UK gov sets rules for hacker tool ban
The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called "hacking tools".
The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006.
The problem is that anything from nmap through wireshark to perl can be used for both legitimate and illicit purposes, in much the same way that a hammer can be used for putting up shelving or breaking into a car.
Click read more for further information.
The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called "hacking tools".
The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006. However, the ban along with measures to increase the maximum penalty for hacking offences to ten years and make denial of service offences clearly illegal, are still not in force and probably won't be until May 2008 in order not to create overlap with the Serious Crime Bill, currently making its way through the House of Commons.
A revamp of the UK's outdated computer crime laws is long overdue. However, provisions to ban the development, ownership and distribution of so-called "hacker tools" draw sharp criticism from industry. Critics point out that many of these tools are used by system administrators and security consultants quite legitimately to probe for vulnerabilities in corporate systems.
The distinctions between, for example, a password cracker and a password recovery tool, or a utility designed to run denial of service attacks and one designed to stress-test a network, are subtle. The problem is that anything from nmap through wireshark to perl can be used for both legitimate and illicit purposes, in much the same way that a hammer can be used for putting up shelving or breaking into a car.
Following industry lobbying the government has come through with guidelines that address some, but not all, of these concerns about "dual-use" tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offence. This leaves the door open to prosecute people who distribute a tool, such as nmap, that's subsequently abused by hackers.
The Crown Prosecution Service guidance, published after a long delay on Monday, also asks prosecutors to consider if an article is "available on a wide scale commercial basis and sold through legitimate channels". Critics argue this test fails to factor in the widespread use of open source tools or rapid product innovation.
IT and the law are never easy bedfellows. While the guidelines probably make it less likely the security consultants will be prosecuted by over-zealous lawyers for actions they don't understand are legitimate, they are still a bit of a mess.
Source: http://www.theregister.co.uk/2008/01/02/hacker_toll_ban_guidance/
Zer0Man
Zer0Man 16 years ago
Governments suck, these stupid laws they dream up. They jump in before thinking things out. :evil:
ghost 16 years ago
Damn government pigs:angry:… Oh well it wont kill the community; it may make it harder to obtain tools, but it wont kill the community. Does anyone know, will this only affect the UK? I live in the US and wonder if this will impact me.
ghost 16 years ago
i think it would negatively affect legitimate users such as security consultants but have no effect on hackers and other people with bad intention as it would be difficult to enforce such a ban across the vast internet
ghost 16 years ago
i think it would negatively affect legitimate users such as security consultants but have no effect on hackers and other people with bad intention as it would be difficult to enforce such a ban across the vast internet
ghost 16 years ago
At least making homemade plastic explosives is still legal… ^_^
And redhot is right, these laws never affect wrongdoers… if you're breaking several laws already, why would yet another one stop you?
ghost 16 years ago
The ban won't stop much of anything. People will still share so called hacking tools. Besides, the people who really are out to cause harm either already have the tools or are more than capable of creating their own. If anything, the ban may slow skiddies.
ghost 16 years ago
will backdoor shells count? you could use the telnet feature of winxp to potentially hack so is xp banned now? you can potentially use most applications to 'hack' so this is ridiculous.
ghost 16 years ago
we have a similar law in germany…and no one pays any attention to it..so far as I know, it's not even properly enforced.
ghost 16 years ago
yeah, politicians like to do things when the THINK they understand, this law, as was stated above, only stops legit people. eventually the gov't will wake up and higher security professionals to help fix the problems, rather than…. oh, iunno…. passing pointless laws?
…. wait, what am i saying. that will never happen. before you know it, it will be illegal to eat butter, and taco bell will win the franchise wars, and Arnold Swarzineger will be president, and and and…. wait that's demolition man. Maybe this gives me time to become stalone's character and kick some ass. RAWK!
ghost 16 years ago
the problem is most of these people don't understand how the internet works, this very evident in America case and point one of our law makers saying "The internet is not a big truck, its not something you just dumps stuff on its a series of tubes." better mirror the download section in another country :ninja: here is to avoiding dumb laws :ninja:
fuser 16 years ago
damned politicians. do they ever think? It seems that they just use assumptions that it'll work.
does ssh count as a hacker tool? PGP? Unix? compilers?
what these people didn't know is that these tools can be used to help secure sites. they can find their own vulnerabilities, crack weak passwords in an organization, there are lots of uses for it.
but i think people should create and sign a petition to disagree with the the new ruling. the general public, however, can't see the negatives of the law (due to the stereotyping of hackers as greedy immoral criminals)
but sometimes i doubt protests would work. the establishment would just turn a deaf ear over this.
TheSilentDrifter 16 years ago
A great example on how the media has tried to degrade what hacking truly is… Government officials trying to mess with things they know nothing about is truly dissatisfying to me, but luckily i live in the U.S. If they ever passed a law like that here, i'd very quickly start doing whatever it took to end it. Also, google is always there. Sometimes it can be harder to get the good stuff, but it's an amazing tool to have. Hope you don't have to remove downloads though :( it makes it so much easier getting it from a secure and known site. That way i know i'm not getting something that may be harmful.
ghost 16 years ago
its not just the downloads section thats in jeproday mr cheese. According to the spyblog article here: http://p10.hostingprod.com/@spyblog.org.uk/blog/2008/01/computer_misuse_act_amendments_inadequate_crown_prosecution_service_guidance.html its never actualy clear what is banned, and they infact include data of all kinds including source and text.
ghost 16 years ago
If this site has taught me anything you don't need tools and if you do use a free web hosting in a foreign country and run it through that way. Also how many site admins are going to bother spending $1000's on forensics for compensation when one mistake can blow a case. http://www.hellboundhackers.org/fusion_images/smiley/ninja.gif
ghost 16 years ago
not going to bother …. sozzzz http://www.hellboundhackers.org/fusion_images/smiley/whoa.gif