Permission is granted to reprint/use these on the web so long as there is a link to my website.
Bad Amendments to the Computer Misuse Act 1990
Watching a Slow Motion Crash – New UK Law
The thing about a crash is you can see it happening but can’t do a thing about it and just know that the end result is not going to be good. That’s what the amendments to the Computer Misuse Act 1990 contained in the Police and Justice Bill 2005. Part 5, section 34 feels like.
I came across this reading a section written by Vernon Coaker a Home Office Minister in Computer Weekly. Let me quote.
“Like networks, hacking and the use of malware have also expanded and, more worryingly, in recent years we have seen an explosion in the availability of hacking tools and services and their use by organised criminals.
To target them, we are proposing a new offence to criminalise those individuals who make and distribute hacking tools. It is important to stress that the new offence does not affect those that use the tools, but covers those who make or distribute them. ”
What is a Hacking Tool?
Now this sounds great on first reading. These people are really bad, lock em up. But there is a problem. What is a hacking tool? Well this question has already been answered. Remember Daniel Cuthbert? He is (or was) a computer consultant who was convicted of gaining unauthorised access to the Disaster’s Emergency Committee Web site on New Years Eve 2004. He had made a £30 donation to the site and received no response so carried out a couple of tests to check it wasn’t a phishing scam. Supposedly he used Lynx, a text only browser. So there we have it. A browser. He ended up with a £400 fine and £600 costs. That was an expensive donation.
In fact much computer software can be used for hacking. Even windows explorer can access a remote computer using the $C and $admin hidden shares if not protected by a firewall. Or how about telnet or FTP to an unsecured PC?
Why it is Bad Legislation
What is really bad about this proposed legislation is in section 3A “Making, supplying or obtaining articles for use in offence under section 1 or 3 (1) part b which says “intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3”
So if you think it could be used to do naughty things you are guilty. And when a big policeman doesn’t believe you when you said it never occurred to you that your super duper whiz utility could be used in unforeseen ways, well tough luck. This is what makes this law really bad. Intention!
Are you a Bad Person?
And if it’s software that has obviously naughty uses but also equally valid uses, then by writing that you are clearly demonstrating how bad you are and deserve to be locked up. For instance stress testing software, or web-robots could also be used to mount a Denial of service attack. Password recovery tools could be used to break protection.
So if you supply it, i.e. give a copy, put a copy on your website, or write it and have it published by a download site then you are clearly guilty. That’s not a good law. Gun and knife manufacturers aren’t sued if their products are used for their intended purposes, yet software writers face criminal charges because their tools could be misused? Like Microsoft? Yeah right!
What will actually happen?
Nothing. It is legislation written by people who have a mindset that thinks hacking is just a virtual equivalent of locksmiths with picks and pick guns. If you’re not a locksmith and you’re carrying a locksmith’s tool then you are clearly a criminal. So if you are not an IT security professional but you have a hacking tool (like lynx, firefox, a web-robot, windows explorer ) in your possession then obviously you are a criminal.
I'm a Software Writer- What should I do?
Some Ideas.
- Move to another country.
- Upload it to Sourceforge under a different name.
- Become a criminal. There are so many new laws passed in the last 7 years that soon everyone in the UK will be a criminal.
Who originated this legislation? Tom Harris MP. Well done that man. Your intention was good- but…