Th British government is planning to make the distribution of hacker tools into a crime, according to a post on the Register This is an amendment to the Computer Misuse Act, included in the Police and Justice Act 2006, but unlikely to become law until May, 2008.
Hmm, hacker tools? What does that mean? On first thought, it must include anything you can do on a PC. What about Visual Basic for example? Any Unix Distro? Windows?
OK. Let’s assume that all the standard OSes and applications won’t be included. What about relatively innocuous programs like snort and Ethereal, which let you monitor what’s happening on your network? Plus all the other programs you might use to secure a system – password crackers and stress testers.
The Register points out that many “hacker” tools are used by sysadmins to secure networks.
The problem is that anything from nmap through wireshark to perl can be used for both legitimate and illicit purposes, in much the same way that a hammer can be used for putting up shelving or breaking into a car.
Apparently, the government has stepped back a bit from this mad direction by adding something about the intent to use the software, after industry concern, but the Register says that it’s still going ahead with the plan “to prosecute people who distribute a tool, such as nmap, that’s subsequently abused by hackers.”
LightBlueTouchpaper site says:
the complexity surrounds “distributionâ€, if a good guy runs a website and a lot of bad people download the tool from it, has the good guy committed an offence?
The point is well expressed on Spy-Blog which also draws attention to the shockingly poor global rank of the UK for privacy:
The United Kingdom, is still, to our shame and to public fear, ranked in the worst category, i.e. an “endemic surveillance society” alongside the Russian Federation, China, the USA and Malaysia etc.
The incompetent Labour government has managed to further increase the size and scope of its “surveillance state” activities, without any effective transparent checks or balances. They have not achieved any extra “security” as a result of this snooping and spying on the public, but they have further lost public confidence and trust in centralised government bureaucratic systems
These “anti-hacker” activities seem particularly poorly timed, given that the past few weeks have seen the most crucial private data of millions of UK citizens’ having been randomly distributed in the UK and even the USA.
And, oddly, not due to the ultimate cunning of nefarious hax0rs. Due solely to the incompetence of government agencies and subcontractors. Hmm.
For example- this story from spy-blogbuggers belief. MI5 emailalert sign-up shambles
Astonishingly, MI5, the Security Service, part of whose remit is supposed to be giving protection advice against electronic attacks over the internet, is sending all our personal details (forename, surname and email address) unencrypted to commercial third party e-mail marketing and tracking companies which are physically and legally in the jurisdiction of the United States of America, and is even not bothering to make use of the SSL / TLS encrypted web forms and processing scripts which are already available to them..