Slashdot Mirror
'Hacking' To Be Declared Illegal
sowalsky writes sent us an MSNBC story that talks about hacking being declared illegal. Talks about the difference between hacking and cracking,
but more importantly, how the Draft Cybercrime Treaty would make things like BugTraq illegal, as publishing exploits would be aiding and abetting.
... pry it out of my cold, dead hands. No, wait, that's my guns, but the principle is the same.
It's very disheartening to read about the cluelessness of these idiots. "Hacking" serves a very useful purpose in the computer world, and from skimming the MSNBC article, it's clear the lawmakers either don't know, or don't care, how horrible this treaty is.
Being in a network security class right now, I can definitely say that, were it not for hacking, in the original sense, very few networks out there would be secure. Reverse engineering protocols, examining the "oh shit"s in them, and publishing the results seem to be the only way to bring to light problems, and hopefully get them fixed. (I'm thinking s/key, securid, Firewall-1, etc here specifically, and know there are others.)
If it suddenly becomes illegal to post new vulnerabilities to mailing lists like BugTraq, if it suddenly becomes illegal to write or possess or use tools like nmap, or SATAN, or even traceroute and ping, will just serve to immediately make criminals out of a large percentage of the computer-literate population.
And let's face it, like any other such law which tries to "protect" law-abiding citizens by making something which can be used for both good and ill illegal, the end result is either creating more victims (in this case, because people won't know about the latest exploits, and be able to lock down their boxes), or creating more criminals (since I doubt, regardless of law, whether or not most people who use these tools, for good or ill, will stop using them).
Not to mention those engaged in illegal cracking activities now have no more incentive than they did before to stop.
I agree that the "massive wave of cybercrime" is likely nothing more than a bunch of script kiddies using well-known exploits to attack web sites and servers that, in all honesty, really should have been secured in the first place. Somehow, this all seems like the electronic equivalent of Columbine, where, because a certain type of tool was used to commit an illegal act, there are now more calls from talking heads and people with their own agendas to advance spouting off how evil these tools are, and how we have to protect the public.
Well, here's a news flash... The tools themselves have no inherent evil. It's only the use the individual users put the tools to that can be judged to be "good" or "evil". A hammer, a kitchen knife, a copy of gdb, or perl...they're all just tools. They sit there until someone takes it upon themselves to use said tools for a particular purpose. Just because someone used a kitchen knife to stab a person to death, or a copy of nmap to discover an idiot left the r* services on, is no reason everyone should be banned from owning kitchen knives or nmap, on the off-chance they themselves will be either perpetrator or victim in the future.
There is some hope, however. If this Draft Cybercrime Treaty is approved, I can only hope it will hasten the acceptance of other tools, such as the remailer networks, onion routing, freenet, etc. Yeah, we'll all probably technically be criminals at that point, but maybe then at least we'll be able to keep out both the script kiddies and the lawmakers, and get on with our lives, knowing at least we will be secure, while the rest of the (digital) world collapses under its own folly.
(can anyone tell me why I need to select "plain old text" to get html tags to work?!)
--
It's pretty pathetic when karma can drop when you do nothing
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
I live in the state with the second highest consentration of firearms (PA) and the whole state is filled with gangs of criminals and killers. I long for the safety of a gun free place like NYC of DC where I can feel safe.
And everytime I hear of a shooting in church, I can't help but think "This could have been prevented if only the killer was not allowed to take a gun into church". I mean, if the Columbine high school was a gun free school, then the killers there wouldn't have been able to take guns in. *sigh*, if only people would see the logic in banning things they do not like we would all be safer.
Finkployd
Oh yeah, it was "NORIGHTS"
It astounds me to watch on a daily basis the right of free speech being taken away.
And of course, all we're going to do is sit and whine about it on Slashdot. I, for one, haven't gotten out and done anything about it, and I would venture to say 99% of the people here haven't either.
And the people passing these laws know this, and we're gonna get screwed.
BilldaCat
I can't believe someone rated that a troll. It is a good idea to comment on this treaty. Ok, so I've now done so. So shoot me down for proposing changes instead of asking that it be scrapped....
3 5
g e/Caches/cache.html
Sirs:
the current draft of the cybercrime treaty is, as you must be well aware by now, greatly objectionable to computer security practitioners. I am writing to suggest a small number of changes which would make the treaty as drafted less objectionable.
I would suggest that Article 6 - 1 be changed to read:
a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5 [with the intent to cause such an offence];
(The last bracketed text is new). This is the only identified offence in the treaty where the prosecution is not required to prove intent, yet it is clearly not the intent of researchers, computer security professionals, and hobbyist computer security experts (such as the author of 'nmap'[1]) to cause such offence.
The inclusion of an exemption where intent does not exist would also enable the contribution of 'patches'[2] to existing 'open source'[3] security software under article 11(b), which would also become illegal under the terms of the draft treaty.
Article 9(b) and (c), as currently drafted, would explicitly prevent the development of software intended to monitor or prevent access to material banned under article 9. Specifically software programs, currently available, intended for use by corporations collecting evidence against employees accessing such material to back up a case for an industrial tribunal, would become illegal[4]. Similarly it would become impossible to develop software that attempts content blocking by image recognition, as use of a 'training' image database would become illegal[5]. Finally, it would make illegal the practice of 'cacheing'[6] internet traffic for performance reasons, in that passively storing temporary copies of such material would also become illegal. Such action would have an immediate deleterious effect on the performance of the internet.
With the exception of cacheing (which deserves specific exemption) it would not be onerous for software developers or corporations to register for exemption under article 9 with national regulatory bodies, such as currently happens in the UK under the Data Protection Act (1998)[7]. Such provision in the treaty would make it possible to produce software intended to help enforce the treaty, without which enforcement will be difficult if not impossible.
Yours,
[Name witheld from Slashdot]
The opinions in this message do not necessarily accurately
reflect those of my employer.
[1] http://www.insecure.org/nmap/
[2] http://earthspace.net/jargon/jargon_31.html#TAG13
[3] http://www.opensource.org/osd.html
[4] for example, http://www.websense.com/internet-filtering.cfm
[5] eg, using work described in http://inst.augie.edu/~swets/ACCV95.html
[6] http://webopedia.internet.com/Hardware/Data_Stora
[7] http://www.hmso.gov.uk/acts/acts1998/19980029.htm
I sent the following letter to my representative. You can email your representative easily by going here
____________________
To the Honorable Lamar S. Smith:
I am a database consultant in your district. I work at the Air Force Recruiting Service Headquarters at Randolph Air Force Base. My work there brings me in contact with technology and information system security issues on a daily basis.
I recently read an article about the Council of Europe's Draft Cybercrime treaty that frankly scared me. The article is available at this URL:
http://www.msnbc.com/news/480734.asp#BODY
Let me be clear: this treaty would be a disaster that would threaten national security and the health of electronic commerce. The idea of the treaty is dead wrong. "Full disclosure" of computer security flaws is essential for system administrators to protect there own systems and it is also critical to eliminate denial on the part of software vendors and to track the effectiveness of responding to security concerns. It is also a First Amendment right to have open discussion on security flaws.
I believe that the U.S. delegation to this treaty is incompetent and should be recalled before serious damage is done. They obviously have little understanding of what it is that they are regulating.
If only we can keep everybody uninformed about possible exploits we will have no more unauthorized entrances, no siree!
But wait, soon we will be ready for the next step: "security through stupidity" That's when nobody has the brains to behave in any other manner than our market research indicated. Yes, people it's true!
Actually a recent study by bullshit resarch inc suggested that an average IQ lowered by 20% would benefit our economy. How high IQ do you need to shop and wiew our approved movies anyway? Then some people may upgrade their childrens brains with our groundbreaking brain# (brain-sharp) treatment, giving them the skills neccessary to keep control of the sheep^H^H^H^H^Hpopulation.
All opinions are my own - until criticized
Hacking tools don't crack systems, people do.
... where it's illegal to possess a portscanner unless you have your MCSE.
c) the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of depriving citizens of fair use rights, right to free expression, or other human rights as established by the Universal Declaration of Human Rights.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Laws like this are so rediculous in that they are fuelled by people who think they have their interests in the right place but they don't even begin to realize the situation. Law enforcement is feeling overwhelmed - give me a break, like one of the comments in the article said, no one has ever stolen money from a bank (that we know of) over the net. Maybe they should be worrying about real, tangible criminal activities instead of a bunch of 15 year old script kids up to nothing but mischief. It's all about power in the end I guess, and the authorities that be just can't stand not being at the top of the net ladder.
UBU
That they're making cracking illegal.
They made drugs illegal a few years back, and it's really helped! You never see drugs, or hear about drugs anymore.
to tell industry and our political figures that we WILL NOT stand for such things, and will fight them
every step of the way!
That's the problem, though. We need to do this and we need to do that, but, when it comes right down to it, how many of us actually get off our fucking asses and do anything? How many people who constantly whine and bitch as their freedoms are slowly usurped from them also support the EFF through donations? How many write (not email, WRITE) their congressman every time a boneheaded bill is introduced? Judging by the outcome of trials and the passage of various and sundry laws in the past few years, I'm willing to bet the number is pretty damned low.
If bitching could really solve problems, slashdot would have ended world hunger by now.
- A.P. (and, yes, I support the EFF. You should too.)
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
A loaded gun will kill someone.
No, a loaded gun might kill someone, as will any number of other tools. I'm sure any enterprising individual would be able to find a way to kill someone with the contents of, say, a kitchen. Or a game closet. Or a pencil case. Or their car. Or a thimbleful of water.
This brushes one of the things that really torques me off. A lot of people, whether they realize it or not, ignorantly assume that bullets have some magical property that causes them to instantly kill someone if they're hit with them. (Case in point, UPS guy to the front desk of my apartment complex when delivering a couple cases of ammo: "Whoever that guy is, you sure don't want to piss him off.")
This simply isn't true. Yes, if you're shot, there's a chance you'll die. But unless it's a well-placed shot, it isn't likely. Especially when using non-hollowpoint bullets.
Not to mention, all of my gun-weilding friends are some of the most responsible people I know. They're well aware of the potential for abuse that owning a firearm has, and always practice safe handling techniques, and pass on this knowledge and concern about safety whenever they introduce a new person to how much fun it is to blow away a paper target or go plinking. (You have no idea how satisfying it is to shoot surplus tax forms on Tax Day.) Coincidentally, these very same people are almost all highly skilled technically, and most are concerned with computer security in one way or another, and use knowledge of exploits and "hacking" tools to accomplish their day jobs.
A loaded gun is probably less dangerous than a fueled-up car. And as far as children are concerned, less dangerous than any of: a pool, stairs, household cleaners, bicycles, a busy street.
One of the problems, as I see it, is that there are just too many script kiddies out there who act without thinking. They have no sense of responsibility, so they have no way of realizing the harm their actions cause, or worse, delight in it. This doesn't mean that the rest of us should be prevented from using the same tools for useful purposes. It means we should make the victims less likely to be victims, through empowerment. That means publishing exploits, pressuring vendors to release fixes, and being constantly vigilant against future threats. Sticking our collective heads in the sand and loudly proclaiming there isn't a problem will just make it easier for the more pragmatic, less socially responsible to sneak up on us from behind.
(damn, I didn't think I could pull that back on topic)
--
It's pretty pathetic when karma can drop when you do nothing
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
There's something that some of y'all are missing here. The distinction between what a treaty is, and what a law is. Note that my use of the word "state" is synonymous with "nation" vis a vis "nation-state".
Basically: a treaty is an agreement between nations that amounts to a contract such that if X happens, then Y will occur. For example, one of the provisions of the NATO treaty is that if -any- member state is attacked, then retaliation is expected of all other members (ie: if Russia were to invade Germany, we'd be essentially obligated to wage war on Russia). Treaties can -also- state that each member state will agree to pass laws that will do X,Y,Z. That's what this one appears to be.
A Treaty -is not- a law. However, due to it's nature as a contract, it can seem like it.
A law, on the other hand, is legislation passed by the government of a given state. So, if the US were to sign on to this treaty (which thus far looks like it's primarily a European thing), we would be obligated by treaty to pass laws that meat the treaty's demands. The wonderful thing about the US signing treaties is that a treaty must be ratified by the Senate BEFORE the US will recognize our signature on the document as valid.
IANAL, but this is what I seem to recall.
The only thing that is objectionable (but is pretty damn objectionable) in the treaty is the two lines making illegal:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;"
Everywhere else in the treaty actions are qualified so that you must also have had the _intent_ to break the law (breaking the law in this case is essentially causing criminal damage).
If that qualification was added to this particular clause the whole thing would be pretty unobjectionable, viz:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5, with the intent of causing such an offence;"
The lawyers would (as usual) have a field day with proving intent, though, but researchers/hobbyists/security specialists would be safe.
(Associated Press - Alcatraz) Today, in an effort to end the pampered style of geek prison life that so many convicted criminals have been accustomed to, The Rock was reopened for service today.
"Hey, these guys managed to get T3 lines into every cell, and the guard door system was a joke, we think that they managed to hack the system so that it would let the doors open whenever they wanted.", said Red Bull, the head of HACK (H)ackers (A)re (C)riminals (K)ill 'em.
"I wished that we could have continued using the death penalty against these evil terrorists and child pornographers, but the ACLU felt it necessary to defend these scumbags. Something about 'the punishment not fitting the crime' or other such nonsense"
"Look, these felons have it better in prison, hell, their cells are over 4 times as big as a typical cubicle is, and they get in house laundry, THEY DONT EVER HAVE TO WORRY ABOUT DOING LAUNDRY AGAIN, and look this doesnt seem like a big point, but I've been to busts on these evil hackers, and their laundry piles up to huge amounts before they decide to do it. It's inhuman, I tell you.
"I just wanted to make this prison term as much of a punishment as possible, so we are cutting these geeks off of their lifeline, and going back to all old-style technology. No computers, no net access, barely electricity.
Maybe now these felons will get what they deserve.
Ignorance is Strength!
Freedom is slavery!
Peace is War!
Hacking is Evil!
tagline
... hi bingo
Washington, D.C. - In a stunning development just announced today, the United States, along with twenty other European nations, will soon make 'yo mama' jokes illegal. Without any regard to issues of free speech or free thought, representatives at the meeting have decided to make the words 'yo mama', when used in a joking context, a felony punishable by up to 5 years in prison and/or a $100,000 (or 100.000 Euros) fine.
One stunned joker was quoted as saying "No way, dawg! Ain't no way they gonna take away my right to laugh at yo' mama!"
Neither US or European representatives from the summit could be reached for comment.
Please stay tuned for updates to this breaking story.
-----
Check out the text to the actual treaty here. Looks like the newest revision is only available as a Word doc, although there's a slightly older version available in HTML. Something worth noting, though: contrary to the implication of the article, the word "hack" or "hacking" does not appear anywhere in this draft. The "Illegal Access" section contains the phrase "A Party may require that the offence be committed either by infringing security measures or with the intent of obtaining computer data or other dishonest intent." IANAL, but I think this pretty much outlaws all white hat stuff.
One of the interesting things about this, also, is the fact that it's a treaty. It basically says that all nations who sign/agree to it will create a set of a laws that accomplish the goals laid out in it. The actual laws themselves will be created by the countries affected by it, and those are what are really going to make "hacking", "cracking" or anything else illegal.
End of lesson. You may press the button.
Do you really, really want to do something about this?
Then take off your asbestos underwear, sit down at your computer, read the actual draft treaty in it's current form, think about exactly why you feel this is a bad idea, write it out, revise it, proofread it, and send it to daj@coe.int for review by the people who are actually working on the treaty itself.
This is the wonder of the Internet, folks. They want your input on this one.
I can assure you, though, that they aren't scanning through Slashdot "this is so fscking typical" posts to get that feedback.
If you care about this issue, save your flames, write out a thoughtful letter, send it to the commission, and post it here for others to read and expand upon. But for crying out loud, do something that actually has some chance of making a difference.
Obliteracy: Words with explosions