Slashdot Mirror
Aussie Bill Would Ban Hacking Tools, Virus Code
rtscts writes: "The Australian govt. is at it again: 'Under the bill, which proposes seven new computer offences carrying jail terms of up to 10 years, it is illegal to possess hacker toolkits, scanners and virus code.'" The bill is called the Cybercrime Bill 2001; according to this article, it "does allow the Defence Signals Directorate (DSD) and Australian Security Intelligence Organisation(ASIS) to hack legally. It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information."
Doesn't this sort of make Unix illegal? I mean, every unix I've heard of pretty much comes with a suit of network utilities, of which scanners are a usual componenet.
By owning a DVD you can theoretically go to jail, because you can be ordered to reveal the key that encrypts the data...
That puts most people between a rock and a hard place, because then they would have to use hacking tools (DeCSS) to get the key...
The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
Most crimes have both a factual component (actus reus) and a state of mind component (mens rea). The Mens Rea for a crime may be intent, knowledge, recklessness, negligence and at times (such as for statutory rape) strict liability.
In theory, a state of mind must be proved just as the factual elements, beyond a reasonable doubt. In practice, a jury is instructed by the judge that they may infer intent from any of the circumstances in which the crime was committed. Unless the defendant takes the stand in her own defense and convinces the jury to the contrary, and thereby submitting herself to a blistering cross-examination, the prosecutor will simply ask the jury to ask themselves any number of rhetorical questions.
Mens rea is a non-issue. With enough stuff on your disk, intent can be "proved" by twisting circumstantial evidence to the satisfaction of the jury. To a jury -- the mere fact of the trial is taking place evidences (which would not otherwise be admissible) the proposition that the government thinks the defendant is guilty.
"with intent" is better than strict liability. But in practice, its grievously dangerous. Anyone possessing tools is ultimately at the mercy of the whim of the authorities. The cost of a criminal defense (which no intelligent person, however good an advocate, should attempt to do by themselves) will never be compensable and can itself be more ruinous than any fine.
In short, this law an authoritarian nightmare -- it serves no good purpose, will actually chill productive anti-hacking technology.
that link doesnt work, it's a search that has expired. Try this instead: http://search.aph.gov.au/search/ParlInfo.ASP?actio n=browse&Path=Legislation/Current+Bills+by+Title/C ybercrime+Bill+2001&Start=4&8cD#top
also there is some more stuff on http://www.2600.org.au/
These are the 2600.org.au mirrors of the bill, they are probably available somewhere on http://www.austlii.edu.au/ Australia's awesome law resource with searchable case law and legislation, reportedly the best law site in the world.- bill-2001-firstreading.pdf
- bill-2001-explanatory-memoranda.pdf
http://www.2600.org.au/misc/cybercrime/cybercrime
http://www.2600.org.au/misc/cybercrime/cybercrime
For what it's worth, even Microsoft realise they are hopeless. Hopefully they'll be voted out at the next election (probably later this year?), and this insanity will end.
The bill doesn't make any of the things listed in this article illegal on their own - you have to be using them for, or intending to use them for, committing another federal crime. There is no requirement to divulge passwords, just to assist law enforcement in effecting the execution of a warrant. Without this they'll just seize the equipment anyway, so it's actually in the interests of the person owning the equipment to provide this assistance as it allows them to take just the relevant data.
Of course it does sound a lot more interesting to say it bans the posession of tools that are being used for legal purposes, but the bill explicitly mentions that there must be a use for, or an intent to use for, an otherwise illegal activity.
Okay, from my reading of the Bill (PDF), it seems that the new offence is possession with intent (Schedule 1 lists the relevant amendments to the Criminal Code, you're looking for Part 10.7, Division 478.3). Means they have to prove you were going to commit a crime with the tool. It's a bit hard to prove that a sys admin who uses a particular tool for legit purposes was going to commit a crime.
As a matter of fact, given the legitimate usefulness of most 'cracker' tools, it seems that it would be quite difficult to prove that anyone was going to commit a crime unless you had a smoking-gun e-mail or other clear evidence of intent.
Australian officals have been puzzled by the sudden mass migration of technical personnel off the island continent. When asked to comment, Professor Lambert of Syndey U. stated "Usually we only see this sort of behaviour in rodents; and then only when there is some kind of immediate danger, such as a sinking ship..."
He who joyfully marches in rank and file has already earned my contempt. - "Big Al" Einstein
"I was talking about being arrested for a crime and then not cooperating with the police. That's probably illegal in any country"
110% WRONG! In the United States, you have a 5th Amendment protection against self-incrimination. That includes the right to NOT co-operate with the police, as codified in the "Miranda" rights that all arresting officers have to read to the person being arrested.
It's up to the police/prosecutors to prove your guilt, and they have NO right to your assistance in that task.
Now, I'm not saying that there haven't been recent law, etc, where the police lobby hasn't been attacking those rights, but until the Bill of Rights is repealed, they are still there.
" - there's nothing special about this act in Australia. If they demand that you give the key to the safety deposit box where you hid your child porn and you refuse, you're basically doing the same thing as if they demand the keys and pass phrases to your data. There's nothing special about digital data and there shouldn't be anything special about it"
The police in the USA can very well get a search warrant for such a safety deposit box, or your home, and may search them. However, again, you DO NOT have any obligation to do anything other than let them in, you do not have to lead them on a "guided tour". Again, the 4th and 5th Amendments cover this.
This Australian law sounds very much like the odious "RIP" law in the UK, which basically gives more or less ANY cop the power to forcibly hand over your security to them, without any oversight (and in the case of RIP, you can even be jailed for letting anyone KNOW they did this to you).
There is no place for such laws in a free society. A people who will tolerate such enormous State power over their persons and property are in effect, tolerating State ownership of all their information and property.
And we all know governments are ALWAYS 100% trustworthy, and would never murder innocents (Waco, Ruby Ridge), and individuals within it would never abuse their power to politically persecute ideological or religious "enemies" (Keith Henson)...
The United States was founded by wise men who feared the power and abuse wrought by too-powerful federal governments. Unfortunately, there aren't many such men in power today.
=== The price of freedom is eternal vigilance
They might need to start a penal colony, maybe on a large island or something, to put all the offenders.
Help! I've just caught this Love Bug virus on my Windoze machine. How do I stop getting thrown into jail for having this "virus code" on my machine?!
Glorat
Of course, the people who would have the best expertise at "correcting" this policy are those right here at /.!
It also forces companies by law to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information.
If they have to reveal all passwords and whatnot, hacker tools aren't needed. Just go to the part of their site where it will say somthing like "By law we are required to post the root passwords to all of our boxes here..." and you will have all the info you need.
Geekizoid: The Small Shiny Things Network ©
Gobble a dick!
Who defines what is a hacker toolkit or virus code? Many legitimate applications and utilities can be used for evil. Would this affect people/organizations that mirror linux distros that include these programs? And what about virus code? If they ignorantly mean source code, then they will have a problem because all of the popular (mainstream popular of course) viruses are written in VBS or a similar interpreted language. So anyone infected could be guilty of a crime. The potential for abuse by vindictive law enforcement agents is obvious. If your neighbor Officer Jack decides he dislikes you, he could release a VBS worm on his own machine which would email everyone in the outlook address book (assuming you are on the list here). Then he could come and arrest you and do whatever he can to ensure that you recieve a severe penalty as a dangerous hacker.
Geekizoid: The Small Shiny Things Network ©
Gobble a dick!