Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Moves to Outlaw 'Hacker Tools'

Posted by Zonk on from the getting-to-be-popular-over-there dept.

twitter writes "New guidance rules for the UK's controversial Computer Misuse Act do not allay fears of impracticality, or of the banning of legitimate IT software: 'The government has come through with guidelines that address some, but not all, of these concerns about dual-use tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offense. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.'" Somewhat similar legislation recently became law in Germany.

16 of 308 comments (clear)

  1. Re:I use these 'myminicity links' by Anonymous Coward · · Score: 2, Interesting
    Now this is interesting, the parent actually has content, but the links all go to contactlog.net, where they're forwarded to myminicity, unlike a lot of the other myminicity spammers.

    Also,

    applies only to property you do not own is wrong, they're talking about distributing the tools.
  2. Re:IDEs too? by hesaigo999ca · · Score: 3, Interesting

    I am so glad you mentioned VS.net...yes this tool can be used to do many "hacker" like things...
    I wonder if we showed the stupid leaders in parliament, this fact, then would they ban microsoft all together for creating such devious tools.... ;P

  3. Outlaw politicans who make stupid laws about tech by Marcion · · Score: 3, Interesting

    From TFA behind the TFA:

    Whilst the law was going through Parliament the Home Office suggested that "likely" would be a 50% test.. Anyway, that guidance is now out -- and there's no mention, surprise, surprise, of "50%"

    If over 50% of the laws they make are nonsense, can we ban the politicians?

    --
    My little Linux and tech blog
  4. Reminds me of the middle ages by pwnies · · Score: 3, Interesting

    This is ridiculous. It reminds me of the "Index Librorum Prohibitorum" (Roman Catholic list of banned books). The Roman Catholics banned books because they believed that they could be used as a tool against their power, and not simply for the purpose of knowledge. That's the same thing the UK is trying to do now - they're trying to ban software because it might be able to be used for naughty purposes. Why don't you ban the C programming language while you're at it UK? I hear those buffer overflows could be dangerous.

    Hopefully this mistake won't take 400 year to remedy.

  5. Just for the sake of argument- by llamalad · · Score: 5, Interesting

    How about if such tools were only legal for licensed/certified IT and Information Security professionals?

    Yes, this would mean our having to get certified as at least minimally competent at what we do, much like hairdressers and engineers.

    The idea is analogous to how, in New York at least, it's illegal for random people to carry lockpicks.

    1. Re:Just for the sake of argument- by llamalad · · Score: 2, Interesting

      I'm thinking CISSP or along those lines get the official certification 'for free'. Let current uncertified IT professionals get a grace period of a few years to take a free test to get certified.

      New IT professionals officially 'apprentice' grade or somesuch until they're take the same exam and perhaps some mandatory formal education.

  6. Still available for legitimate use? by EmbeddedJanitor · · Score: 2, Interesting

    Perhaps the real idea is to restrict access to these tools to licensed practitioners or those with a valid reason to posess them. You cannot buy dymanite over the counter, but people with a blasting tickets can still buy it.

    --
    Engineering is the art of compromise.
    1. Re:Still available for legitimate use? by sumdumass · · Score: 2, Interesting

      I'm not sure that I would compare computer programs with Dynamite.

      And what happens when some enterprising criminals decides they want to get a license to look legit? Do we raise the license fees so anyone wanting to possess a programing IDE has to have a backer and a multi million dollar bond on them like some areas require for explosives work? Then all the software can come from large companies and we will be happy with whatever they innovate?

      Requiring registration and licensing is only going to create a mess. Hacker programs aren't that dangerous compared to explosives and should be considered even close to the same thing. Hacker tools could be anything you could use or create something that someone could use for mischief. The issue is the intent and proving it. The easiest way to prove intent is to show where you documented something or made a statement about something. So more then anything, this is a law that would make it illegal to talk about doing anything with a computer or a computer program that isn't approved by the manufacturers (eg, Microsoft or whoever). And the worse part about it is, if you think that this law and what it entails is perfectly fine, then see a program that could be used for hacking but isn't being represented that way, you could find yourself in trouble for simply reporting it in the wrong way. If you posted your observations to a website or to the wrong authorities, you could be busted for creating hacking tools and techniques and making them available. It is simply amazing if you ask me.

  7. Quick! Outlaw Pencils and Paperclips! by locust · · Score: 2, Interesting

    Everyone knows that a pencil when sharpened can be used to maim or injure! I mean you could loose an eye! Paperclips can be used to pick simple locks! They facilitate breakins! These deadly and criminal tools must be outlawed! Hurry! Arrest the employees of Office Depot and Staples for purveying these items, and enabling the criminal underclass!

  8. Thought Tools by nurb432 · · Score: 4, Interesting

    I guess we should just arrest everyone that has a bad thought.

    WIth 'bad' being relative to the administration in charge at the time in said country.

    Will they be outlawing FTP or HTTP as well?

    --
    ---- Booth was a patriot ----
  9. Re:It's not about security. by 91degrees · · Score: 3, Interesting

    But it is about security! They've decided it's too hard to actually solve crimes and prosecute the old fashioned way, by proving intent to commit a crime.

    Instead they just criminalise the capability to commit a crime. No matter whether there may be a legitimate use for something, or whether there may be enthusiasts who take pleasure from understanding how security works. Of course, they're not going to actually prosecute people who they think probably aren't going to commit a real crime. Just those who probably are but the police aren't capable of proving without some of that pesky "reasonable doubt" stuff getting in the way.

  10. Re:IDEs too? by computational+super · · Score: 2, Interesting

    Another thing that always pops into my mind when I read about such a proposed bit of legislation... let's say that they did make nmap illegal, but not IDE's (or at least not compilers). I *can* write my own (admittedly inferior) version of nmap with a little bit of time, based on the knowledge I've gleaned from reading "TCP/IP Illustrated". As stupid as outlawing the distribution of nmap is in and of itself, I wonder (seriously wondering, not "what's next are they going to ban cars?" slashdot-style hyperbole-ing here) if they're going to move to have distribution of books like this limited as well? If *not*, then one could simply post the nmap source code, in book form if necessary...

    One thing my 33 years in the 20th & 21st centuries have taught me is that politicians don't just stop at stupid, they constantly find new ways to redefine the concept.

    --
    Proud neuron in the Slashdot hivemind since 2002.
  11. Re:NMAP by Marcion · · Score: 2, Interesting

    I do this all the time.

    I have basic DHCP server that gives out dynamic IP addresses. I also have a couple of machines without monitors which I can connect to via VNC or SSH such as a G4 Mac which I use for running OS 9 applications which never got ported to the Intel OS X world, on boot it starts the VNC server. I can then use nmap to find out the IP address and log into it graphically from my main Linux computer.

    --
    My little Linux and tech blog
  12. Re:IDEs too? Oh yes, and what about OO Design? by Dog-Cow · · Score: 3, Interesting

    Do you walk around in body armor or with body guards? No? Well, you deserved to be mugged or brutally beaten to death.

    Or maybe your logic just isn't.

  13. Re:IDEs too? Oh yes, and what about OO Design? by Kythe · · Score: 3, Interesting
    Not to detract from a truly excellent comment, but I did want to remark on one thing...

    When people started getting used to the idea of "I have nothing to hide". You do. Everyone does. I have skeletons in my closet, and I want them to stay there.


    I'm not sure most people honestly think they have nothing to hide. They've been trained, however, to think that failure to act like one has nothing to hide will reveal what they have to hide.

    I think it's likely a result of a culture obsessed with cop fantasy shows in which the cops can do pretty much anything they want to solve the crime, justified by depictions of the people the fantasy cops zero in on as nearly always guilty.
    --

    Kythe
  14. And the most useful Hacker tool is... by SageMusings · · Score: 2, Interesting

    Say goodbye to GCC. That should prevent a fair amount of hacking, experimentation, and circumvention.

    --
    -- Posted from my parent's basement