Slashdot Mirror
'Hacking' To Be Declared Illegal
sowalsky writes sent us an MSNBC story that talks about hacking being declared illegal. Talks about the difference between hacking and cracking,
but more importantly, how the Draft Cybercrime Treaty would make things like BugTraq illegal, as publishing exploits would be aiding and abetting.
spin Dr: Microsoft products are the best in every way. Share and enjoy!
nerd: What about the glaring security flaws in every release?
spin Dr: it's illegal to take advantage of those holes, and you're not allowed to talk about them, so you don't have to worry about your employees making undocumented modifications (if you have poor process) unless you hire criminals. You don't hire criminals, do you? Microsoft; share and enjoy!
nerd: [speechless]
bill: muhahahah.... the DMCA, now this, all the signs of my imminent dominion are coming to pass!
creme pie: *poomph*
Your Rights Online: 'Fucking' To Be Declared Illegal
[ News ] Posted by CmdrTaco on 9:53 25 October 2000
from the heard-this-one-before dept.
sowalsky writes sent us an MSNBC story that talks about fucking being declared illegal. Talks about the difference between fucking and sucking, but more importantly, how the Draft Cybersex Treaty would make things like ASSTR illegal, as publishing pornography would be aiding and abetting.
I help them geek girls out with their esoteric vi commands
Bimbos use vi. Geek girls use emacs.
REMAIN CALM - EVERYTHING WILL BE OK! I'm a Federally Licensed Network Administrator - I am authorized to debug and reboot this BSOD'd NT server. Stand back now, I'll be using some super secret tools and software that's for my eyes only. DON'T MAKE ME REPORT YOU! This is serious stuff. Ok... Ah, here we are... Dr. Watson!
Guns are physical objects which are purchased from registered suppliers(generally); thus eliminating their sale and making possession illegal can actually be enforced.
Software on the other hand, has no physical form (aside from a print out) and particularly with hacking software, is not something that is enforced. Unless they are planning on maintaining extensive surveys of the web and/or executing some sort of mind control, they really can't do anything to reduce the proliferation of the software. They might be able to drive it underground to some degree, but considering a lot of this stuff already exists on the fringes of the net, its not going to make much of a diffence. All it will do is inconvenience those people who have a legitimate use for the software.
Your argument is flawed. The same crazed person that would go and shoot someone could also just as easily run someone over with a stolen car. *Criminals* do NOT live by the same set of rules as law-abiding citizens do. It doesn't matter jack shit if you outlaw guns, drugs, fast cars, crotch rockets, or exploding manequins... if criminals want them they WILL get them. I know it is a tired phrase, but when you outlaw something, only the outlaws will have it! Guns can be used for defense AGAINST these criminals as easily as they can be used for offense against innocents.
When a kid is old enough to hold the gun and shoot straight at a target he's old enough to own a gun. With that comes the responsibility of taking safety classes and knowing how to properly store it. I'd rather have a 16 year old own a handgun to use for target shooting than stick them behind the wheel of a 1 and a half ton car propelling down the road at 80mph.
(can anyone tell me why I need to select "plain old text" to get html tags to work?!)
Because Malda doesn't listen. He's been told as much, but he swears up and down that it's right.
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Lets break this down, point by point:
1) Not a law? No, not yet. It's a treaty, but if things go as this article makes it sound they might, we damn sure will.
2) This would be an INTERNATIONAL treaty, with part of the intent being that it be ratified here.
3) This is the 19th revision of the treaty. With fairly sweeping statements about security analysis and intent and the like, it could cause problems for anyone who looks at issues of security.
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
It said right in the article that the people from the US who the CoE was using as an information source desired for this treaty, whenever it reaches its "final" form, to be presented for ratification here in the US. I for one find that a rather disconcerting thought, the government having so many fingers in my choice of profession (and hobby).
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
They don't take expert opinion into account because that's the last thing they want. They want an easy, quick fix that will make all the bad people go away, instead of looking at the real problem. Expert opinion would complicate the situation - they actually know something, and they'd have to introduce logical thought into process, and where would that get us?
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Read that article again there, slick. That'd be a US _and_ European _treaty_. And Sweden is, if memory doesn't fail me, a participant in the EU, right? Well then, you know what that means...
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Probably those would be excepted, because they're done either (a) by the maker, or (b) by a third party under explicit contract. Though with no one else to keep eyes on what's going on, I'm sure QA would be on a downhill slide before long.
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Did you read the part of the article that talked about people who had read the previous drafts and sent in their feedback? Well, it says they were ignored. Doesn't give me a whole lot of confidence in the group drafting this treaty, if the input they're given is thrown out.
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Security through obscurity does work, though. In combination with other measures, it can prevent an intruder from knowing which mechanisms you are using to protect something.
My apologies -- I am a supporter of security through obscurity as another layer of security for a device. I am vehemently against it as the sole security measure used in a device or system, however.
An example in the physical world would be a safe. If I safe cracker doesn't have a diagram showing the internals of the safe, he doesn't know precise places he can drill to defeat the lock mechanism.
This is an example of security through obscurity as an additional measure, which is something I agree with. My comments history doesn't go back far enough to a discussion I had with signal11 (I think) on this very example.
You folks can bleat your mantra "Security through obscurity does not work" all you want. Security through obscurity is only a component of any well designed security mechanism, and as a part of the whole, it DOES work.
I think we're on the same side of this battle... In your original post, you came across as the type who prefered to have ONLY security through obscurity. I see this is not true.
You just want everything to be Open Source and can't bear the thought that there's code out there you're not allowed to crawl through.
You know me that well, do ye?
I happen to prefer reverse engineering systems and breaking security measures. I enjoy disassembling and keeping notes and the feeling you get when you finally understand someone's system without their help. Don't go painting me up as you think you know me; Instead take a look at who I am and act accordingly.
Open source is cool, I'll admit it. However as someone who writes proprietary firmware and engineers proprietary hardware designs I understand and enjoy both sides of the arguement.
Wrong. You get the full protection of the DMCA.
Bzzt! Sorry, thanks for playing.
I'm not American and as such am I not under the control of your laws.
America isn't the only country with stupid laws (and even with DMCA, it is only supported by one state IIRC?), but America does seem to be the only country which thinks that its laws apply to every country on the planet.
So they'd be offering exceptions to the law based on profession as opposed to, say, an applications by application basis (nMap would be kosher, but Divine Retribution wouldn't be)?. While the proposal on the whole is idiotic and insane, they can't possibly expect to limit people based on what job they currently have.
If so then the solution is simple: start up your own business and make sure you administrate at least one computer. :-)
I don't think this will make it into law but as someone who makes a living through research and development (which includes reverse-engineering, hacking, whatever you want to call it) I will fight this as best I can. Being in Canada I don't have to worry about EU and US law, although I do have to worry about our own braindead government and extradition. :-)
2) This would be an INTERNATIONAL treaty, with part of the intent being that it be ratified here.
where do you get that idea? I haven't seen that anywhere except that poorly written, misleading article. Certainly the U.S. is interested in such issues and will probably pass similar laws in the future, possibly including similar treaties, but
this is not that. I mean, a treaty between Mozambique and Brazil is international but that doesn't mean the U.S. is involved.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
Thanks for posting that. It seems to me that this is not as insipid as people are making it out to be. I certainly don't see how this covers *descriptions* of exploits. It would seem to cover root kits and the like, but that's a good thing, IMO. This by itself is not going to cause massive regulation of the industry and a carnivore at every modem.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
As many other people have pointed out, the United States is not a part of the Council of Europe. However, as a strict Constitutionalist, you probably already knew that.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
1) It's not a law.
2) You don't live in a country that this *treaty* covers. (At least, not if your email address is accurate, and Virginia Tech is still outside the E.U.)
3) The article this story links to is nothing more than a very successful troll. The draft treaty has problems, sure, but it won't do anything like outlawing bugtraq.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
No, it wouldn't. Just because it says "possibly even the U.S." in the title of the article, doesn't mean that possibility is more than a figment of the author's apparently active imagination.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
...include in the wording of article 6 that intent to commit offense must be proved.
...the provisions of article 9 make it illegal to *cache* transmissions including kiddie porn.
That footnote *does* say that the burden of proof would remain with the prosecution. The implementation is left to the individual countries... I think this could go either way.
article 11...as written makes it illegal to submit patches to security software, if you did not realise that the intent of the author was black hat
Can you be aiding and abetting if you have nothing to do with a crime and are not even aware a specific crime took place? I really don't know on this one, but I don't think you can be prosecuted for aiding and abetting criminals if you sold them tools and were unaware they were going to use them to rob a bank.
You may have a point here, but I think "intentionally" in Article 9, pp 1 would preclude caching since that's certainly not intentional. (And IMO, that's not "offering" or "distributing" either, but it would be interesting to see what the courts say about that. Have there been any rulings on whether caching counts as distribution either in the States or in Europe?)
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
Probably just wishfull thinking though...
Loren Osborn
Seems like making bugtraq into a distributed 'get your bugs here!' system a la Gnutella would be a very useful way to combat this sort of information filtering.
Once again people seem to think you can legislate information flow without instituting a totalitarian regime.
TMH
What are you on crack. The PI should get a warrent to search the premisis if he has cause. It looks like he is trying to find cause to get a conviction.
Stay away or you could be convicted of a felony for illegal comptuer entry if he finds out.
First off extending existing laws into new domains should be up to the courts to decide. You also miss the point that making exemptions for netadmins is NOT ENOUGH.
This treaty is short sighted and dumb. Once again we are handing over rights to free association and freedom of expression.
Lets go over the points here...
Trying to make "Hacking Tools" illegal.
A tool is already illegal if it has no non illeagl uses. Hmmm... basicly any hacking tool out there can also be used by netadmins to secure there network.
Keeping extensive logs.
Ok, this is a clear privacy violation. Police need to find a better way to catch cybercriminals that do not include violating my right of expected privacy.
Easier asscess to compter files via sopena.
I think this one speaks for itself.
Never let annything become laws with "Dubious" parts. This one is especially bad because nothing is clearly defined, and just imagin what would happen when telnet and ftp are declared illegal by some country and you are exterdited to stand trial for connecting to one of their servers with a fxp client. Remember is the computing community cannot decide on what a hacking tool is, how are misinformed politicians and police?
Grr.... these stupid things make me REALLY mad.
And in addition, once a treaty has been ratified it becomes a higher law than the Constitution. Treaties can be used to trump the Bill of Rights, I would expect to see some of this happening soon if it has not already happened.
you're probably basing this on Article VI, paragraph 2 of the Constitution: "This Constitution, and the laws of the United States which shall be made in pursuance thereof; and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the Constitution or laws of any State to the contrary notwithstanding." [emphasis mine]
"under the authority of the United States" means that the federal government cannot ratify treaties which demand the use of powers the government does not have. so, no, treaties are not higher than the Constitution, and no, treaties cannot be used to affect any part of the Bill of Rights.
"onward!" cried the copper man, little knowing brass corrupts...
Unfortunately, by the time the Libertatrians had enough influence to prevent this kind of thing, we won't even be allowed to vote anything but D or R.
-- let me burn you let me burn you let me burn you -Front 242
That still does not address the possibility of Bugtraq being shut down.
pronoblem
Bologna! That is all I have to say at the moment.
Well, not really... what I want to say is that our judicial system is as good as a three ring circus.
pronoblem
When america first began it developed a system of government that could handle your basic farmer and uneducated person. Basicly someone who had been to school was needed to help run the country for the ignorant.
/. to keep me up on the upcomming evils that affect my life.
Today, here as well as other countries, we have a government run by the ignorant. They know little to nothing about coumputers or the internet, and yet they make up laws regarding it.
How can this continue to happen? I know the geek community well outnumbers the govt officials in charge of making our lives miserable. So how do we manage to get all of the people (myself included) that do nothing into doing something? We have jobs, school, games, or whatever that we spend mass amounts of time on, and don't always take the time to get involved. Somewhere between writing code and killing others online I manage to read
Getting more intellegent people in govt isn't going to happen any time sone. What can we do to stop these ridiculously blind attempts at making everything not moron normal illegal?
If ignorance is bliss, the world is full of blissful people
This is not a troll. Please read the whole thing and tell me what you think. Ok, keeping lists like bugtraq from publishing the fact that $daemon has a vulnerability which allows $bad_thing through $exploitable_function_of_daemon is ridiculous. Obviously, there's just too many legitimate uses for such information, not the least of which being the consumer's ability to make an inteligent, secure choice in which daemons to run.
But what about the actual exploit code? It's considered bad form to start spreading the word about a 'splot without giving the developer a week or so to release a patch first, but there's nothing (currently) prohibiting people doing otherwise, is there? And especially in the case of closed source software, who but the developers would have anything but a destructive use for such an exploit?
So my question is this: Supposing there was something like this "treaty" (is the actual text of the draft online anywhere?) which allowed the developer to specify through their software's liscence whether public release of exploit code (as opposed to information regarding the fact of a vulnerability, which should never be withheld) should be allowed? That way open-source projects could have public patches devised and released quickly, through the user base, while closed-source projects wouldn't end up having exploit code published to people who can't write patches and therefore have no constructive use for such an exploit.
Have I missed something or does this sound like a decent argument against having the unlimited "right" to distribute exploit code as opposed to vulnerability information? I'm sure a lot of people will point out that once enough technical information is released about a vulnerability then it won't be long before someone,illegal or not, writes an exploit for it. But without a legal (ie high profile a la bugtraq) way to publish the 'sploit, only the developers and a few crackers end up with it, as opposed to the way it is now where hundreds of script kiddies get instant access upon its being released on bugtraq.
Thoughts?
"(no knowledge of subject matter) + (crack cocaine) = (journalism!)"
--
Quick! Post the wrong link to the site like an idiot!
:)
You may want to tone down your assholishness when attempting to dress down other folks, as you are not yourself perfect.
Thanks to your episode of brilliance, you posted the link to the 8-month-old version, instead of the up-to-date version. Soooo....all those folks who actually *did* go there and download it and read it and make comments on it and send them in...were commenting on the wrong edition, if they didn't bother to actually check up on your information. Way to go - score 1 for democracy.
Yes, I realize you were trying to be helpful. But, helpful means doing the research first *in fullness*. I do appreciate the thought...but the execution was a bit lacking.
But, don't get pissed...get even. Do it right next time. I promise to eat my words if I see it.
Try This Instead
Hell, check all of 'em out
Given enough hydrogen, just about anything is possible.
that when the OpenBSD team finds 800 or so format string errors, fixes them, and lets everyone know therough the errata page and cvs tree they're aiding and abetting also, since format string programming errors might be exploitable?
Should they not release this sensitive information until every other OS catches up with them, and fixes their sprintf errors as well?
Gimme a break!
If a treaty goes against the constitution of any country then that country's representatives should have no right to sign the treaty.
First off, I don't think "lives saved by guns" stats are even kept. Second, lives taken by guns also include such niceties as suicides (where the person would just as likely use something else anyway and doubly useless since the stats are to illustrate supposed gun violence) and "line of duty" police shootings (which shouldn't be part of the stats for the purpose of the studies). Of course, my fav is the use of 17-20 year old gang bangers as kids in "kids killed by guns" stats. Like even a sheltered 17yo person is considered a child in the traditional sense. Even with all of the BS in these stats, gun deaths are still minor compared to death by doctor malpractice (at least per capita of doctors vs per capita of guns), car accidents, etc. As far as being drunk with guns goes, I don't do it, period. Oh, btw, I don't "play" with my guns either. No more than I "play" with my car... Chris
I agree with you 100%. This also applies to guns as well. The government is trying to take our right to gun ownership away, which will only leave us defenseless.
The more I think about it, the more I'm scared at what our "free" nation is trying to do to us.
VOTE LIBERTARIAN!
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
If people want to declare tools illegal because they might be used to break into a system, then I have a very simple solution.
Hold the major application vendors responsible.
Seriously. Let's say I purchase (key word purchase) an application from a vendor. The vendor's application gets compromised (buffer overflow, let's say) - an intruder now has root on my system.
But wait!
That application was used in the attack on my system, and because of its flaws an attacker is now able to control my system. Therefore, they should be punished.
"But what about the EULA?" Doesn't matter. It's still a tool that was used to crack my system! And it was sold to me! And I had no means to correct its faults! And the vendor told me it was secure!
Boy, if HP, Sun, M$ were all held accountable for the security flaws in their products and design; if they had to pay $1 per incident in damages...
Does this mean ping will be illegal? Or any type of clients/tools that search for servers (irc/ftp/ etc..).. What about search engines?
This could also kind of backfire.. Imagine ISP's that scan ports to see who's running webservers that they 'shouldn't' be.. Wouldnt that be illegal too??
Slashdot is like Playboy: I read it for the articles
That kind of law would be great for companies such as Microsoft. If noone is allowed to publish the flaws in their operating systems, their credibility is maintained. I mean, come on, everyone knows that big corporations run the world, not the govs. If not MS, then some other big corp.
Just because the Nazis brought about the holocaust does not mean that every thing they did has been tainted by evil. It might be my imagination, but I do believe that German streets are safer than American streets. Both before and after the war
You conspicuously left out during the war. The streets may have been safe, but not if you were a Jew.
Anne Marie is a man. Quit feeding this mantroll.
regulated militia (the thing protected by 2nd amendment)
Really, so when they say "the right of the PEOPLE to keep and bear arms shall not be infringed" they are refering to the militia. I guess when they mention the PEOPLE in the first and fourth amendment, they are also only refering to the militia then right?
Sorry friend, but the line "a well regulated militia" is intended to be an intro into the amendment, meant to justify it (if you studied history you might know this) and has been decided by the supreme and high courts several times to refer to the whole population.
Lesser courts have decided this differently (usually in the case of a felon arguing to get a gun), but this country still recognises that the second amendment give the PEOPLE the right, and your uninformed opinion doesn't change that.
weirdo gun zealots, an endangered species mostly (only?) nesting in US of A
Don't look now, but over half of us legally own guns. And by calling me a wierdo you only weaken your own arguement by showing immaturity.
Finkployd
If hacking is to be declared illegal, does that mean cracking is legal?
Who the hell gives a shit what the COE does? These jokers can't even get a real currency together.
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
If you have the source, you don't have to engage in reverse engineering or share unpublished information on the product. Again, Open Source will be the safe refuge for developers who don't want hassles!
The Supreme Court has historically been very conservative in interpreting the First Ammendment. The odds are, this would be considered a clear violation (akin to censoring government whistle-blowers). Therefore, it is likely that they would not allow such a restriction of the First Ammendment.
However, it is certainly the Right Thing to do to let your President and Congressional representatives in the Senate know how you feel about this. Go for it! Better yet, write letters to real news publications (e.g. the New York Times, Chicago Tribune, etc.) letting them know. Heck, write to the NRA! If the First Ammendment can be eliminated, the Second can't be far behind....
DOD thinks infrastucture hacks could be lethal: hit a hospital, for instance, or mess with a traffic control system (air OR ground. . .) Or hack a Fission plant's control system. . . .
Just because there has not been a lethal hack to date, does not imply that a lethal hack via an exploit doesn't exist. . .
If you outlaw cluefulness, only outlaws will have clue... :-o
Sheesh. You know, some times places like MSNBC think only assholes and ID10Ts hack computers, I guess. There is that quote saying that "hacking computers doesn't pay". Sheesh!
Did any hacker out there ever do a cost/benefit before rooting someone's box?! I mean, hackers that target e-com servers with millions of card numbers on them seem to think it's worth it!
Just remember there's M2 - hopefully people use it.
I do. I'll be looking for that one in a few days.
Admit nothing, deny everything and make counter-accusations.
First they came for the Communists,
and I didn't speak up,
because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up,
because I wasn't a Jew.
Then they came for the Catholics,
and I didn't speak up,
because I was a Protestant.
Then they came for me,
and by that time there was no one
left to speak up for me.
--- Rev. Martin Niemoller, 1945
It says in the article that there was already a "public comment" period. People already raised the points that a non-flaming Slashdotter would make. Those comments were ignored.
1) Guns saving lives show up anecdotally, but not in cold statistics. Guns taking lives do. What can ya do?! 2) I hope you don't play with guns if you're as drunk as Ted Kennedy when he drove!
You shouldn't point a gun at somebody unless you intend to kill them.
Lock and load.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Why does this remind me of the Dilbert strip where no one is allowed to move their computers themselves because they aren't propperly trained.
I think that was more of a political statement about unions and how they prevent even simple things from getting done, rather than a statement specifically about certification or training..
I seriously, seriously doubt that any legislation that is worded so that it outlaws Bugtraq (et al) will pass constitutional muster. The Court has repeatedly and persistently held that for prior restraints on free speech to be Constitutional there must be a threat to national security involved, or other similar extreme cases. Yes, the cynics out there will point out FCC v. Pacifica, but cases such as these are rare. Generally speaking the Court sides on the favor of the First Amendment (see Reno v. ACLU for a recent example.)
IMHO, should a treaty get signed that is a blatant 1st Amendment violation, I would love to see the Court's take on it, both as a matter of international and constitutional law.
Not to mention the fact that it will be unenforcable. Txt philez will still propogate. In fact, I believe that such a treaty would only serve to increase the dissemination of quote-unquote hacking information, based on the forbidden fruit factor.
That's not quite true. The Sikh religion includes wearing or carrying several things, including a knife that was illegal in size. Over 6 inches I think... Anyway, they changed the law to allow the knife for religious reasons.
You can't run around carrying a sword in Canada, no matter what religion you are.
Dozer
"The dumber people think you are, the more surprised they're going to be when you kill them."
Dozer
"The dumber people think you are, the more surprised they're going to be when you kill them."
That's part of the problem with The Council of Europe's Draft Cybercrime Treaty, authored by the 41-nation body in consultation with the U.S. Department of Justice.
Please note, "Council of Europe" != US.
Last time I checked, Sweeden was a part of Europe.
Yes, I do agree this is a completely silly treaty written by people who take advantage of others fears and use them for political gain.
Unfortunately, ignorance seems to ignore national boundaries.
rosie_bhjp
A radio maverick jumps to internet only. The Future of Rock n Roll
Lets say the program gets into the public domain.. The admins of those system discover that there is a problem immediately, perhaps before any incidents occur.
Now lets say that only a few people have access to it. They could potentially shut down hospitals nationwide at their whim and the admins of the systems wouldn't have a clue what the hell is going on.
What will all those plumbers do if 'cracking' is illegal?!
ALG
Consider the fact that in most people's minds "hacking" has been conflated with the notion of "dangerous computer crime", and that most people think hackers are all credit-card stealing sociopaths. We need time to educate the public about the need for "openness" regarding security exploits, and how getting these exploits out in the open produces an incentive to get them fixed. I don't know that we *do* have the time to do it, though.
Think Different
I have just as much problem with the "intent" thing. Examples:
I buy a gun with the INTENT of using it to blow away my obnoxious neighbour. But I never commit the act. So I have not committed a crime.
I build an application with the INTENT of using it to hack into BigBadCorportation.com. But I never do so. Under this treaty, I have apparently committed a crime anyway.
~REZ~ #43301. Who'd fake being me anyway?
A journalist's report of one lawyer's interpretation of the treaty is not much to go on. The treaty itself is available, and the journalist seems to have left out a lot of the "without right", "intent" and similar issues that are in the treaty itself.
We should be concerned about this treaty, but base your arguments on the original source, not some journalist's interpretation (or the usual ill-informed speculation you see here).
The lawyer's opinion would also be useful input, but I don't have a reference to that.
Apply this to the physical world: crowbars, screwdrivers, wrenches, microscopes, medical/electronic/mechanical/ANY! texts, voltometers, syringes, hammers...virtually any tool can be used as a "circumvention" device for SOMETHING.
In Real Life, when you do something like pry open the covering of something or otherwise fsck with it, the worst that happens is you void your warranty. You don't become a criminal!
It's 10 PM. Do you know if you're un-American?
*cough* WIPO *cough*
How we know is more important than what we know.
bah.. even if I intend to hack the white house I have the right to program whatever the hell I want. When I hack the white house you can come and get me, until then, stay off my harddrive.
How we know is more important than what we know.
Anyone want to start a campaign? I'd love to see Stallman holding a sign in Times Square.
But they do anyway.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
What we need to do is not increase the number of things that are illegal, but increase the PENALTY for doing those things. Too often, a person gets a "3 year sentence", but gets out in 6 months. (Or a "Life sentence" and gets out in 10-15 years.)
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
Something as strong as accusing some members of the armed forces of being traitors to their country requires SOME sort of link.
Erik Z
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
Here's a way to make it even more effective: make some small changes to the letter to make it into a petition. (You can see my version (in plain text) here.) Print it out and take it to work/school with you. (Assumedly, many of you spend great quantities of your time in geek-saturated areas. Leave it on the bulletin board, with a short note asking people to sign it. Come back in a few days, put it in an envelope and mail it. Tada! Instant activism.
abszero
(also, on a side note, the treaty, if broadly interpreted, threatens to render large sections of theoretical number theory illegal.)
I didn't check this in the HTML draft, but in the newest Word draft the following passage appears as a footnote that may address some concerns...
Several comments from industry indicated that the so-called "cracking-devices", to which Article 6 applies, may also be used legitimately to test system security. The explanatory report shall clarify that the conduct defined by Article 6, when undertaken with such legitimate purposes, would be considered to be "with right". Furthermore, the burden of proof of the unlawfulness of conduct under Article 6 would lie with the prosecution. In this context, reference should be made to the footnote under Article 2 concerning the meaning of "without right".
Lib.BENCH the only site you'll ever need!
If "Hacking" wasnt already illegal then what was Kevin put in jail for? Who the hell comes up with these laws? This is the same thing as all the gun laws we have that nobody get prosecuted for. Congress feels that if they are passing pertinent laws then the public will feel they are "Doing something" about the damn hacking problem. So we will feel more "secure" about our online shopping, etc, and the stock prices rise and the NASDAQ will rise...etc...etc...
This kind of legislature makes me sick...
"If you only knew the POWER of the DARK SIDE!"
Don't forget the codpiece... very important. Unless you want to sing the castrato part.
Gamingmuseum.com: Give your 3D accelerator a rest.
1. You may carry concealed, or in the open. 2. If you are carrying in the open, and a citizen doesn't like it, you can be arrested for causing "terror in the public".
Hungh? What if I think your shirt is too loud? Am I causing "hurting in the ears"? By the way, there's some bug in the slashcode that wouldn't give me a hard return between items 1. and 2. even though I put the hr tag in there like four times.
Gamingmuseum.com: Give your 3D accelerator a rest.
Intent is the hardest thing of all to prove. Why do you think so many convicted murderers end up back out of prison after a few years?
Russian Russian Russian RussianDollSig DollSig DollSig DollSig
Publishing can't be illegal in the US...newspaper stories about crime would vanish! Even the anarchists cookbook is a perfectly legal expression of freedom of speech & the press. Outlawing bugtraq is laughable, and will never stand up in court; why don't we arrest the manufacturer of a car used in a getaway for aiding and abetting?
Usual lack of knowledge disclaimers but I have scanned the thing briefly....
This mightn't be as bad as it looks initially,
The wording of Article 6 Illegal Devices includes the phrase...
with intent that it be used for the purpose of committing the offences established in Articles 2 - 5;
Where Articles 2-5 are about Illegal access, interception, data interference and system interference and all contain the words 'without right'.
In other words, a security professional would have the right to do any of items 2-5 and could therefore own the tools described in 6 legally. In the case of an amateur owning tools the prosecuting authority would have to prove that the person intended to use the tools on systems he/she did not have the right to use them on, ie. other peoples.
On another part of the draft about copyright, the treaty actually seems to be better than the existing legal situation. It requires legislation about distributing copyright material 'on a commercial scale' which would seem to get a lot of the P-P systems, or at least their users, off the hook.
On the other hand articles 14-15 seems to require a way of forcing people to hand over encryption keys to authorities.
Is this the same Council of Europe that came up with the fscking Euro! Don't look now, it's just dropped another 10 points!
-- "To ask a question is to show ignorance; Not to ask a question means you'll remain ignorant."
And a responsible person never gets his car stolen?
And for your information, not all guns are designed to kill something (or someone). Olympic class target pistols, while capable of killing, make piss-poor assassination tools.
-- Will program for bandwidth
* Ridiculous law passes... Descent hackers that find holes continue to find them, but have no avenue to advertise them... Good, honest IT admins are thus kept in the dark about insecurities in their systems... the general community suffers as malicious hackers continue to do what they do.
* Ridiculous law is seen as it is and does not pass, Descent hackers find holes and alert the World, the IT admins patch the holes on good systems that are easy to patch with timely patches becoming available (read OSS OSes)... those systems continue to become more and more secure, whilst systems based on security by obscurity get worse and worse.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Anyone else wonder about the fact that the only people allowed to make the laws are, exclusively, those least qualified to do so?
I whole-heartedly agree. Has anyone ever thought of things from the other side? What if there were no laws regarding computers - security - intrusion - spamming - etc. What if everything was free game ( realize that some activites would fall under existing laws like credit card fraud or industrial espionage ) Security would be much more of a concern. This would force vendors to carefully consider the possible misuse of any software they produce. Would you buy windows if there were no laws about how people can attack your computer/ read you email/ what have you. When something ( anything ) is put into a harsh environment, it is forced to become stronger or die. The same is true with internet software.
I'm supposed to be working right now.
Well I guess college cources that focus on securing and stabilizing network hardware and OSes would become illegal to teach. Maybe they'll start burning the text books. Sig heil.(sp?)
What about banning programming and scripting languages? You use those to write exploits don't you? According to 2600 vs Mpaa fair use is going out the window legally.
Why not just start putting up natzi flags?
This is total crap.
Defraggle
Head monkey
Dynamic League of discord POEE Cabal "Monkey"
In many churches in the US, you'd have to say "possibly armed", because a number of states DO permit CCW and don't prohibit it specifically in churches (and banning CCW in churches is a bit silly if you trust the people enough to allow it elsewhere).
So, for instance, if you tried to rob the congregation at a Sunday morning sermon, you'd be taking a chance. I'd suspect in most cases you'd win the bet (given the regulars are more likely to be older and female, if memory serves, and less likely to carry statistically) -- but it's still a a chance. And the wager would be the robber's life versus some amount of coinage, hostages or whatever the objective is.
In the UK, the odds, if the congregation is law-abiding and does not include on-duty armed policement (the armed response teams), happen to be zero; the group is practically guaranteed to be *unarmed*. Most convenient if you're crazy, but not crazy enough to ignore the possibility of being shot.
Only the dead have seen the end of war.
More specifically, for the folks in the US -- write your Senators. The House will have no say about this, but the treaty will not go into effect here unless the Senate ratifies it.
Only the dead have seen the end of war.
Hmm, few days old -- but one of our former servicemen confessed to helping out bin Laden's people with planning the US Embassy bombings in Africa. Let's see what I can find that doesn't require money for an old article...
Here's a CNN article.
Former US Army Sgt. Ali Mohammed confessed to conspiring in the Kenya and Tanzania incidents. My bad; he was a former serviceman who apparently left the service in '89 (it does not say under what conditions).
Only the dead have seen the end of war.
Military systems also come to mind -- that is, those providing information.
Given that it's known now that folks like bin Laden have had, and probably still have, sympathizers and accomplices within the Armed Forces. Might be handy if they have physical access to a terminal on a "secure" network, that otherwise provides no external access. Things like blueprints, security precautions (shift schedules, for instance), and personnel files might be interesting.
Only the dead have seen the end of war.
Actually, the position is rather akin to Gore's stance on gun control...
Ask him about CCW in churches, for instance. Apparently, he's against it, as if this were a Highlander universe and we were all immortals who cannot fight on holy ground. That ignores multiple incidents, such as a certain loon in the UK who attacked an unarmed crowd in a church with a sword...
Or, for that matter, whether he supports the ban on handguns (even an unloaded handgun w/ a trigger lock in a gun safe) in DC. As we all know, DC is a WONDERFULLY safe city where such things as innocents being shot in a crossfire at a city zoo NEVER HAPPEN thanks to the gun control promoted by liberals everywhere...
Only the dead have seen the end of war.
As somebody noted a few days ago...
US Constitution, Article VI, paragraph 2.
This Constitution, and the laws of the United States which shall be made in pursuance thereof; and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the Constitution or laws of any State to the contrary notwithstanding.
The wording is ambiguous -- does the phrase "of any State" modify "the Constitution" as well? -- but it could easily be read to imply that treaties override the (national) Constitution.
Only the dead have seen the end of war.
The consequences of treating computer people like locksmiths would be severe. Mandatory professionalization would force the computer industry to slow down enough that the unions would start to have a realistic shot at it. Do you really want to be in a situation where some guy half way around the world is going to say 'tools up' and you are obligated to stop coding?
No thanks,
DB
It seems alot of new laws are being suggested by the police. What i want to know is, why do the police have any say in what they think should be law. in the US, there is supposed to be a seperation of powers; police should ONLY be enforcing laws, not helping create them. Thats why we have congress. I think these "borderless cybercrimes" would be helped dramaticly by admins that have a clue. Most breakins are done by well known means. If a problem has been known about for such a long time, why are the admins continuing to use the broken software or configure the software poorly? Admins have no excuse for not stopping well known breakins, yet they are the most common. its absurd.
>>The Council of Europe has promised to provide a list of exceptions to the treaty, and professional network administrators will likely end up exempt.
Okay, now how are they going to define that? Is there some kind of test I have to take to qualify for this or do I just have to have this written on my business card???
What about people who have a home network connected to the Internet?
Michael
If you want to e-mail me, use my PGP Key.
Nah, it was Nixon that made the drug war a big thing. Not that Reagan or Bush did anything to stop it, but neither did Carter or Clinton.
Since im not a good writer I did use the letter created by by bakreule(apocalypse29_99@yahoo.spam.com)and sent out two letters to both my senators here in califorina, Barbra Boxer, and Dianne Feinstein. Please show your support by spending 5 mins creating these letters and mailing them to your sentators. Here are the address for Dianne Feinstein and Barbara Boxer
Wonderful. They finally went and made my *$&@ major illegal. I guess its on history or some such major now. *##&$^ <sigh>
#*$& <sigh>. Either that or they just now have less motivation to bug fix products since mentioning security bugs is illegal. Sometimes I wonder why I wake up.
And you just _know_ that somewhere the RIAA/MPAA people are getting tanked in celebration that this is a *good* thing.
Maybe we should go dump servers into boston harbor or something.
Just out of curiosity, would you consider using a stolen credit card number to make purchases "stealing from a bank"? I would... Although I admit that the card holder is often the one held responsible so the bank can cover its ass.
FYI - At least in the US, you can't be held liable beyond the first $50.00 if someone gets ahold of your credit card and charges up a bunch of stuff. Your credit card company will try to make you feel like it's all your fault and you better pay, but this is intimidation that has no strength you don't give it.
-The Reverend (I am not a Nazi nor a Troll)
-The Reverend (I am not a Nazi nor a Troll)
=(.\')=
While I admit I haven't read anything on this piece of legislation other then the link MSNBC story I am a bit curious as to what this means for Open Source Development Projects?
A key component to most OS Projects (like Mozilla), as I see it, is that any developer can contribute to the project via tackling an outstanding bug. This bug could be as benign as a HTML table background color not showing, put also can be major vulnerabilities found in the system.
So can, theoretically, something like bugzilla.mozilla.org be illegal as a result of aiding and abetting, or is the treaty limited to strictly 3rd party sources of information?
[place
>> I have gone and done something about it. I wrote a letter and sent it to both my Senators.
>> You can as well. I've put the letter up for download here.
>> Sorry about it being a word doc, but I wrote it at work and our network admin is a M$ nut.
So do a File, Save As, HTML.
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
"witch hunt" ? Good, say it again, cause its a perfect word for explaining to a non-techie what this is all about.
You are the same decaying organic matter as the rest of us.
For the sake of example, imagine an automobile which, when struck in just such a way, explodes. Now suppose that it's illegal for any consumer watchdog groups to say, "These cars will explode if such-and-such happens." You are correct in asserting that sales of these cars would probably eventually slow down or even stop. However, almost certainly there would be some lives lost in the process.
Suppose now that it becomes illegal to publish exploits. You have an analogous situation where consumers stand to be damaged, perhaps not in a physical manner, but in terms of money, time, reputation, etc.
I hope this analogy is clear. I'm hopped up on cough medicine right now.
In the words of Jello Biafra "Grow more pot"
I guess the US is listening....
----------
Vote Jello Biafra for president (yes, he's really in the running)
I think it's a bit beside the point. The emphasis was on the mistaken assumption that exploits could be used for malicious *bodily* harm or death.
While I agree that responsible gun use rarely produces accidental injury, it does not really have anything to do with the fact that comparing exploits to irresponsible gun handling is completely inappropriate.
Unbreakable toys can be used to break other toys.
First, it would have to get passed through Congress, then the signed by the President, and then go through the Court system (because you know the ACLU and EFF would not sit still for this) and then, if every single person in this process was a complete dork, THEN and only then would it come into law.
Don't panic. Write your senator instead.
Do you think the adoption of such treaty will force governments and industry to look seriously to Open Source solutions?
Need you be employed as such, or does taking care of your little network at home count? Sure, they both do...to us. And to them? Sounds like an opening into selective enforcement, which means arbitrary enforcement.
Do they have a point? Yes, they do. Using a tool for illicit acts should be illegal. But they miss a point as well. Merely possessing a tool should not be illegal. It is possible to break and enter with a hammer... but we don't limit hammers to professional carpenters; we have laws against breaking and entering.
I don't subscribe to RMS's GNUtopian vision.
No it was Thomas Jefferson.
You are wrong, sorry.
Will
Ony in the movies or here on /. does shooting the gun out of the hand work.
If it was said on slashdot, it MUST be true!
If you actually read the treaty it is clear that:
Sounds to me as though they would just like to limit dissemblers to legitimate use. As much as I don't like my "tools" being labeled as "weapons of mass destruction", I don't see any problem with us programmers keeping them low profile. I don't think that it would be very easy to regulate reverse engineering tools, since most of the people that use them are savvy enough to aquire them. I am guessing that this legislation is aimed at web sites that provide scripts, and "one click" solutions, the problem is that an overzealous enforcement could turn legitimate programmers into rum runners.
Thank you for proving my point.
Ronald Reagon was shot in 1982(?), and it didn't kill him.
Granted he didn't die, but he came very close (this fact wasn't released I think until last year) If it had been Joe Normal walking down the street and had gotten shot, He would have died. Reagan had been fortunate that as President he had the perks of bodyguards (which minimized the amount of shots fired into him) and a car that whisked to the hospital that broke every traffic law in the book doing it.
After saying that mind you I doubt Joe Normal would get shot just to impress Jodie Foster.
IANAL but I heard that in Canada you can carry any size of blade, since there are some religious groups where it is considered normal. (Not sure which ones).
I may be wrong though
Each party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally the serious hindering without right of the functioning of a computer system by inputting, [transmitting,] damaging, deleting, deteriorating, altering, or suppressing computer data. (Emphasis added).
Now IANAL, but that last bit about suppressing computer data where such suppression would hinder the proper operation of the system would seem to make full disclosure almost a requirement. Since in the U.S., corporate entities are more or less treated like an individual under the law, a large company which produces software, yet does not allow the publishing of its vulnerabilities (which seriously hinder its operation, IMHO) should be culpable under any law resulting from the ratification of this treaty.
While that in itself is a Good Thing, the fact that it appears in this treaty which would make the tools that would enable such discovery and disclosure illegal, it must be concluded that no sane person would ratify a treaty with such obvious internal inconsistencies.
Sadly, sanity is not a prerequisite for government position... (one may argue it is a hindrance to getting such a position)
--Ford Prefect
Not from a film, though but from a short story. It ended with a note to the parents "Your daughter exeeded the maximum intelligence allowed. How would you like the funeral?"
It was rather creepy indeed.
All opinions are my own - until criticized
Guns don't kill people. Bullets don't kill people. It's that pesky transfer of kinetic energy that kills people.
In July O7, I got a mac pro. There's no punchline. Just endless joy and wonder.
So, why stay in the good 'ol US of A? There are a growing number of reasons for sites to be set up outside of the US, and the government keep providing more.
The power of the Internet is that I can set my site up almost anywhere in the world and it makes no difference, either to me, nor to my users.
.sig available on 'Need To Know' basis only!
*Cue Sesame Street Music* One of these things is not like the other...
It all goes back to the same argument people have been using for guns. "If you take hacking away from people, then only bad people will know how to hack". This is just more red tape and another way for the government to "license" our freedom. I would guess that the Governments response to "how can I if I'm not a net admin" in which the answer would be "we can SELL you a 'registered' "license" so we can track what you are hacking and for what purposes. Has anyone else noticed that anytime the government doesn't have a clue on how to handle a situation they make a bunch of confusing laws around it (which discourages others from trying to forge through the government red-tape), then require you to register in some government database and obtain a license for it? It's a trend worth tracking.
SL33ZE - Artificial Intelligence is No Match For Natural Stupidity -
For all the times that we sit back and complain about something the government is doing, we could get off of our butts and take control of this. This is OUR government, and although I know there are things that will never change, one thing is for certain -- If even a small minority of people complain and cause enough of a problem come election time, we will be catered to. We as Americans (and I could care less about your prefix to "American") need to stand up and say enough is enough. The government only has the power they are afforded by the people. Get off your arse and complain -- at a local level is my suggestion. Work your way up from there.
SL33ZE - Artificial Intelligence is No Match For Natural Stupidity -
So would stress testing and QA be declared illegal as it would point out flaws in an application that could be used in a way unintended by the author?
SL33ZE - Artificial Intelligence is No Match For Natural Stupidity -
Dallas
Of course, the issue is the tools, and the likening of the gun to the ethernet probe software. But there is an new aspect that is being ignored in my view. The people and corporations writing the software that has a security hole. There's now no responsibility on them to fix it!
Take a look across the venerated BugTraq lists, and see how long some exploits were known to vendors, and how those vendors did precisely nothing to fix them until a wide-spread exploit was distributed on the net.
The real downside in my mind, as I firmly believe that the treaty will exempt the security professionals, is that there is now no way to bring extreme pressure on the vendors to fix these defects, as the act of doing so is illegal. There needs to be a level of responsibility and intent, at least for commercially sold and supported software, to make a best-effort to fix security holes within a prescribed time frame or via a prescribed process when an exempted security expert provides evidence to them directly, not publicly,of an existing security hole.
There should also be, to my mind, an exemption of liability on this part for free software. Not free cracking or cracking-assisting tools perhaps, but free servers and services. Apache for example, can't really be held liable as the software is provided as-is at no charge, and relies on things like security fixes to survive at all.
It's a very slippery issue, but I find it amusing that the producers are always assumed to be acting in everyone's best interest.
2 cents + tax, driver does not carry change hockleyd@DONTSPAMhome.com
Instead, another hacker suggested, the "cybercrime outbreak" is nothing more than noisy teen-agers committing high-profile, low-impact Web site hacks. But those crimes are being used as rationale by governments and law enforcement agencies to pass highly restrictive laws.
"There is a certain hysteria about cybercrime," the hacker said. "But I don't think anyone has stolen money from a bank using the Internet yet."
To me, this is the heart of the problem. We have stupid script kiddies defacing web pages and the media calling that "hacking". So the gov't uses that as an excuse to introduce a police state on the net. It's only a matter of time before the Internet is clamped down so thoroughly we won't even recognize it. Anyone ever read Tad Williams Otherland? In that story there's something called "Treehouse" that is the last refuge for hackers, an idependent, rogue netowrk that the corporations can't control. I think it's time we start planning for something like that...
BTW, is there any place that has legitimate numbers on the amount of money lost to "hackers"? It seems to me that marketing people pull stuff out of their ass just to sell a security product. And how much money could Ford lose when their front page is defaced for a few hours?? Have any banks been broken into using the internet??
--------
-------
"Every artist is a cannibal, every poet is a thief."
That's it! That's the precision term I've been looking for all these years! Correcting the misuse of the term "hacker" and "cracker" is a lost cause. But "witch", there's little doubt of the definition when used in context. Someone who has never laid eyes on a computer can call me a witch and I can proudly exclaim. "Why yes! I am a witch! Give me access to a computer! Watch as I preform magic that you cannot, and wield powers you don't understand! Maw-ha-haaa!" . From this day forth, let it be known; I am a computer witch.
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of s***ch, or of the press; or the right of the people ***ceably to ***emble, and to pe***ion the Government for a redress of grievances.
They are supressing a way of life. /me internally wants to "look beyond" what BS I usually get as a consumer or end user. True, I may implement malicious Hactivism, but as a human I should have the right to arm bears...
By the way, anyone see the flash movie on the MSNBC site? R0FL
http://siokaos.org/
And I'm sure that allowing people to carry handguns in DC will help change the situation. BTW, you probably didn't intend it as such, but talking about an "unarmed crowd in a church" is really funny. It's scary to think what kind of churches you've been to if you need to specify such things!
computers have evolved more as an industry in the last fifty years than any other industry has ever in the history of the world. it has done so for the most part because those responsible were left alone. we managed our own solutions to our own problems. those that have only a rudmentary knowledge of our abilities hould not be allowed to legislate to us. if the government intends to legislate our basic methods away, the methods by which we have thrived and brought forth the greatest economic boom in the history of the world than they should at the very least be able to understand the difference between hacker and cracker. they should all be required to pass a test of knowledge of computers. i would expect that they should all have a copy of the jargon file at hand just like they do those contitutions they ignore. this is simple. legislation without representation. Jefferson had said that he hoped the citizenry would be educated well in their nations laws and lawmaking processes. well, this particular contigent of society that has been under heavy attack of late (re: turning hearts black, etc..) is educated. we should demand that our legislators be the same and if they should continue with these inane laws that only handicap us (we who give them their great economy) then we should simply ignore them and practice as Thoreau and King and Ghandi did through civil disobedience. perhaps they will eventually realize that their way is the wrong one.
-
At first I was smiling, because I thought it was just some crazy american law, but now it seems that the european union is going to follow the same route.
The governments just stick their heads in the sand. If net-security is such a big issue for them, they should be focussing on the problems: the buggy software, that is allowing all of this.
I didn't ask for a buggy os, therefore I'm using linux to keep security in my own hands, and it shouldn't be the government holding a hand above companies that produce buggy products. I'm sorry for the users of those programs, but they need to switch to a more secure environment if they are constantly being cracked and not lobbying for laws that disallow people to enter their open systems.
I'm going to set up a cron job to backup all the info of the better security sites. When this thing will really get illegal both in the us and europe, I will get my site up ( scriptkiddies.com, already registered it) and have it hosted from Russia and I'm not going to whine about it if it will get cracked.
A Pennsylvania resident cracked part of the billing system for the New York/New Jersey electronic token-based toll collection system, getting access to trip and billing information (but not, they assure us, credit card info). No prosecution is contemplated because "he did us a favor" by pointing out how lame the security was.
"Ain't no right way to do a wrong thing."
Mmmm... wasn't that European kid accused of writing DeCSS arrested? Convicted, no, but please do not assume that where the Internet is involved, that non-Americans are somehow "safe" from stupid American laws.
(and even with DMCA, it is only supported by one state IIRC?)
I believe you're thinking of the UCITA, something very different, but more odious.
but America does seem to be the only country which thinks that its laws apply to every country on the planet.
France and its anti-nazi memorabilia laws attacking Yahoo comes to mind. ;)
America probably wouldn't consider it since the pronunciation of that German name in the US would sound a little too much like "Handwork Scammer," which is probably a little too close to the truth. :)
Those Germans are a kooky bunch.
--Fesh
"Citizens have rights. Consumers only have wallets." - gilroy
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
Contradicts EU law where dissasembly and patching for legitimate purposes is legal. This is intended to protect the EU against US software companies holding them to ransom by not allowing interoperation of different software packages. Get your copy of IDA Pro - www.datarescue.com before it is ruled illegal.
Ok, this tears it. It's time to take action. Everybody on here write your congressman TODAY. Even better, go to www.whitehouse.gov and email the President today and tell him , politely, how this will make things MUCH, MUCH WORSE. I'm a sysadmin, and I would be comletely lost without BugTraq. Make sure the government knows how much it would hurt us.
If someone started this bill, I can't trust that same demographic of people to stop that bill for all of its oversimplifications and shallow thought processes.
...By eliminating white/grey/black hat hackers' ability to try to break down software, we also eliminate any legal way for the user community to police the manufacturer of that software.
Perhaps someday all the hackers will be sentenced to death and then we'll just have to worry about the company who wrote your financial package leaving a backdoor into your bank account for themselves.
that's all well and good, but the porblem is (and this is the point that i hope you were trying to make) for some people, $250, $2500, even $250,000 isn't compensation for data they wanted secret becoming UN-secret.
now then, if only the criminally-oriented have access or bother to fiddle with decryption, system cracking tools, and the like, what in the name of all that is binary makes you think ANY machine could POSSIBLY be secure from them?
(read: their level of hack/crack/decrypt tech progresses, while ours does not, therefore our level of secure/crypt tech does -not- progess. we get our asses handed to us, sushi-style)
semantics are everything!
is everybody forgetting about ethics?
Should I be arrested for having a car when that car "could" under certain conditions be a murder weapon ? What about the jack-knife I carry in my pocket, is that an illegal concealed weapon ?
Things like exploit lists are the only way to get some closed source companies to FIX the problems. They have to get enough bad press to hurt their image before they will actually get off their collective asses and fix the problem.
Anothing thing you fail to think about, most open source system/program exploits usually have a fix/workaround in HOURS, not days, weeks or months like the closed source companies (Or never, like an exploit in M$ SQL server)...
UPS Sucks
Freedom of the press is required because no Government is perfect and only an outside agency has an interest in exposing the imperfections. No computer system is perfect either. The widespread publication of computer security faults, with proof, which often means a program, is the only way to ensure that faults are fixed. This will not be allowed under Article 6 of this treaty.
What we need is for more people to know about the issues involved here. It's fine to keep discussing things like this, or DeCSS, or the DMCA here on slashdot, but everyone on slashdot already knows about it. Everyone on slashdot is also a fairly small minority. Tech people in general are still really a fairly small minority. When I mention the DMCA to my non-technical friends, they don't have a clue what I'm talking about. On the other hand, most people I talk to know about the CDA. The CDA also isn't around anymore. I think that's it's time to start a campaign similiar to the blue ribbon campaign that I'm sure everyone here is familiar with. We need a distinctive logo and a web page for it to link to. I'm not sure, but there may already be a suitable web page out there that discusses the issues in a straightforward manner. I would do this myself, but I unfortunately don't have the time. Therefore, I am tossing it out into the slashdot community. Let's get a logo out there that people see on every other web page they visit. Then maybe the powers that be will start taking notice.
"If English was good enough for Jesus, it's good enough for everyone else."
Alcohol is legal. We (the USA) learned that lesson the hard way in the 1920s, with prohibition. Modern prohibition (esp. of weed) is just as damaging as alcohol prohibition was.
Drunk Driving rates are going down. The campaign to reduce the number of people who drink and drive is working... because the public recognizes the truth that drunk driving endangers others. Impairment of one's driving ability while stoned ought to be measured against impairment from alcohol, and legislated as equivalent.
Version 22 rev 2 from 2 October 2000 is now online in HTML format at: http://conventions.coe.int/treaty/EN/projets/cyber crime22.htm
This version applies the "intent" language to both 1) and 2), as you suggested, and thus appears to addresse the 11 (b) issue also of contributing to open source software. Section 11 has also changed.
There still may be lots of problems here, but I agree with those that urge us to get involved. It has clearly finally had at least some impact.
--Neal
--Neal
Go IETF!
Did you even read the article? It clearly states the kind of hacking that they're talking about is for exposing security holes, not for illegal cracking into people's computers. Next time why don't you try reading the article before shooting your mouth off, eh? Rufo
My English teacher once told me that two positives don't make a negative. Two words for her: Yeah, right.
Dude, a toothpick used in the right way could cause death, that doesn't mean we're going to outlaw them.
My other
"So how long you in for?"
"Life, exploded some guys head like a melon with a trusty double barrle shot gun. How long you in for?"
"60 years, I changed slashdot's main page to 'you are 0wnZ3d f00l ph3ar me f0r 1 am 31337'. If I didn't have the 'SlashDot hAx0r pack version 5.1', I couldn't of 0wnz3d them f00lz"
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Maybe the phone companies should keep "extensive logs" of ALL phone calls. Maybe the post office should keep "extensive logs" of ALL packages and letters. Maybe humans in general should keep "extensive logs" of ALL face-to-face communications they have thoughout the day.
I truthly think that carrier pigeon owners should keep "extensive logs" of ALL messages they pass though pigeon carrier communication.
Oh and DON'T get me started on requiring the "shoe shine boy" to keep "extensive logs" on all communications he has when shiny shoes!!!
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Let start a pentition or something. Mass-activism as my Political Sceince teacher called it.
I think he said that (Mass activism) is the only way the masses (ie. us) can communicate with the elites (ie. the goverment).
IIRC he said it worked pretty well, or everyone dies in a bloody gun fight, or just disappears. I forget. Anyone up for it? We got about a month.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Sure, but your examples: IE and Netscape, and for the "User" market. If your Win98 box crashes at home when you are viewing porn cause a bug or security hole in Netscape, reboot the box and everything is cool.
Say your "good enough" software that runs a temperature alarm for a nucealer faclity goes down cause of a simple exploit. Say your bosses six firgure investment on a web page goes down cause the "good enough" software running on the server gets exploited...
Sure I trust IE and Netscape to view slashdot... but I won't trust either one of them (or same quality software) to run anything critical.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
If in prison, you can still gain access to technology through means that most guards would never be able to detect. Hell, I bet minimum and medium security prisons allow you to play with radios and calculators...
:)
Now, can you imagine Linus being sent to prison for "hacking" and then programming a new linux kernel for TI graphing calculators.
I bet he could do it
Ever need an online dictionary?
One day, I am betting that there will be a geek rebellion in the world. Us computer geeks run more than 90% of the commerce in the United States in some way or another.
If all geeks took just ONE holiday, the nation would be in chaos. Those sheep need nerds... without nerds, they wouldn't be able to access their favorite porn site or download a 50 meg sex video.
Seriously, if politics continue on the path they are on, we may just have a geek rebellion on our hands. Can you imagine an army of geeks that all "love Big Brother" and memorize lines from 1984?
War is peace
Freedom is Slavery
Ignorance is Strenth
Don't forget the most important:
Geeks are gods
Ever need an online dictionary?
Reg, for God's sake, it's perfectly simple.
All you've got to do is to go out of that door now, and try to stop the Romans' nailing him up!
It's happening, Reg!
Something's actually happening, Reg!
Can't you understand?! Ohhh!
--
"There's so much I don't know about astrophysics. I wish I'd read that book by the wheelchair guy"
-- H. Simpson
1.5% of Australia's GDP goes to weed, from a recent study I read about in Reuters. Over twice as much as they spend on wine, and almost as much as they spend on beer. It was over 300$ per person. They're considering legalizing it just for the tax revenue.
- Rei
He's just being nice so my real father won't freeze him in carbonite and sell him for spice.
"A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among themselves, as they have lately done. If a lock -- let it have been made in whatever country, or by whatever maker -- is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of *honest* persons to know this fact, because the *dishonest* are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged, that an acquaintance with real facts will, in the end, be better for all parties."
-- Charles Tomlinson's Rudimentary Treatise on the Construction of Locks, published around 1850
He's just being nice so my real father won't freeze him in carbonite and sell him for spice.
bDude, study the semantics of what you are saying. It won't supercede the first or any other ammendment. Like you said anything in the Constitution or laws of any State to the contrary notwithstanding. meaning that since there is contrary regulations in the constitution that portion of the treaty is null and void in the US. Treaties are no different than any other law as far as the courts are concerned. Besides which, I don't think there was anywere in the article that said the US was considering signing the treaty.
That which is done from love exists beyond good and evil
Are you being sarcastic???
God, if you want to kill someone who is in hospital, walk into their room and smother them with a pillow.
It doesn't take a programmer more than a couple minutes to write a port scanner. We'd better require them to be listed on an international registry. They're to be branded with their ID# in binary (or Hex) and wear pocket protectors at all times.
-Sir.Cracked
Where are we going, and why am I in this handbasket?
No it doesn't, because saying you can't walk around with a loaded gun does not imply that nobody will walk around with a loaded gun.
yo mama!!!! :)
Amsterdam?
What are they on drugs???
Do they have a crack epidemic there?
The people on this committee seem to be on the pipe... crack pipe, hash pipe, etc.....
[Connection closed by foreign host]
check it out....i submitted this article!
Which is why every week, we hear of yet another incident of gun-related madness in English churches. Just last Sunday, as was reported all around the world, gun-toting robbers broke into six churches, shot no fewer than three thousand congregants, and stole more than eighty million quid. The UK--a country where you'll *never* feel safe from gun-wielding maniacs in a church.
I hate to have to say this, but seeing as it's Slashdot, I must: that was sarcasm. I haven't seen the official statistics, but I'd be willing to bet that no-one got shot in a British church in the last year.
I don't know about any of you out there, but THIS scares the CRAP out of me. I heard it said before that there are two kinds of people that use Bugtraq: those that just READ it (to get 'sploits) and those that POST to it (to reveal 'sploits and how they can be fixed).
I mean, let's say that I am a network admin and I am setting up a Whistler Advanced Server box. Without the check that is Bugtraq, do you think that Microsoft would EVER release a patch for a security vulnerability?? If you answer this 'yes' there is a bridge I want to sell you in San Francisco. Chances are this Whistler box will be rooted every which way before I could even throw a firewall up.
I hope that the United States realizes what a valuable service "hackers" provide to the country. Without Bugtraq, there would be thousands of network admins that would be bald from pulling their hair out trying to secure their boxes.
Of course, without Bugtraq, who in their right mind would ever use Windows NT?
-inq
I am a professional software writer. Like many of us. I have not been trained to see every security aspect of things. Most I know of on the subject come from public resources, like bugtraq, or hack recipies.
I now think twice when writing code. I tend to avoid buffer overflows, because I understand how most attacks are done. I see much code that lack very basic principle.
If *talking* about exploits is illegal, then how can you expect average programmers to be trained to write half secure code ?
Cheers,
--fred
1 reply beneath your current threshold.
But the supreme court can and will strike down one that violates our rights under the constitution.
A society that will trade a little liberty for a little order will lose both and deserve neither. - Thomas Jefferson
That's the odd thing; same things with guns: murder is illegal, but they need to make guns illegal so it's technically not even possible...
A society that will trade a little liberty for a little order will lose both and deserve neither. - Thomas Jefferson
The only effect increased gun ownership has on crime is to reduce it. Crime is caused by societal factors, such as the tendency of a population to crime and the available wealth. It isn't really related to the tools available to commit crime or defend against it.
Case in point: Switzerland has both lower crime than Germany and much looser gun laws than the US.
The Nazis were fascist. The reason they didn't want to have guns was because most of the guns the populist owned were pointed at the government. Nazi Germany was incredibly crime riddled, starting with Hitler. Homicide was commonplace. The lack of guns had nothing at all to do with it.
In the same way, availability of scripts won't in any way alter the basic structure of the hacker mentality. It may actually increase the feeling of danger and thus the pleasure derived by a hacker. Totalitarian regimes and overzealous lawmakers run afoul of the same problem: the bulk of humans neither know nor care much about the law. They just do whatever they want, and if the bulk of the laws do not impinge on them, then they are fine. Laws do not now nor have they ever significantly changed behaviour. Here in the States, a decade or so of 55 MPH speed limits resulted only in more people running traffic lights. In most states, when the speed limits were raised, the average speed on the roads went down, much to the dismay of those who think that laws control people. Laws are used to identify people who are a threat to something and provide a standardized way to get them out of our hair. I don't know if hacker laws are already adequate or not, but outlawing possession has never been successful in lowering illegal acts.
Vote Harry Browne and we won't have these problems.
A society that will trade a little liberty for a little order will lose both and deserve neither. - Thomas Jefferson
Is it possible Jefferson had the same thought as Franklin? Geez. I get about three of these a week. No, I'm not absolutely certain Jefferson said it, but I've got it on good authority that he did and the fact that Franklin said a similar thing doesn't mean Jefferson didn't say it.
A society that will trade a little liberty for a little order will lose both and deserve neither. - Thomas Jefferson
Fine, you worried about dealing with people with swords in church, then bring your own sword.
Its damn hard to get a gun here in Canada, and we're all quite happy to keep it that way.
i just read through about 1/3 of this treaty. it is really hard to belive that some one is planning on outlawing hammers and nails to build a fence around my house. i build a lot of firewalls for friend and companies, i read bug traq a lot and to take that away from me i can't do my job properly. it takes the people who work on better security and tell them "you guys aren't good enough let the politicians handle it". by the interperation i recieved from this and other related articles i believe that the constitution should just be rewritten and begin like this:
We the people of the Corporations of the United States, in order to form a more perfect coporate union, establish justice, insure coporate tranquility, provide for the coporate defense, promote the general welfare, and secure the monopolistic blessings of liberty to the coporations, do ordain and establish this Constitution for the United States of America.
basically the way i feel is that they are saying "fuck the people, they are just ants anyway".
AK
One thing I've noticed in reading through the draft is that every phrase is carefully worded to include only the intent to perform a criminal act.
With that being the case, would it not be upheld exactly the way it reads? For it sounds to me like the writing of DeCSS would be perfectly fine according to this document. Am I missing something?
Also, even when there is an intent to perform a crime, isn't that a bit hard to prove? Is there a way to not persecute those with good intentions while still persecuting those with criminal intentions?
I don't see how.
Source code is a lot like a parachute; it needs to be open in order to function properly.
That's the problem, though. We need to do this and we need to do that, but, when it comes right down to it, how many of us actually get off our fucking asses and do anything? How many people who constantly whine and bitch as their freedoms are slowly usurped from them also support the EFF through donations? How many write (not email, WRITE) their congressman every time a boneheaded bill is introduced? Judging by the outcome of trials and the passage of various and sundry laws in the past few years, I'm willing to bet the number is pretty damned low.
Even worse are the people that whine and bitch about whining and bitching, but never do anything about it.
Messages like
U have b33n HAXX0r3d by a 1337 haxx0r!Would significantly decrease, as the perpetrators of such hackneyed english started disappearing.
In a related story, spam was declared illegal in an ammendment to the draft convention.
Give Pisa chants.
There are 10 types of people in the world. Those who know binary, and those who do not.
Imagine what Northern Ireland would have been like if every Catholic who was pissed off with the Protestants and vice versa had a gun. A lot more people in Northern Ireland supported terrorism than actually carried it out.
So could most peoples hands
Very interesting that both the black and white hats in MSNBC's little interactive example both use Linux... The "honeypot," attacked by the "hax0r," is running Red Hat, which has an exploit. Now, if he was using good old Windows, none of this would have happened.
Of course, if he was using Windows, he wouldn't be able to keep his server up enough for anyone to break into it...
Do you have any idea how many people think they can drive drunk or while on drugs and not fuck up any easier? If people would agree to get stoned at their friends house, with their friends, and then spend the night there or until the effects wore off, I would be OK with what you want. But people DO NOT and WILL NOT.
Perhaps a better solution is to legalize many drugs, and spend those hundreds of billions of dollars on more cops with radar, officers on the beat, and planes watching overhead. Just think of how much burglary, rape, murder, public drunkeness, just about every crime, will go down!
So how do you define "who" is a hacker, do you go and start arresting every curious Highschool student? And is that the thanks geeks get for making this world what it is??? If not for people like hackers all these corperations would still be using Typewriters. Even the Economy has Benefited. I am sorry feel they are burnining their own bridges...
If we refuse to be flexible, we are in effect opting out of the game of life. The world moves on without us.
Because a treaty it ratifiyed by Congress it becomes law. There is no difference between legislation and a treaty once it has been through congress. CP
A car is made to get people and goods from point A to point B, and usually manages not to kill them at point C between A and B. A gun is made to move a bullet from point A to B, and kill whatever happens to be at B. (Your point about surviving a bullet means nothing. The gun is supposed to kill things, and shooting but not killing someone is still not good).
Maybe gun owners are largely responsible. Still, you don't want to piss one off, because they when they flip out, they can really flip out.
Anyway, you can't compare gun control to hacking control, or anything else, because a gun is a weapon, designed to hurt something, and other things cause damages as a side effect. (Sorry, guns do not have a side effect of reducing crime, nor of holding back government oversteps)
Freedom's just another word for nothing left to lose
Here's a fix. Apply it. Trust us. We can't tell you what it fixes because then we might be aiding and abbetting a hacker.
This article scares the hell out of me.
However, Things would not be as easy, and some things would be lost. The internet has inspired many newer people to get interested in computers. This can be good (they decide they like what they see, and try to make it better.) or bad. (They don't understand or don't like it and try to destroy it.)
Can we stop it? No. Should we stop it? No. Should we try to make it better? Yes. If it turns out badly, should we quit? No. Educate yourself, I personally want to read the bill, not an interpretation, because it may not or it may do something I like/dislike. For example, according to the US constitution, do they have to be 18 years old? No. (read it, it only says they should not be abridged for 18+ year olds)
btw: Netrek, a very good 16 player space combat game, has a good website at www.netrek.org
Straight from the mouth of someone who doesn't know anything about the environmental forces at work in inner cities. Pipe down until you experience state sanctioned opression firsthand. We'll see what PHILOSOPHIES you adopt.
If you still feel self-righteous, consider the publicly disclosed racial profiling habits of American law enforcement. Maybe more minorities are arrested and jailed because they are stopped/questioned/harassed far more frequently by the police. It's hard for a member of the racial majority to be jailed if he/she never interacts with the arresting authorities.
I am working through setting up a PIX firewall. Does this mean that Cisco homepage is illegal......
How about talking on the phone to our vendor.
Yes I can not spell...Wait....for a second there I almost cared.
I once saw a short film set in a not so distant future (many years ago it was generally assumed that we whould all have jet packs nowdays!). The story goes somewhat like this: there's a little girl who's about to have an important school exam. Her parents are very worried, you whould say rather scared. The girl wants to pass the exam to receive this wonderful piece of electronic equipment (an old-fashioned TV...) so she's quite anxious too. Next scene shows the two parents crying desperately before the girl's dead body wrapped up in plastic... she was too intelligent and for the communitiy's benefit her life had been suppressed. Scary huh, does it sound familiar?
What was the name of this series? It was about spooky & weird sci-fi stories and as a kid I was hooked. I can't remember now, please help me!
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
----
I've found that many of the better "engineers" don't hold such degrees. In fact, competence seems to be inversely proprortional to one's academic education.
Why should someone that had the luxury of higher education be granted more rights under the law than one educated by working or by hobby?
This leads to the constant debate on certification or even licensing for so-called "engineers". I think that's another path we don't really need to go down.
As for your comment on MCSE's, CNE's and so forth, which is worse? A PHD or MCSE? I find striking similarities in most.
Society should penalize the individuals that commit the crimes, not the people that study it.
Tests prove you're a student or that you're good at taking tests.
Don't get me wrong, I'm not against college at all. I've been working in the industry for nearly ten years now, I still take college classes to this day and I get alot out of them.
I just don't believe one's degree is a good way to judge their abilities.
It's too easy to pass a course and not understand the material. We all do it. Take cultural classes or history, we pass, but do we get as much out of it as we should? Memorize and forget, there's very little gained that way.
I think alot of students sleep through their whole "education" that way.
Tell me why I shouldn't own a gun.
If you don't have anything nice to say, say it often.
- Ed the Sock
Using that line of reasoning we should also ban archery equipment. What other use does a bow and arrow have then to simply kill?
Nathan
If you don't have anything nice to say, say it often.
- Ed the Sock
Common sense is a highly subjective thing. Interesting if someone believes in what you believe in they've become knowledgable enough about history and society to draw their own conclusions, but if they do not hold your beliefs they're blindly follow propaganda.
Nathan
If you don't have anything nice to say, say it often.
- Ed the Sock
And a pen-knife can kill someone and a sharp #2 pencil can kill someone. Lots of things can kill people. The problem here making "possession" illegal, not an action illegal. A loaded gun doesn't kill unless someone pulls a trigger. A pen knife (and sharp #2 pencil) doesn't kill unless someone stabs someone else. Exploits do no damage unless some one uses them. The action should be the crime, not simply the possession.
Nathan
If you don't have anything nice to say, say it often.
- Ed the Sock
You can't get girls with vi.
Let me repeat that. I don't want to let this guy give any of you the wrong impression.
You can't get girls with vi.
"Beware he who would deny you access to information, for in his heart he deems himself your master."
A lot of good the DMCA will do you after your "sex diary" has been cracked & published. You will still be humilliated, and if it contains anyting implicating you in an illegal/obscene act, the gov't will come after YOU too.
As far as "banning" exploits, there's too much legal precendence to allow this. Sure, drugs are illigal, but you can learn about the growing of weed on the 'net. Or what about bombs? Remember those "forbidden subjects" CD-Roms, and all of the "ancarchy cookbook" volumes? Not to mention all of the web sites inspired by such subject matter.
They may make cracking illigal but they can't prohibit us from discussing computer security or posting exploits.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Does anyone think the phrase "Windows ME" strikingly resembles the phrase "Rape Me"?
No, but Windows CE abbreviated can certainly make you WinCE
Only people that think the test is indicative of "being educated" would post such an insubstantial arguement. You're a perfect case in point jackass. You aparently went to college, yet you know not how to think for yourself. People that think for themselves don't think college is the "final word" on being intelligent. Use the brain that going to college gave you if you think it's that imperative.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
The Council of Europe has promised to provide a list of exceptions to the treaty, and professional network administrators will likely end up exempt. But hackers at the Amersterdam conference were still worried about the plight of the thousands of hobbyists who currently research vulnerabilities in their spare time and in good faith. And software writers -- such as the author of nMap -- would likely be offered no legal protection.
So they'd be offering exceptions to the law based on profession as opposed to, say, an applications by application basis (nMap would be kosher, but Divine Retribution wouldn't be)?. While the proposal on the whole is idiotic and insane, they can't possibly expect to limit people based on what job they currently have.
Why does this remind me of the Dilbert strip where no one is allowed to move their computers themselves because they aren't propperly trained.
Ad in classifieds: Pandora's Box (no box) $5
... or Gore. Both major party candidates will violate the First Amendment 100 times out of 100 if it will mean they can score political points.
Dog is my co-pilot.
As a general rule, Canada uses the US as a testbed for new laws. If they work there, we may adopt it, but if it doesn't, we won't.
For the record, Canada also makes its own laws. We just copy the US when it works.God save our Queen, and Heaven bless The Maple Leaf Forever!
I don't know... I think it's more like fantasy. The wanna-be's read it and go "Oh, cool! Someone like me could make an explosive to level a city block! Now if only I could get a fully-equipped lab, a few chamical licenses, and [300-char chemical name] by the pound! Wait... I can't get ANY of those!"
Personally, I thought the guide I found to making an atomic bomb was pretty funny. I'm sure the author knows this from experience, riiiiight...
I agree to the point anyway: naked system contains enough tools to hack anything (even without DOS debug utility). And REXX or Perl command line is also enough if you really need to hack something. And you can always use gcc to create hacking environment in several hours. It is legal to keep it in mind, isn't it?
---
Every secretary using MSWord wastes enough resources
Knowing there's a security hole is enough for many. So saying "MS Outlook Express has a security bug in date header parsing" to be illegal. Subj!
---
Every secretary using MSWord wastes enough resources
reminds me of that joke:
On a Japanese food processor:
Not to be used for the other purpose.
Soon to be a standard warning on some NuMega products...
HTTP header ad space for rent! Advertise to thousands of server log readers - only $50 a week per header! 1-800-SURFALOT
Ok, i don't agree with this treaty completely, but it is for the protection of developers. Sure, large evil companies will benifit, but so will smaller developers.
They are passing a treaty so that Joe P. Rogramer doesn't have to worry about the guy accross the street cracking his software for any reason.
People are complaining that its a violation of free speech, but what rights do we give the programmers?? Same as people writing books, its illegal to copy someones book, even if you change the words.
I think this all ties in to your right to privacy. Crack in your own home but don't put up links online to help other people do it. You can rewrite the book in your house if your the only one who will read it.
Read a post:
---...quick! Post angrily to Slashdot! (Score:5, Informative)---
Do that, he's got it right.
Also, keep in mind that the other side has rights too, you shouldn't be obsessed over "your rights," and not be conserned about other peoples.
I think a lot of people are just upset because they think this will screw up their changes of getting "KoOl WaReZ".
"Things should be made as simple as possible but not any simpler" -- Albert Einstein
I don't know many MCSEs who understand ports...
Silly slashdot, sigs are for kids!
...has done so many stupid decisions like this one guy who made wooden boats, like his father, and his father etc; had to stop making these wooden boats since the council decided that this type of boat sinks - and therefor it is not safe; without even seeing or testing the boat. just because they could. council is a joke, bunch of people doing decisions on things they don't have a clue.
ound the message used repetitively over and over still nothing grows silen
How 'legal' are the footnotes?
"when committed intentionally and without right:" has a reference to a footnote -
========
9 - Several comments from industry indicated that the so-called "cracking-devices", to which Article 6 applies, may also be used legitimately to test system security. The explanatory report shall clarify that the conduct defined by Article 6, when undertaken with such legitimate purposes, would be considered to be "with right". Furthermore, the burden of proof of the unlawfulness of conduct under Article 6 would lie with the prosecution. In this context, reference should be made to the footnote under Article 2 concerning the meaning of "without right".
=======
The footnote seems to indicate that system testing should come under 'with right' - i.e., prosecution would require proof that the tools were not for legitimate use.
But the text itself doesn't seem to make this clear.
Liquor
Liquor
Sanity is a highly overrated commodity.
They do not have control of things, you guys do. Time to flex some muscle, and demonstrate that might.
Or time to create a parallel net that is beyond their talons. Who is John Galt again?
Give me a break.
Just remember there's M2 - hopefully people use it.
UBU
If such an act is passed, there's only one thing to say about it: it's fscking worthless. Let it be passed in europe, so what? Most of the sites are hosted in the US anyways. Pass it in the US, same thing vice versa. Pass it in both regios, see ya again in Japan (damn slow conns, though), Russia, Malaysia, Australia, ...
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
Isn't there legitament uses for publishing them. Just to be able to secure your computer?
In short, I think we outta be able to play with the products that we BUY and therefore OWN. Also, I outta be able to talk about H4X0R1NG the white house all I want as long as I don't do it! Does that really sound so absurd?
"We must crush in its birth the aristocracy of our moneyed corporations, which dare already to bid defiance to the laws of our country."
--Thomas Jefferson, 1812
So quick with fear you tiny fools!
the end is here!
I definitely come down on the side of "fry the f**ks who crack and steal." I'm even opposed to the hacking where the hacker claims, "I'm just trying to point out flaws," when doing so costs some company lots of money. (We can argue here about the amount it costs to learn this vs. what it would cost to actually be compromised, but that's another discussion.) This, however, is ridiculous. This reminds me of the Pope telling physicists that they should restrict their studies of cosmology to some time after the big-bang, because before that it would be blasphemous. Good luck! I would love to see them track down the thousands of people publishing exploits and prosecute them.
How many people in the US are in prison for drug offenses? A person could argue that there are too many users to make a dent, but there are still millions in prison for non-violent, private "crimes".
The DMCA was bad, and it got passed. Having INTERPOL and the US law enforcement community asking for something like this scares the s___ out of me.
science is a religion
And a sheild. Bring a sheild too.
---
I am the dot in slashdot.org
OK... so you make it closed source, and require a license to work on it. licenses available to anyone who can convince linus they've got a good idea (ie, everyone), and punishment for breaking the license ruling is 6 months hard labour. I think working on the code should be about the right level of difficulty, don't you?
So what would this mean for the good people at Peacefire?
This is an instance of the 'problem' alongwith DMCA, RIAA etc.
Long time back there were computer enthusiasts. They got hold of a generation of digital ICs and created electronics that could be programmed to calculate. From the AT&T labs, where the space game led to development of unix to Apple, where Woz and gang designed computers for the masses. They toyed or 'hacked' around with things since no theory was available to cover what they were doing.
This also happened in USA, where more than often success is defined by the money something makes. It ain't revolutionary if it don't make money.
The FSF was started in revulsion to everything started by the events above stood for. Lot of good things came out of there that stood purely on their merit. Until now.
Andover.net alongwith Slashdot - IPOed. Around this time all of OSS was hailed 'successful'. There are fierce legions, factions, troops defending and satisfying their masochistic needs by configuring Linux, coming out with all bravado and claiming 'victory' for linux, holding 'geek pride' festivals. Many of them do not even understand what's going on. Why OSS and why FSF.
The people who are feeding money into these movements are themselves profit seekers, capitalists and in general people who have vested interests in other establishments. The 'other' establishments fight to keep their profits, cash inflow by making laws, passing myopic judgements. OSS played right into their hands didn't it?
If not, do you think you'd be hanging around Slashdot.org. How many of the commenters here actually not responsding to stimulus but proactively creating software that stands on it's merit, money be damned. Do you think there would be a GHz processor if MS wasn't around with their bloatware? You are in this delicate fabric, nothing comes for free, 'success' or free software. You shall pay for selling out for now your weapons and targets are not within your will.
Kind of reminds me of the presendential race - choose the lesser evil.
Jeez, get over yourself dude! BTW _real_ geekgrrls use the English language. Miche
So what it comes down to is that irresponsible, malicious people can break things and hurt people. How is this anything new? The same person could go out and slash ambulance tires with a sharp kitchen knife, potentially causing great suffering and loss of life, and I doubt that we'd see legislation banning kitchen knives as a result. Much less laws banning discussion of tire-slashing incidents. I think a more practical solution would be to fix the problem.
You think they'll ban debuggers? They can be used for so many nefarious purposes. Of course, some people at my work never use them.
This is all approaching the day when you'll need a government license to program a computer.
If you're a jock, inflict some pain / If you're a nerd then use your brain - DAPHNE AND CELESTE
Cos this isn't going to stop hackers, any more than the copyright laws stop file sharing. It's just going to be an embarrassing waste of time and money.
If you're a jock, inflict some pain / If you're a nerd then use your brain - DAPHNE AND CELESTE
Bimbos use Word.
You hit the nail on the head with this one. I noticed your post was moderated as funny. While I do find this a bit humorous, the overtones of your post might seem logical to our otherwise illogical government. If you give the government and inch, they will take a mile!
However, if we can get the Supremes to acknowledge that code is, in fact, speech, there's hope for everyone. Because if code is speech, then (at least in the U.S.), it can't be suppressed, even if it may be put to harmful use.
"Biped! Good cranial development. Evidently considerable human ancestry."
Furthermore, shouldn't someone also issue a treaty to ban and make illegal badly written software containing eg. buffer overflows as it might aid crackers? I think the legislative branch in the US is so afraid and unknowledgable of technology that they'd rather create laws against it than inform themselves of where the real dangers lie.
Just because they've gone with a definition which is guaranteed to get every frustrated computer user who has ever written a "HELLO WORLD" program out there angry, it doesn't mean that they don't have a point.
If people could forget about being anally-retentive for a while, maybe it would be better to actually look at the treaty itself. Network admins would be exempt from the ban on "hacking tools" (poor choice of words), so they could carry on playing Quake and scratching their armpits without worrying about being arrested. The only people who would then be affected are those using these programs for unethical uses.
The fact that detailed logs will be required from ISPs is also good - it means that tracking down people who do abuse the net will be quicker and more certain.
The truth is that much of this is just extending existing laws into a new domain. There are dubious parts, but the benefits outweigh the costs IMHO...
As if this friggin Maginot line of computer defense wasn't bad enough, in the treaty in Section 2, article 14, paragraph 5 the signatory countries must pass laws to force you to give up your password on any system they want to access for any criminal investigation.
In a civilized world, ordinary people do not run around with guns, on matter how frightened or nuts they are: The army and the Police do, because even in a civilized country it is realised that one has to make a choice between what is destroyed when something must be destroyed (kill in a war, shoot terrorist etc) A gun is made to destroy things. That some immature adults thinks its fun to play with weapons doesn't change the fact that it is designed to destroy, and undelines the fact that such people shouldn't be allowed to use such things, simply because they want to. To say that a loaded gun is less dangerous than a fueled-up car is the kind of fanatical nonsense which not only flies in the face of statistics from other countries, but generally cause saner heads to press for laws to restrict this. I'm surprised the message got moderated up so much, there are many things which are a given for the slashdot populace, but that there was so many gunfreaks here was a surprise to me.
Y'know, by that same logic, nobody (except Ford) would have had any right to track the mildly interesting fact that Ford Pinto's have a tendancy to explode when you rear-end them.
I really hope you, and others, realize that this kind of legislation moves bugs and exploits from "annoying problems that are fixed through software patches" into the realm of "annoying problems that are fixed through consumer liability suits". I, for one, don't like the idea of having to carry a couple hundred million $ worth of liability insurance because I've released something.
I've been approached by a private investigator reciently. Someone on disability appears to be running a buisness from his house, the invistigator wants to know if I can break into his comptuer and collect evidence.
Note that I have not aggreed to the above, and will not until I get more information. However we can all agree that IF fraud is committed the evidence I collect would be honest, but if not I would be stepping over the line.
THIS is Big Brother speaking. This is why we live in a post-Orwell, Kafkaesque world: people are more than willing, with little knowledge or explanation, to spy on, covertly investigate, and violate their neighbors personal space, all in the name of some amorphous Good of which they themselves have yet to question the real value.
This is not heroism, it's not even being a good citizen; it's the Lockstep Dance of the Man. This THOUGHT, the possibility of action on the behalf of heresay, ostensibly in service to the common good, provides perfect evidence as to why these legislations are so successful: people, even some with "moral" qualms, do not question the underlying principles these laws try to cover in shotgun fashion, and simply do as they're told.
This is how corporations ruin the environment; this is how Drug Wars happen. People with good intentions--usually on behalf of the State or the Shareholder--work and interact with others in ways that are at best morally dubious and at worst indefensible.
Real social engineering is what is required for issues like this to change. Unfortunately, as this post graphically shows, many of those "in the know" are ALSO in need of the same paradigm shift required by the Great Unwashed to prevent silliness like this from even being considered.
The bright side is, though, you're prime hiring fodder for the CIA.
"The more corrupt the state, the more numerous the laws."--Tacitus, The Histories
It astounds me to watch on a daily basis the right of free speech being taken away.
The article says EUROPE. You, I presume, are not in Europe* so no-one is taking away YOUR rights.
HH
*I've never heard a european whinge about their right to free speech. Americans do it all the time.
I'd be curious to see if any companies have a hand in this. Have any computer companies made campain contributions to any of the politions involved?
I propose we start calling ourselve something that doesn't have such a negative conotation...maybe junkies, oops, that's taken too. You know what, that's our problem, all the cool names are taken.
Viva la hackers!
dynamo
Just because your boyfriend ditched you, there's no need to get bitchy about Americans.
Or are you having your period?
And I bet when Slashdot runs one of it's "Geeks can't find girls" topics you'll be right up there, complaining about why you can't get a girlfriend.
Here's a clue, most geekgirls can pick up on your misogynistic attitude, and they run away.
Whereas, I love the ladies, and they can tell. I help them geek girls out with their esoteric vi commands, and they pay me back in spades. Cuz I love them.
So why don't you work on changing your attitude, and maybe some geek girl will come along and change your oil.
Oh yeah, you know what I'm talking about.
Moreover, if I am denied the tools to do my job in this country, what should i do? Get a new job, or just move? Jamaica seems like a nice place to go, and probably they're not really into signing treaties that hurt people's civil rights.
And in the long term? I'm not really worried about computer criminals, they're illegal right now and we have them in all countries, so those won't go away. But what about security specialists? Are the only security specialists left around in 2005 going to be from India, where their job is still legal? Or China? Or Russia?
Well, Australia seems like a nice place to go...
free the mallocs!
The point about this being a treaty is critical.
1. It's international.
2. It's a modification to the US Constitution.
Being a strict Constitutionalist, I view all modifications with a skeptical eye. It took too many years and gang wars to get rid of alcohol prohibition.
SO -- READ it. Comment on it to the "appropriate" folks (as mentioned in an earlier post). And, if a US citizen, write a polite, snail-mail letter to both your senators.
READ the US Constitution, the Bill of Rights and the other amendments! http://lcweb2.loc.gov/const/const.html
QUOTE
The member States of the Council of Europe and the other States signatory hereto,
UNQUOTE
Yes, Virginia, the US *could* join the treaty.
And what's wrong with being a strict Constitutionalist? I believe in ALL of the bill of rights. I would hope most of our fellow geeks do, too!
READ the US Constitution, the Bill of Rights and the other amendments! http://lcweb2.loc.gov/const/const.html
The overriding goal of the treaty is to allow for more efficient prosecution of computer crimes occuring across borders - which countries possess but the Internet does not. I believe the overriding goal is a good one for both business and the individual.
Assuming this treaty is poorly worded/misdirected, how do we as individuals protect ourselves from crimes committed by those in other countries?
Let's give realistic alternatives so we don't end up with some over-reaching piece of tripe that is the current proposal.
Your mind looks a little cramped. Why don't you stretch it a little?
The Anarchist's Cookbook is a piece of anti-terrorist propaganda put out by the CIA. The small stuff works ok, but any chemist will tell you... mixing the larger explosives as mentioned in the book will cause you to blow yourself up.
End of lesson. You may press the button.
"Criminalize the production, sale, distribution or otherwise making available of devices or computer programs who's primary use is to access , intercept or interfere with computer systems or communications;" (my emphasis)
Wait a fucking minute here. Illegalize access methods!? Web Browsers, FTP, Telnet.... Any point these gimboids have is located squarely atop their heads.
"Fortuna Imperatrix Mundi"
IANAL, but some of my law-ish friends tell me that there's an old law (still in-force) on the South Carolina books that REQUIRES that all 'Gentlemen' carry swords when in public. Meaning that if I waltz down the street with a Zweihander and I get hauled in, they need to prove that I'm not a gentleman. Hehehe.....
-PARANOIA is fun. D20 is not fun. The Computer says so.
-The Computer
www.ridiculopathy.com
no
It has long been recognized by legal theorists that it is impossible to license work on intellectual property. This is because you cannot stop someone - or anyone for that matter - from thinking. Or reasoning. Or asking qustions. It is simply intrinsic to being human. And there is virtually no other human activity of any significance that is outside the reach of legal control by licensing. And for all recorded history, from the most ancient of biblical times to the present, there has never been a time when someone has not been trying to control the whole of the human race. Or at least as much of it as they were aware of at the time. We who work with intellectual property all day and every day are the last "freemen" on planet earth. The last "cowboys". Or the last group of "loose cannons". You may look at this treaty in any number of ways, as the responses here have shown. To me it is not much more than a first step to regulating those of us who work on intellectual property. They cannot stop us from asking questions or tinkering or "hacking". But if they can control access to the tools we use and the ability to share our answers with each other then a form of licensing suddenly exists. I do not believe this will stop until we are just another trade union or professional association, as it were - licenseable and regulated. (FWIW, everyone here can think of at least one large corporation that would certainly not mind if we could not share our discoveries of THEIR security holes. But I digress.) Like all of you, I have heard the "justifications" they give for what they are trying to do. If they can give no better reasons that those they proffer, then I can only call what they are proposing an ignorant and paranoid overreaction to a misunderstanding of what may actually be a contrived "problem". It is certainly an excessive measure in light of the limited scope of the problem they say they are trying to solve. But what they are proposing makes much more sense if you consider that their first intent is to control. This could easily be seen as another implementation of the oldest trick of tyrants - 1)create a "problem" 2)get people agitated 3)hold out a "solution" that no one would otherwise accept in a million years - a "solution" that invariably results in severe reductions of freedom. Bogy Wan, A firm believer in conspiracy. [Flame shields on]
If you can't teach by example, then you'll have to teach by precept . . . Just don't expect it to work as well.
The Council of Europe has promised to provide a list of exceptions to the treaty...
I'm betting that the list of exceptions is larger than the treaty itself.
Enough is enough... we need another "treaty". The cyber Bill of Rights.
Oh... read this also: http://www.msnbc.com/news/478718.asp/a& gt;.
Defecation occurs.
If a hacking/cracking tool could be considered a weapon, then wouldn't this violate the 2nd amendment, the right to bear arms ?
That was the way it was! And we liked it!!
-"Grumpy Old Man"
Please tell me that not all geeks are blind to common sense Common sense is a highly subjective thing. Interesting if someone believes in what you believe in they've become knowledgable enough about history and society to draw their own conclusions, but if they do not hold your beliefs they're blindly follow propaganda
I don't expect all people to agree with me, and I certainly don't agree with all people out there, but if someone presents a point of view contradictory to my own with the intended goal of trying to persuade me then they better support their point of view.
Saying "Nazis were evil. Nazis advocated gun control. Therefore gun is evil." is highly illogical point of view. Clearly a point of view expressed by someone to ignorant to grasp the greate scope of the picture and realize that although while the Nazi regime was inherently evil, that doesn't transitively imply that everything the Nazis did was evil.
Saying that gun control/registration infringes on your 'god given' rights as an American is not supporting your point of view. Expressing why gun control infringes on your rights, expressing how gun control effects your freedom, is supporting your point of view. I have yet to see any opponent of gun control take that route though.
And why do people feel obliged to include that damn Jefferson quote in their signatures. Here's a new one:
"People who trade a little freedom for a little safety get both and deserve both"
Now, why would Jefferson's quote have more validity than mine?
would they do if 1 million hackers turned themselves in?
It's called the death penalty.
Okay,
hands up who's worried by this.
If you aren't, you should be.
Why?
Essentially it is on the verge of outlawing knowledge IMHO - people talk about having bombmaking knowledge, I am in the third year of an undergrad masters in chemistry and have lots and lots of bombmaking knowledge (including, as I studied electronics, how to make timing circuits, light beams etc). Let's outlaw that while we are at it. Banning knowledge, hmmmm... thast's a great idea and why don't we massacre a few ethnic minorities while we're at it.
Outlawing the software, urrr... so the sysadmins can't use the scanner programs to find open ports anymore to secure their networks but the hackers can and will, because, if they are going to use such a tool to break the law, are they going to give a shit if the tool is itself illegal. Yeah, right! (On a similar note, if I want to rob bank and get away with it, I'm not going to use a legally-held and registered firearm). Also, if _professional_ sysadmins are given dispensation, can I have it too, as I have an always connected ASDL line with a small LAN of PC's in my geek house? I suggest that the answer will be, 'run along sonny'.
But, the liberals will say, surely such software has only one use - hacking(sic.)! It is potentially dangerous!
Horseshit!
These programs will not (probably) install themselves, execute themselves, find some open ports and then drain your bank account. Nope, it takes some small-dicked egomaniac to do that!
Elgon
Need I say more? Do we not already have enough problems caused by radical decisions made by irrational politicians? I will not say more. There is nothing good to say.
I betcha the US State Department partly supports this treaty so Americans can do security auditing that Euros can't. I feel a sort of moral obligation to feel sorry for the admins in the EU after they can't legally write tools or use scanners on their own machines, but it does appear almost like a devious plot to help the growing American security consulting industry export their services. Even the U.S. government can't be so ignorant to believe that nmap, nessus, and other "hacker tools" aren't also tools of the trade.
I remember reading articles here and elsewhere about IBM's team of morale hackers. I suppose if hacking becomes illegal it'll become a little like murder. If you commit a murder for yourself you're a criminal, but if you murder for your country (or government) you're a hero.
-- Hob - Java Spectrum Emulator
This is excellent. I just hope that the Canadian government doesn't allow this shit to happen like it does in the states... it's too bad
I doubt anyone will respond to this, beh. How will this affect laws in Canada?
Just thought I would say, this is a very good point.
There are burglars everywhere and there will always be. Now, by agreeing such a treaty, they would make both black hat and white hat hacking illegal. Research towards a better security for operating systems needs ethical penetration tests (Microsoft has recently asked hackers to break into Windows 2000 for instance). Since you can't prevent burglars to exist, the best you can do is make their life harder by securing systems the best you can.
If you don't get really strong people to test the lock that will secure the house, they will never be enhanced and it will be more accessible to break into it.
And knowing the increasing number of projects going onto the web, I can hardly imagine that security techniques improve slower than crackers' techniques.
Publishing hackers' exploits make a few script kiddies test your resistance (even though most of the time they don't know what to do with it and just update you rhomepage...), ok, but it pushes system administrators to keep up the pace with security patches and make the script kiddies inefficient, and improve the quality of OS's and softwares much faster. Would someone dare saying that open source code has in some way harmed the quality of softwares ?? Well it's just the same here...
Again will such a treaty prevent the NSA to improve its cracking techniques ?
É que os desafinados também têm um coração
yes, I know - I don't mind looking silly =)
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
complexity + ignorance = fear
therefore the most effective way to decrease fear is to? everybody together now...
DECREASE IGNORANCE. NOT RAISE IGNORANCE.
this treaty has a strong resemblance to
"if we make it so that nobody can see the complexity of computers, maybe the complexity will just go away."
since when has knowledge been a bad thing?
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
just one note - I noticed you're using the same quote as me ( or almost the same ) - but It's a Benjamin Franklin quote, not Thomas Jefferson. See: Bartlett's Familiar Quotations - Benjamin Franklin
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
There are millions of good reasons why,
most of them are green with the faces of dead presidents on them. If you need a license that means you need to be educated at an institution approved to do such licensing, which means a nice tidy way to restrict knowledge to those with the $$ to buy it.
does microsoft certification ring any bells here?
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
in a world where everybody's going to have a computer in their own home, everybody needs to have access to these tools to maintain home security. Unless the thought police need secret doors into your personal stuff, then they have a "legitimate" reason to access your machine, and a "legitimate" reason to limit the access to those tools to people who bear their seal of approval.
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
Holy God, I just turned into criminal! - Nohican :wq
Well, I've just waisted 15 minutes of my life trying to find information on TLC's Ultimate Ten Heists documentary, but I just don't care enough to work too hard.
My point, though, is that (assuming I remember correctly) a bank has been robbed over the internet. It was number nine on the ultimate ten heists on that special. Some guy in Germany (i think) stole a very large sum of money from Citibank. I remember this because TLC interviewed my dad for this segment of the show, and he's the main guy who gets to talk about it (I tried to contact him for information, but he's not around right now, and knowing the pace of /. stories, it would be worthless to wait to post). Pretty cool, eh?
If someone else wants to find some info, I'm sure we'd all be pleased.
Rob
(I don't mean to advocate this treaty, just wanted to point out a legitimate purpose here).
Rob
I admit I understand these terms much more poorly than some of the many lawyers who lurk in /., but I believe they are trying to say that intent would have to have an element of recklessness in its defintion.
In my book, one man's recklessness can be another's calculated risk. Seems to leave room for some very open-ended, inconsistent interpretations, and I thought the idea behind the treaty was to have some consistent enforcement and penalties to address cybercrime.
What a guy- Stuart Hyde, chief superintendent of police in West Yorkshire and a British cybercrime expert,
For being so educated he could at least use proper English, AND he's from Great Britain no less.
signal 11 wins CmdrTaco. You have proven yourself to be a worthless piece of shit. I dare you to moderate this, cuntface.
Is what all these moronic politicans deserve.
... "do you need a license to drive your modem on the information superhighway?"
Keep in mind that these are the geniuses who once asked (and I'm not making this up)
Since when have we let the bureaucrats tell us about the ins and outs of our professions? This is akin to deciding that because biochemists could potentially create horrible toxins, that therefore they should all stop biochemical research!
Unfortunately, my estimation of the likelihood that enough politicians will pull their heads out of their collective asses to oppose this isn't very high, especially with the mass public hysteria (even in the U.S.) over technology that they don't understand.
Examples:
People in government believe it is their right and even their duty to protect the citizens they govern. But, when their protection consists of taking away my right to speak and think freely, they are not protecting me, the cure is worse then any disease they could be protecting me from. Restrict the use of cryptography because it might be used by terrorists. But, what if the government being plotted against is repressive and doesn't deserve to remain in power. Enact gun control laws because people get killed with guns. But, you forget that the reason that the constitution gaurantees the right to bear arms is so that the people could protect themselves from oppressive government. I will take my chances with the terrorists and the criminal as I am much more afraid of the government. Just because our government is not an oppressive government does not mean it cannot become one. In fact, the issues we are discussing here disturb me because that is the direction we are heading if we don't change course.
The napster and decss lawsuits are examples of business trying to maintain the profit streams that they now enjoy from the distribution of music and movies. Perfectly understandable. The problem, once again, is that their solution tramples on our rights. Napster represents a new business model for distributing music. The problem with Napster is that it does not provide a mechanism for paying artists. The solution is to build in such mechanism, not to outlaw the competition, as the record companies would do, thus preserving their monopoly. The lawsuit against decss is truly insidious. In order to protect their revenue stream, the movie companies would take away my freedom to understand the world around me. Open up that DVD player I paid good money for and see how it works. Absolutely not! Tell other people how it works, go straight to jail, do not pass go. I can publish information on how to make an atomic bomb, but don't dare talk about the inner workings of a common consumer device. This desire to understand the world around us is hardwired into each and everyone of us. Might as well pass laws forbidding us to breath.
Bottom line, no mass conspiracy against mankind, no sinister motives. Just organizations looking out for their own self interest, just as I am looking out for the self interest of the organization I belong to, that of humanity. As I said in the short form, a matter of control.
Allow me to quote from Article VI of the US Constitution:
"This Constitution, and the laws of the United States which shall be made in pursuance thereof; and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the Constitution or laws of any State to the contrary notwithstanding."
So, if the President were to sign and the Senate to ratify this treaty -- yes, I know it's a European thing right now -- no other action would be required to give it the force of law in the United States.
Be afraid. Be very afraid.
MacOS, Windows, BeOS, GNOME, KDE: they're all just Xerox copies
As I noted earlier, the President must sign and the Senate (NOT "Congress" -- the House of Representatives has no voice on treaty ratification) ratify this treaty before it would have the force of law. However, given the current climate in Washington (and, I might add, recent comments by presidential candidates as well) against networked technologies, I have little doubt that ratification is likely unless people like us make our voices heard in the House and Senate.
MacOS, Windows, BeOS, GNOME, KDE: they're all just Xerox copies
It's possible I've carelessly redefined the modern interpretation of Article VI because IANAL (I am not a lawyer). However, from a Libertarian perspective, the Supreme Court's contemporary authority of Constitutional Review isn't enshrined in the Constitution either. It was established later as a result of... the Supreme Court's decision to give itself that authority.
Since IANAL (I am not a Libertarian), I don't buy that reading of history; but that doesn't change my opinion that the Supreme Court would uphold the constitutionality of the treaty if it were ratified.
MacOS, Windows, BeOS, GNOME, KDE: they're all just Xerox copies
And if these stuuuuuuuuuuuuupid eurocrats don't start to get a clue PDQ, they're gonna all wake up one morning as Newts!
"A microprocessor... is a terrible thing to waste." --
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
would they do if 1 million hackers turned themselves in?
No big deal. The sites will move out of the U.S. Funny that they think they can stop it...
I recently attended the atlanta linux showcase and listened to Marcus Ranum's speach on intrusion detection and his stance towards the "hacker" community and I'd have to agree with his sentiments. I'd wager to guess that 80% of the active "cracker" people are script kiddies who basically find their latest hax0r sk1llz with info they got from the "open disclosure" of a vulnerability. Notify the vendor first. If they dont acknowledge that there is security issue and that their working on it _then_ publicise it. All immediate posting of exploits nonsense leads to millions and millions of script kiddies running around using _no_ thought at all just running the latest greatest exploit which was detailed word for word in it's explanation. It dosent have to be that way and it shouldn't be that way. It's unreasonable not to notify a vendor about a security hole and post it on some webpage instead. Anyhow just my opinion.
Look, this is a capitalist system. If the product doesn't work, people will stop buying it. That's how things get fixed.
-The Reverend (I am not a Nazi nor a Troll)
-The Reverend (I am not a Nazi nor a Troll)
=(.\')=
You'd be allowed to hack your own code, or code of other people, as long as you have their permission, dummy!
-The Reverend (I am not a Nazi nor a Troll)
-The Reverend (I am not a Nazi nor a Troll)
=(.\')=
Just another case of lawmakers not understanding the issues they're trying to regulate. This is crazy--they have no idea what hackers (not crackers) are trying to do, and yet they still feel qualified enough to tell them not to do it???
Who is going to enforce this law? Whoever it is, you can bet we're paying for it. Huh, paying for a service we don't want in the first place...wow, that's something new. Pirated software is illegal, too, but unless you do something really obvious with it, you're never going to get caught.
This sounds an awful lot like a throw-in law to me. You know, the kind where if you're already busted for something, and they happen to find this stuff around, it's just one more charge to add against you, but not enough to prosecute on its own
============================================
You rush a Miracle Man, you get rotten miracles - Miracle Max, TPB
Can't you get a little original....that be afraid thing is straight out of itvf1. Idiot.
I think you just totally confused your congressman. Remember your congressman is probably in his 60's and thinks that the internet is contained in his web browser. The reason legislation like this is even brought up in this country is because the internet-decision makers are technically illiterate.
I lost my
The Senate has to ratify any treaties before they mean jack in the U.S., so we can use the usual democratic process to influence our senators. I imagine each European country has its own procedures and laws for making treaties the equivalent of local law--or stopping them from taking effect. You who live there, do what you can.
In any case, if the U.S. does not sign or ratify this hypothetical treaty, it won't have much force even in tne rest of the world--unless Europe is going to start real-time censorship of network packets from overseas...
---dragoness
Even if this treaty is signed and ratified, it would open up a new pandora's box of problems for those trying to stifle online rights. I would suggest that any new hacking software would simply be distributed through freenet or mojonation. This treaty would completely backfire on the authorities. I think it's similar to what happened with napster (and no, this is not off-topic). When they threatened to shut down napster, people innovated and switched over to gnutella, over which the government has no control. In short, when a government or government tries to stifle the internet community, it adapts to survive. Kind of like a stubborn virus. The EU is making a huge mistake if it thinks this treaty will have much of an effect on anything.
Couldn't they just move the server offshore to some other country, on that doesn't have any of these laws?
I guess that's a question of how far they will take the laws.
If they outlaw sites with content like BugTraq, then you might be right. Host the site in Malaysia [or *Seeland*] and your off, free.
But, the article also talke about 'Aiding and Abetting' and about that mere posession of the *tools* would be a crime. In a legal sense, by you visiting a site like BugTraq, your ISP's proxy sevrer and your own cache would automatically contain 'illegal material' and hencve you would have committed a felony...
That's the way DA's like to interpret laws...
Any comments?
This has been under discussion among some 2,000 net/web gus'n gals for quite a few months now.
The common idea is to create an organization that is NGO, international and ex-territorial.
This same Org is then to seize control of the Internet as the governing body, by passing rules and guidelines and where necessary, enforce them.
We are in contact with ICANN and the U.N., which of course, don't like the idea at all.
On the other hand, they seem to be afraid that we get enough people together to do it anyway.
After all, existing laws are vague and ftb we would still get away with it. Once laws become more comprehensive, then we'll have to abide by them or face the consequences.
To avoid that, more and more people start to think that knowledgable individuals should unite to counter the stupidity that ignorant authorities are likely to pass as laws - before it's too late...
Check around BBSs to find others that are involved.
Without things like BugTraq, hacking may be illeagle, but those who don't get caught will be far more effective if IT Admins can't patch (or know about) security holes... Thats all part of the game... besides, in the US at least, free speech laws will overrule that part of it.
-MR
-Michael Roy Some people are like Slinkies. Not really useful, but you can't help smiling when you see one tumble down
Hey this couldn't be more true. As a Hacker I would be better off if nobody talked about bugs or tried fixing them. It makes it easier to find the bugs, because of sloppy code. Plus, you don't have to worry about them getting fixed.
Keep information free were better that way. Imagine what SendMail would be like if we weren't open about bugs.
Time is Change
A loaded gun is probably less dangerous than a fueled-up car. And as far as children are concerned, less dangerous than any of: a pool, stairs, household cleaners, bicycles, a busy street. When your kid asks for a new bicycle (to go upstairs/fuel for his car/ etc...) give him a loaded gun instead - it's safer that way.
"What's all this shouting, this is a local shop."
I'm aware of the statistics. I was just trying to play dum and be sarcastic.
I really don't have a problem with guns - where I live in Europe we have quite good gun control. You have to get a licence (takes a few days) before you can buy a gun (they check your criminal record). If you have a gun in your house you have to keep it unloaded in a locked place. Walking around in a public place with a loaded gun is not permitted.
Guns I own are for huntig/practising, just like everybody else's.
Now the offtopic flamebait part:
To me it looks like in the US the problem is not guns per se, but legal system which seems to evaluate private property higher than human life/health.
But what the hell do I know, I'm not american.
"What's all this shouting, this is a local shop."
This is such a joke! There is a fine line between hacker and cracker. Hacker being the safer of the two.
I read this in an earlier post but... (a bit off topic to)
Does anyone know where I can find Divine Retribution?
~AdmrlNxn
~Admrlnxn
"I got your mom in my trunk"
So i want to know if say NY Times Publish a Code that enable you to do exploits would the 1st ammendment would be by pass just for some treaty. unless, they want to create a one world government where, they don't think that the citizens of the United States don't need to tell them what to do. From the other day i keep seeing tehm disregarding the consitution , which supposedly be the suppreme law of the land. if all else fail the consitution should have been a protection. even copyright laws, but they know lot of these exploits writer won't come forward, because it put them in the spot light of the government agencies to be put under servilance... United States is getting too slack, in not protecting citizens from out side governments. imagine getting extadited because you wrote, a progam to identify networks and it end up in china, would they let the chinese extradite you. and that FBI program called the carnvoire, it a world wide crack down of people with ideas and good heart peace send coments to explorerdavid@yahoo.com
Not Reagan/Bush What abot the boomer pair Clinton/Gore the huff and puff twins? Dumb laws from the 1930's that need to be done away with. road to hell...good intent... you know the drill asoka
and the problem will go away
very clever idea - do not publish errors and they don't happen, make security research illegal and there will be no computer crime,
--
This is Linux country. On a quiet night, you can hear NT re-boot.
I sent the 'Hacking Treaty' article to Sens. Feinstein and Boxer of California. Feinstein is up for re-election this year and should jump on this right away, especially if the computer community makes enough noise. As to the treaty itself, the US Constitution, Article I, Section 8 grants Congress the power to pass copyright and patent laws to promote Science and the Useful Arts. There is no right to pass a law prohibiting scientific progress. Treaties are an interesting exception under constitutional law, but I don't think that this treaty would normally meet the test. (The present Supreme Court is so Luddite and reactionary that I wouldn't count on them for help.) We can always hope that the Bill of Rights can be invoked - Freedom of Speech and Freedom of Press.
Outlawing the tools used in exploiting (or hacking) systems isn't going to stop it from being done, because most (if not all) of the hacks they are trying to prevent are already illegal. Therefore by outlawing or, in the least restricting access to the tools used for such hacks is pointless, because if are going to hack, you are already an outlaw, so why is using an illegal tool going to stop you? Such as thing also prevents the problem from being solved as quickly/easily/cheaply
The opinions in this post are ficticious. Any similarity to actual opinions, real or imagined, is purely coincidental.
Very few. A lot of them were high-profile though.
Contrary to the popular belief, there indeed is no God.
I've been approached by a private investigator reciently. Someone on disability appears to be running a buisness from his house, the invistigator wants to know if I can break into his comptuer and collect evidence.
Note that I have not aggreed to the above, and will not until I get more information. However we can all agree that IF fraud is committed the evidence I collect would be honest, but if not I would be stepping over the line. So are cracking tools illegal? The private investigator can presumably use lock picks (bugler's tools which are illegal to possess) to break into this person's house to collect evidence. (THe law is very shady here)
A loaded gun does not nessicarly kill someone. I've handled a loaded gun several times, and yet none of those guns have killed someone. If the gun is not treated like it will kill someone, yet it probably will (at some time) injure someone. Even then though, there are few places were you can get shot and killed making accidents more likely to require a hospital stay then a funeral. Ronald Reagon was shot in 1982(?), and it didn't kill him. Many others have been shot and not died.
A gun can kill people. So can a knife. A gun can also put food on a poor person's table. A gun can make for an enjoyable afternoon of target practice. A knife can cut an onion. A baseball thrown at someone's head can kill. A baseball bat can kill someone. Combine the bat and ball and you have America's favorite passtime.
We (the USA) learned that lesson the hard way in the 1920s, with prohibition.
I think it's rather obvious that we learned nothing from prohibition, else we would not be spending obscene amounts of money trying to prevent people from smoking pot in this country. It's done nothing but increase the number of people that are deemed criminals, fill up our prisons to the point where we are constantly building new ones, increase actual violent crime and theft, increase corruption of our own and foreign governments, and violate the basic human rights of millions of people.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.
Judicial review is really kind of hard to avoid. First of all, the Federalist Papers made it clear that this was understood to be how things would be done. Second, when forcing something to be doee (or not done), the action is taken in court. Judicial review of a law is in reality the court deciding wehether or not it has authority to act as one party is demanding: if there is no Constitutional authority for the law, then any court action enforcing the law would exceed the powers granted the court in the Constitution . . .
THis becomes necessary becasue the COnstitution enshrines the Supreme COurt as the highest court. Other solutions are possible, though--instead of a Supreme COurt, we could use the Senate, a la the British House of Lords (in which it's actually a committee of Law Lords; the rest of the chamber just rubber stamps)--but that would require a different structure.
hawk, esq.
How does security through obscurity NOT work?
At the risk of feeding a troll...
Security though obscurity does not work in much the same way as believing that you can fly by flapping your arms doesn't work. Or the same way that Trade Secrets are only protected so long as everyone keeps their mouth shut and nobody finds out how to do it on their own.
An example: Your have your box accepting telnet on port 22 instead of 23. That's security through obscurity. If I happen across it and find telnet reponding on an odd port, that just intensifies my curiosity. What are you trying to hide by covering it with such a thin veil of protection?
Another example: Your encrypt your sex diary by XORing with the word "sex". You don't tell anyone that you XOR it but you instead say "I've got strong security on my sex diary." Now someone like me comes along and plays around and breaks it with a lucky guess or three. What safety did your security through obscurity provide? Absolutely none.
If you're gonna do something, do it right. That includes writing software to be free from bugs and "unplanned features". If you rely on your system to be secret enough to not warrant any stronger security measures, you deserve to be rooted.
but this is ridiculous. First, it was letting AOLers on to Usenet. Then it was the plethora of ISP's and all the newbie net users. Remember the CDA? Submarine net patents? DMCA? I feel like I've had a run in with one million Michele Triola's, and I'm no Lee Marvin.
I'm going to propose something radical, something elitist, something morally wrong, something curmudgeonly. But I remember the "Good Old Days". Well, they are not that old. And at 9600 baud, "Good" is a relative term. But I'll loose the bandwidth. I'll lose the web. I'll lose everything except mail, usenet, telnet, ftp, and a small smattering of other services. But I want them gone. The users. Almost all of them. Everyone who first got online after 92, maybe up to 94.
Maybe this is flamebait. Maybe this is a troll. I don't know. I don't care. I'm seeing red. Nothing but crimson red. We had everything we needed back then. Gopher, usenet, mail, and muds. It was the holy quartet. Everyone new something about computers. You couldn't get online if you didn't. Remember typing in slip manually? How about hand timing a script to pick up as soon as PPP connected? Everybody had to do this. Sure, we couldn't email our mom's then. But I'll give that back too. To be on the net was something that only you understood. Your family didn't know or care. Hell, they couldn't think of a reason they would use it. They were right.
Now I know what you are thinking. The net is too powerful to keep away from everyone. Its draw is irresistible. Like moths to a flame, people are drawn to information. Like Stella Liebeck to her coffee cup, the masses came to the net. And both were pissed when it was hot. Sometimes, it is better to never serve coffee in the first place. We thought community, they thought lawsuits. We though information, they thought "of the children". We though porn... Well, they thought the same thing. They cannot always be wrong, you know.
And speaking of the children, how come I don't hear about parents complaining about all of those 8 year old drivers out there. Oh, 8 year olds cannot drive? What does this logically imply Skippy? Really? If I truly feel that the net is as dangerous as a car, I shouldn't let my kids use it just like I don't let them drive a car? Nah, that is too much. I'll just demand for laws to protect them. Lord knows I'm not going to.
I'm not seriously proposing that we get rid of the "masses". I know it is impossible. But we should have kept it from them. Somehow. Maybe like a clue server on netrek. We could have kept all that knowledge and power to ourselves. The net would have been smaller, but we would have had so much more power because of it. Like gods among men, we could have levied our advantage to get sensible preemptive laws put into place. We knew they were coming. We should have prepared.
In short, we had it all, we gave it away. It doesn't suck yet, but it could. And we could have prevented it. Maybe we still can, but we definitely could have by acting earlier.
Of course, that's just my opinion. I could be wrong.
My only criteria are (1) bandwidth (2) food quality/availability and (3) climate. I hear Brazil is nice...
--
Care about electronic freedom? Consider donating to the EFF!
On the other hand, the only thing proven to reduce crime is keeping habitual criminals in jail until they are too old for the game.
The real answer is we need enough jails to keep all the street thugs off the streets, no more, no less. Until we fix or delete the drug war, we are unlikely to know whether this is more or less tyhan we already have.
I wrote parts of this stuff
When your kid asks for a new bicycle (to go upstairs/fuel for his car/ etc...) give him a loaded gun instead - it's safer that way.
Being at work, I don't have the numbers on me, but more children die (individually) as a result of falling down stairs, drowning, or being hit by a car while on a bicycle each year than by negligent firearms use. Not that anyone can really be expected to know that, considering how one-sided the media can be about these issues.
I'd feel my children to be a lot safer with a gun in the house than a pool in the back yard or stairs to fall down. Just because I managed to survive both pools and stairs to reach breeding age doesn't mean that they're inherently safer. In fact, they're much more dangerous.
--
It's pretty pathetic when karma can drop when you do nothing
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
Well, you see, a gun is made to kill/break/hurt something. Maybe a person, maybe a tasty animal, maybe a target, but something.
/. reader should know how often the government sides with us poor citizenry.
So are clubs. So are knives. Yet you don't see the same rabid attacks against them. I maintain that they are all tools. Nothing more, nothing less.
A club was originally designed to bash something in order to kill/break/hurt it. Do we have regulation? No. Is it easy to obtain? Damn straight, if there are trees or construction or anything of a suitable shape out there. Are they incredibly prevalent in society? Well, I see them used every time I watch a baseball game . . . Are they blamed when someone's beaten to death? No. Can they be used for good OR evil? Yes.
Same with knives. Originally designed to cut and stab things. You can buy them in a sporting goods department. You can buy them from RonCo. You can get them in any kitchen store. They're probably more prevalent than any other object intended as a weapon. Do a quick check: how many knives are there in your house right now? Don't you think you should check this knife proliferation? Do we have to treat you with kid gloves because you might flip out and go on a stabbing spree?
Anyway, you can't compare gun control to hacking control, or anything else, because a gun is a weapon, designed to hurt something, and other things cause damages as a side effect.
Sure you can. I could easily use ping, traceroute, nmap, the latest DDoS scripts, etc, as weapons against your system. I could crash it, hurting either your hardware, your ISP's hardware, potentially a business' revenue. One exists in the physical realm (guns), the other in the electronic realm ("hacking" tools). They can both be used as weapons, both offensive and defensive. How they're used is the responsibility of the user. Neither has an inherent evil nor an inherent good, anymore than that thick piece of wood you're brandishing to either scare off the strangers, or coerce money from the locals with. They just exist.
(Sorry, guns do not have a side effect of reducing crime,
I beg to differ. Just the very act of training with a gun, knowing how to use it, knowing you don't have to be a victim reduces crime. It gives you a level of self-confidence and self-assurance in yourself and your abilities. Sure, you might not have a gun on you at the time, but predators can smell fear and intimidation. If you have that self-confidence in yourself, you become less attractive as prey.
Plus, if you do have a gun, you don't necessarily need to use it. It's a method of last resort to have to shoot someone. Every personal protection course I've ever taken (NRA-sponsored, no less) emphasizes that the best course of action is to get away as quickly as possible. Barring that, try to find a non-violent solution (this could be as simple as shouting, or telling someone you have a gun, or showing it, but you'd better be prepared to use it at that point). Otherwise, as a last resort, use violence of whatever kind is necessary to protect yourself and/or your family.
Personally, I plan to take every step possible to defend what's mine. That means in the physical world, having access to firearms, being trained in their use, and having the resolve to use them should that need ever arise. I don't intend to sit idly by waiting for the police to show up at some indeterminate point in the future, because of something happening right now.
In the electronic world, it means using the same tools that likely attackers of my systems are going to use. Being familiar with how they work, what they do, and why they do it is invaluable to protecting my boxen. If I'm unable to do so, I'm just begging to be a victim, and can only attempt to put the pieces back together again after the harm has been done.
In both cases, an ounce of prevention is worth a pound of cure.
nor of holding back government oversteps)
Realizing you might not necessarily be familiar with American history, I again beg to differ. There was this little spat between England and the colonies. And wouldn't you know it, those crazy gun-weilding wackos managed to revolt against an oppresive government.
Do I think it's likely to happen today? No, there are too many sheeple, and folks who think the government has our best interests at heart instead of its own. Any
So yes, it's possible for guns to hold back government oversteps, and be used in constructive and defensive ways. It's also true that hacking tools can be used in a similar manner. Anyone who tells you otherwise has an agenda to advance, and certainly isn't looking out for your best interests.
--
It's pretty pathetic when karma can drop when you do nothing
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
you're absolutely correct, but more to the point, if a treaty would violate the Constitution, then it is unconstitutional for the president to negotiate it and for the Senate to ratify it. if either/both of those happen with an unconstitutional treaty, that is grounds for immedaite impeachment for violating the highest law of the land.
"onward!" cried the copper man, little knowing brass corrupts...
The next thing you now is that you need to registar yourself as a person with knowledge to hack. If you take away the right for me to see what is the problem with MY computer system and tell the world about it then I see something wrong with this picture.
Nurses are responsible for the medications administered, and believe me, they do not trust doctors or computers to know what the hell is going on. They check everything.
And life support systems are generally embedded and not networked in any hackable way... the possibility is there but it's not as likely as you think.
"Free your mind and your ass will follow"
From the news:
?In part because of the ingenuity of lawyers and the ingenuity of [computer criminals] to get around the laws we?ve got, the laws we?ve got aren?t sufficient,? Hyde said. ?The draft convention?.will make it much easier for people to investigate. It will have an immense impact.?
What this JERK forgets to mention is the colossal analphabetism that runs among the police structures. The HUGE and COLOSSAL ignorance about computers and networks. Will the convention make much easier for people to investigate? ABSOLUTELY CORRECT. Because what will happen is that such law will give enforcement organisations the right to hassle computer experts and hackers. To get a cheap and easy-to-manipulate mass of technical experts that will work for these IDIOTS to avoid jail and/or other forms of persecution. This is putting all Security Experts hostage of a group of people that barely understands the technical and psychological specifics of our world of computers.
This will not help fighting cybercrime. ABSOLUTELY. Because what first goes into HELL is cybercrime pervention. You can't study/analyse security holes. You will be dependent of a mystical/abstract support from developers to implement security measures. What you get? A Cybercrime Freeway. Now when this happens who is going to be hassled first? Criminals? How? If police, even with the most modern systems cannot manage to understand some of the most basic principles of network/computer security? You of course! They will come to you because they know that you still do "something on the side" (you don't wanna loose your admin job right?). And they will hassle you to work "for them". OF COURSE they will REMIND you that you are a SINNER. So your work will cost [$$$ - (cost to keep you out of trouble)].
In the mean time wait for a whole trash of surveillance systems on your place. Why? Because you don't have the right anymore to do security. Well, in fact, they may leave you with that. but in a way, that practically, you have no rights at all. Because:
You don't have any information (bye BugTraq)
You can only rely on developers to fix bugs (we will fix it on our next release)
You cannot develop/study your systems for security (pay and you'll get it)
You fall into a double standard (are you fixing bugs or making security hacks? Are your development "inoccent"?)
If anything goes wrong, call 911. (In the meantime your systems are completely bleached)
So don't wonder if the badge guys will be knocking your door too frequently. Or even replace you...
I wouldn't be so general. Such documents are not a "conspiration against Mankind" but more the result of petty domestic fights between lobbyists of different fields. Lawmakers gather laws from discusssions with experts, lunches with corporative managers, talks with government officials, letters from citizens, the mass-media (yuks!) and the greys :). In result they produce something like this. Generally they barely understand what is written here. Their main task is to create something practical, juridically correct and which will not burn their next election.
The problem here is that, probably someone managed to sniff his own stupidity into this treaty. Probably someone from the equivalent of the FBI or NSA in America. Probably he explained lawmakers how his life is a Hell because of these tools "roaming the Internet" and that "forbidding them would make life much more easy". Then a representative of a corporation like Microsoft may have told them that "these tools are the source of big losses", then an expert explained them vaguely what these tools may be used for. And, finally they decided to write this article without hearing anyone else because the quantity nd quality of experts was "enough". And consequently we got this piece of trash in the middle of a treaty that doesn't look so bad at all...
Well if we go to the extremes then... beware your hands, your feet, or, even your head :)))))))))))))
A great destructive method is kicking out the computer. Specially if it's turned on. Besides you think about kicking it... So don't be horrified if court decides to have you slandered in the best of medieval ways. Anyway, you're carrying illegal devices, rigth?
Have your read carefully this article:
... for purpose...". This foggy term reminds some stalinist times when, by possessing "burgeois" literature you are considered already a criminal. Because you already possess a "potential weapon" for commiting a crime.
"a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5"
[...]
the possession of an item referred to in paragraphs (a)(1) and (2) above, with intent that it be used for the purpose of committing the offenses established in Articles 2 - 5
The problem is that any security bug is potentially a break-in! So if you create a testing tool you might well giving ground to fall under the laws created through this treaty. Besides note that 2a talks about "intent
What kind of "intent for purpose" can be understood before commit a real crime? Is the fact that I have a gun on my closet an "intent to be used for the purpose" of killing my neighbor or rob my bank?
Does the fact that I possess nmap on my computer be equivalent to an intent for the purpose of breaking into slashdot.org? Well they don't explain the intent. But they do link intent to purpose. In courts such games are the base to give you a cold shower:
Lawyer: Is nmap an instrument for the purpose to break into slasdot.org.
Expert: bla-bla-bla.. Generally yes.
Lawyer: So we have now demonstrated that Mr. Hacker possesses a weapon for the purpose to break into slashdot.org. So, CONSEQUENTLY, he had the INTENT to break into slashdot.org!
What should be done here is to wipe this article and write everything in a new way. Specially:
Remark the distribution of tools that specifically don't only explore a security bug but also may ease the manipulation of systems where a clear break in has been made.
Remark that these tools can be used as evidence (and how) in courts. This is much more important as many courts drop out cases as they don't know on how to deal with such software.
Forbid te distribution of data that may be resulted from these break-ins (by agravating penalties) or that may ease such break-ins. Specifically the words "password", access code" should be erased from here, by substituitng them into a more universal term. Something like: "data that allows access to computer system and its data, beyond the limits of the people/systems allowed to access it." This would include such things like spoofing, packet hijacking and others.
Mark more clearly the limits of using security tools for analysis/test/development and the criminal acts.
:))))))))))))))))))))))))
:)
Was not encryption equalized to "Ammunitions" by the Department of Commerce? Dear fellow Americans, weren't you crying all this time that this is incorrect?
Ok, people NOW RUN to the D.C. and CONFIRM: "YEAH IT'S AMMUNITIONS, NO, IT'S GUNS, NO, IT'S COOOLER THAN NUKES!!!!
In the meantime sneak a draft to them about considering security tools also as High-Grade Weapons. And stamp all this with the Right To Bear Arms.
Btw don't forget that the suggestion came from Russia. As always, we have been good partners on what considers this stuff. And don't worry about us not being able to get your weapons. We will always find a way to exchange them
Make the penalties so ridiculous that the law becomes unenforcable.
Anyone in possession of a compiler should serve a mandatory twenty years in prison.
NO excuses. And when something breaks, we don't fix it...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
In a previous job, we've dealt with detectives from a *BIG* law-enforcement agency, and they've done pretty clueless things in an investigation of a computer-based scam (we've saved the show for them) to whom we had originally sold the computers and LANs they used to do their scam. The problem is that they take policemen and try to turn them into hackers. The reverse should be done: you take competent computer types and make them into policemen.
Becoming a policeman is easy, as it is routinely done for the simple minded, so it should prove a cinch for computer geeks... (Plus, imagine the revenge you'd get with the martial-arts training on all those who picked on you - as of myself, I was so much geek that it was the other geeks who were bullying me)
I am taking a management class right now, and the moonlighting teacher normally works for the same *BIG* law-enforcement agency as above. Well, he has setup a web-BBS& lt;/a> for discussing course issues, and whenever some dope does an anonymous posting to criticize the course he goes apeshit, and shuts down access to the whole of the AC's class-C subnet!!!! He does not seems familiar with the concept of a USER-ID/password, and I have shown him /.
whose principle he hasen't started to fathom. As a result most students
are penalized, since this backwoods place ain't got much ISPs...
--
Americans are bred for stupidity.
Vote Libertarian.
They don't think the federal government has any Constitutional authority to make laws regarding this issue.
-
Well, this is a treaty, not a law. And the Constitution doesn't limit treaties as strongly as it limits laws.
It does, however, restrict treaties to compliance with the Constitution. We had this argument a couple of months ago, I was on your side, and we lost.
-
Jay (=
I think you've misinterpreted the Constitution. Article VI is actually used to *avoid* passing unconstitutional laws by simply signing treaties. Because a treaty is made part of the "law of the land," it is also subject to Constitutional constraints on what can be part of the law of the land. The First Amendment is one such Constitutional requirement that this treaty would not be reconcilable with.
Every law that Congress passes is part of the "law of the land," but that doesn't stop the Supreme Court from being the final arbitrator of what is Constitutionally permissable.
-- Don't Tase me, bro!
The gun laws in places like Washington DC only disarm the law abiding (aka, "victims"). Meanwhile, the politicians who make these laws have dedicated policemen to guard their workplaces and sometimes even persons. Armed policemen, of course.
If victim disarmament laws really worked, then the police should be disarmed just like anyone else. But of course, they don't, and nobody is so foolish as to advocate disarming the police when the criminals are pulling down billions in their highly regulated economic sphere.
The analogy maps perfectly to computer security. Take away legal possession of hacking tools, and sure enough no reputable people will have them. But the crackers still will, of course, and there will be a brave new world of ignorant sys admins with no ability to defend their systems.
Well said. I would also mention that guns save innocent lives far more often than taking them (at least in the US). Following the news on packing.org shows that nearly every day, a family, a small store owner or just a citizen on the street fights back with a gun to save their life and this is reported in the local news (not national news, thay aren't interested in self-defence stories).
Or as I like to put it, Ted Kennedy's car has killed more people than my guns.
Finkployd
Guns saving lives show up anecdotally
and statistcally, but since these statistics don't mesh well with the general bias of the media, they don't get reported (another example of this is how the media conviently never reports the failings of censorware)
And the stats that show guns taking lives are usually exagerated. Remember the gun in your home is more likely to kill a loved one than killing an intruder. That stat counted crack houses as homes, drug dealers and bookies as "loved ones" and suicides were lumped in as well. Statistically, addidental deaths with guns are almost nil. whereas they are used litterally (and documented) daily in preventing and stopping crime.
Finkployd
Well, this is a treaty, not a law. And the Constitution doesn't limit treaties as strongly as it limits laws.
--
Preventive War is like committing suicide for fear of death. - Otto Von Bismarck
The really controversial bit is the section on "tools", right? Well, it says after that:
with intent that it be used for the purpose of committing the offences established in Articles 2 - 5
So, they have to prove that you are going to use the tools to break into computer systems to which you do not have "right", i.e. which aren't yours.
This doesn't outlaw white-hat stuff at all, because you can do white-hat stuff against your own boxes. Is anyone here going to stand up and say that we should all have the right to text exploits on other people's machines?
In the same way, BugTraq will be perfectly safe unless people stop putting a disclaimer at the bottom which says "educational purposes only."
Gerv
This is such a patently bad idea. Okay, so we eliminate all public hacking discourse and we prevent law abiding citizens from being able to use and develop hacking tools. The results would be the following:
1) criminal hackers will use encryption and numerous other methodologies to conceal their trade in and development of hacking tools.
2) corporate security managers will be unable to test the security of their own systems.
3) home computer users will be unable to test the security of their own systems.
4) bugs found in common systems will be left unannounced and will be openly exploited by the people mention in point #1 above
I mean can there possibly be a greater recipe for disaster on the Internet? *sigh* You can pull my copy of nmap out of the clutches of my cold dead hand!
---
This sig has been temporarily disconnected or is no longer in service
America today has more incarcerated citizens per capita that Stalinist Russia did. (Not counting those executed outright by the state.)
This is incredibly bogus. How many people, per capita, were murdered by the state in the USSR (not Russia) under Stalin? How many were not incarcerated but sent into internal exile? Put down your crack pipe and compare those numbers to the US today.
Thanks.. that was easy enough. :) My letter is on the way.
BilldaCat
Isn't that less effective than seperate letters? I would think so.. seeing 10 letters instead of 1 letter with 10 signatures on it.
BilldaCat
Until the US decides to hop on and sign this treaty.. did you read the article?
BilldaCat
Yes.. laws against 'hacking' should be made. Penalties for 'computer tresspassing' are all it should amount to.
As for exploits being published? As a seriuos sysadmin, I *DEMAND* access to this information, as I've always had.
Now.. if they want to make these things *potentially* illegal, you know, like how a crowbar can be a 'break & enter device' if you are caught breaking and entering with it.. that may be acceptable. But mere posession of information? Good luck.
They 'can't' because it's STUPID.
WE license physicians because, as a society, we don't want people DYING because they were duped into using a non-approved physician. we do it to obtain some sort of level of awareness about skills, when LIVES are at stake.
Lawyers too. Engineers. All for the same reasons (lawyers may not protect your life physically, but they protect your freedom to do things)
We do not license McDonald's workers, farm workers, or grass cutters. I do not see any need to license 'network administrators'. Why should we?
Hold on. I'm not talking about some company 'certifying' someone on their products; that's fine and dandy: the people who know the product the best (those that make it) are stating who is and is not certified by them to have a certain level of knowledge about the product.
This is VERY different than professional certifications for things like engineering and medicine and law. Those are not tied to a 'product' or a company.
I think the prevelence of these people trying to break in HELPS software in general in making security a high consideration in design.
Laws like this might make security worse by giving the non technical the impression that the law will protect them from someone in a foreign land thats trying to break in...
Your not going to stop these people ever unless you make security a high priority.
The question is how do you fairly prosecute the really mallicious ones while letting those just poking around off. How are damages calculated? The Mitnick case set a very bad precident in this deptartment with ridiculously high losses sited in court but not to shareholders or the Securities and Exchange Commision (SEC).
But if a safe cracker gets his own safe and figures out the internals himself, hiding the diagram would be a useless gesture. The only solution is to design the safe in a way that even when it is obvious how it works, it would still be impossible or impractically difficult to open. Computer security is even riskier since the very difficult tasks can be reduced to a stupid little script (hence script kiddies), so therefore computer security needs to be in the "impossible" category.
Only the system itself can tell you that its secure, and not the back of the box, and the only way to find out is to take it apart.
Oh, puhh-lease!!!
The point is, if you read the MSNBC article is that some consider it as a 21st century witch-hunt. This treaty reminds me of the silliness of persecuting those who use unconventional methods, sometimes at the risk of their lives. Witch-hunting and inquisition were used to keep the masses ignorant and prevent those free-thinkers from disturbing the status quo.
Plus, Halloween is in 5 days, and this story is most definitely scary.
Offtopic my ass. I'm beginning to understand how Signal 11 felt. Yeah and fuck karma too. I don't need some pathetic counter to tell me if I'm good or bad.
---
Vote Inanimate Carbon Rod in 2000
if a treaty would violate the Constitution, then it is unconstitutional for the president to negotiate it and for the Senate to ratify it. if either/both of those happen with an unconstitutional treaty, that is grounds for immedaite impeachment for violating the highest law of the land.
Except that impeachment dosn't actually appear to do much. Rather less of a disincentive than "High Treason", for which the traditional punishment is execution.
Dunno, plain text and extrans used to work, until one day, a long time ago, they suddenly switched names... and thus began the reign of the confused slashdot community. People who were troubled by the tags started posting about young teenage girls, breakfast foods, and prehistoric man chatter. They gained followers, recruited friends, and soon the dominion was overrun with pre-pubescent males trying to gain esteem among their peers. Gone was the Age of Wisdom, the Age of Legends... There are no beginnings or ending to Slashdot. What is, what was, and what shall be may yet... oh wait... been reading too much Wheel of Time...
--
"It's tough to be bilingual when you get hit in the head."
Yea I know what you mean. I cannot stand legislatoin like this!
Here are a couple of loop holes here...
What about MS DOS debug program. This falls under the guise of hacking, but is distributed with almost every OS MS has produced!
Whate about nmap? The article discusses this. The councel says there will be exemptions... From the article, " The Council of Europe has promised to provide a list of exceptions to the treaty, and professional network administrators will likely end up exempt"
First of all what software will be exempt? I've used a DDoS tool for fluding my own network to see if my machines would choke! (BTW it was fun seeing win 9x croke but linux just slow down a little) This tool was designed for DDoS but I have a completely legit use for it.
The other part "...network administrators will likely end up exempt." This really pisses me off!!! I'm a C++ developer not a net admin. But I can do a better job of net. admin. thay anybody in my co's IT dept. Would I end up exempt? Who knows, I'll probably get prosecuted for haveing a copy of nmap!
This is just bogus crap! What lawmakers do not understand they prosecute. If it looks like it breaks a law and they don't understand it, prosecute it!
If at first you don't succeed, skydiving is not for you.
-------
CAIMLAS
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
- Article 6 - Illegal Devices
- a) the production, sale, procurement for use, import, distribution or otherwise making available of:
1. a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;
The last line of section A (intended use) might cover white hats, but perhaps not. It seems like that could be interpreted in serveral ways.Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally and without right:
2. a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed
with intent that it be used for the purpose of committing the offences established in Articles 2 - 5;
b) the possession of an item referred to in paragraphs (a)(1) and (2) above, with intent that it be used for the purpose of committing the offenses established in Articles 2 - 5. A party may require by law that a number of such items be possessed before criminal liability attaches.
--
They want to outlaw tools that are produced/distributed with the intent to commit a crime.
Which means that if some guy on the street is shouting "come get a fancy coat hanger! It's great for opening car doors!", that might be illegal under this treaty. But if someone else is advertising coat hangers for use on coats, then that person's act of selling hangers wouldn't be illegal.
Or something dumb like that.
--
The speed of the arms race must be controlled.
--
Yeah, but should it be legal to leave a rocket launcher laying out in public view? Someone could walk by, pick it up, aim it at someone, and pull the trigger on an emotional whim.
Should it be legal to have software that's as easy to use?
Perhaps BUGTRAQ type exploits aren't quite as close to this, but what if there was a program that when run, would bring up a list of hospitals... the user selects a hospital and hits the "Okay" button... the software then uses its preprogrammed automation to find the power source for the hospital, hack into the power station, and turn the power off. Should such software be allowed to publicly propagate?
--
You can also write to your Senator. Look them up here.
I also sent the above letter to Phil Gramm and Kay Bailey Hutchison.
Only if they see viable options, and what is "broken" is VERY broken.
Both Netscape and IE have a long, long history of bugs, including numerous security issues -- yet, people haven't flocked en masse to, say, Opera or Amaya. For most tasks involved with light browsing, both of these two perform well -- vulnerabilities involving theft of cookies, for instance, do NOT suddenly mean it can't browse.
Instead, MS and AOL/Netscape simply release updates and, it seems, retain their user base.
Software doesn't need to be great or flawless (even in the sense of security) for people to use it; it just has to be "good enough", taking into account the availability and convenience (or lack thereof) of other options. Unfortunately, security flaws often do not impact apparent functionality enough to cause users to flee a product en masse...
Only the dead have seen the end of war.
I take it you have never heard of a decompiler. binaries are hard to look at but not impossible. A highly motivated (read paid) black hat *will* go through the trouble of deciphering and diagramming out your confusing code, after all, it's his job.
The white hats who benevolently find this stuff without compensation aren't going to violate laws or go through the trouble of unwrapping your riddle in an enigma. After all, nobody's paying them and if it isn't fun enough, why bother. There certainly is other code to review where the writers are not intentionally giving them the middle finger.
The result is that you have cracked programs and nobody is sounding the alarm until it is too late and China's investment of a cracker brigade gets them the ability to send hostile code into the Win2k control systems of the US Navy's smart ships.
Does this make it clear?
DB
A little off topic but harmfully hacking a hospital to cause deaths isn't very hard, it's just not as obvious as hacking an individual's medical equipment. Turning off the HVAC systems in July in Arizona is, unfortunately, all too easy and guaranteed to cause a large bodycount.
I learned about that one at a hacker kiddie BBS in the 80's. It was one of those classic conversations of the greenhorn saying "what's this" and more experienced hands saying "stop it before you kill someone". I suspect the practice of dialup control of HVAC systems hasn't changed much since then.
Life support covers a wider range of infrastructure than you think. There are two major water lines that feed into NYC. A little bit of drilling and demolition work in the woods of Westchester county and you would not be able to truck in enough water to avoid major population evacuation (AFAIK they are still working on tunnel 3). The knowledge necessary to carry off this attack gets broadcast over PBS programs in the area at least once a year.
I won't go into the several other ways 5 reasonably intelligent middle schoolers came up with (in about two days) to cause unstoppable havoc and mayhem but let's put it this way. City living is remarkably fragile and the stupidity of terrorists both cyber and the garden variety kind is a continuing gift from God.
DB
I was raised to take certain things for granted. That my minister is not packing heat as he gives the "Love Thy Neighbor" sermon is one of them.
Does this
If it was a passing of a domestic law, then we could actually do quite a bit about it. Unfortunately, international treaties are a sneaky way to get things passed into law without actually going through the sequence of events that can get outraged citizens to discuss the probability that the lawmakers are suffering from cranial-rectal inversion.
Unbreakable toys can be used to break other toys.
I can see it now, "Imminent Death of BUGTRAQ predicted!"
Objects in the blog are closer then they ap
Just download it, make a few changes, sign it, and send it to your senators. You can find their addresses here.
No more excuses. Print it out and send it in today.
Trains stop at a train station. Buses stop at a bus station.
Buses stop at a bus station
Trains stop at a train station
On my desk there's a workstation....
I can't believe how our society avoids prosecuting actual criminals, and focuses on nazi-like prevention instead.
Saying that bugtraq causes hacking is like saying a pencil causes spelling mistakes.
Theoretically, an exploit could cause death,... if the exploit were against NASA, or a hospital. I mean, imagine an exploit which screws up a medical record database, and suddenly they give you a medicine you're allergic to.
Unlike what the article claims, the treaty does NOT outlaw BugTraq and the likes.
Article 6.2 (which the "illegalizing BugTraq" part must be referring to) explicitly states it's illegal to [...] distribute [exploits] "with intent that it be used for the purpose of committing the offences established in Articles 2-5".
I didn't know BugTraq's intent was to make exploits available to script kiddies...
This message is provided under the terms outlined at http://www.bero.org/terms.html
The bold word "there" in the quote above is incorrect. It should be "their." Ordinarily I am not anal about these things, but if you sent this letter to your congressman it is important that you use proper grammar and spelling if he is to take it seriously.
I think that you missed the point. The point was that this treaty would have to be ratified by the Congress. Yes, it would be treated as a law should we pass it, but as with many treaties of the past, just because the US had a hand in creating it doesn't mean that we will sign it.
Anyone remember the Treaty of Versailles?
~LE
Thank you for point this out. I've been thinking it while reading this thread, but you articulated it so well. If I had some mod points you'd get a few. I know several people who have guns and they are very responsbile with them, but they also have a lot of fun taking out for some target practice and shooting cd's, old computers, phone books, vegetables, etc.
Just because someone owns a gun doesn't mean they have any intention of killing someone with it. In my friends cases they just enjoy the hobby.
Things you think are in the Constitution, but are not.
Text version of the word doc
Warning, very quick and dirty :)
Are there any organizations or legislators that we can pass on our concerns on this issue. Maybe a petition, URL, or e-mail?
But then again...I guess anyone using Windows or Linux could be put in jail...can't "ping-ing of death" be considered a no-no according to this?
Security tools and security information are not bad, but how you use it can be a danger, but this shouldn't prevent people from having access too them.
BreezyGuy
Eric B
ebresie@gmail.com
I want to voice strong opposition to the proposal the COE has made for legislation to combat "cybercrime." There are many problems with the proposal which could be pointed out. The most problematic, in my opinion, is article 6, which (if enacted by signatories) would prohibit the possession of any "exploit" code which could be used to illegally access a computer. I run a small network for my home. My computer has been cracked. So I am someone who has an interest in being protected from cybercrime. This treaty would not help me, it would actively hurt my ability to protect my vulnerabilities. How? The primary way I protect myself is relying on the reports from private organizations and groups interested in computer security, who keep track of current exploits and make fixes for them. These individuals and organizations run mailing lists and websites where these programs are discussed and exchanged for the purposes of helping to find fixes for the vulnerabilities they exploit. If this treaty were passed, this kind of activity would be made illegal. This would not just have a negative effect on the ability of the computer industry to protect itself from crackers: it would basically destroy this ability. The reason is that by and large the entire industry relies, for protection, on the kinds of activity this proposed treaty seeks to outlaw. This is counterproductive legislation at its worse. Also of concern is the perceived tendency to take rights away from individuals and invest them solely in the government. Without a doubt, crackers would circumvent laws arising from this treaty by discussing exploits using encryption. Would encryption then be outlawed? This proposal takes an unacceptable step over the line of violating fundamental human freedoms. -Greg Billock
more laws.
;-)
however, i didn't see any mention of source. Which, technically wouldn't make BugTraq illegal for distributing source. this says a computer program, which by all rights is simply a compiled binary. Does a program compiled under Linux coun't as a program when stored on a windows box?
Additionally, even if source were to be made illegal, these beaurocrats have their thumbs so far up their asses that they would never stop to make mention of "working or unworking code!" If you want to submit plumberscrack.c on bugtraq. just make sure you forget a comma. Poof! you don't have working source anymore, and no one can accuse you of writing an illegal program cause A)It's source and B)It won't compile anyway.
Imagine it's like Haiku are now illegal. just make sure that A)You make sure the third line has 6 syllables, B)Tell the reader, if they want the haiku, to drop the last syllable.
A rose by any other name....
isn't illegal
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
After all, drugs have been illegal so the police can arrest just about anyone for no reason (well, apart from possessing a plant). Now that the laws on drugs are going to go away soon (in uk we just had the first public backlash against tougher anti-drug laws), they need a new way to arbitrarily arrest people...
Pretty sure the average guy in the street will soon come to fear/hate/etc the guy who `broke into a website and stole thousands` as much as the `evil peddler of death, turning children into addicts of the evil reefer`...
Under the purposed billing you couldn't even "crack" for research purposes. For example, if you thought that your sendmail daemon had an undocumented "hole", under this bill, it would be illegal for you to research the possiablilty of the hole. It would be illegal for you to "crack" at it to see if the possiablily is real or not. Even if you are the current maintainer of sendmail!
And if you did find a hole, it would be illegal to tell others about it (so they can fix it or upgrade!)!
It might not be malice "cracking" or "hacking" whatever the best word is, but it would be illegal, even if you are doing it to protect yourself or others from malice "crackers"
If the OpenBSD was in the US, under this bill, it might be illegal for them to do code audits since, in a sense they are looking for crackable mistakes or holes in software. They are not doing this out of malice intent (actucally to prevent malice events on their software), but still it would probably be illegal under this law.
Please RTFA, it is really short and an easy read.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Welcome to my web page!
I had a stroke yesterday so I had to move my webcam to my hositpal room.
click here to raise the temperature in my room.
click here to have a lego mindstorm shake up a magic 8 ball.
click here to adjust the controls on my artifical heart.
click me to dose me with 10mg of mophine.
click here to turn the lights on.
click here to ring the buzzer and annoy the nurses
click here to fiddle with an unknown device hooked up to me. I think it controls breathing or something.
click here to send me spam.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Actually, this sounds a lot like current laws covering burglary tools. There are a lot of tools that can be used either for legitimate purposes or to help break into people's houses. It is not, in general, illegal to own those types of tools or use them for their legitimate legal function. If, however, you get caught using them to break into somebody's house, or IIRC if you're found in posession of stolen goods or other circumstantial evidence of burglarious activity and burglary tools, you can be charged for posession of burglary tools. Nobody gets in trouble just for having a crowbar in his garage; they do get in trouble for having a crowbar in their bag along with their neighbor's TV set.
Something similar is likely to apply to the computer equivalent. If you're a network administrator and happen to have a copy of nmap on your computer, the FBI isn't going to come and break down your door in the middle of the night for having cracking tools. After all, it has a significant, legitimate use in your work and hence doesn't fall under the heading of "[specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;". If, OTOH, you're found with emails copied from somebody else's computer and a copy of nmap on your hard drive then you might find some additional charges leveled against you. In that case it's pretty clearly under the heading of "the possession of an item referred to in paragraphs (a)(1) and (2) above, with intent that it be used for the purpose of committing the offenses established in Articles 2 - 5." The bigger problem is that this is likely to have a chilling effect on the development of newer, more effective tools for security monitoring.
There's no point in questioning authority if you aren't going to listen to the answers.
As you seem so willing to share your sex life by protecting it as shodily as you did; we would like to skip the hassels of the courts and laws. As such, we have enclosed a check for $2500. BTW, we have encluded a copy of the CrackedPorn magazine in which your wife is the Cover star. We where thankfull for the pictures of yourself, your wife, and your 3 mistresses, and the story of you, the hooker, and the dog is one of the best we have published todate. CrackedPorn will be hitting the racks tommorow, be sure to tell your family and friends about it.
--The Editor
PS. Might I suggest that dogs prefer bacon fat over tartar sauce?
All jocks think about is sports. All nerds think about is sex.
It almost seems to me that in their rush to demand and lay down more broad laws and the potential for broad laws that several people are about to be stereotyped. Instead of starting down the road of actual bans of software, why not try to keep a majority of the problem from having access to the software or source? Have the source still be legal and the software still be legal but require knowledge testing to get gain access to it. The last time this nation adopted a philosophy of blind stereotypes to solve a problem we ended up fighting a bitter civil war that has left scars to this day.
If the corporate world cannot fix or patch the glaring security flaws in their software then maybe that software should not be used so seriously or taken seriously when it is comprimised. Obviously somebody else does not take that software seriously or else they would strive for secure and stable software. Major corporations and even the government should be giving thanks to the security industry instead of trying to bury them. By banning an entire community of geeks from making things better, you will be opening your system/software to the full attack of the people with the knowledge and malicious habits.
No matter what happens, somebody will come up with cracks and hacks, and those that have the knowledge and information who are responsible will then in turn find themselves taking more heat for the malicious. Who knows with the growing trend of removing freedoms and liberties in America...we just might find ourselves posting on new site that has been deemed worthy about how wonderful the new local hacker/cracker concentration camp is.
-1 Overrated (Too many big words for me to comprehend)
Wrong. You get the full protection of the DMCA. You have put a "device" that "controls access" to a "protected work" and people decrypting it are "circumventing" that device without the "authority of the copyright owner" (i.e. you). So you can sue them for a minimum of $250 per incident (minimum statutory damages - you only have to prove it is likely they did it - not prove harm or anything). You could get $2500 in statuatory damages if the court so chooses, or actual damages and profits of the violator.
But if DMCA protection is all you need just do a one byte XOR with 255. Easy to implement and STILL gives you DMCA protection.
Just because it CAN be done, doesn't mean it should!
And they can even corrupt the voting process. Make those acts felonies and ban felons from voting for life (both of these are true in many cases). Now if THEY don't like you they not only lock you up for a while, they have also revoked your right to vote. Now you have no voice at all, no influence on the gov't at all. If THEY do that to many people who think that way (people like US, the geeks/hackers), they can EASILY make the voting population be more supportive of them and their laws, just by eliminating the competition.
As for prisons filling up they have many choices. Build more, let criminals go after a short sentence (they've still killed your vote), let out the rapists and thieves to make room for the hackers and geeks (they'd want to leave some of them in there to harm the hackers/geeks - read the story about Bernie S) or some combination of the above.
Just because it CAN be done, doesn't mean it should!
I really wish people could get their goddamn terminology straight. Misuse of terms confuses the entire issue.
:) Cracking is merely an application of hacking, much like technology is merely an application of science. Things like bugtraq are an important part of the community. The act of cracking shouldn't be illegal, but if the end result is that some information was stolen with the intent to use it in some way, shape, or form, then I believe they should be held responsible.
Are we talking strictly hacking or cracking? Cracking, I, of course, can see, but hacking?? That's the dumbest thing I've ever heard. That's like saying you're not allowed to build certain things with your legos, you're only allowed to build the ones in the instruction manual. What fun would that be?
I could imagine my childhood if I was only allowed to build the racecar or helicopter instead of the cool mothership with 47 laser guns and huge engines and afterburners and wings and little compartments made out of those pieces that had hinges on it so I could keep prisoners in...
Oh yeah, but anyhow, yeah. I read the article now.
If this continues, they are adopting security by obscurity, which, as we all know, never works.
Mike
"I would kill everyone in this room for a drop of sweet beer."
I think of it as funny in the same way that Swift is funny. It's only funny because it's so damned true.
And scary.
The numbers most recently published by the US government on the issue of gun defense show that a gun is used slightly more often for a successful self defense than for homicide. I forget what the numbers are or where they came from, so I guess it's just my word, but it is an interesting statistic because some 90% or so of homicides are actually criminal activity with another criminal. A non-criminal is a law-abiding citizen. Law-abiding citizens account for practically zero percent of homicides, yet account for almost all legal self-defense uses. A legally owned gun, such as my personal Beretta is far, far more likely to see a personal defense in which not a single shot is fired than to actually commit an illegal homicide.
Fact is that I am more likely to kill someone with my car than with my gun, hence the Ted Kennedy crack. And, yes, I will never play with a gun drunk, but wait, I've never been drunk...
A society that will trade a little liberty for a little order will lose both and deserve neither. - Thomas Jefferson
I think this is another example of law-making based on media hype, rather than research. Where's the evidence that this ban would help? I want to see the data, not unsubstatiated generalizations. And why is it that law makers everywhere are so ready to ignore expert opinion? They don't seem, based on the article, to have consulted many computer scientists, programmers, researchers, etc. and have ignored the input they did receive. Sometimes I really think technocracy would be best.
Since it's quite likely that any attempts to dilute or change this now is likely to fall on deaf ears, we just have to accept it and get on with our own agenda.
I don't know about the rest of you but I'm now going to push for a new clause in the Open Source Definition/GPL to incorporate a WHISTLE BLOWERS' CHARTER
Something like the following:
From now on, in the next linux distro releases, software will only be considered free if it incorporates a clause like:
Licensee is granted the right to full public disclosure of any bugs or features in the software that may compromise the security of local installations or networks with this software installed. Licensor(s) warrant that they will not infringe on the licensee's right to such full disclosure. Further, it is a condition of this license that licensees accept that full disclosure of security issues is a fundamental aspect of maintaining good security practices in relation to the software, and agree not to hold the licensor or other licensees liable for any intrusion that follow from use of the software, in relation to their own installation.
Beyond that, if after software patents, UCITA, if people still want to use non-free software, well, as we say in my corner of the world:
Hell slap it intae them
Agreed. While we're at it, though, perhaps we should add a few more things to the list:
- War
- Famine
- Racial Bigotry
- User Friendly
Assuming Linux is allowed. Depending on the level of draconian legislation this type of bullshit will produce, you might find that GPL'd or BSD licensed software is suddenly illegal, because it allows "hackers" to understand and exploit the code from the inside out. Efforts to tighten security from anyone outside the "core" of each developed platform could also be construed as illegal hacking activity.
In order to limit certain "blessed" individuals to "security techniques", they'll have to develop a licensing scheme. This will be done under the guise of "We can't easily keep track of the people who are supposed to have this type of power over computers. The only way to keep track of them is to license them through the Federal government, so that we can keep an accurate record of who should be allowed this type of control over computer systems."
In the end, Linus would have to be licensed to continue to work on the Linux kernel.
On a side note, gun control is a perfect analogy. None of this is about preventing or reducing crime: it's only about control - who has such.
- Xiombarg
Hypocrisy is the Vaseline of social intercourse. -- R. Heinlein
I've heard that .25% of the American population is now in prison. 1 in 400! Most of this is attributed to the mandatory sentencing laws for drug offenders.
If this doesn't seem like a huge portion of the population, consider this... America today has more incarcerated citizens per capita that Stalinist Russia did. (Not counting those executed outright by the state.)
I see this travesty as one of the major legacies of the Reagan/Bush administration. Thanks, Ron and Nancy! If the American congress does decide to finance a Reagan memorial in Washington, I'll make an annual trip to shit on the steps!
Funny how today we also have a story about Eric Corely who has been fairly vocal that is stupidity.
It is stupidity.
It's like not talking about bad things in hopes that they will go away. It's rediculous. How many *bad things* are good for learning? You learn more from a car crash than you do from driver's education... Our own government subjected people to radiation for years 'cause they didn't know any better. Now we know... just like running a red light or playing with atomic weapons, information about computers no matter what the content is vital to our learning. Especially now.
The more public we are about vulernabilities, the quicker they will get fixed. The more awareness we have, the more our colleges will start teaching applicable skills. The more vocal we are, the more we will benefit from technology, and the less likely will technology destroy us.
----
Meet the world's newest class of persecuted artists: computer hackers.
Would that be performance art?
The treaty makes it illegal to write or possess hacking software. Currently, both are legal in the U.S.
What could be considered hacking software? FTP?
The Council of Europe has promised to provide a list of exceptions to the treaty, and professional network administrators will likely end up exempt.
So we are all going to wind up using IE3.0 whilst "profesional" network admins RULE THE WORLD (manic laughter..etc....)
Dirty Pirate Hooker
Sounds like M$ is silently funding this, so they don't have to get bugs sent to them. It removes the step of "Ignore/Delete Bug".
.sigs??
What a timesaver!!
-- Don't you hate it when people comment on other people's
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Note that I just ran it through Word97 and exported to HTML, so don't expect the markup to be anywhere near half-decent.
On another note, does anyone else have a problem taking seriously a treaty originating from the "COMMITTEE OF EXPERTS ON CRIME IN CYBER-SPACE"? ;oP
... I was baffled at the overall stupidity of the issue, until I realized that this conference is being held in Amsterdam.
That explains much.
Barkeep, another gram of hash, please
-Those who dance are considered insane by those who can't hear the music.
What kind of sick joke is this?
It's an absurd form of security by obscurity... those who do illegal stuff will continue, but all honest people will not have any chance to stop it...
this makes me sick... urk...
/mdroid
Given this situation, all of the hackers whose hackles have been stirred over this story should take a good look around.
Are you doing anything about it (I mean, of course, other than complaining)? Are you organizing/participating in a technology labor movement? Are you funding special interest groups to look after "hacker's" rights?
No? Then live with it (I won't tell you to quit complaining). Live with government telling you what you can or can not do. Live with government restricting your rights in favor of the rights of those people/interest groups who are willing to organize and fund lobbying groups.
That's just the way things are, folks. No one listens to a bunch of geeks living on the fringes of the social norm. You want a voice? Make one for yourself. Spend a little money. Organize and fight back. Oh, yeah.. Complain a lot. I know we can do at least this...
Yeah, and you can't find a copy of DeCSS anymore either. The point is, when you make something illegal, only criminals will possess it. So am I expected to just throw out any "hacking" software I own after spending my hard earned money on it, or become a criminal just for possessing a CD ROM? I would accept tougher laws on cracking in the criminal sense, but by making it illegal to even find holes just so they can be patched, will leave the door wide open for those who could care less what the law says. And this doesn't affect anybody outside the US and Europe anyway. So, it actually removes from us the tools we need to protect ourselves from such attacks. I suppose now the gov'ts are going to organize a task force and discover all the security patches for us now? I doubt it. They will be up to the crackers to find now.
--I assume full responsibility for my actions, except the ones that are someone else's fault.
Another thing to consider with respect to this article is that enforcing this law would do nothing to stop people who really wanted to from stealing CC numbers, and it would reduce the number of people who would honestly look for chinks in the armor. There's no point in making useless laws, let alone detrimental ones.
UBU
I mean, yes, they are taking away all our rights, etc., but someone seems to have taken appropriate action to get them back. So this is good news on a generally bad-news day.
sulli
RTFJ.
It seems to have slipped everyone by that the UK goverment is now accepting electronic petitions which have more then 200 signatories (including name & address).
Anyone care to set up an electronic petition ?
-- Conexant/Rockwell Modem HOWTO http://linuxdoc.org/HOWTO/Conexant+Rockwell-modem
I have no real problem with making "cracking" other peoples boxen without permission illegal. Outlawing posession or construction of "hacking tools" or discussion of exploits is wrong, and dangerous. The US has already outlawed reverse-engineering, breaking of any encryption (if CSS simply negated every bit, that would be enough to warrant legal protection), and linking to sites that do. This seems like the next logical step. The only problem is, here we are preaching to the choir. We need to tell industry and our political figures that we WILL NOT stand for such things, and will fight them every step of the way! We need more big name places like 2600 gumming up the legal system so much that it becomes futile to sue over such things, and we are left alone.
"Evil beware: I'm armed to the teeth and packing a hampster!"
Lex orandi, lex credendi.
Debit cards on the other hand have no such liability limit on them.
If a law passed which allowed a judge to hold a red hot poker to my tongue I would be worried about that too.
The argument "the tool is not to blame", while entirely correct, is also not entirely complete.
One can argue that people can be killed by guns, knives, bottlecaps and thimbles of water. However, these items each have a character and a purpose for which they were developed.
Look closely at the firearm. It has been developed over the last few hundred years nearly exclusively for the purposes of killing other humans more effectively. One could argue a hunting rifle is just that, but assault weapons, machine guns, and handguns have pretty much evolved for the purpose of taking down and taking out our fellow men.
This suggests that the tool and the task to which it is put are linked, not entirely distinct from one another. A knife is a utility item which can be used to kill. A sword is a military weapon. Their _IS_ a distinction.
Now, before anyone jumps on me with the flamethrower going, I am a firearms enthusiast and a former member of the armed services. I do support civilian gun ownership. I just believe the arguments in favour of civilian gun ownership are based around the concept of personal freedoms and responsibilty and the existence of a force to help counterbalance oppressive regimes.
We don't need to argue that guns don't kill people or that that isn't what they were designed to do or that they are just a tool with no purpose. They were designed to kill people and they've been perfected (most of them) with that in mind. You can shoot targets with it, but its development has been inextricably linked and dominated by the requirement to injure or kill other humans.
There are times where this lethal tool can serve admirably in defence of the weak, the oppressed, and those who stand for freedom. But let us not mistake that the gun is an item devoid of purpose. We should be focused on WHY and WHEN we might want or need to use them for the purpose for which they were designed rather than arguing that they have no particular purpose...
Pleasure in the job puts perfection in the work.
There was never a genius without a tincture of madness.
Aris
This is another example of government and it's hunger for power. I am becoming more and more upset day by day. Our freedoms are being eroded away and the average joe has no clue. Those of us who are in the know are a very small group. I posted a rant on this matter on kuro5hin in a post called Has the US government become to hungry for power? Read it and you'll see what I mean.
I believe I will add this to the list of things that governments do to take away legitimate freedoms in the name of the greater good. I can only hope that the supreme court will see this as a free speech issue. The problem here is that non-techie people are making techie decisions about things they don't understand. When will the madness stop?
As far as I can see, the article is on "our" side. The treaty supports security through obscurity, not the article. And I have this sneaking suspicion you are really pissed off by that which the article is describing.
Sounds just like the same reason that governments don't legalize soft drugs (like pot, for instance). Because it can be grown at home and therefore isn't taxable. Result? No revenue stream. You get more money from charging people for possession of said substance.
If owning "hacking tools" is illegal, who is going to stop developers from releasing bug ridden "rush-ware"? If someone offers an "e-commerece" solution that has more holes in it than telnet with dictionary based passwords, a victim of a "crack" where by all their DMCA protected files and Credit Cards info were stolen, the developer who offered the "shit-ware" to them should be held accountable. Then I guarantee, you will see a dramatic increase in security. OpenBSD has shown, to some extent, that even a small group of developers can make a very secure default install.
Burn Hollywood Burn
If owning "hacking tools" is illegal, who is going to stop developers from releasing bug ridden "rush-ware"? If someone offers an "e-commerece" solution that has more holes in it than telnet with dictionary based passwords, a victim of a "crack" where by all their DMCA protected files and Credit Cards info were stolen, the developer who offered the "shit-ware" to them should be held accountable. Then I guarantee, you will see a dramatic increase in security. OpenBSD has shown, to some extent, that even a small group of developers can make a very secure default install.
Burn Hollywood Burn
ne1 know how this post appears twice in slashdot?
Burn Hollywood Burn
This year will go down in history. For the first time a civilized nation has full gun registration. Our streets will be safer, our police more efficient, and the world will follow our lead into the future
Just because the Nazis brought about the holocaust does not mean that every thing they did has been tainted by evil. It might be my imagination, but I do believe that German streets are safer than Amerian streets. Both before and after the war.
The most foolish mistake we could possibly make would be to allow the subjected people to carry arms. History shows that all conquerors who have allowed their subjected peoples to carry arms have prepared their own fall And the purpose of this quote is? This quote isn't about supressing citizens, it is about suppressing people you have conquered. There's a great deal of difference between the two. In the same way, Japan was denied a military establishment immediately after WW2 in order to prevent future reprisals and conflict with the U.S.
Using this quote is pure folly. It is not unique to the Nazis, and believing in the sense the quote makes does not make one a Nazi. As the quote says, it is merely _common sense_ that any halfway intelligent conquerer knows how to use.
Please tell me that not all geeks are blind to common sense, and that at least some are knowledgable enough about history and society to draw their own conclusions and not blindly follow propaganda. I know there's some, but after reading Slashdot for a while I'm really getting worried.
Just to drop a little FUD in there, they mentioned that the "honeypot" system was running RedHat which had "outdated DNS software with a known security bug". (They didn't mentioned a version... therefore, all RedHat has this bug that let a script kiddie in, and since RedHat *is* Linux... Linux therefore sucks - you should use Windows).
Riiight. We see a nice little case here of pure media cluelessness, that is not only designed to play on the fears of your typical citizen, but also to pair up anything that is open and free with "evil hacking".
The cumulative impact of all this is just too depressing for me to stand anymore. Where does it stop? When will the media be unbiased? When will politicians stop being stupid? When will the public get a clue? The Internet and all related technologies and culture are humankind's last bastion of TRUE free speech. It is HERE that we will find meaning. It is HERE that technology will advance most rapidly.
But, never before has the entire world been on the brink of such ground shaking change. (What? You mean we don't need money to get quality products anymore? You mean we don't have to pay for news? We can say anything we want and not be stigmatized for our opinions? There's more...?) Therefore, the idiots in large groups will do everything to hold the world where it is, by making those things which will change the world for the better "illegal".
*sigh* I wish I had time to do something about it. I wish I had time to read the draft indepth and formulate an education opinion on its points. But at the same time, I am caught up in the duties of my day to day life - distracted by things that must be done (school, work, etc). The bad part is, most people reading this are in similar positions. Meanwhile, things are flying right by in the real world that will drastically impact our lives. Yet, so little can be done about it.
*shakes head*
Look at footnote 9 in draft 22:
Several comments from industry indicated that the so-called "cracking-devices", to which Article 6 applies, may also be used legitimately to test system security. The explanatory report shall clarify that the conduct defined by Article 6, when undertaken with such legitimate purposes, would be considered to be "with right". Furthermore, the burden of proof of the unlawfulness of conduct under Article 6 would lie with the prosecution. In this context, reference should be made to the footnote under Article 2 concerning the meaning of "without right".
Given that the parties (ie, signer-states) would be required to implement (and implement and enforce are two different activities) laws to support the mandates in this treaty, it seems to me that a lot of the reaction here would be addressed by the definition of "without right".
I have found that knowing about various exploits has helped me to protect my box against them. By not knowing about them, people will be less prepared...
--
Jamie C
No one, it seems, has worked out the logical conclusion of this treaty: that programming itself would be thus illegal, as security and stability testing is a part of the development of any non-trivial program. This suggests a test case in which a programmer is arrested for 'hacking' a program he or she wrote.
Further, remember that Full Disclosure lists like BugTraq keep vendors honest. These lists force vendors not only to admit their bugs, but also pressures them to release fixes quickly and not sweep problems under the rug.
- Jay Beale, Lead Developer, Bastille Linux
Nevermind that the "War on Drugs" is the most blatent constitutional violation that ever existed. What I put into my own body is my own goddamn choice, thank you.
And you thought you lived in a free country.
Please, vote Libertarian and put an end to this madness.
You know why Windows can't keep the pace of Unix?
:)
Because it has more bugs? No. Because it is closed source? Noooooo. Because Microsoft owns it? Of course not.
Because Unix is much more manageable than Windows. That is what it makes Unix more secure. Even Linux has some ENORMOUS bugs on what concerns security. But here the reaction time is tremendously more faster than Windows. Even in times when Solaris was purely closed source, people managed to react more rapidly to any security threat.
Windows possesses a dumb interface that pretends to be "complete". However tons of backdoors/bugs are concealed inside this interface. You can't reach them in most cases because Windows interface is too restricted to allow control of many inner systems. So if one breaks in you can only face the fact.
Sincerly I was admired for a situation I fell in. When Windows ruled here, 1/3 of our Internet population played only one thing: "Hack Windows!" Because many found a series of backdoors and we couldn't do anything against that. Now, on Linux there was a HOLE that remained for approximately 6 monthes. You know? No one ever noted it. Why this? Because in the first month of Linux Era people got real hassled, as we reacted momentarly to any break. In the end, only 2-3 people out of 700 "crackers" remained. Btw ee don't touch them as we are afraid of the full extinction of this species...
Now most of this work is made 80% on the basis of analysis/studies/implementations of security systems. And this includes scanning & testing break-ins. Only a 5% are real "healing after the fire". If this law comes up, all this goes into the trashcan...
There's no such thing as a "hacking tool"... unless you count all computers as hacking tools. With time, patience, and skill, a hack can be performed in Notepad. (Done it... nothing significant, mind you, I'm not bragging, I'm just saying it can be done. Somehow the first byte of an MS-DOS executable got corrupted and I changed it back to "M" (as all MS-DOS exes start with the magic number "MZ" in ASCII).) To me, that's the real problem; the line is so fuzzy about what a "hacking tool" is, and there's no way to "de-fuzz" that line. This law stems from nothing but fear, and knee-jerf reactions to legislative fear tend to only make things worse.
You can compare an exploit to a fully-loaded weapon.
No you can not. A loaded gun will kill someone. Death, ends existance, heart discontinues to function. An exploit is used by script kiddies to change a webpage, piss off an admin.
This article pisses me off, it supports security through obscurity and that idea is horrible. Ugh. If I continue ranting anymore this will be -1 flamebait.
I came up with the statement listed below. Let me know what you think.
Sirs and Ladies,
I have read much of your proposal and found that while it takes into account many things that should be done to aid in the arrest of parties engaged in illegal access and destruction of computer data, it does not mention or protect the need for corporations and individuals to attempt to access data on their own computer systems so as to determine their systems vulnerability to attack.
There is concern that normal security checking software and knowledge of common or popular systems used to defeat security would be made illegal by the provisions of your treaty. I and many others feel that only with thorough knowledge of the weaknesses and strengths of any computer or system of computers, can those computers or systems of computers be made more secure. If provisions of your treaty make the use of security checking software legally questionable then only those with illegal intent will use such software.
I ask that you make provisions within your treaty for the use of security checking software by individuals and corporations. I would ask that you make clear that it is the intent to do damage or cause harm that is illegal, not the means by which that harm is caused.
Sincerely,
David P. Zimmerman Bachelor Of Electronics Engineering Technology
Jumping to correct solutions slowly is better than jumping to incorrect solutions quickly.
Dear Sir,
As the officer in charge of enforcing the new anti-hacking laws it is my duty to inform you that you are in violation of the law. No action will be taken at this time as we are trying to be nice and allow people an adjustment period. This note is part of that adjustment process. In the future you will have no warning.
To wit: you have been observed walking around your house seeking open windows and doors. Such activity can now only be legally done by a trained and licenced professional. Seeking possible illicit entry points into an abode is an obviously nefarious activity and will be prosecuted vigorously.
It has also come to our atttention that you possess not one, but several criminal devices known to the criminal world as "keys." Such devices whose only function is to circumvent high security mechanisms are blatently evidence of criminal intent and their possession * will not be tolerated.*
In the future you may call upon you local licenced security professional for dealing with such devices. Simply show your security access papers and proof of ownership of the security device and the dwelling to which they are attached, provide said security professional with fingerprints, and for a nominal fee he will " unlock" your security device.
Please be warned that we will be making followup calls on all persons employing such security professionals to make sure that everything remains on the up and up.
We appreciate your cooperation in these matters, but we're building a lot more jails just in case.
You have been warned.
They may make cracking illigal but they can't prohibit us from discussing computer security or posting exploits. You are working off of the assumption that when it comes to computers and computer security that these people are rational and really feel that the first applies. The simple fact is that they don't and the bad laws based off of their idea that computers are "different" are being upheld or at least not shot down yet. Think DMCA. They will erode as many rights as we let them which is way we need to be aware of things like this and *not* just take the attitude that it can't be done because it is silly on the face of it. If we don't fight it it can and will be done.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
Hacking could be as simple as getting into hotmail from school, despite the smart filter. First of all, I don't think that schools should be allowed to filter out these... I like to send my links to my mail account so I can save money and print them out later. If I can't send them, how am I going to be able to remeber where they are?
What is in a name?
I am not exaggerating - think like a lawyer - compilers are the number one hacking tool. (And yes Mr. Pedant I know that it is possible to hack with an assembler. I am using 'compiler' in this context to mean any tool which allows a person to program a computer: compilers, assemblers, interpreters etc.) These would all be illegal under the terms of these laws. While licensed professionals i.e. Microsoft employees etc. might be allowed to use these tools under supervision - common folk such as us would be prohibited from even owning them. As a side effect, this will destroy Linux and BSD - what are those without gcc?
Wolfram and Hart style lawyer argument: "After all we license people to drive cars, why not require a license to program a computer."
The hour is growing very late - under the guise of 'protecting the Internet from hackers' governments are about to make it illegal to do anything of value for humanity with free software. When is everybody going to wake up?
Who do you want to control technology: people who understand it, or people who fear it and want to destroy it? We are badly outgunned, and most of us don't even realize we are in a fight for our lives.
We either draw a line in the sand and say NO or we stand to lose everything. It will soon become apparent (to everyone with an IQ above that of a pet turtle) that I have been right about the legal system all along. These people know exactly what they are doing. This is not a mistake, a misunderstanding, or anything else innocent; these laws are deliberate, well thought out and intentionally malicious.
--
The law, 100's of millions of lines of code, not one line of which has ever been tested to see if it works.
then only criminals will know about the exploits.
Of course, the knee-jerk reaction is to claim this treaty is unconstitutional by the First Amendment.
But really, couldn't this fall under the right to bear arms? There are many analogies between hacking and firearms, after all, most notably the same tools being involved in both the crime itself and the protection against it.
Is anyone else a little scared at the possibility of 2600 magazine and the NRA agreeing on an issue?
---
Oh well, as soon as some Russian kid breaks in to a corporate site and steals every CC there....errr..
shrug
Burn Hollywood Burn
The question is what are we going to do about it? Are we going to let this happen? Is this period of real freedom going to sustain, or, like democracy in ancient Greece, just shine brightly for a brief moment and then die out to be (hopefully)reborn in another millenia?
If Bugtraq is made illegal, the vendors wont have to release patches everytime someone finds a bug, and the general public (Including a lot of sysadmins) wont even know the bug is there. That sure would make the alot of software look better, more secure, and more reliable. ECommerce would bustle with the promise of "better, bug free software", and polititians would be there to take the credit. This of course would all be an illusion, and the consumer would suffer. On a personal note, If I had to sit around and wait for patches from my vendor without a forum like bugtraq, my server would be about as secure as a balsa wood shack with cheesecloth for a door.
... pry it out of my cold, dead hands. No, wait, that's my guns, but the principle is the same.
It's very disheartening to read about the cluelessness of these idiots. "Hacking" serves a very useful purpose in the computer world, and from skimming the MSNBC article, it's clear the lawmakers either don't know, or don't care, how horrible this treaty is.
Being in a network security class right now, I can definitely say that, were it not for hacking, in the original sense, very few networks out there would be secure. Reverse engineering protocols, examining the "oh shit"s in them, and publishing the results seem to be the only way to bring to light problems, and hopefully get them fixed. (I'm thinking s/key, securid, Firewall-1, etc here specifically, and know there are others.)
If it suddenly becomes illegal to post new vulnerabilities to mailing lists like BugTraq, if it suddenly becomes illegal to write or possess or use tools like nmap, or SATAN, or even traceroute and ping, will just serve to immediately make criminals out of a large percentage of the computer-literate population.
And let's face it, like any other such law which tries to "protect" law-abiding citizens by making something which can be used for both good and ill illegal, the end result is either creating more victims (in this case, because people won't know about the latest exploits, and be able to lock down their boxes), or creating more criminals (since I doubt, regardless of law, whether or not most people who use these tools, for good or ill, will stop using them).
Not to mention those engaged in illegal cracking activities now have no more incentive than they did before to stop.
I agree that the "massive wave of cybercrime" is likely nothing more than a bunch of script kiddies using well-known exploits to attack web sites and servers that, in all honesty, really should have been secured in the first place. Somehow, this all seems like the electronic equivalent of Columbine, where, because a certain type of tool was used to commit an illegal act, there are now more calls from talking heads and people with their own agendas to advance spouting off how evil these tools are, and how we have to protect the public.
Well, here's a news flash... The tools themselves have no inherent evil. It's only the use the individual users put the tools to that can be judged to be "good" or "evil". A hammer, a kitchen knife, a copy of gdb, or perl...they're all just tools. They sit there until someone takes it upon themselves to use said tools for a particular purpose. Just because someone used a kitchen knife to stab a person to death, or a copy of nmap to discover an idiot left the r* services on, is no reason everyone should be banned from owning kitchen knives or nmap, on the off-chance they themselves will be either perpetrator or victim in the future.
There is some hope, however. If this Draft Cybercrime Treaty is approved, I can only hope it will hasten the acceptance of other tools, such as the remailer networks, onion routing, freenet, etc. Yeah, we'll all probably technically be criminals at that point, but maybe then at least we'll be able to keep out both the script kiddies and the lawmakers, and get on with our lives, knowing at least we will be secure, while the rest of the (digital) world collapses under its own folly.
(can anyone tell me why I need to select "plain old text" to get html tags to work?!)
--
It's pretty pathetic when karma can drop when you do nothing
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
I live in the state with the second highest consentration of firearms (PA) and the whole state is filled with gangs of criminals and killers. I long for the safety of a gun free place like NYC of DC where I can feel safe.
And everytime I hear of a shooting in church, I can't help but think "This could have been prevented if only the killer was not allowed to take a gun into church". I mean, if the Columbine high school was a gun free school, then the killers there wouldn't have been able to take guns in. *sigh*, if only people would see the logic in banning things they do not like we would all be safer.
Finkployd
Oh yeah, it was "NORIGHTS"
It astounds me to watch on a daily basis the right of free speech being taken away.
And of course, all we're going to do is sit and whine about it on Slashdot. I, for one, haven't gotten out and done anything about it, and I would venture to say 99% of the people here haven't either.
And the people passing these laws know this, and we're gonna get screwed.
BilldaCat
I can't believe someone rated that a troll. It is a good idea to comment on this treaty. Ok, so I've now done so. So shoot me down for proposing changes instead of asking that it be scrapped....
3 5
g e/Caches/cache.html
Sirs:
the current draft of the cybercrime treaty is, as you must be well aware by now, greatly objectionable to computer security practitioners. I am writing to suggest a small number of changes which would make the treaty as drafted less objectionable.
I would suggest that Article 6 - 1 be changed to read:
a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5 [with the intent to cause such an offence];
(The last bracketed text is new). This is the only identified offence in the treaty where the prosecution is not required to prove intent, yet it is clearly not the intent of researchers, computer security professionals, and hobbyist computer security experts (such as the author of 'nmap'[1]) to cause such offence.
The inclusion of an exemption where intent does not exist would also enable the contribution of 'patches'[2] to existing 'open source'[3] security software under article 11(b), which would also become illegal under the terms of the draft treaty.
Article 9(b) and (c), as currently drafted, would explicitly prevent the development of software intended to monitor or prevent access to material banned under article 9. Specifically software programs, currently available, intended for use by corporations collecting evidence against employees accessing such material to back up a case for an industrial tribunal, would become illegal[4]. Similarly it would become impossible to develop software that attempts content blocking by image recognition, as use of a 'training' image database would become illegal[5]. Finally, it would make illegal the practice of 'cacheing'[6] internet traffic for performance reasons, in that passively storing temporary copies of such material would also become illegal. Such action would have an immediate deleterious effect on the performance of the internet.
With the exception of cacheing (which deserves specific exemption) it would not be onerous for software developers or corporations to register for exemption under article 9 with national regulatory bodies, such as currently happens in the UK under the Data Protection Act (1998)[7]. Such provision in the treaty would make it possible to produce software intended to help enforce the treaty, without which enforcement will be difficult if not impossible.
Yours,
[Name witheld from Slashdot]
The opinions in this message do not necessarily accurately
reflect those of my employer.
[1] http://www.insecure.org/nmap/
[2] http://earthspace.net/jargon/jargon_31.html#TAG13
[3] http://www.opensource.org/osd.html
[4] for example, http://www.websense.com/internet-filtering.cfm
[5] eg, using work described in http://inst.augie.edu/~swets/ACCV95.html
[6] http://webopedia.internet.com/Hardware/Data_Stora
[7] http://www.hmso.gov.uk/acts/acts1998/19980029.htm
I sent the following letter to my representative. You can email your representative easily by going here
____________________
To the Honorable Lamar S. Smith:
I am a database consultant in your district. I work at the Air Force Recruiting Service Headquarters at Randolph Air Force Base. My work there brings me in contact with technology and information system security issues on a daily basis.
I recently read an article about the Council of Europe's Draft Cybercrime treaty that frankly scared me. The article is available at this URL:
http://www.msnbc.com/news/480734.asp#BODY
Let me be clear: this treaty would be a disaster that would threaten national security and the health of electronic commerce. The idea of the treaty is dead wrong. "Full disclosure" of computer security flaws is essential for system administrators to protect there own systems and it is also critical to eliminate denial on the part of software vendors and to track the effectiveness of responding to security concerns. It is also a First Amendment right to have open discussion on security flaws.
I believe that the U.S. delegation to this treaty is incompetent and should be recalled before serious damage is done. They obviously have little understanding of what it is that they are regulating.
If only we can keep everybody uninformed about possible exploits we will have no more unauthorized entrances, no siree!
But wait, soon we will be ready for the next step: "security through stupidity" That's when nobody has the brains to behave in any other manner than our market research indicated. Yes, people it's true!
Actually a recent study by bullshit resarch inc suggested that an average IQ lowered by 20% would benefit our economy. How high IQ do you need to shop and wiew our approved movies anyway? Then some people may upgrade their childrens brains with our groundbreaking brain# (brain-sharp) treatment, giving them the skills neccessary to keep control of the sheep^H^H^H^H^Hpopulation.
All opinions are my own - until criticized
Hacking tools don't crack systems, people do.
... where it's illegal to possess a portscanner unless you have your MCSE.
c) the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of depriving citizens of fair use rights, right to free expression, or other human rights as established by the Universal Declaration of Human Rights.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
That they're making cracking illegal.
They made drugs illegal a few years back, and it's really helped! You never see drugs, or hear about drugs anymore.
to tell industry and our political figures that we WILL NOT stand for such things, and will fight them
every step of the way!
That's the problem, though. We need to do this and we need to do that, but, when it comes right down to it, how many of us actually get off our fucking asses and do anything? How many people who constantly whine and bitch as their freedoms are slowly usurped from them also support the EFF through donations? How many write (not email, WRITE) their congressman every time a boneheaded bill is introduced? Judging by the outcome of trials and the passage of various and sundry laws in the past few years, I'm willing to bet the number is pretty damned low.
If bitching could really solve problems, slashdot would have ended world hunger by now.
- A.P. (and, yes, I support the EFF. You should too.)
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
There's something that some of y'all are missing here. The distinction between what a treaty is, and what a law is. Note that my use of the word "state" is synonymous with "nation" vis a vis "nation-state".
Basically: a treaty is an agreement between nations that amounts to a contract such that if X happens, then Y will occur. For example, one of the provisions of the NATO treaty is that if -any- member state is attacked, then retaliation is expected of all other members (ie: if Russia were to invade Germany, we'd be essentially obligated to wage war on Russia). Treaties can -also- state that each member state will agree to pass laws that will do X,Y,Z. That's what this one appears to be.
A Treaty -is not- a law. However, due to it's nature as a contract, it can seem like it.
A law, on the other hand, is legislation passed by the government of a given state. So, if the US were to sign on to this treaty (which thus far looks like it's primarily a European thing), we would be obligated by treaty to pass laws that meat the treaty's demands. The wonderful thing about the US signing treaties is that a treaty must be ratified by the Senate BEFORE the US will recognize our signature on the document as valid.
IANAL, but this is what I seem to recall.
The only thing that is objectionable (but is pretty damn objectionable) in the treaty is the two lines making illegal:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;"
Everywhere else in the treaty actions are qualified so that you must also have had the _intent_ to break the law (breaking the law in this case is essentially causing criminal damage).
If that qualification was added to this particular clause the whole thing would be pretty unobjectionable, viz:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5, with the intent of causing such an offence;"
The lawyers would (as usual) have a field day with proving intent, though, but researchers/hobbyists/security specialists would be safe.
(Associated Press - Alcatraz) Today, in an effort to end the pampered style of geek prison life that so many convicted criminals have been accustomed to, The Rock was reopened for service today.
"Hey, these guys managed to get T3 lines into every cell, and the guard door system was a joke, we think that they managed to hack the system so that it would let the doors open whenever they wanted.", said Red Bull, the head of HACK (H)ackers (A)re (C)riminals (K)ill 'em.
"I wished that we could have continued using the death penalty against these evil terrorists and child pornographers, but the ACLU felt it necessary to defend these scumbags. Something about 'the punishment not fitting the crime' or other such nonsense"
"Look, these felons have it better in prison, hell, their cells are over 4 times as big as a typical cubicle is, and they get in house laundry, THEY DONT EVER HAVE TO WORRY ABOUT DOING LAUNDRY AGAIN, and look this doesnt seem like a big point, but I've been to busts on these evil hackers, and their laundry piles up to huge amounts before they decide to do it. It's inhuman, I tell you.
"I just wanted to make this prison term as much of a punishment as possible, so we are cutting these geeks off of their lifeline, and going back to all old-style technology. No computers, no net access, barely electricity.
Maybe now these felons will get what they deserve.
Ignorance is Strength!
Freedom is slavery!
Peace is War!
Hacking is Evil!
tagline
... hi bingo
Washington, D.C. - In a stunning development just announced today, the United States, along with twenty other European nations, will soon make 'yo mama' jokes illegal. Without any regard to issues of free speech or free thought, representatives at the meeting have decided to make the words 'yo mama', when used in a joking context, a felony punishable by up to 5 years in prison and/or a $100,000 (or 100.000 Euros) fine.
One stunned joker was quoted as saying "No way, dawg! Ain't no way they gonna take away my right to laugh at yo' mama!"
Neither US or European representatives from the summit could be reached for comment.
Please stay tuned for updates to this breaking story.
-----
Check out the text to the actual treaty here. Looks like the newest revision is only available as a Word doc, although there's a slightly older version available in HTML. Something worth noting, though: contrary to the implication of the article, the word "hack" or "hacking" does not appear anywhere in this draft. The "Illegal Access" section contains the phrase "A Party may require that the offence be committed either by infringing security measures or with the intent of obtaining computer data or other dishonest intent." IANAL, but I think this pretty much outlaws all white hat stuff.
One of the interesting things about this, also, is the fact that it's a treaty. It basically says that all nations who sign/agree to it will create a set of a laws that accomplish the goals laid out in it. The actual laws themselves will be created by the countries affected by it, and those are what are really going to make "hacking", "cracking" or anything else illegal.
End of lesson. You may press the button.
Do you really, really want to do something about this?
Then take off your asbestos underwear, sit down at your computer, read the actual draft treaty in it's current form, think about exactly why you feel this is a bad idea, write it out, revise it, proofread it, and send it to daj@coe.int for review by the people who are actually working on the treaty itself.
This is the wonder of the Internet, folks. They want your input on this one.
I can assure you, though, that they aren't scanning through Slashdot "this is so fscking typical" posts to get that feedback.
If you care about this issue, save your flames, write out a thoughtful letter, send it to the commission, and post it here for others to read and expand upon. But for crying out loud, do something that actually has some chance of making a difference.
Obliteracy: Words with explosions