It’s almost like making baseball bats illegal because you can hit someone with it, doesn’t matter its made for playing sport and that’s what most people use it for..
The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called “hacking tools”.
The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006. However, the ban along with measures to increase the maximum penalty for hacking offences to ten years and make denial of service offences clearly illegal, are still not in force and probably won’t be until May 2008 in order not to create overlap with the Serious Crime Bill, currently making its way through the House of Commons.
Sounds pretty ominous to me, even distributing said hacking tools can get you in trouble – that’s bad news for people like me that believe in sharing information, knowledge and hard to find tools.
I agree a revamp of the Computer Misuse Act is needed, but please making tools like Nmap illegal to create or distribute is just plain stupid.
Following industry lobbying the government has come through with guidelines that address some, but not all, of these concerns about “dual-use” tools. The guidelines establish that to successfully prosecute the author of a tool it needs to be shown that they intended it to be used to commit computer crime. But the Home Office, despite lobbying, refused to withdraw the distribution offence. This leaves the door open to prosecute people who distribute a tool, such as nmap, that’s subsequently abused by hackers.
The Crown Prosecution Service guidance, published after a long delay on Monday, also asks prosecutors to consider if an article is “available on a wide scale commercial basis and sold through legitimate channels”. Critics argue this test fails to factor in the widespread use of open source tools or rapid product innovation.
It’s pretty messy – it could help malicious hackers be prosecuted effectively and gives a bit more ammo to law. But it also means over zealous lawyers could prosecute security consultants for actions they don’t really understand – which is the scary part for me.
I hope it gets distilled into something useful and fair for both sides.
Source: The Register