UK Moves to Outlaw 'Hacker Tools'

twitter writes "New guidance rules for the UK's controversial Computer Misuse Act do not allay fears of impracticality, or of the banning of legitimate IT software: 'The government has come through with guidelines that address some, but not all, of these concerns about dual-use tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.'" Somewhat similar legislation recently became law in Germany.

Re:I use these 'myminicity links'

Now this is interesting, the parent actually has content, but the links all go to contactlog.net, where they're forwarded to myminicity, unlike a lot of the other myminicity spammers.

Also,

applies only to property you do not own is wrong, they're talking about distributing the tools.

Re:IDEs too?

[hesaigo999ca]

I am so glad you mentioned VS.net...yes this tool can be used to do many "hacker" like things...
I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools.... ;P

Outlaw politicans who make stupid laws about tech

[Marcion]

From TFA behind the TFA:

Whilst the law was going through Parliament the Home Office suggested that "likely" would be a 50% test.. Anyway, that guidance is now out -- and there's no mention, surprise, surprise, of "50%"

If over 50% of the laws they make are nonsense, can we ban the politicians?

Reminds me of the middle ages

[pwnies]

This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge. That's the same thing the UK is trying to do now - they're trying to ban software because it might be able to be used for naughty purposes. Why don't you ban the C programming language while you're at it UK? I hear those buffer overflows could be dangerous.

Hopefully this mistake won't take 400 year to remedy.

Just for the sake of argument-

[llamalad]

How about if such tools were only legal for licensed/certified IT and Information Security professionals?

Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.

Re:Just for the sake of argument-

[llamalad]

I'm thinking CISSP or along those lines get the official certification 'for free'. Let current uncertified IT professionals get a grace period of a few years to take a free test to get certified.

New IT professionals officially 'apprentice' grade or somesuch until they're take the same exam and perhaps some mandatory formal education.

Re:Just for the sake of argument-

well, it may be illegal to carry a lockpicking set, but it's not, afaik, illegal to OWN one and keep it in your own home for the purposes of (say) testing any new padlock that you buy before you actually secure anything with it.

Lockpicking is a skill that's used by a) nefarious types, b) locksmiths, c) a few people who have a private interest in the subject. Now, the people in (c), if they want to distribute their work legitimately will probably set themselves up (b), a locksmith. On the other hand, someone who has a private interest in fiddling with network security may well continue with their day job and just do the computer fiddling on the side - that doesn't mean that it's not a harmless private activity though.

The Renaissance is, for physical sciences (and lockpicking) over, no-one spends a few years locked in their study doing science for personal interest, which is why, when someone says that they do lockpicking research out of a personal interest, they're not taken seriously. On the other hand, the versatility, reuseability and near zero ongoing-cost of computers means that private computer research is entirely possible - anyone can get a linux installation, python, perl, a wodge of virtual machines, and play incessantly as a hobby. Fiddling with computers is the new alchemy. The problem is that people keep looking at computing research and scoffing because they think of it like physical research and assume that it's the preserve of a few cranks and retired professors who no doubt have copious amounts of facial hair and smoke a pipe, not the one area of research that can still be done by a private individual on a personal basis.

Perhaps what needs to happen is that people who fiddle with computers in their spare time need to start writing papers on what they discover/invent and generally put around the idea that legitimate research in the field of computing can still be carried out by private individuals for personal interest, and not just by nefarious types.

Conclusion: Don't compare hacking tools to physical situations like lock picking.

Still available for legitimate use?

[EmbeddedJanitor]

Perhaps the real idea is to restrict access to these tools to licensed practitioners or those with a valid reason to posess them. You cannot buy dymanite over the counter, but people with a blasting tickets can still buy it.

Re:Still available for legitimate use?

[sumdumass]

I'm not sure that I would compare computer programs with Dynamite.

And what happens when some enterprising criminals decides they want to get a license to look legit? Do we raise the license fees so anyone wanting to possess a programing IDE has to have a backer and a multi million dollar bond on them like some areas require for explosives work? Then all the software can come from large companies and we will be happy with whatever they innovate?

Requiring registration and licensing is only going to create a mess. Hacker programs aren't that dangerous compared to explosives and should be considered even close to the same thing. Hacker tools could be anything you could use or create something that someone could use for mischief. The issue is the intent and proving it. The easiest way to prove intent is to show where you documented something or made a statement about something. So more then anything, this is a law that would make it illegal to talk about doing anything with a computer or a computer program that isn't approved by the manufacturers (eg, Microsoft or whoever). And the worse part about it is, if you think that this law and what it entails is perfectly fine, then see a program that could be used for hacking but isn't being represented that way, you could find yourself in trouble for simply reporting it in the wrong way. If you posted your observations to a website or to the wrong authorities, you could be busted for creating hacking tools and techniques and making them available. It is simply amazing if you ask me.

Quick! Outlaw Pencils and Paperclips!

[locust]

Everyone knows that a pencil when sharpened can be used to maim or injure! I mean you could loose an eye! Paperclips can be used to pick simple locks! They facilitate breakins! These deadly and criminal tools must be outlawed! Hurry! Arrest the employees of Office Depot and Staples for purveying these items, and enabling the criminal underclass!

Thought Tools

[nurb432]

I guess we should just arrest everyone that has a bad thought.

WIth 'bad' being relative to the administration in charge at the time in said country.

Will they be outlawing FTP or HTTP as well?

Re:It's not about security.

[91degrees]

But it is about security! They've decided it's too hard to actually solve crimes and prosecute the old fashioned way, by proving intent to commit a crime.

Instead they just criminalise the capability to commit a crime. No matter whether there may be a legitimate use for something, or whether there may be enthusiasts who take pleasure from understanding how security works. Of course, they're not going to actually prosecute people who they think probably aren't going to commit a real crime. Just those who probably are but the police aren't capable of proving without some of that pesky "reasonable doubt" stuff getting in the way.

99% of these tools get made as needed

therefore also the people that make them either are too poor to pay for licensing and note that many of the authors knowing the dual purpose like to remain as anonymous as possible. You can't have your cake and eat it too. The gov't wants to have only gov't make tools and anyone they authorize.
As i can attest gov't coders are lame sad and very poor at creativity. The kind of personality that creates hacker tools is not one that leads itself to a gov't job.
        Now the UK and 4 other countries are on that WORST privacy list. When there becomes a massive abuse and it goes public, then people may question if they live in a democracy or a facist state. It was hitler who bruned knowledge ( books ) .
BIG BROTHER is here folks. The question now is do you trust politicians that are lobbied to power by mpaa/riaa/BREIN/corporates. AT least in the cold war the corporations had to make it look like capitalism was better then communism. Now that the cold war is over it would be interesting to see how are rights are being widled away and the corporate power grows. /fantasy-vision-starts.... one day i envision another war. The war on corporate terror. Where we the citizens have to fight the corporates armies ( Black Water ring a bell )
It is an apocalyptic war that will have them with all the tech and if we don't hold onto the hacker tools and texts we will all lose. /end-conspiracy or is it the end?

Re:IDEs too?

[computational+super]

Another thing that always pops into my mind when I read about such a proposed bit of legislation... let's say that they did make nmap illegal, but not IDE's (or at least not compilers). I *can* write my own (admittedly inferior) version of nmap with a little bit of time, based on the knowledge I've gleaned from reading "TCP/IP Illustrated". As stupid as outlawing the distribution of nmap is in and of itself, I wonder (seriously wondering, not "what's next are they going to ban cars?" slashdot-style hyperbole-ing here) if they're going to move to have distribution of books like this limited as well? If *not*, then one could simply post the nmap source code, in book form if necessary...

One thing my 33 years in the 20th & 21st centuries have taught me is that politicians don't just stop at stupid, they constantly find new ways to redefine the concept.

Re:NMAP

[Marcion]

I do this all the time.

I have basic DHCP server that gives out dynamic IP addresses. I also have a couple of machines without monitors which I can connect to via VNC or SSH such as a G4 Mac which I use for running OS 9 applications which never got ported to the Intel OS X world, on boot it starts the VNC server. I can then use nmap to find out the IP address and log into it graphically from my main Linux computer.

Re:IDEs too? Oh yes, and what about OO Design?

[Dog-Cow]

Do you walk around in body armor or with body guards? No? Well, you deserved to be mugged or brutally beaten to death.

Or maybe your logic just isn't.

Re:IDEs too? Oh yes, and what about OO Design?

[Kythe]

Not to detract from a truly excellent comment, but I did want to remark on one thing...

When people started getting used to the idea of "I have nothing to hide". You do. Everyone does. I have skeletons in my closet, and I want them to stay there.

I'm not sure most people honestly think they have nothing to hide. They've been trained, however, to think that failure to act like one has nothing to hide will reveal what they have to hide.

I think it's likely a result of a culture obsessed with cop fantasy shows in which the cops can do pretty much anything they want to solve the crime, justified by depictions of the people the fantasy cops zero in on as nearly always guilty.

Re:Historical Precedent

However, allowing the population to have handguns causes problems. Not least because, unlike hunting rifles, handguns can be concealed easily. At the moment in England, two drunken idiots get into a fight and someone ends up with a black eye in the morning. Give one of the idiots a handgun then one of them does not wake up.

That's a common argument used by anti-gun people, but it does not bear close inspection.

In the USA, one of the common conditions of a license to carry a concealed handgun in public places is that you get up the right to allow yourself to become intoxicated while doing so. You are prohibited from entering any tavern, bar, and in a few states any restaurant that serves alcohol.

In effect, you have the choice of being a drunken idiot, or being able to carry a concealed handgun. What's more, if you are caught being drunk (or even being in a tavern or bar) with a concealed handgun, not only do you lose your license but you're stripped of the right to possess any kind of gun for life.

Those Americans who are licensed to carry concealed handguns take this very seriously. For good reason. Very few licenses ever get revoked, because the people who submit to the procedure (which almost always includes fingerprinting) are the most law-abiding segment of society.

The American gun crime that you read about almost invariably are people who are not licensed in any way, and in many cases are prohibited from owning any kind of firearm due to past criminal convictions.

Remember: the bad guys can always get guns. Gun bans only affect the good guys.

Britain has a very low murder rate because it is much harder to successfully kill someone without a handgun.

Compared to today, Britain's murder rate was lower when it was legal to carry concealed handguns in public places.

That doesn't mean that the legality of carrying concealed handguns in public places made Britain's murder rate lower; it means that there is no causality between the two.

Ask yourself: would you rather that your girlfriend/wife/daughter explain to the police why she had to shoot someone who attacked her, or that you have to go to the morgue to identify her after she was raped and strangled with her own panty hose?

None of this is to say that legalizing concealed handguns is right for Britain. But there's a lot of myths about the USA's laws in Britain which bear no relationship to reality.

And the most useful Hacker tool is...

[SageMusings]

Say goodbye to GCC. That should prevent a fair amount of hacking, experimentation, and circumvention.

Re:IDEs too?

"When X is outlawed, only outlaws will have X." ...

Yes. That's the point. And while I'm against outlawing 'hacker tools', I think there's something to be said for banning guns. Imagine a burglar. If our burglar wants to rob a house in, let's say, the U.S., he'd better bring a gun. Because whoever he is robbing may also own a gun. At some point, the burglar is going to get caught, and either he or the inhabitant of the house is going to get shot. If, however, our burglar wants to rob a house in , he knows his victim is very unlikely to own a gun. Therefor he can just stick to a knife. Even if he chooses to bring a gun (an instance where only the outlaw has a gun) and gets caught, a fight is unlikely to start because one of the parties involved (the burglar) clearly has the advantage.

If someone wants to kill people, he is going to be able to do wether guns are outlawed or not.