fine. Torture the sandnigger or the hacker. They're the ones who made the world such a fucked up place. It's all their fault.

          They're really afraid of themselves. How long will it be until the bank comes calling, or the boss cans them, or the spouse will leave with the kids?

          It's a scary thought - we're lead by clueless, corrupt, whores who run the place by tacit consent from people who are too afraid to interrupt their routine.

          This isn't exactly what I meant to say, but I think the power here has become unreliable. There's a lot of wind outside.
          • by Toonol (1057698) on Thursday January 03, 2008 @07:12PM (#21902492)
            I'm sympathetic to your viewpoint, but I think you are exaggerating somewhat. There are things out there that a reasonable person should fear. There are criminals, there are terrorists. We should be reacting to them. We just need to not overreact.

            "One of the US Senators honestly thinks the Interweb is a series of tubes. He might not even be familiar with the concept of electricity."

            No, one of our Senators used a clumsy analogy. None of them really think the net is composed of tubes. Yes, they are legislating issues they don't understand... but they aren't retarded. I'm quite sure the majority of congressmen have above average IQs. They may be corrupted or arrogant, ignorant of tech issues, but not stupid.

            I'm not really arguing with you, I just think you're passionate and letting some of your rhetoric get a little carried away. Take your own advice: "We survive. The day of judgment will never come."

            "This isn't exactly what I meant to say, but I think the power here has become unreliable. There's a lot of wind outside."

            I spent a moment trying to figure out what your metaphor meant... is "Wind" our political climate? Then I realized you're literally talking about 'power' and 'wind.' :-) Good luck!
          • by Kythe (4779) on Thursday January 03, 2008 @09:20PM (#21903998)
            Not to detract from a truly excellent comment, but I did want to remark on one thing...

            When people started getting used to the idea of "I have nothing to hide". You do. Everyone does. I have skeletons in my closet, and I want them to stay there.

            I'm not sure most people honestly think they have nothing to hide. They've been trained, however, to think that failure to act like one has nothing to hide will reveal what they have to hide.

            I think it's likely a result of a culture obsessed with cop fantasy shows in which the cops can do pretty much anything they want to solve the crime, justified by depictions of the people the fantasy cops zero in on as nearly always guilty.
      • by kryptkpr (180196) *
        From both the article and the summary:

        But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers

        According to such a law, as long as the IDE was used to develop a piece of software that was subsequently used in a computer crime, they want to make the IDE developers liable. Now, the law may of course have exceptions for programming environments.. the article doesn
        • Re: (Score:3, Interesting)

          Another thing that always pops into my mind when I read about such a proposed bit of legislation... let's say that they did make nmap illegal, but not IDE's (or at least not compilers). I *can* write my own (admittedly inferior) version of nmap with a little bit of time, based on the knowledge I've gleaned from reading "TCP/IP Illustrated". As stupid as outlawing the distribution of nmap is in and of itself, I wonder (seriously wondering, not "what's next are they going to ban cars?" slashdot-style hyperb

          • by jcgf (688310)

            I *can* write my own (admittedly inferior) version of nmap with a little bit of time,

            I imagine that if you did that, they would really come down on you if they ever managed to catch you.

    • Re: (Score:3, Insightful)

      by wizardforce (1005805)
      exactly, and utterly meaningless to boot- the only people who would actually follow the law are the ones who wouldn't commit computer crime. these kind of laws serve nothing more than to limit what law abiding citizens can do, it's nothing more than one more meaningless set of laws to make it appear that they are doing something constructive.
      • Re:IDEs too? (Score:4, Insightful)

        by jcnnghm (538570) on Thursday January 03, 2008 @10:50PM (#21904762)
        Exactly, tools like Nessus and Nmap are invaluable. I routinely use them to inspect my own network to make sure it is as difficult as possible to break in. Even tools like lophtcrack can be useful to locate weak passwords and recover forgotten passwords. If these tools can't be easily located and downloaded by the security people, they will undoubtedly still be floating around in the dark corners of the internet anyway, the areas frequented by the real miscreants.

        When guns are outlawed, only outlaws will have guns.
    • Perhaps the real idea is to restrict access to these tools to licensed practitioners or those with a valid reason to posess them. You cannot buy dymanite over the counter, but people with a blasting tickets can still buy it.
      • Re: (Score:3, Interesting)

        by sumdumass (711423)
        I'm not sure that I would compare computer programs with Dynamite.

        And what happens when some enterprising criminals decides they want to get a license to look legit? Do we raise the license fees so anyone wanting to possess a programing IDE has to have a backer and a multi million dollar bond on them like some areas require for explosives work? Then all the software can come from large companies and we will be happy with whatever they innovate?

        Requiring registration and licensing is only going to create a m
  • ...and find solace in Europe, where reasonable government and personal liberty reign supreme! ...wait, what?
  • Idiots... (Score:4, Insightful)

    by cromar (1103585) on Thursday January 03, 2008 @05:26PM (#21900874)
    What is it with politicians??! Keep your nose out of business you don't understand and, uh, maybe secure the governments damn servers (a big problem in the US, at least). Maybe mandate security for banks, etc. The policy could be written by, gasp, someone who knows what they are talking about. Somehow, I don't feel like holding my breath till then...
    • Re: (Score:3, Insightful)

      by JonTurner (178845)
      Agreed. However, I can't help but wonder how many of those here who damn these politicans for meddling in that which they do not understand, also simultaneously hold a deep-seated belief that these same politicans have the capacity to benevolantly control an entire healthcare industry.

      Oh, the ironing.
      • I don't think most people believe the government has no role in regulating some aspects of technology, they just wish any such assertion of power is done with the consultation of experts and the consent of the people.

        As for health care, if I had to choose between control by government or the current control by corporations that place profit above the provision of actual care, I would go with the government. They at least have some small accountability to the public.

      • Re:Idiots... (Score:4, Insightful)

        by TapeCutter (624760) on Thursday January 03, 2008 @08:15PM (#21903224) Journal
        "hold a deep-seated belief that these same politicans have the capacity to benevolantly control an entire healthcare industry."

        If the UK's system is anything like Australia's (and it is) then health care proffessionals "control the industry". Over the past 3 decades those politicians who have tried to dismantle our universal system and hand it back to corporate interests have felt the wrath of the 80+% of voters who like it the way it is.

        The problem with the US is that despite decades of experience and a mountain of evidence to the contrary, a lot of people still hold a deep-seated belief that UHC is a socialist plot to take over their wallet.
    • Re:Idiots... (Score:5, Insightful)

      by archen (447353) on Thursday January 03, 2008 @05:45PM (#21901244)
      Keep your nose out of business you don't understand

      Well that's the problem, politicians have to make choices on topics they don't understand all the time. Do you think they really understand economic theory well enough to pass many of the laws they do? Do they understand health care? Do they understand military strategy? Hardly. Sure they listen to "advisers" but basically you'll always find people arguing about if things will really work or not. This is magnified many times over in the U.S. where we only have two parties.

      The best you can hope for is people yelling loud enough to stop government stupidity from passing things like "anti hacker tools" type laws. Unfortunately there's always SOMEONE yelling trying to stop everything which is part of the reasons governments do so little.
      • Re: (Score:2, Insightful)

        by TheKidWho (705796)
        Better that the government does nothing on certain issues, rather then passing insane and absurd laws.
  • Where I work we just survived a security audit. Hopefully this will make it so impractical for the security companies to stay in business we will never have to go through on ever again. Then we can get away with producing a slipshod product that leaks personal private data left right and central.
    • Then we can get away with producing a slipshod product that leaks personal private data left right and central.

      At the moment that seems our (UK) governments favourite game. Looks like they are getting bored and are looking for new and exciting ways to play the game.

  • Obligatory (Score:2, Funny)

    by Anonymous Coward
    If you outlaw security tools, then only outlaws will be secure!
  • by OrangeTide (124937) on Thursday January 03, 2008 @05:27PM (#21900898) Homepage Journal
    Better ban IRC servers (popular for zombies) and Windows boxes in general (also popular for zombies)
  • by elrous0 (869638) * on Thursday January 03, 2008 @05:28PM (#21900910)
    Every now and then I get to look at some OTHER country's heavy-handedness.
  • by fastest fascist (1086001) on Thursday January 03, 2008 @05:29PM (#21900928)
    Pretty much on par for the UK, as far as I can tell. Now, fess up: Who gave the gov't there copies of 1984?
    • I just really wish that politicians could tell the difference between cautionary tales and instruction manuals.
    • by dgatwood (11270)

      The problem is not that they got copies. It is that they were so clueless and/or malevolent that they read it and instead of understanding that the book was railing against these practices, instead thought to themselves, "Hey, that's a great idea." Pretty much the same way most fascist policies get put in place.

      It is human nature to fear things outside one's control, and it is the nature of sociopaths to gain more control over their own environments by preying upon those fears in others by promising "co

    • by db32 (862117)
      Something tells me that a ban on 1984 would actually be a move towards freedom rather than against it. Someone needs to quit giving them ideas...
  • by JonTurner (178845) on Thursday January 03, 2008 @05:29PM (#21900936) Journal
    Don't believe for a minute this is about security, it's about control. And those who regulate access to information, control those who consume it. Next steps? Mandatory spyware and BigBrother remote control software. To make it easier to spot the criminals/terrorists/boogeyman du jour, of course.
    • Re: (Score:3, Funny)

      by Intron (870560)
      Fortunately, you can now get that at Sears. [slashdot.org]
    • by davidsyes (765062)
      You can bet ANYTHING that people like steve ballmer are behind this. See LXF Christmas 2007:

      "No Unauthorized Innovation in Oceana", around para 6 or 7.
    • Re: (Score:3, Interesting)

      by 91degrees (207121)
      But it is about security! They've decided it's too hard to actually solve crimes and prosecute the old fashioned way, by proving intent to commit a crime.

      Instead they just criminalise the capability to commit a crime. No matter whether there may be a legitimate use for something, or whether there may be enthusiasts who take pleasure from understanding how security works. Of course, they're not going to actually prosecute people who they think probably aren't going to commit a real crime. Just those
    • by bendodge (998616)
      So just run weirdo Linux. It's amazing all the junk you can avoid (at colleges, businesses, etc.) when you run an unsupported OS.
  • seriously (Score:4, Funny)

    by SoupGuru (723634) on Thursday January 03, 2008 @05:30PM (#21900948)
    I mean really, are there any legitimate reasons to use something like nmap?

    Yes, ladies and gents, that was sarcasm. ...and yes, that "ladies" part was a joke too.
  • by Marcion (876801) on Thursday January 03, 2008 @05:31PM (#21900970) Homepage Journal
    From TFA behind the TFA:

    Whilst the law was going through Parliament the Home Office suggested that "likely" would be a 50% test.. Anyway, that guidance is now out -- and there's no mention, surprise, surprise, of "50%"

    If over 50% of the laws they make are nonsense, can we ban the politicians?
  • by pwnies (1034518) * <j@jjcm.org> on Thursday January 03, 2008 @05:31PM (#21900974) Homepage Journal
    This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge. That's the same thing the UK is trying to do now - they're trying to ban software because it might be able to be used for naughty purposes. Why don't you ban the C programming language while you're at it UK? I hear those buffer overflows could be dangerous.

    Hopefully this mistake won't take 400 year to remedy.
    • Re: (Score:3, Insightful)

      by timeOday (582209)

      This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge

      And, sure enough, it wasn't long after affordable printing and widespread literacy that Roman Catholicism headed steeply into its ongoing decline. (No, I'm not saying the enlightenment was a bad thing, just that it's exactly what the Church feare

  • In the US, completely insane laws, like this one, typically sit on the books for a year before a prosecution, get appealed to the Supreme Court of the US, and are killed by the legal system. Germany and UK both seem to have some terribly misinformed laws regarding encryption and security. Do these countries also have a judicial process for fixing laws, similar to that in the USA?

    The judicial system really is great, because the laws politicians pass to buy votes or appease contributors/lobbyists are, for the
  • by llamalad (12917) on Thursday January 03, 2008 @05:32PM (#21901002)
    How about if such tools were only legal for licensed/certified IT and Information Security professionals?

    Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

    The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.
    • Re: (Score:3, Insightful)

      by pwnies (1034518) *
      It'd still be a bad move in my opinion. What if you are making a small start up? Can you not probe your own network unless you're "certified" to do so? This would crush small businesses that couldn't afford to hire a "Certified AAA MSCE IT professional networkomagicineer", and could otherwise easily perform the same tasks themselves if it weren't for legal restrictions. These days you don't need to pay to be educated, and all the piece of paper that you get for being certified means is that you shelled out
    • by Spad (470073)
      I'm not a "Certified IT Security Professional", just a regular server admin. I was using nmap today to troubleshoot some connectivity issues we were having to a 3rd party and I really wouldn't want to have to either (no doubt pay to) get myself certified as a security professional or hire one in just to run a couple of port scans.
      • Re: (Score:3, Interesting)

        by llamalad (12917)
        I'm thinking CISSP or along those lines get the official certification 'for free'. Let current uncertified IT professionals get a grace period of a few years to take a free test to get certified.

        New IT professionals officially 'apprentice' grade or somesuch until they're take the same exam and perhaps some mandatory formal education.
      • You won't have to if this goes through either.

        This change to the law is more aimed at distribution of software.

        You won't get prosecuted for downloading nmap and running it (especially on your own systems), nor even for distributing it since it's a widely used tool. If you were to download some other port scanner that wasn't very widely used and start distributing it then you could fall foul of this law.

        It's not in force yet so get writing your MPs!
    • by evanbd (210358) on Thursday January 03, 2008 @06:03PM (#21901482)

      In both those cases, the requirements are based on the assumption that there is a risk to the customers, that customers cannot readily evaluate. (The free market can't solve problems, like safety in some cases, that are very difficult for consumers to evaluate.)

      I'm firmly against the idea of making ownership of lockpicks illegal, for the same reason as I'm against this law. As I understand the law here in North Carolina about lockpicks, I rather like it. You're allowed to own them, but if you're breaking and entering, tresspassing, or doing something similar, and carrying lockpicks then they automatically count as burglary tools. I rather like this policy -- it adds harsher penalties for those who go about acquiring tools and skills for illegitimate purposes, yet allows people like myself to own lockpicks purely because we like understanding how locks work. The analogy to computer security tools is a very good one, I think.

      Requiring certification of people representing themselves as computer security experts might make sense (I'd withold judgement until I knew more about how it worked, personally). But restricting the tools doesn't. Adding something analogous to possession of burglary tools, though, does make sense to me. (Well, somewhat -- it's complicated, and since you can't really break into a computer without some level of software tool, the analogy gets strained.)

    • by syousef (465911)
      How about if such tools were only legal for licensed/certified IT and Information Security professionals? ...and who would you trust to certify? The government that barely understands the technology?

      Guns are licensed in the US. Does that stop gun crime?

      Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

      This licensing is about ensuring competence so that if you hire a hairdresser or engineer you won't have all your hair fall ou
      • by evanbd (210358)

        I own a set of lockpicks. I use them to pick locks. Both are perfectly legal (where I live, as I understand it). The locks I pick are locks I purchased for the purpose. I made the lockpicks myself. In the process I learned a bit about the world around me (locks, metalworking, etc). It's a fun and perfectly geeky hobby and it trains my manual dexterity and intellect. I see nothing wrong with this.

        Now, in my jurisdiction, lockpicks automatically count as burglary tools if you're carrying them in comm

    • Please don't use my state as a paragon of freedom. Oh, wait, it's *security* you want? Try moving to some nice secure country where everything is prohibited, including crime.

      Certifications don't protect the public. They protect the certified against competition.
      • Certifications don't protect the public. They protect the certified against competition.

        Good idea! In that case when they (the government) ask us to check the security of a network we can just say: "sorry I can't legally do that, I'm not certified. cya later".

        OK being a bit sarcastic there.

      • I live in NY too...

        Certifications provide a baseline clue as to whether or not your has proven at some point to meet certain minimum requirements of knowledge and/or skill.

        I agree though that certifications don't protect the public- such professionals would have to be bonded for that.
    • Re: (Score:3, Insightful)

      by avandesande (143899)
      Maybe a better analogue would be make using 'hacker tools' illegal across public networks.
      Setting up a private network to learn and experiment should be legal.
    • by IronChef (164482)
      The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.

      And that law is stupid too.

      Criminalizing the potential to do wrong is a dreadful thing for freedom.
    • Re: (Score:3, Insightful)

      by turgid (580780)

      How about if such tools were only legal for licensed/certified IT and Information Security professionals?

      The 9/11 hijackers had pilots licenses. I'm sure there are other similarly licensed terrorists. And paedophiles.

  • by flajann (658201) <flajann@linuxblok e . c om> on Thursday January 03, 2008 @05:32PM (#21901008) Homepage Journal
    So, does that mean that if I write a compiler or scripting language, that I could be nailed for creating a hacker tool as well?

    Well, they may as well outlaw all of software development, because any software tool can be put to malicious purposes.

    What they should focus on instead are the actual actions taken by individuals to compromise someone's computer or network, not the tools they use to do it with. For instance, there's already a number of tools on the market and in FOSS that can do DDoS attacks -- but they are normally used to stress-test a web site or some other network application.

    The whole "intent" bit is always a slippery slope, ready for Kangaroo Court time. Obviously, these idiot politicians never saw or read "Minority Report", where going after "pre-crime" turnned out to cause more problems than it solved.

    Yes, the governments of the world are not unlike a bunch of monkeys with dangerous toys -- total unbridled power, without the wisdom nor the precision to use it properly.

  • What about..... (Score:3, Insightful)

    by himurabattousai (985656) <gigabytousai@gmail.com> on Thursday January 03, 2008 @05:35PM (#21901056)
    What about the hacking tool that resides between the ears? I could give you a hundred different "hacking tools" and a hundred different machines to hack, and unless you know which tool to use on which machine, they're all worthless to you. Unless you know how to use them, they're worthless to you. It's that big old hunk of grey matter that makes program code into a legitimate tool. It's that same stuff that makes a legitimate tool into a weapon. Some 90-year-old grandmother isn't (likely) going to be breaking into other machines for kicks. She probably doesn't have the knowledge or desire to do so, both of which reside in the minds of those who think it's funny to steal people's data.

    The solution: ban brains.

    Outside the sarcasm tags, I wonder how long it will be before some moron tries that.

  • by Ed Avis (5917) <ed@membled.com> on Thursday January 03, 2008 @05:40PM (#21901132) Homepage
    What is a 'legitimate' computer program? There are many people who make a living as consultants paid to test how hard it is to break into a company's systems. They might well need to use even the most dastardly and underhanded 'hacking tool' to do their work. Indeed the police and security services also use programs that help them get unauthorized access to computers. What grounds are there for criminalizing any computer program?
  • If you outlaw hacker tools, then only outlaws will have hacker tools.
  • Great Idea! (Score:5, Insightful)

    by RAMMS+EIN (578166) on Thursday January 03, 2008 @05:44PM (#21901222) Homepage Journal
    Great idea!! If we outlaw hacker tools, only outlaws will have hacker tools!

    Then we can just arrest everybody who has them, and we'll have our systems broken into by the black hats we missed, while those who would have protected us have their hands tied.

    And that's while using the popular meaning of "hacker", rather than the correct one.
  • by locust (6639) on Thursday January 03, 2008 @05:45PM (#21901234)
    Everyone knows that a pencil when sharpened can be used to maim or injure! I mean you could loose an eye! Paperclips can be used to pick simple locks! They facilitate breakins! These deadly and criminal tools must be outlawed! Hurry! Arrest the employees of Office Depot and Staples for purveying these items, and enabling the criminal underclass!
  • Thought Tools (Score:5, Interesting)

    by nurb432 (527695) on Thursday January 03, 2008 @05:47PM (#21901280) Homepage Journal
    I guess we should just arrest everyone that has a bad thought.

    WIth 'bad' being relative to the administration in charge at the time in said country.

    Will they be outlawing FTP or HTTP as well?
  • by Marcion (876801) on Thursday January 03, 2008 @05:59PM (#21901426) Homepage Journal
    Some relevant bits follow.

    CMA = Computer Misuse Act

    The whole thing seems to be rigged against free software/open source and heavily in favour of security through obscurity. Perhaps we should contact them and ask?

    Everything below is copied from the guidance. ......

    Prosecutors should be aware that there is a legitimate industry concerned with the security of computer systems that generates 'articles' (this includes any program or data held in electronic form) to test and/or audit hardware and software. Some articles will therefore have a dual use and prosecutors need to ascertain that the suspect has a criminal intent. .....

    Whilst the facts of each case will be different, the elements to prove the offence will be the same. Prosecutors dealing with dual use articles should consider the following factors in deciding whether to prosecute:

    * Does the institution, company or other body have in place robust and up to date contracts, terms and conditions or acceptable use polices?
    * Are students, customers and others made aware of the CMA and what is lawful and unlawful?
    * Do students, customers or others have to sign a declaration that they do not intend to contravene the CMA? ....

    Section 3A (2) CMA covers the supplying or offering to supply an article "likely" to be used to commit, or assist in the commission of an offence contrary to section 1 or 3 CMA. "Likely" is not defined in CMA but, in construing what is "likely", prosecutors should look at the functionality of the article and at what, if any, thought the suspect gave to who would use it; whether for example the article was circulated to a closed and vetted list of IT security professionals or was posted openly.
    In determining the likelihood of an article being used (or misused) to commit a criminal
    offence, prosecutors should consider the following:

    * Has the article been developed primarily, deliberately and for the sole purpose of committing a CMA offence (i.e. unauthorised access to computer material)?
    * Is the article widely used for legitimate purposes?
    * Is the article available on a wide scale commercial basis and sold through legitimate channels?
    * Does it have a substantial installation base?
    * What was the context in which the article was used to commit the offence compared with its original intended purpose?
  • It will be possible to give multiple shells on boxes located in countries that have not gone loco. Hopefully, Canada, Australia, or even France will come to the rescue. Sadly, it will not be America. I am quite sure that we will shortly try to pass a similar bill on our way to enabling bills. Stars anyone?
  • by Jim Robinson Jr. (853390) on Thursday January 03, 2008 @06:01PM (#21901456)
    Not to throw too much fuel onto this fire, but the UK has a large precedent with the concept that TOOLS are the problem rather than the USERS. Look at guns. Is the phrase "guns kill people" really that much different than "hacking tools break into computers"? Not in my book. In fact, they are so similar as to be scary. Both assume that intent is not relevant, the person behind the tool is not responsible for his/her actions, and that these tools cause crime to be committed. Come on guys... If we start banning tools that *could* be used to commit a crime you had better come lock me up now. I've got a whole garage full of hammers, screwdrivers and other tools... and I know how to use them! :-)
    • But always remember :

      Guns don't kill people, physics kills people
      Perhaps we should outlaw physics. Or physics textbooks - which might be quite popular?
    • Re: (Score:2, Insightful)

      by Marcion (876801)
      Banning things that have legitimate uses is really daft. Well, nmap, perl, baseball bats and hammers, all have legitimate uses.

      Making that argument for handguns is a bit harder.

      I am all for shooting criminals in self-defense. Go Joe Horn. Hang em all in the city centre and let their bones hang there for months.

      However, allowing the population to have handguns causes problems. Not least because, unlike hunting rifles, handguns can be concealed easily. At the moment in England, two drunken idiots get into a f
      • Re: (Score:3, Insightful)

        by akadruid (606405)
        All very well if you don't live in a 'problem area'. Random house searches based on your post code is not nice.

        I agree handguns are not really dual use though. A better example would be 4x4s (SUVs). One of them was recently used to ram-raid a post office near me. There could be an argument made that only farmers etc really need a 4x4, and the rest of us could cope with ford fiestas.
  • ... only outlaws will have hacker tools.
  • by Russ Nelson (33911) <slashdot@russnelson.com> on Thursday January 03, 2008 @06:11PM (#21901600) Homepage
    They can have my ping client when they pry it from my cold, dead hands.
  • Conflicting laws? (Score:3, Insightful)

    by taustin (171655) on Thursday January 03, 2008 @06:29PM (#21901938) Homepage Journal
    I'm wondering if "anti-hacking" laws like this will conflict with data retention laws that are also brutally oppressive, to the point where admins will be required to do things they can't possibly do without tools that are illegal to possess. Sounds like the sort of thing one would expect from China.
  • IN SOVIET RUSSIA (Score:5, Insightful)

    by spaceyhackerlady (462530) on Thursday January 03, 2008 @06:35PM (#21902024)

    That just doesn't seem funny any more... :-(

    Seriously, though, we're seeing a lot of this: the notion that any funny stuff, be it computer software, electronic goodies, chemistry, what have you, is a priori for bad purposes. Somehow due process has gotten lost in the shuffle, the user is apparently guilty until proven innocent, and must be dealt with accordingly.



  • by 4D6963 (933028)

    Yay, now I can feel it! The day they outlaw knives, crowbars, stethoscopes, matches and sleep pills is nigh!

  • by SageMusings (463344) on Friday January 04, 2008 @12:56AM (#21905830) Journal
    Say goodbye to GCC. That should prevent a fair amount of hacking, experimentation, and circumvention.
  • by museumpeace (735109) on Friday January 04, 2008 @12:45PM (#21910518) Journal
    I have a garage full of tools that could be used for burglary..and I do loan one now and then to my neighbors. The possession of tools that are exclusively used for harming or stealing is one thing but leaving it up to the imagination of law enforcement authorities to decide what is dual use is scary. But getting in trouble for distributing or just having tools points does not seem to cover those who know how to MAKE the tools. There is another analogy the I don't see addressed in this this UK "guidance": its illegal to carry an unlicensed or concealed handgun but nobody has any way to monitor or regulate the hands and feet of a highly trained martial arts master. So if I just happen to know how to code, basically from scratch, my own packet sniffers, key loggers, root kits, binary disk file editors, sneaky event handlers buried in image file formats etc etc and I hire myself out to random customers or employers, what can the authorities do?

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"