Slashdot Log In
UK Law May Criminalize IT Pros
Posted by
Zonk
on Fri May 19, 2006 02:39 PM
from the just-doing-my-job dept.
from the just-doing-my-job dept.
An anonymous reader writes "More worrying news from the UK. This time, a bill meant to fight cybercrime may make it illegal to use or make available network security tools available, just because they could be used by hackers." From the article: "Clayton cited the Perl scripting language, created by Larry Wall in 1987, as an example of a useful technology that could fall foul of the law. 'Perl is almost universally used on a daily basis to permit the Internet to function,' said Clayton. 'I doubt if there is a sysadmin on the planet who hasn't written a Perl program at some time or another. Equally, almost every hacker who commits an offense under section 1 or section 3 of the CMA will use Perl as part of their toolkit. Unless Larry is especially stupid, and there is very little evidence for that, he will form the opinion that hackers are likely to use his Perl system. Locking Larry up is surely not desirable.'" A note that this is equally confusing but separate from yesterday's story about the UK government wanting private encryption keys.
Related Stories
[+]
UK Government Wants Private Encryption Keys 822 comments
An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Do I see a pattern? (Score:5, Funny)
From the country that criminalized privacy [slashdot.org]:
I also heard that something called TPC or TCP is widely used by hax0rs to pwn remote servers. Wait till the UK Government can get their hands on it...
No shit. (Score:4, Insightful)
I guess a written constitution does have some utility.
Parent
Re:Do I see a pattern? (Score:3, Insightful)
Re:Do I see a pattern? (Score:5, Funny)
>
>Let's convict Perl users.
First they came for the COBOL programmers, and I was silent,
Because ADD KEYSTROKES TO SYNTAX GIVING OBFUSCATION was always lame.
They they came for the BASIC programmers, and I was silent,
Because I considered GOTO harmful,
Then they came for the C++ programmers, and I was silent,
Because I could still write FORTRAN in any language,
Then they came for the Perl programmers, and now the only way I can win an obfuscated programming contest is to write it in APL.
(First they ignore you, then they fight you, then they mock you, then they come for the Brainf*ck programmers and their heads explode.)
Parent
it's the nature of these tools (Score:5, Insightful)
Just as these tools are useful diagnostic tools they are also handy tools for commiting crimes as described under this proposed law. That's the nature of networks and tools to manage them. To deem these tools and availability of such a crime because they could be used to commit a crime is insane.
This is akin to the recent proposal that all encryption key owners make their keys available to law enforcement. The expected eventual end result will be cautious users relinquishing valuable resources with criminals holding the trump card. This too is insane.
So, when an administrator gets the call to investigate what appears to be suspicious behavior, where do they go to troubleshoot the problem? Heck, peel away all the layers of this onion and it wouldn't be surprising to find hackers are behind this... get the government to suspend priveleges using FUD, and run rampant over the network infrastructure.
There is a hint of sanity from the article:
I only hope the government will listen to that reasoning.
Re:it's the nature of these tools (Score:3, Insightful)
You obviously have not had any experience of the UK government. "Listening" and "reason" are not concepts governments in general are familiar with, and especially not the present UK government.
Re:it's the nature of these tools (Score:4, Funny)
Parent
Re:it's the nature of these tools (Score:3, Interesting)
That's not to say, certain items should never be outlawed (nuclear/radioactive material), but with a proposed banning the legitimate uses have to be considered along with the illegitimate uses -- would a ban be more effective than simply punishing the specific people who harm
Re:it's the nature of these tools (Score:5, Insightful)
This is easy to break down. It's all about one thing - the next election. Perception is huge, and instead of governing for the common good, people govern for the incumbant good.
Take knives for example. Giant chef knives have the perception of being used to cook yummy food. Crazy blade shape dragon jewel encrusted lock blade half-the-size-of-chef-knives type knives carry the perception of being used only to harm others.
So lawmaker X decides to latch on to that perception and propose a bill that outlaws the greater of the two perceived evils and then brag about how he is a champion of the people come next election cycle.
This is one thing term limits are meant to stay off... to whatever effectiveness. Point is, outlawing "hacking" tools like this is simply a grab for the spotlight. Who cares if the details are ironed out. See, the likelyhood is it won't make it out of committe, but come election time, Mr. X can say "I proposed a bill that would have made it safer to surf the internet, but my opponent Mr. Y (a former network admin, but we won't mention that) STOOD AGAINST this potentially LIFE SAVING measure!!"
Politics, pure and simple.
Parent
Re:it's the nature of these tools (Score:5, Funny)
Parent
Re:it's the nature of these tools (Score:5, Insightful)
If you replace the software with guns, you will begin to understand the position of those who want the right to bear arms (modifications have been made).
Can guns kill people? Sure they can, but so can many other things that the typical person owns (knives, drills, cars). Guns are also tools, and used well they can be of great help. Many families in my area (Montana) rely upon guns for hunting to support their families (cheap meat). Unfortunately, hunting rifles fall into the category of a "sniper rifle" which comes under attack as an unnecessary weapon. And do not underestimate the value of having a weapon for self defense.
Parent
Re:it's the nature of these tools (Score:5, Interesting)
Parent
Re:it's the nature of these tools (Score:5, Insightful)
Parent
Re:it's the nature of these tools (Score:5, Informative)
"A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article --
(a) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3 [of the Computer Misuse Act]; or
(b) believing that it is likely to be so used."
This is a common-sense sense law which recognises software for what it is: a tool. It looks almost identical to the law which applies to other tools capable of being used to commit offences, i.e. knifes, hammers, axes, pieces of wood etc.. You don't see the police arresting people who use these, unless they use them to commit (or attempt to commit) a crime, so why would they suddenly arrest anyone who writes a pearl script?
I think it is good to see a government finally recognising software like the useful tool it is, but one which (like most tools) can be intentially misused to cause harm.
Parent
Re:it's the nature of these tools (Score:3, Informative)
Re:it's the nature of these tools (Score:4, Insightful)
Disclaimer: IANAL
Parent
Re:it's the nature of these tools (Score:3, Insightful)
Let's take another case. This one is also real. Back in the 90s, I was involved with a project called NASM [sourceforge.net], a free assembler for Intel processors. Back in the early day
Using Perl Should Be A Crime (Score:5, Funny)
Re:Using Perl Should Be A Crime (Score:5, Funny)
Seriously, who can't tell at a glance what this does just isn't paying attention:
#!/usr/bin/perl
+
@A=
(25,0
);@B=(0
;@C=( 49,24
);@X=($")x(40
+9) ;@_
=(@X, $/)x(
25);$_[ $A[1*1]
*50 +$A [0] ]=q
/./;+ $_[$B [1*1] *1*50
+$B[0]]=qq/./;$_[$C[1]*50
+$C [0]
]="." ;@X=(
$C[0*0] ,$C [1]
);1 *1* 1*1 *1;
while (394> (join $",@_
)=~y/.//){do{ $R=3*rand;@X=
((( int (($ {(A
])/2+.5 )),int( (${(A,B ,C)[$R]
}[1 *1] +$X [1] )/2 +.5 +0) ))}
while $_[$Z =$X[1 ]*50+ $X[0] +0]=~
]=".";+system$^O=~/[wW]in/?"cls":"clear";p
Parent
Perl bug report (Score:4, Insightful)
See, Perl isn't hard to debug at all!
Parent
Well then... (Score:5, Insightful)
Re:Well then... (Score:4, Funny)
Hey Senor Bob, Let's robbo el banko!
Parent
Want to reduce crime? (Score:3, Insightful)
This is great news for India! (Score:5, Insightful)
A strong economy, and the higher quality of life it may bring, depends heavily on innovation and progress. That is clearly being hindered by those who support such legislation. Companies won't be able to take advantage of the productivity gains one gets from using the technology that may be restricted.
In the end, it comes down to a matter of freedom. Those nations who are now free to innovate will do so, and will eventually prosper. Those who seek restrictive legislation over free innovation will see their wealth and standard of living decline rapidly.
Re:This is great news for India! (Score:3, Insightful)
I see this as a situation where the governments in places like India let the people have a little freedom for a while to get the economy going, and then fall back into government control
This may be what is currently happening in the US as well. The gov't granted more freedom in the 60's and 70's (civil rights, women's rights, etc.) to keep America's economic dominance going in the post-WWII boom. Does the fact that the gov't is beginning to restrict freedoms again (PATRIOT ACT, SOX, NSA wiretapping) have a
Doesn't make sense... (Score:5, Insightful)
Person 1: Hi, I make hammers, would you like to buy one? You can use them to "hammer" nails into things, really quite nice for building houses and such.
Person 2: Wow, this is nice. I'll take one!
Law: Woah woah woah! Hold on right here... This "hammer" you got here... yeah well that can be used to bash someone in the head, so... it's now illegal, you'll have to come with me now. That's right, hands behind your back.
I've never understood the idea that because a tool can be used to commit a crime, that it inherantly makes the tool evil.
Re:Doesn't make sense... (Score:3, Insightful)
Welcome, fellow NRA member.
Re:Doesn't make sense... (Score:3, Insightful)
The express purpose of guns, with the exception of hunting rifles, is to shoot people. (Hint: you don't use handguns or automatic weapons to hunt deer.) Many people buy these guns for their ability to shoot people, even if they *never* intend to use it in that capacity.
Now suppose there was a magical way to prevent guns from shooting people. I predict that the NRA would, for the most part, lose interest in guns. And demand for them in general would drop off sharply as all the "sel
Re:Doesn't make sense... (Score:3, Insightful)
There are three incorrect assumptions here:
1) Historically, all guns were developed as a result of warfare. Most of the long range hunting rifles owe some of their development to military history. Guns were a followup development of previous projectile launching weapons used in war, when gun powder was made available. It probably wasn't too long after that some rich king or general decided that he could use it for the hu
Re:Doesn't make sense... (Score:3, Insightful)
Great. I am very impressed with your shock. I am amazed by your shock. Oh wait a minute you are shocked at a straw man never mind. Did anybody say it was OK? Besides you I mean.
"If someone breaks into my house the big question is does my roommate detain or kill them with his
Of course you can kill them but what ha
Re:Doesn't make sense... (Score:3, Insightful)
Maybe not evil, but overly dangerous. I bet most NRA members would agree that owning a tank, bunker-buster or bazooka should be illegal. How about ricin? They're all 'tools', but put to the wrong use (hard to use some of them any other way), their effects on society are too nasty to allow general ownership.
Having established that, we've established that there's no absolute "all tools a
Illegal Tools (Score:3, Insightful)
Shitty Government. (Score:5, Insightful)
This is more sensationalist shit like the story about the RIPA. The law isn't very effective because the police can't force you to hand over keys that are used only to ensure the integrity of messages. This basically means that stuff like SSL, SSH and Zimmerman's Zphone are safe against seizure.
I submitted a story on this but obviously the Slashdot editors care more about exciting headlines than the sober truth. I wrote an essay in 2003 and you can read it here [ckwop.me.uk].
I've not read the act but I can already guess how useless it will be. The short and long of it is that it is very tough indeed to prove beyond reasonable doubt that someone that you put the software there. Believe me I know, I was a witness in a Child Porn case. The defence won because when we found the content we didn't follow CPS guidelines in the data recovery method.
Even worse, a hackers machine can look very much like a hacked machine. Hackers, after all, use one machine to get to the next. How are you going to prove they aren't the innocent bystander - BEYOND REASONABLE DOUBT.
Yet more time wasted by an incompetent government that can't even deport convicted foreign criminals.
Simon.
Make computers illegal! (Score:5, Insightful)
Re:Make computers illegal! (Score:3, Funny)
It's easier to fight the tool than the person (Score:5, Insightful)
Re:It's easier to fight the tool than the person (Score:3, Insightful)
You're right, it's the current "politically correct" culture we live in. You don't want to be judgmental, you don't want to "discriminate", don't want to hurt anyone's feelings you know.
Sorry, but I'll call a spade a spade. If you're a jerk, then you are, and trying to shift blame onto your childhood/current circumstances doesn't fly with me. You had a choice. You made a bad decision. Tough cookies. Grow up and be responsible.
Bans Nmap Too (Score:5, Insightful)
TFA also states that "People who distribute networking vulnerability scanning tools such as Nmap or Nessus could also be caught up in part (b), Clayton warned.". A quick reading of section 41 [parliament.uk] seems to bear that out. As author and maintainer of the Nmap Security Scanner [insecure.org], I am more than a little concerned.
I'm certainly not going to let anything as silly as some U.K. law stop me from distributing Nmap, but I also don't want to become like Dmitry Skylarov [wikipedia.org] the next time I give a presentation in England. And even if (as I would expect) the rest of the world ignores this, it could have a chilling effect on important security tools and research from U.K. citizens. Think of all the good research and tools that David Litchfield from London (NGS Software [ngssoftware.com]) has brought us. And my London friend Hoobie brought us the free Brutus password cracker [hoobie.net], which appears to be prohibited by this bill.
The good news is that this is just a proposal. So I would join the chorus in urging our British friends to make their voice heard against this silly bill.
-Fyodor
Insecure.Org [insecure.org]
Re:Bans Nmap Too (Score:3, Insightful)
I think that was the plan...but the really stupid thing and obvious thing that people seem to be missing is that tools like nmap, nessus and ethereal serve legimate and necessary purposes.
I have no idea how
Re:Bans Nmap Too (Score:5, Informative)
It was passed by the House of Commons earlier this month, and will be considered by the House Of Lords over the next couple of months
Once again we must rely on the Lords to stop the knee-jerk stupidity of the Commons foisting more draconian laws upon us. Let's hope they continue to do their job.
Parent
criminalizing possession (Score:4, Insightful)
Criminalizing the mere possession of something just because it could potentially be used in a crime is pretty stupid. Until you do something that actually harms someone, where's the crime? "Innocent until proven guilty" remember? Just because someone has means, and could find opportunity, doesn't mean he has motive to commit a crime. Don't you need all three? Mens rea, anyone? All these sorts of laws do is make criminals out of normal, honest, otherwise-law-abiding people.
Until you stab someone, your knife is just a useful cutting tool. Until you shoot someone, your gun is just a useful self-defense and hunting tool. Until you crack something, your network analysis software is just another tool. There is nothing inherently bad/evil about them. Merely possessing them does not twist a normal person into a psychopathic criminal.
Anyone else think we'd have better lawmakers if we plucked some names at random from the phone book?
"Innocent until proven guilty" (Score:3, Insightful)
They found it was inconvenient to prove someone did something before punishing them.
Much easier to simply accuse and punish, how else can they prosecute thought crime.
Seizure and liquidation of the property of people accused but never convicted of a crime does happen, and has for a long time.
Criminal justice reform is unlikely to happen because people see this as soft on crime, they just want to punish someone there is little political incentive to work on maki
What is going on in the UK?! (Score:3, Interesting)
With our two-party political system, both parties have to pander to their base, which, to simplify a lot, is socialists for the Democrats and facists for the Republicans. Now that the republicans are in ascendancy, I'm not surprised that corporate power is going unchecked, and those who don't believe in government are unable to govern competently. After 9/11 burst our bubble that oceans would protect us from what's going on in the rest of the world, and the fact that we're waging a 'war on terror' that will never end, I'm not surprised that people would become fanatical and fall in line behind a militaristic administration.
However, what the hell is going on in Great Britain that gives political cover for this radical infringement into the rights and privacy of the people? Didn't the U.K. defeat Facism that threatened to overrun the country? Hasn't the UK been fighting terrorism from Ireland relatively sanely for decades? Doesn't the parliamentary system give *some* power to other policital groups which are somewhat left-leaning?
Re:What is going on in the UK?! (Score:5, Interesting)
Since coming to power, he's increasingly become a control freak.
He's emasculated the house of lords, under cover of "reform", while seemingly trying to block the option (favoured by many MPs) of a largely-elected house of lords (because a largely-elected second chamber would be a legitimate "check and balance" on his authority, as compared to a set of nominated place-men). (See for example here [guardian.co.uk]).
He's also marginalised parliament - his government carries out the minimum of "debate" there now, merely using it as the place to anounce previously-decided policies. There was a big fuss recently, little reported, about the government trying to pass a law allowing them to change legislation at will, without any debate at all, under cover of "reducing red tape" (see here [timesonline.co.uk].
Even within the cabinet, he seems to fire anyone who seems remotely a threat or who disagrees with him in any way (with the exception of Gordon Brown, the chancellor (and probably the next Labour leader), who is powerful enough to be left alone).
Since he's been prime minister, there have been dozens of crime bills, making hundreds of new criminal offences (e.g. see here [telegraph.co.uk].
He's increasingly making noises about the criminal justice system being "out of touch" (i.e. not automatically just doing what he says), in a seeming bid to further curtail their powers. For what he's already achieved, see, for example, here [telegraph.co.uk].
He himself is becoming increasingly irrational and out-of-touch to the extent where his party are starting to think of him as a liability, let alone what the country now thinks of him. The more out of touch he gets, the determined to get his own way he becomes. He's done a lot or damage to this country's constitutional processes, a lot of damage to its reputation (via Iraq), and the sooner he goes, the better.
Parent
from the UK (Score:4, Interesting)
Post 911 the talk of terrorism never went away. And then 7/7 came along and the paranoia and suspicion just went sky-high. Now we too lived in a country where any change of law could be carried off with the mere mention of the T-word. (Either that or the other one, the P-word, the Glitter-crime). This year Blair has is own little version of the Patriot act coming into force, one where he can issue laws without recourse to Parliament as long as they don't include tax increases or a prison penalty greater than 24 months.
Electronic sniffers are be trialed on a few parts of the underground smelling for explosive traces and there is a scheme in planning for a countrywide network of number plate recognition cameras recording all vehicles on a gigantic DB. Most London Transport users use RFID (oyster) in replacement for the old tickets and all this data is recorded. We will have RFID national ID soon at a cost of around £90 per person, compulsory. I could go on but here's a link or two to go on with.
http://www.no2id.net/ [no2id.net]
http://www.indymedia.org.uk/en/ [indymedia.org.uk]
So, as Orwell (real name: Eric Blair) predicted, we really are heading for a BB state. It's obvious that the UK is the USs puppy dog and we are in the 'endless' war just as long as you are. Really the UK is just another state of the USA. Maybe even quite a powerful and important one at that.
There is a saying in England "Watch America that's what here will be like in 10 years time" - now it seems we've just about caught up or even exceeded what's going on in the US.
Parent
Unless I'm mistaken... (Score:3, Insightful)
...in both Britain and the US, laws phrased the way this is are usually construed such that, in order to commit an offense, the person making, distributing, etc., an article would have to have the intent or belief that that particular instance would or was likely to be used for criminal purposes. It wouldn't outlaw, e.g., making a software tool with the belief (or even near-certain statistical knowledge) that, among all the users, some number of them would use it illegally.
That's not to say its not still overly broad, unnecessary, chilling, etc., even so, but the idea that it amounts, if enforced across the board, to a ban on Perl on the basis that the creator knows that someone, somewhere is likely to end up using them illegally is probably greatly overstated. At least, as I understand things.
Seems to me... (Score:3, Insightful)
Re:Bits are TEH EVAL! (Score:3, Funny)
I say we just outlaw those hideously dangerous 1's, and let us keep the safe, agreeable, non-pointy 0's.
Re:Bits are TEH EVAL! (Score:3, Funny)
Won't someone PLEASE think of the CHILDREN????!!??
Re:Compilers and Debuggers? (Score:4, Interesting)
Parent