UK Moves to Outlaw 'Hacker Tools'

twitter writes "New guidance rules for the UK's controversial Computer Misuse Act do not allay fears of impracticality, or of the banning of legitimate IT software: 'The government has come through with guidelines that address some, but not all, of these concerns about dual-use tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.'" Somewhat similar legislation recently became law in Germany.

I better take down...

[MozeeToby (1163751)]

That list of every IP address I posted a while back.

Time to flee the Fascist State of America...

[goldspider (445116)]

...and find solace in Europe, where reasonable government and personal liberty reign supreme! ...wait, what?

Idiots...

[cromar (1103585)]

What is it with politicians??! Keep your nose out of business you don't understand and, uh, maybe secure the governments damn servers (a big problem in the US, at least). Maybe mandate security for banks, etc. The policy could be written by, gasp, someone who knows what they are talking about. Somehow, I don't feel like holding my breath till then...

Re:Idiots...

[archen (447353)]

Keep your nose out of business you don't understand

Well that's the problem, politicians have to make choices on topics they don't understand all the time. Do you think they really understand economic theory well enough to pass many of the laws they do? Do they understand health care? Do they understand military strategy? Hardly. Sure they listen to "advisers" but basically you'll always find people arguing about if things will really work or not. This is magnified many times over in the U.S. where we only have two parties.

The best you can hope for is people yelling loud enough to stop government stupidity from passing things like "anti hacker tools" type laws. Unfortunately there's always SOMEONE yelling trying to stop everything which is part of the reasons governments do so little.

IRC and Windows

[OrangeTide (124937)]

Better ban IRC servers (popular for zombies) and Windows boxes in general (also popular for zombies)

Re:IRC and Windows

[Pichu0102 (916292)]

Such full bans are not neccessary. Just make it so that Windows boxes and boxes with IRC clients are at least a few miles away from graveyards.

For once, I can feel good as an American

[elrous0 (869638)]

Every now and then I get to look at some OTHER country's heavy-handedness.

Not surprised

[fastest fascist (1086001)]

Pretty much on par for the UK, as far as I can tell. Now, fess up: Who gave the gov't there copies of 1984?

It's not about security.

[JonTurner (178845)]

Don't believe for a minute this is about security, it's about control. And those who regulate access to information, control those who consume it. Next steps? Mandatory spyware and BigBrother remote control software. To make it easier to spot the criminals/terrorists/boogeyman du jour, of course.

seriously

[SoupGuru (723634)]

I mean really, are there any legitimate reasons to use something like nmap?

Yes, ladies and gents, that was sarcasm. ...and yes, that "ladies" part was a joke too.

Outlaw politicans who make stupid laws about tech

[Marcion (876801)]

From TFA behind the TFA:

Whilst the law was going through Parliament the Home Office suggested that "likely" would be a 50% test.. Anyway, that guidance is now out -- and there's no mention, surprise, surprise, of "50%"

If over 50% of the laws they make are nonsense, can we ban the politicians?
   

Reminds me of the middle ages

[pwnies (1034518)]

This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge. That's the same thing the UK is trying to do now - they're trying to ban software because it might be able to be used for naughty purposes. Why don't you ban the C programming language while you're at it UK? I hear those buffer overflows could be dangerous.

Hopefully this mistake won't take 400 year to remedy.

Just for the sake of argument-

[llamalad (12917)]

How about if such tools were only legal for licensed/certified IT and Information Security professionals?

Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.

Re:Just for the sake of argument-

[evanbd (210358)]

In both those cases, the requirements are based on the assumption that there is a risk to the customers, that customers cannot readily evaluate. (The free market can't solve problems, like safety in some cases, that are very difficult for consumers to evaluate.)

I'm firmly against the idea of making ownership of lockpicks illegal, for the same reason as I'm against this law. As I understand the law here in North Carolina about lockpicks, I rather like it. You're allowed to own them, but if you're breaking and entering, tresspassing, or doing something similar, and carrying lockpicks then they automatically count as burglary tools. I rather like this policy -- it adds harsher penalties for those who go about acquiring tools and skills for illegitimate purposes, yet allows people like myself to own lockpicks purely because we like understanding how locks work. The analogy to computer security tools is a very good one, I think.

Requiring certification of people representing themselves as computer security experts might make sense (I'd withold judgement until I knew more about how it worked, personally). But restricting the tools doesn't. Adding something analogous to possession of burglary tools, though, does make sense to me. (Well, somewhat -- it's complicated, and since you can't really break into a computer without some level of software tool, the analogy gets strained.)

Please don't use my state as a paragon of freedom

[Russ Nelson (33911)]

Please don't use my state as a paragon of freedom. Oh, wait, it's *security* you want? Try moving to some nice secure country where everything is prohibited, including crime.

Certifications don't protect the public. They protect the certified against competition.

The Idiots are at it again...

[flajann (658201)]

So, does that mean that if I write a compiler or scripting language, that I could be nailed for creating a hacker tool as well?

Well, they may as well outlaw all of software development, because any software tool can be put to malicious purposes.

What they should focus on instead are the actual actions taken by individuals to compromise someone's computer or network, not the tools they use to do it with. For instance, there's already a number of tools on the market and in FOSS that can do DDoS attacks -- but they are normally used to stress-test a web site or some other network application.

The whole "intent" bit is always a slippery slope, ready for Kangaroo Court time. Obviously, these idiot politicians never saw or read "Minority Report", where going after "pre-crime" turnned out to cause more problems than it solved.

Yes, the governments of the world are not unlike a bunch of monkeys with dangerous toys -- total unbridled power, without the wisdom nor the precision to use it properly.

'Legitimate' tools?

[Ed Avis (5917)]

What is a 'legitimate' computer program? There are many people who make a living as consultants paid to test how hard it is to break into a company's systems. They might well need to use even the most dastardly and underhanded 'hacking tool' to do their work. Indeed the police and security services also use programs that help them get unauthorized access to computers. What grounds are there for criminalizing any computer program?

Great Idea!

[RAMMS+EIN (578166)]

Great idea!! If we outlaw hacker tools, only outlaws will have hacker tools!

Then we can just arrest everybody who has them, and we'll have our systems broken into by the black hats we missed, while those who would have protected us have their hands tied.

And that's while using the popular meaning of "hacker", rather than the correct one.

Thought Tools

[nurb432 (527695)]

I guess we should just arrest everyone that has a bad thought.

WIth 'bad' being relative to the administration in charge at the time in said country.

Will they be outlawing FTP or HTTP as well?

Historical Precedent

[Jim Robinson Jr. (853390)]

Not to throw too much fuel onto this fire, but the UK has a large precedent with the concept that TOOLS are the problem rather than the USERS. Look at guns. Is the phrase "guns kill people" really that much different than "hacking tools break into computers"? Not in my book. In fact, they are so similar as to be scary. Both assume that intent is not relevant, the person behind the tool is not responsible for his/her actions, and that these tools cause crime to be committed. Come on guys... If we start banning tools that *could* be used to commit a crime you had better come lock me up now. I've got a whole garage full of hammers, screwdrivers and other tools... and I know how to use them! :-)

They can have my ping client ....

[Russ Nelson (33911)]

They can have my ping client when they pry it from my cold, dead hands.

IN SOVIET RUSSIA

[spaceyhackerlady (462530)]

That just doesn't seem funny any more... :-(

Seriously, though, we're seeing a lot of this: the notion that any funny stuff, be it computer software, electronic goodies, chemistry, what have you, is a priori for bad purposes. Somehow due process has gotten lost in the shuffle, the user is apparently guilty until proven innocent, and must be dealt with accordingly.

Tragic.

...laura

Re:IDEs too?

[by Anonymous Coward]

"I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools..."

No, not a chance. What they really mean is if you wear tee shirt and create a dual-use tool in your basement, is contraband. But the same tool created by a person wearing a suit and tie in a corporation then it's okay.

Re:IDEs too? Oh yes, and what about OO Design?

[Beardo the Bearded (321478)]

When did my peers and people of my parent's age become such softcore fascists?

When they got scared.

The real truth is that there is no bogeyman, and that there's nothing to fear but fear itself. Even my four-year old knows that. ("[Girl Name], what do we have to be afraid of?" "Being afraid.")

And now, some "crimes" are nearly impossible to prosecute. How can someone in the UK file suit against a "cracker" from Atiqua or Afghanistan? They could potentially steal your bank account information and steal your life savings, buy a handgun, rob a bank, and put you on death row. Now, when you assume - note that word - that the backwards savages outside your home country have to have help to break in, then clearly someone with brains - I mean a white guy - er, I mean someone from the homeland - er, someone reachable by our police - must have helped them. That's complete junk, but to some the point is valid. The bad guys must have help, so let's go after the help. Never mind that the "bad guys" get paid more than I do.

And people are scared because they think things are the worst they've ever been. The fact is, the good old days were never here. Terrorists have been around since at least the Romans. We survive. The day of judgment will never come.

But that's not enough. You can't tell people to calm down - you have to show them that you're doing something, anything.

Seriously - people are attempting to legislate abstract concepts that they don't know about. I've seen laws suggesting watermarks in A/D conveters. One of the US Senators honestly thinks the Interweb is a series of tubes. He might not even be familiar with the concept of electricity. Imagine Ancient Greeks trying to pass legislation on the use of titanium in groundwater near nuclear power plants. If I give an opinion on civil engineering, I could be fined up to $25,000. If a politician does, he gets rewarded.

Instead of demanding the removal of the clueless, people just revote for the same guy as last time - if they even voted - or "stay the course". When those in charge have literally no consequences for their actions and get paid to pass legislation from special interest groups. Is copyright theft something that ordinary people really care about? Are there people who are thinking, "man, I'd love to go to work today, but I'm afraid that someone, somewhere, is copying a DVD to take the ads out. If only our government would pass some laws to fix that problem." Okay, maybe if the guy works making DVDs, but that's not a normal guy.

When the victims became criminals. Look at identity theft - it could be prevented with 100% accuracy if the credit bureaus updated their computers. All they have to do is add a picture to your report and require an automatic phone call to the last known phone number any time you want a change. That's it. It's now impossible to steal someone's ID. Of course, it's your fault for not buying title insurance, paying Equifax $25 a month for credit checks, and using your "internet thing" for banking.

When people started getting used to the idea of "I have nothing to hide". You do. Everyone does. I have skeletons in my closet, and I want them to stay there.

So what it really boils down to is that people are in general afraid of something, but they don't know what it is. So, they turn their wrath on anything that can possibly hold their ire. Immigrants, Hackers, ID thieves, the Russians, terrorists, etc. As long as the eye isn't on them, then they're fine. Torture the sandnigger or the hacker. They're the ones who made the world such a fucked up place. It's all their fault.

They're really afraid of themselves. How long will it be until the bank comes calling, or the boss cans them, or the spouse will leave with the kids?

It's a scary thought - we're lead by clueless, corrupt, whores who run the place by tacit consent from people who are too afraid to interrupt their routine.

This isn't exactly what I meant to say, but I think the power here has become unreliable. There's a lot of wind outside.

Re:I cant believe this word "hacker" is misused he

[dan dan the dna man (461768)]

I think it's about time people got over the semantics of the word 'hacker'. Given that 'crackers' don't call themselves 'crackers' they call themselves 'hackers' and they call what they do 'hacking', the word has *CHANGED ITS MEANING*. This is not uncommon for languages. Really. Just look at words like 'gay' for instance or even 'computer'. Go and find the original definition of that one!

Get over the semantic drift already, we're not all mired in some rose-spectacled view of the technoutopia where you have to have hacked solenoids under a model railway at MIT in order to qualify for the term.