UK Law May Criminalize IT Pros 514
An anonymous reader writes "More worrying news from the UK. This time, a bill meant to fight cybercrime may make it illegal to use or make available network security tools available, just because they could be used by hackers." From the article: "Clayton cited the Perl scripting language, created by Larry Wall in 1987, as an example of a useful technology that could fall foul of the law. 'Perl is almost universally used on a daily basis to permit the Internet to function,' said Clayton. 'I doubt if there is a sysadmin on the planet who hasn't written a Perl program at some time or another. Equally, almost every hacker who commits an offense under section 1 or section 3 of the CMA will use Perl as part of their toolkit. Unless Larry is especially stupid, and there is very little evidence for that, he will form the opinion that hackers are likely to use his Perl system. Locking Larry up is surely not desirable.'" A note that this is equally confusing but separate from yesterday's story about the UK government wanting private encryption keys.
it's the nature of these tools (Score:5, Insightful)
Just as these tools are useful diagnostic tools they are also handy tools for commiting crimes as described under this proposed law. That's the nature of networks and tools to manage them. To deem these tools and availability of such a crime because they could be used to commit a crime is insane.
This is akin to the recent proposal that all encryption key owners make their keys available to law enforcement. The expected eventual end result will be cautious users relinquishing valuable resources with criminals holding the trump card. This too is insane.
So, when an administrator gets the call to investigate what appears to be suspicious behavior, where do they go to troubleshoot the problem? Heck, peel away all the layers of this onion and it wouldn't be surprising to find hackers are behind this... get the government to suspend priveleges using FUD, and run rampant over the network infrastructure.
There is a hint of sanity from the article:
I only hope the government will listen to that reasoning.
No shit. (Score:4, Insightful)
I guess a written constitution does have some utility.
Well then... (Score:5, Insightful)
This is great news for India! (Score:5, Insightful)
A strong economy, and the higher quality of life it may bring, depends heavily on innovation and progress. That is clearly being hindered by those who support such legislation. Companies won't be able to take advantage of the productivity gains one gets from using the technology that may be restricted.
In the end, it comes down to a matter of freedom. Those nations who are now free to innovate will do so, and will eventually prosper. Those who seek restrictive legislation over free innovation will see their wealth and standard of living decline rapidly.
Compilers and Debuggers? (Score:2, Insightful)
Doesn't make sense... (Score:5, Insightful)
Person 1: Hi, I make hammers, would you like to buy one? You can use them to "hammer" nails into things, really quite nice for building houses and such.
Person 2: Wow, this is nice. I'll take one!
Law: Woah woah woah! Hold on right here... This "hammer" you got here... yeah well that can be used to bash someone in the head, so... it's now illegal, you'll have to come with me now. That's right, hands behind your back.
I've never understood the idea that because a tool can be used to commit a crime, that it inherantly makes the tool evil.
Illegal Tools (Score:3, Insightful)
Re:No shit. (Score:2, Insightful)
Oh, yeah, our Constitution has been working really WELL lately...
Now if we could get our President to read it once in a while...
Face it, folks, the US will go the way Britain is going - it's only a matter of time. ALL states end up in the same place - fascist dictatorships. As long as the public are gutless wimps - like this fool I've been arguing with over the NSA wiretaps yesterday - it is inevitable.
Re:Do I see a pattern? (Score:3, Insightful)
Shitty Government. (Score:5, Insightful)
This is more sensationalist shit like the story about the RIPA. The law isn't very effective because the police can't force you to hand over keys that are used only to ensure the integrity of messages. This basically means that stuff like SSL, SSH and Zimmerman's Zphone are safe against seizure.
I submitted a story on this but obviously the Slashdot editors care more about exciting headlines than the sober truth. I wrote an essay in 2003 and you can read it here [ckwop.me.uk].
I've not read the act but I can already guess how useless it will be. The short and long of it is that it is very tough indeed to prove beyond reasonable doubt that someone that you put the software there. Believe me I know, I was a witness in a Child Porn case. The defence won because when we found the content we didn't follow CPS guidelines in the data recovery method.
Even worse, a hackers machine can look very much like a hacked machine. Hackers, after all, use one machine to get to the next. How are you going to prove they aren't the innocent bystander - BEYOND REASONABLE DOUBT.
Yet more time wasted by an incompetent government that can't even deport convicted foreign criminals.
Simon.
Make computers illegal! (Score:5, Insightful)
Want to reduce crime? (Score:3, Insightful)
Comment removed (Score:5, Insightful)
Bans Nmap Too (Score:5, Insightful)
TFA also states that "People who distribute networking vulnerability scanning tools such as Nmap or Nessus could also be caught up in part (b), Clayton warned.". A quick reading of section 41 [parliament.uk] seems to bear that out. As author and maintainer of the Nmap Security Scanner [insecure.org], I am more than a little concerned.
I'm certainly not going to let anything as silly as some U.K. law stop me from distributing Nmap, but I also don't want to become like Dmitry Skylarov [wikipedia.org] the next time I give a presentation in England. And even if (as I would expect) the rest of the world ignores this, it could have a chilling effect on important security tools and research from U.K. citizens. Think of all the good research and tools that David Litchfield from London (NGS Software [ngssoftware.com]) has brought us. And my London friend Hoobie brought us the free Brutus password cracker [hoobie.net], which appears to be prohibited by this bill.
The good news is that this is just a proposal. So I would join the chorus in urging our British friends to make their voice heard against this silly bill.
-Fyodor
Insecure.Org [insecure.org]
Re:it's the nature of these tools (Score:3, Insightful)
You obviously have not had any experience of the UK government. "Listening" and "reason" are not concepts governments in general are familiar with, and especially not the present UK government.
Re:Doesn't make sense... (Score:3, Insightful)
Welcome, fellow NRA member.
This is getting out of control. (Score:2, Insightful)
While they're at it, why not just criminalize the use of ANYTHING that could be used for less than honest purposes...
Let's start with any programming language that is used to write the tools that are available to the bad guys. hmmm... that would potentially be all of them... so we may as well just ban computers in general... and cell phones, PDAs and anything with microchips... There goes my new toaster... Can't let the bad guys get my toast.
But... wait there's more. Why not ban anything that could lead to the knowledge of how to do this crap in the first place? TV and radio are gone because of the whole microchip thing. Burn the books and close the schools. That way the kids don't learn about technology that may lead to tools that might be used by bad people for possibly malicious puproses...
And just to make sure that no one ever learns about it again, let's "silence" all programmers, scientists, researchers, teachers, librarians, hobbyists, and anyone who's ever operated a computer or even entered a Radio Shack.
I'm still not sure why vehicles are allowed on the road considering all the contraband and stolen possessions they could be used to transport. Coat hangers, hair pins, and any sharp tool. Instuments of evil, all of them.
Next up: Legislating the use of whatever part of the brain is the basis for the formation of new thoughts and notions.
criminalizing possession (Score:4, Insightful)
Criminalizing the mere possession of something just because it could potentially be used in a crime is pretty stupid. Until you do something that actually harms someone, where's the crime? "Innocent until proven guilty" remember? Just because someone has means, and could find opportunity, doesn't mean he has motive to commit a crime. Don't you need all three? Mens rea, anyone? All these sorts of laws do is make criminals out of normal, honest, otherwise-law-abiding people.
Until you stab someone, your knife is just a useful cutting tool. Until you shoot someone, your gun is just a useful self-defense and hunting tool. Until you crack something, your network analysis software is just another tool. There is nothing inherently bad/evil about them. Merely possessing them does not twist a normal person into a psychopathic criminal.
Anyone else think we'd have better lawmakers if we plucked some names at random from the phone book?
Re:Bans Nmap Too (Score:3, Insightful)
I think that was the plan...but the really stupid thing and obvious thing that people seem to be missing is that tools like nmap, nessus and ethereal serve legimate and necessary purposes.
I have no idea how I would be able to harden the security of networks I maintain without these tools. Nmap shows me what ports are open, for instance. Without that tool, I have no idea and I'm just guessing that the firewall rules, etc., I have set are correct or are even actually being enforced by the firewall. It would be like writing a program without being able to compile it or writing HTML without passing it through a validator or even having the ability for an HTML preview.
That's patently ridiculous. Network security is a very complicated thing and it would be even more complicated without tools to test it's strength. Thanks for the vote of confidence -- nmap is one of the many essential tools in my network security toolbox and I've been using it forever.
Re:it's the nature of these tools (Score:5, Insightful)
If you replace the software with guns, you will begin to understand the position of those who want the right to bear arms (modifications have been made).
Can guns kill people? Sure they can, but so can many other things that the typical person owns (knives, drills, cars). Guns are also tools, and used well they can be of great help. Many families in my area (Montana) rely upon guns for hunting to support their families (cheap meat). Unfortunately, hunting rifles fall into the category of a "sniper rifle" which comes under attack as an unnecessary weapon. And do not underestimate the value of having a weapon for self defense.
Re:It's easier to fight the tool than the person (Score:3, Insightful)
You're right, it's the current "politically correct" culture we live in. You don't want to be judgmental, you don't want to "discriminate", don't want to hurt anyone's feelings you know.
Sorry, but I'll call a spade a spade. If you're a jerk, then you are, and trying to shift blame onto your childhood/current circumstances doesn't fly with me. You had a choice. You made a bad decision. Tough cookies. Grow up and be responsible.
"Innocent until proven guilty" (Score:3, Insightful)
They found it was inconvenient to prove someone did something before punishing them.
Much easier to simply accuse and punish, how else can they prosecute thought crime.
Seizure and liquidation of the property of people accused but never convicted of a crime does happen, and has for a long time.
Criminal justice reform is unlikely to happen because people see this as soft on crime, they just want to punish someone there is little political incentive to work on making sure they get the right person.
Plus when there is a wrongful conviction, they just blame the defendants lawyer.
Re:it's the nature of these tools (Score:5, Insightful)
This is easy to break down. It's all about one thing - the next election. Perception is huge, and instead of governing for the common good, people govern for the incumbant good.
Take knives for example. Giant chef knives have the perception of being used to cook yummy food. Crazy blade shape dragon jewel encrusted lock blade half-the-size-of-chef-knives type knives carry the perception of being used only to harm others.
So lawmaker X decides to latch on to that perception and propose a bill that outlaws the greater of the two perceived evils and then brag about how he is a champion of the people come next election cycle.
This is one thing term limits are meant to stay off... to whatever effectiveness. Point is, outlawing "hacking" tools like this is simply a grab for the spotlight. Who cares if the details are ironed out. See, the likelyhood is it won't make it out of committe, but come election time, Mr. X can say "I proposed a bill that would have made it safer to surf the internet, but my opponent Mr. Y (a former network admin, but we won't mention that) STOOD AGAINST this potentially LIFE SAVING measure!!"
Politics, pure and simple.
Re:it's the nature of these tools (Score:5, Insightful)
Re:Doesn't make sense... (Score:3, Insightful)
The express purpose of guns, with the exception of hunting rifles, is to shoot people. (Hint: you don't use handguns or automatic weapons to hunt deer.) Many people buy these guns for their ability to shoot people, even if they *never* intend to use it in that capacity.
Now suppose there was a magical way to prevent guns from shooting people. I predict that the NRA would, for the most part, lose interest in guns. And demand for them in general would drop off sharply as all the "self-defense", or "home invasion/tresspassing", or "deterrent/security" arguments go out the window if the gun can't shoot at people.
However, if the same magical system could be applied to hammers preventing them from being used for bashing heads the market for hammers would be completely unaffected.
Now, don't get me wrong, I'm *not* suggesting we should ban guns. But I am saying its wrong to equate the gun controversy with a similiar view on hammers or perl.
Its a false comparison. Most guns have no other purpose. Even people who simply collect guns would likely find themselves uninterested in collecting guns that couldn't be used to shoot people. On some level they just wouldn't be guns anymore.
Unless I'm mistaken... (Score:3, Insightful)
...in both Britain and the US, laws phrased the way this is are usually construed such that, in order to commit an offense, the person making, distributing, etc., an article would have to have the intent or belief that that particular instance would or was likely to be used for criminal purposes. It wouldn't outlaw, e.g., making a software tool with the belief (or even near-certain statistical knowledge) that, among all the users, some number of them would use it illegally.
That's not to say its not still overly broad, unnecessary, chilling, etc., even so, but the idea that it amounts, if enforced across the board, to a ban on Perl on the basis that the creator knows that someone, somewhere is likely to end up using them illegally is probably greatly overstated. At least, as I understand things.
Re:Doesn't make sense... (Score:1, Insightful)
indeed it is...and why do you think we have an ammendment that allows us to bear arms? hint it wasn't just so we could hunt deer. it was at least in part so we could overthrow our own govt if we had to. and even a few of founders of our govt thought that it important that we overthrow our govt if it no longer speaks for the people.
Seems to me... (Score:3, Insightful)
Re:Doesn't make sense... (Score:3, Insightful)
There are three incorrect assumptions here:
1) Historically, all guns were developed as a result of warfare. Most of the long range hunting rifles owe some of their development to military history. Guns were a followup development of previous projectile launching weapons used in war, when gun powder was made available. It probably wasn't too long after that some rich king or general decided that he could use it for the hunt too.
2) Guns are used often in sport --- handguns too! There are many people in countries where using a gun for self defense is banned. However, they still pay for their weapons and store them at a club, just so they can punch holes in paper targets. This is trully endless fun.
3) Handguns are often used in big game hunts as a back up weapon of choice, in case the hunter becomes the hunted. There are thousands of stories printed, and probably many more that are not, about people who had to use a 357 magnum or 44 Magnum to bring down a charging bear or boar, that they had intended to kill with a long gun, but somehow ended up on the receiving end of an attack.
Additionally, if guns could be made to magically not shoot people, I'd still love my guns. Too much fun on the range otherwise...
For self defense, I'd simply move to long bladed weapons (which are much more deadly in close combat). Oh wait, they are attempting to outlaw those in England too
TurboD
Re:it's the nature of these tools (Score:2, Insightful)
Re:Doesn't make sense... (Score:3, Insightful)
Maybe not evil, but overly dangerous. I bet most NRA members would agree that owning a tank, bunker-buster or bazooka should be illegal. How about ricin? They're all 'tools', but put to the wrong use (hard to use some of them any other way), their effects on society are too nasty to allow general ownership.
Having established that, we've established that there's no absolute "all tools are OK" rule, it's a matter of drawing the line. So I guess my question would be, why do most of you gun supporters draw the line at guns, and not bazookas, missiles, tanks, stealth bombers, etc.?
Perl bug report (Score:4, Insightful)
See, Perl isn't hard to debug at all!
Re:it's the nature of these tools (Score:4, Insightful)
Disclaimer: IANAL
Re:Doesn't make sense... (Score:3, Insightful)
Great. I am very impressed with your shock. I am amazed by your shock. Oh wait a minute you are shocked at a straw man never mind. Did anybody say it was OK? Besides you I mean.
"If someone breaks into my house the big question is does my roommate detain or kill them with his
Of course you can kill them but what happens once your hard on goes away? You have just shot somebody for the crime of trying to steal your TV. If you were not home they might get a misdemenor or a maybe a light jail sentence but you took it upon yourself to give this guy the death sentence without even a jury or a trial. I guess some living human beings life is worth less to you then your TV. I guess you would rather snuff out somebody then to try and get your TV back by reporting the crime and talking to your insurance company or the police.
I get the feeling that the argument I just laid out doesn't really wash with you. I get the feeling that you are not capable of understanding other peoples pain. To you a human life is worth a TV. Take my TV, I kill you, we are even!.
All I can hope for is that you do actually kill somebody. Then you will find out that it's not so simple as "he was in my house so I shot him". You see it's not really legal to kill people who are in your house. there will be a trial, you will most likely end up in jail with the rest of the murders. At best you will be sued civilly and lose all your pocessions not just your TV.
Re:Doesn't make sense... (Score:2, Insightful)
Good or evil is in the heart of the wielder.
Re:This is great news for India! (Score:3, Insightful)
I see this as a situation where the governments in places like India let the people have a little freedom for a while to get the economy going, and then fall back into government control
This may be what is currently happening in the US as well. The gov't granted more freedom in the 60's and 70's (civil rights, women's rights, etc.) to keep America's economic dominance going in the post-WWII boom. Does the fact that the gov't is beginning to restrict freedoms again (PATRIOT ACT, SOX, NSA wiretapping) have a correlation with America's waning economic dominance (BRIC [wikipedia.org])?
Actually, it's at once simpler and more complex than that. As population densities increase, there is not a linear increase in policing abilities and resources available to keep order among an increasingly dense population.
Detection of crime or other socially unacceptable or harmful behavior increases almost exponentially in difficulty, as does finding individual wrongdoers in a dense population.
So, as population densities grow, governments find themselves increasingly outnumbered by their own citizens, as regarding the amount of resources and human beings required to maintain any sort of order and what is practical to apply without that in itself sucking away so much manpower and resources that the society becomes unsustainable.
In the past, these pressures had a "relief valve" of unsettled lands to which populations could spread, and thus avoid having these situations reaching levels threatening continued viability.
This "relief valve" is coming to an end as the planets' reasonably-sustainable areas have mostly all been claimed and/or settled by this point in our history.
We as a species are in increasingly dire need for new areas in which to expand. Let us hope that colonization of places off-planet becomes a reality in time, before a world police state becomes reality, or at least before we as a species kill ourselves off...either by conflict and war, or simply choke on our own waste.
Cheers!
Strat
it happened once (Score:2, Insightful)
And yes, that's INSANE!
Whatever you say - 150-200 years ago people were as used to having a gun or being able to shoot their own bottles as we are to being able run perl or test an exploit on our own machines. Arguable the former was even more common!
Re:it's the nature of these tools (Score:3, Insightful)
Let's take another case. This one is also real. Back in the 90s, I was involved with a project called NASM [sourceforge.net], a free assembler for Intel processors. Back in the early days, we had a rather nasty bug in the preprocessor that caused it to segfault if you tried to use a certain feature in a certain way (I forget the details, but it was hard to work around if you wanted that feature). The bug was reported, and we fixed it. However, it was clear from the way that it was reported that the reporter wanted it fixed because he needed that particular feature for a toolkit for virus writers.
So: do we fix the bug, and release software that is "adapt[ed]
Well, we sat on it for a while. But in the end, there were other users who needed that bug fixed. So the virus writers got their toolkit.
But if this law had been in place then, we'd have had to seriously consider whether we were committing a criminal offence that could earn us 2 years inside. And by my interpretation, we would have been.