Slashdot Log In
'Hacking' To Be Declared Illegal
Posted by
CmdrTaco
on Wed Oct 25, 2000 08:53 AM
from the heard-this-one-before dept.
from the heard-this-one-before dept.
sowalsky writes sent us an MSNBC story that talks about hacking being declared illegal. Talks about the difference between hacking and cracking,
but more importantly, how the Draft Cybercrime Treaty would make things like BugTraq illegal, as publishing exploits would be aiding and abetting.
This discussion has been archived.
No new comments can be posted.
'Hacking' to be Declared Illegal
|
Log In/Create an Account
| Top
| 495 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
This is total and complete bullshit. (Score:3)
Further, remember that Full Disclosure lists like BugTraq keep vendors honest. These lists force vendors not only to admit their bugs, but also pressures them to release fixes quickly and not sweep problems under the rug.
- Jay Beale, Lead Developer, Bastille Linux
Don't forget... (Score:3)
Nevermind that the "War on Drugs" is the most blatent constitutional violation that ever existed. What I put into my own body is my own goddamn choice, thank you.
And you thought you lived in a free country.
Please, vote Libertarian [lp.org] and put an end to this madness.
Crime pervention is what keeps out the bad guys (Score:3)
Because it has more bugs? No. Because it is closed source? Noooooo. Because Microsoft owns it? Of course not.
Because Unix is much more manageable than Windows. That is what it makes Unix more secure. Even Linux has some ENORMOUS bugs on what concerns security. But here the reaction time is tremendously more faster than Windows. Even in times when Solaris was purely closed source, people managed to react more rapidly to any security threat.
Windows possesses a dumb interface that pretends to be "complete". However tons of backdoors/bugs are concealed inside this interface. You can't reach them in most cases because Windows interface is too restricted to allow control of many inner systems. So if one breaks in you can only face the fact.
Sincerly I was admired for a situation I fell in. When Windows ruled here, 1/3 of our Internet population played only one thing: "Hack Windows!" Because many found a series of backdoors and we couldn't do anything against that. Now, on Linux there was a HOLE that remained for approximately 6 monthes. You know? No one ever noted it. Why this? Because in the first month of Linux Era people got real hassled, as we reacted momentarly to any break. In the end, only 2-3 people out of 700 "crackers" remained. Btw ee don't touch them as we are afraid of the full extinction of this species...
Now most of this work is made 80% on the basis of analysis/studies/implementations of security systems. And this includes scanning & testing break-ins. Only a 5% are real "healing after the fire". If this law comes up, all this goes into the trashcan...
There's No Such Thing as a "Hacking Tool".... (Score:3)
Re:This is so ridiculous. (Score:3)
My suspicion is that any politician who clearly states that the state cannot usually protect you -- there are always people who will not be deterred -- but can often only help clean up the mess afterwards, is going to lose a LOT of votes.
Never mind that, if memory serves, courts have ruled that you are not entitled to the expectation of comprehensive police protection; you cannot sue the police for failing to proactively protect you.
After alleged Crisis X, the question posed by reporters / worrying parents / etc is usually something like, "What will you do to make sure that Crisis X never happens again?". The clause "...while preserving our individual rights" generally doesn't come into play. We've seen it again and again -- after Columbine, the OK City bombing, and so forth.
Oh god. (Score:3)
You can compare an exploit to a fully-loaded weapon.
No you can not. A loaded gun will kill someone. Death, ends existance, heart discontinues to function. An exploit is used by script kiddies to change a webpage, piss off an admin.
This article pisses me off, it supports security through obscurity and that idea is horrible. Ugh. If I continue ranting anymore this will be -1 flamebait.
A posible suggestion. (Score:3)
I came up with the statement listed below. Let me know what you think.
Sirs and Ladies,
I have read much of your proposal and found that while it takes into account many things that should be done to aid in the arrest of parties engaged in illegal access and destruction of computer data, it does not mention or protect the need for corporations and individuals to attempt to access data on their own computer systems so as to determine their systems vulnerability to attack.
There is concern that normal security checking software and knowledge of common or popular systems used to defeat security would be made illegal by the provisions of your treaty. I and many others feel that only with thorough knowledge of the weaknesses and strengths of any computer or system of computers, can those computers or systems of computers be made more secure. If provisions of your treaty make the use of security checking software legally questionable then only those with illegal intent will use such software.
I ask that you make provisions within your treaty for the use of security checking software by individuals and corporations. I would ask that you make clear that it is the intent to do damage or cause harm that is illegal, not the means by which that harm is caused.
Sincerely,
David P. Zimmerman Bachelor Of Electronics Engineering Technology
Letter from the Commisar of Security (Score:3)
As the officer in charge of enforcing the new anti-hacking laws it is my duty to inform you that you are in violation of the law. No action will be taken at this time as we are trying to be nice and allow people an adjustment period. This note is part of that adjustment process. In the future you will have no warning.
To wit: you have been observed walking around your house seeking open windows and doors. Such activity can now only be legally done by a trained and licenced professional. Seeking possible illicit entry points into an abode is an obviously nefarious activity and will be prosecuted vigorously.
It has also come to our atttention that you possess not one, but several criminal devices known to the criminal world as "keys." Such devices whose only function is to circumvent high security mechanisms are blatently evidence of criminal intent and their possession * will not be tolerated.*
In the future you may call upon you local licenced security professional for dealing with such devices. Simply show your security access papers and proof of ownership of the security device and the dwelling to which they are attached, provide said security professional with fingerprints, and for a nominal fee he will " unlock" your security device.
Please be warned that we will be making followup calls on all persons employing such security professionals to make sure that everything remains on the up and up.
We appreciate your cooperation in these matters, but we're building a lot more jails just in case.
You have been warned.
Re:Don't forget... (Score:3)
I'd like to think that racism has gone away in this day in age, but considering that fully 11 percent of black males in their 20s and early 30s are incarcerated, its easy to see that it hasn't.
Not to mention that our prisons are so bad a popular movie like Office Space can refer to them as "pound me up the ass" prisons - and no one questions the joke.
The war on drugs has turned this country from a country I was proud to be a citizen of to the most opressive, human-rights-violating nation in the world.
I watch the sea.
I saw it on TV.
Re:Thank goodness! (Score:3)
Hacking illegalized? (Score:3)
Missing the real danger (Score:3)
I am not exaggerating - think like a lawyer - compilers are the number one hacking tool. (And yes Mr. Pedant I know that it is possible to hack with an assembler. I am using 'compiler' in this context to mean any tool which allows a person to program a computer: compilers, assemblers, interpreters etc.) These would all be illegal under the terms of these laws. While licensed professionals i.e. Microsoft employees etc. might be allowed to use these tools under supervision - common folk such as us would be prohibited from even owning them. As a side effect, this will destroy Linux and BSD - what are those without gcc?
Wolfram and Hart style lawyer argument: "After all we license people to drive cars, why not require a license to program a computer."
The hour is growing very late - under the guise of 'protecting the Internet from hackers' governments are about to make it illegal to do anything of value for humanity with free software. When is everybody going to wake up?
Who do you want to control technology: people who understand it, or people who fear it and want to destroy it? We are badly outgunned, and most of us don't even realize we are in a fight for our lives.
We either draw a line in the sand and say NO or we stand to lose everything. It will soon become apparent (to everyone with an IQ above that of a pet turtle) that I have been right about the legal system all along. These people know exactly what they are doing. This is not a mistake, a misunderstanding, or anything else innocent; these laws are deliberate, well thought out and intentionally malicious.
--
The law, 100's of millions of lines of code, not one line of which has ever been tested to see if it works.
If you make knowing about exploits a crime... (Score:3)
Unconstitutional? (Score:3)
But really, couldn't this fall under the right to bear arms? There are many analogies between hacking and firearms, after all, most notably the same tools being involved in both the crime itself and the protection against it.
Is anyone else a little scared at the possibility of 2600 magazine and the NRA agreeing on an issue?
---
okay (Score:3)
Oh well, as soon as some Russian kid breaks in to a corporate site and steals every CC there....errr..
shrug
It is all a smokescreen (Score:3)
The question is what are we going to do about it? Are we going to let this happen? Is this period of real freedom going to sustain, or, like democracy in ancient Greece, just shine brightly for a brief moment and then die out to be (hopefully)reborn in another millenia?
Bugtraq is good (Score:3)
THey'll take my debugger when they (Score:4)
It's very disheartening to read about the cluelessness of these idiots. "Hacking" serves a very useful purpose in the computer world, and from skimming the MSNBC article, it's clear the lawmakers either don't know, or don't care, how horrible this treaty is.
Being in a network security class right now, I can definitely say that, were it not for hacking, in the original sense, very few networks out there would be secure. Reverse engineering protocols, examining the "oh shit"s in them, and publishing the results seem to be the only way to bring to light problems, and hopefully get them fixed. (I'm thinking s/key, securid, Firewall-1, etc here specifically, and know there are others.)
If it suddenly becomes illegal to post new vulnerabilities to mailing lists like BugTraq, if it suddenly becomes illegal to write or possess or use tools like nmap, or SATAN, or even traceroute and ping, will just serve to immediately make criminals out of a large percentage of the computer-literate population.
And let's face it, like any other such law which tries to "protect" law-abiding citizens by making something which can be used for both good and ill illegal, the end result is either creating more victims (in this case, because people won't know about the latest exploits, and be able to lock down their boxes), or creating more criminals (since I doubt, regardless of law, whether or not most people who use these tools, for good or ill, will stop using them).
Not to mention those engaged in illegal cracking activities now have no more incentive than they did before to stop.
I agree that the "massive wave of cybercrime" is likely nothing more than a bunch of script kiddies using well-known exploits to attack web sites and servers that, in all honesty, really should have been secured in the first place. Somehow, this all seems like the electronic equivalent of Columbine, where, because a certain type of tool was used to commit an illegal act, there are now more calls from talking heads and people with their own agendas to advance spouting off how evil these tools are, and how we have to protect the public.
Well, here's a news flash... The tools themselves have no inherent evil. It's only the use the individual users put the tools to that can be judged to be "good" or "evil". A hammer, a kitchen knife, a copy of gdb, or perl...they're all just tools. They sit there until someone takes it upon themselves to use said tools for a particular purpose. Just because someone used a kitchen knife to stab a person to death, or a copy of nmap to discover an idiot left the r* services on, is no reason everyone should be banned from owning kitchen knives or nmap, on the off-chance they themselves will be either perpetrator or victim in the future.
There is some hope, however. If this Draft Cybercrime Treaty is approved, I can only hope it will hasten the acceptance of other tools, such as the remailer networks, onion routing, freenet, etc. Yeah, we'll all probably technically be criminals at that point, but maybe then at least we'll be able to keep out both the script kiddies and the lawmakers, and get on with our lives, knowing at least we will be secure, while the rest of the (digital) world collapses under its own folly.
(can anyone tell me why I need to select "plain old text" to get html tags to work?!)
--
It's pretty pathetic when karma can drop when you do nothing
Re:Politics hard at work (Score:4)
And everytime I hear of a shooting in church, I can't help but think "This could have been prevented if only the killer was not allowed to take a gun into church". I mean, if the Columbine high school was a gun free school, then the killers there wouldn't have been able to take guns in. *sigh*, if only people would see the logic in banning things they do not like we would all be safer.
Finkployd
Did anyone get the license plate of that truck? (Score:4)
It astounds me to watch on a daily basis the right of free speech being taken away.
And of course, all we're going to do is sit and whine about it on Slashdot. I, for one, haven't gotten out and done anything about it, and I would venture to say 99% of the people here haven't either.
And the people passing these laws know this, and we're gonna get screwed.
Re:...quick! Post angrily to Slashdot! (Score:4)
Sirs:
the current draft of the cybercrime treaty is, as you must be well aware by now, greatly objectionable to computer security practitioners. I am writing to suggest a small number of changes which would make the treaty as drafted less objectionable.
I would suggest that Article 6 - 1 be changed to read:
a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5 [with the intent to cause such an offence];
(The last bracketed text is new). This is the only identified offence in the treaty where the prosecution is not required to prove intent, yet it is clearly not the intent of researchers, computer security professionals, and hobbyist computer security experts (such as the author of 'nmap'[1]) to cause such offence.
The inclusion of an exemption where intent does not exist would also enable the contribution of 'patches'[2] to existing 'open source'[3] security software under article 11(b), which would also become illegal under the terms of the draft treaty.
Article 9(b) and (c), as currently drafted, would explicitly prevent the development of software intended to monitor or prevent access to material banned under article 9. Specifically software programs, currently available, intended for use by corporations collecting evidence against employees accessing such material to back up a case for an industrial tribunal, would become illegal[4]. Similarly it would become impossible to develop software that attempts content blocking by image recognition, as use of a 'training' image database would become illegal[5]. Finally, it would make illegal the practice of 'cacheing'[6] internet traffic for performance reasons, in that passively storing temporary copies of such material would also become illegal. Such action would have an immediate deleterious effect on the performance of the internet.
With the exception of cacheing (which deserves specific exemption) it would not be onerous for software developers or corporations to register for exemption under article 9 with national regulatory bodies, such as currently happens in the UK under the Data Protection Act (1998)[7]. Such provision in the treaty would make it possible to produce software intended to help enforce the treaty, without which enforcement will be difficult if not impossible.
Yours,
[Name witheld from Slashdot]
The opinions in this message do not necessarily accurately
reflect those of my employer.
[1] http://www.insecure.org/nmap/
[2] http://earthspace.net/jargon/jargon_31.html#TAG13
[3] http://www.opensource.org/osd.html
[4] for example, http://www.websense.com/internet-filtering.cfm
[5] eg, using work described in http://inst.augie.edu/~swets/ACCV95.html
[6] http://webopedia.internet.com/Hardware/Data_Stora
[7] http://www.hmso.gov.uk/acts/acts1998/19980029.htm
Write to Congress (Score:4)
____________________
To the Honorable Lamar S. Smith:
I am a database consultant in your district. I work at the Air Force Recruiting Service Headquarters at Randolph Air Force Base. My work there brings me in contact with technology and information system security issues on a daily basis.
I recently read an article about the Council of Europe's Draft Cybercrime treaty that frankly scared me. The article is available at this URL:
http://www.msnbc.com/news/480734.asp#BODY
Let me be clear: this treaty would be a disaster that would threaten national security and the health of electronic commerce. The idea of the treaty is dead wrong. "Full disclosure" of computer security flaws is essential for system administrators to protect there own systems and it is also critical to eliminate denial on the part of software vendors and to track the effectiveness of responding to security concerns. It is also a First Amendment right to have open discussion on security flaws.
I believe that the U.S. delegation to this treaty is incompetent and should be recalled before serious damage is done. They obviously have little understanding of what it is that they are regulating.
Re:Did anyone get the license plate of that truck? (Score:4)
I have gone and done something about it. I wrote a letter and sent it to both my Senators. You can as well. I've put the letter up for download here. [ncsu.edu] Sorry about it being a word doc, but I wrote it at work and our network admin is a M$ nut.
Just download it, make a few changes, sign it, and send it to your senators. You can find their addresses here. [senate.gov]
No more excuses. Print it out and send it in today.
Trains stop at a train station. Buses stop at a bus station.
Bye bye "security through obscurity" (Score:4)
If only we can keep everybody uninformed about possible exploits we will have no more unauthorized entrances, no siree!
But wait, soon we will be ready for the next step: "security through stupidity" That's when nobody has the brains to behave in any other manner than our market research indicated. Yes, people it's true!
Actually a recent study by bullshit resarch inc suggested that an average IQ lowered by 20% would benefit our economy. How high IQ do you need to shop and wiew our approved movies anyway? Then some people may upgrade their childrens brains with our groundbreaking brain# (brain-sharp) treatment, giving them the skills neccessary to keep control of the sheep^H^H^H^H^Hpopulation.
As Chartlon Heston might say... (Score:4)
Imaging a world... (Score:4)
I want something like this in... (Score:4)
c) the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of depriving citizens of fair use rights, right to free expression, or other human rights as established by the Universal Declaration of Human Rights.
Re:If you make knowing about exploits a crime... (Score:4)
Laws like this are so rediculous in that they are fuelled by people who think they have their interests in the right place but they don't even begin to realize the situation. Law enforcement is feeling overwhelmed - give me a break, like one of the comments in the article said, no one has ever stolen money from a bank (that we know of) over the net. Maybe they should be worrying about real, tangible criminal activities instead of a bunch of 15 year old script kids up to nothing but mischief. It's all about power in the end I guess, and the authorities that be just can't stand not being at the top of the net ladder.
Thank goodness! (Score:4)
They made drugs illegal a few years back, and it's really helped! You never see drugs, or hear about drugs anymore.
Typical Geek Reactions. (Score:5)
to tell industry and our political figures that we WILL NOT stand for such things, and will fight them
every step of the way!
That's the problem, though. We need to do this and we need to do that, but, when it comes right down to it, how many of us actually get off our fucking asses and do anything? How many people who constantly whine and bitch as their freedoms are slowly usurped from them also support the EFF through donations? How many write (not email, WRITE) their congressman every time a boneheaded bill is introduced? Judging by the outcome of trials and the passage of various and sundry laws in the past few years, I'm willing to bet the number is pretty damned low.
If bitching could really solve problems, slashdot would have ended world hunger by now.
- A.P. (and, yes, I support the EFF. You should too.)
--
* CmdrTaco is an idiot.
Re:Oh god. (Score:5)
No, a loaded gun might kill someone, as will any number of other tools. I'm sure any enterprising individual would be able to find a way to kill someone with the contents of, say, a kitchen. Or a game closet. Or a pencil case. Or their car. Or a thimbleful of water.
This brushes one of the things that really torques me off. A lot of people, whether they realize it or not, ignorantly assume that bullets have some magical property that causes them to instantly kill someone if they're hit with them. (Case in point, UPS guy to the front desk of my apartment complex when delivering a couple cases of ammo: "Whoever that guy is, you sure don't want to piss him off.")
This simply isn't true. Yes, if you're shot, there's a chance you'll die. But unless it's a well-placed shot, it isn't likely. Especially when using non-hollowpoint bullets.
Not to mention, all of my gun-weilding friends are some of the most responsible people I know. They're well aware of the potential for abuse that owning a firearm has, and always practice safe handling techniques, and pass on this knowledge and concern about safety whenever they introduce a new person to how much fun it is to blow away a paper target or go plinking. (You have no idea how satisfying it is to shoot surplus tax forms on Tax Day.) Coincidentally, these very same people are almost all highly skilled technically, and most are concerned with computer security in one way or another, and use knowledge of exploits and "hacking" tools to accomplish their day jobs.
A loaded gun is probably less dangerous than a fueled-up car. And as far as children are concerned, less dangerous than any of: a pool, stairs, household cleaners, bicycles, a busy street.
One of the problems, as I see it, is that there are just too many script kiddies out there who act without thinking. They have no sense of responsibility, so they have no way of realizing the harm their actions cause, or worse, delight in it. This doesn't mean that the rest of us should be prevented from using the same tools for useful purposes. It means we should make the victims less likely to be victims, through empowerment. That means publishing exploits, pressuring vendors to release fixes, and being constantly vigilant against future threats. Sticking our collective heads in the sand and loudly proclaiming there isn't a problem will just make it easier for the more pragmatic, less socially responsible to sneak up on us from behind.
(damn, I didn't think I could pull that back on topic)
--
It's pretty pathetic when karma can drop when you do nothing
It's a treaty folks... (Score:5)
Basically: a treaty is an agreement between nations that amounts to a contract such that if X happens, then Y will occur. For example, one of the provisions of the NATO treaty is that if -any- member state is attacked, then retaliation is expected of all other members (ie: if Russia were to invade Germany, we'd be essentially obligated to wage war on Russia). Treaties can -also- state that each member state will agree to pass laws that will do X,Y,Z. That's what this one appears to be.
A Treaty -is not- a law. However, due to it's nature as a contract, it can seem like it.
A law, on the other hand, is legislation passed by the government of a given state. So, if the US were to sign on to this treaty (which thus far looks like it's primarily a European thing), we would be obligated by treaty to pass laws that meat the treaty's demands. The wonderful thing about the US signing treaties is that a treaty must be ratified by the Senate BEFORE the US will recognize our signature on the document as valid.
IANAL, but this is what I seem to recall.
Theres not actually that much to object about (Score:5)
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;"
Everywhere else in the treaty actions are qualified so that you must also have had the _intent_ to break the law (breaking the law in this case is essentially causing criminal damage).
If that qualification was added to this particular clause the whole thing would be pretty unobjectionable, viz:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5, with the intent of causing such an offence;"
The lawyers would (as usual) have a field day with proving intent, though, but researchers/hobbyists/security specialists would be safe.
new geek prisons (Score:5)
(Associated Press - Alcatraz) Today, in an effort to end the pampered style of geek prison life that so many convicted criminals have been accustomed to, The Rock was reopened for service today.
"Hey, these guys managed to get T3 lines into every cell, and the guard door system was a joke, we think that they managed to hack the system so that it would let the doors open whenever they wanted.", said Red Bull, the head of HACK (H)ackers (A)re (C)riminals (K)ill 'em.
"I wished that we could have continued using the death penalty against these evil terrorists and child pornographers, but the ACLU felt it necessary to defend these scumbags. Something about 'the punishment not fitting the crime' or other such nonsense"
"Look, these felons have it better in prison, hell, their cells are over 4 times as big as a typical cubicle is, and they get in house laundry, THEY DONT EVER HAVE TO WORRY ABOUT DOING LAUNDRY AGAIN, and look this doesnt seem like a big point, but I've been to busts on these evil hackers, and their laundry piles up to huge amounts before they decide to do it. It's inhuman, I tell you.
"I just wanted to make this prison term as much of a punishment as possible, so we are cutting these geeks off of their lifeline, and going back to all old-style technology. No computers, no net access, barely electricity.
Maybe now these felons will get what they deserve.
Ignorance is Strength!
Freedom is slavery!
Peace is War!
Hacking is Evil!
tagline
'yo mama jokes' to be declared illegal (Score:5)
One stunned joker was quoted as saying "No way, dawg! Ain't no way they gonna take away my right to laugh at yo' mama!"
Neither US or European representatives from the summit could be reached for comment.
Please stay tuned for updates to this breaking story.
-----
Read the source (Score:5)
One of the interesting things about this, also, is the fact that it's a treaty. It basically says that all nations who sign/agree to it will create a set of a laws that accomplish the goals laid out in it. The actual laws themselves will be created by the countries affected by it, and those are what are really going to make "hacking", "cracking" or anything else illegal.
...quick! Post angrily to Slashdot! (Score:5)
Do you really, really want to do something about this?
Then take off your asbestos underwear, sit down at your computer, read the actual draft treaty [coe.int] in it's current form, think about exactly why you feel this is a bad idea, write it out, revise it, proofread it, and send it to daj@coe.int for review by the people who are actually working on the treaty itself.
This is the wonder of the Internet, folks. They want your input on this one.
I can assure you, though, that they aren't scanning through Slashdot "this is so fscking typical" posts to get that feedback.
If you care about this issue, save your flames, write out a thoughtful letter, send it to the commission, and post it here for others to read and expand upon. But for crying out loud, do something that actually has some chance of making a difference.