EU Ministers Seek To Ban Creation of Hacking Tools 248
alphadogg writes "Justice Ministers across Europe want to make the creation of 'hacking tools' a criminal offense, but critics have hit back at the plans, saying that they are unworkable. Ministers from all 27 countries of the European Union met on June 9 to discuss European Commission proposals for a directive on attacks against information systems. But in addition to approving the Commission's text, the ministers extended the draft to include 'the production and making available of tools for committing offenses.' This is problematic, as much legal and legitimate software could be put to criminal use by hackers. The draft mentions 'malicious software designed to create botnets or unrightfully obtained computer passwords,' but goes no further in attempting to clarify what 'tools' might be subject to criminal sanctions."
text editors, compilers (Score:2, Insightful)
They mean text editors (as opposed to word processors), compilers, interpreters, etc. Pretty much anything with a command line.
Don't worry... (Score:5, Insightful)
They'd never abuse this law by using it against people using legitimate software for legitimate purposes.
Wow, what a great way to hurt security (Score:2, Insightful)
Not a professional security researcher (as narrowly defined by law?) You're not allowed to possess or create tools that help find security vulnerabilities. That means you, Joe Blow who writes webapps -- you can't run attacks against your own server because the tools are illegal, and you can't build your own tools either. I guess you'll have to release that software untested in certain ways, then hope the black hats decide to follow the same laws as you.
Pointless and harmful (Score:5, Insightful)
"Hacking Tools" (Score:5, Insightful)
They mean "hacking tools" like tor and pgp/gpg, right? Of course, first they'll come for metasploit, then nmap, then... but we all know what the end game is.
In other words... (Score:5, Insightful)
"Let's ensure that only those willing to break the law will have access to these tools."
Re:Script kiddies suppliers (Score:5, Insightful)
That's maybe what they have in mind, unfortunately that's not what they have in the law proposal.
That's the problem here, politicians try to make a law concerning something they don't even have the foggiest clue about. They imagine some CSI-esque "click here for big kaboom" Flashgame interface, but the law they propose would hit a lot of tools used to actually secure networks. The problem here is that the same tools that tell me whether I'm secure (from nmap to wireshark) are also the tools used to compromise that security. Making the tool illegal and not the use is a slippery slope at best.
"If you outlaw X, only criminals will have X" has rarely been more apt than this time. Because if I'm out to break a much more serious law, why'd I bother to worry about illegal possession of the tool? If I planned to rob a bank, would I care about illegal possession of firearms? If I wanted to hack the European Central Bank, would I worry about the slap on the wrist I'd get if I was found in the possession of nmap? If I want to secure my network, I certainly WILL worry about that slap, because my job as CISO hangs on my police record being spotless.