Tightening the rules on “hacking tools”

According to the FT this morning, plans are afoot to tighten the laws around hacking, partly in response to last year’s acquittal of someone charged with an email-based denial-of-service attack.  That loophole has been closed, but more worrying is the clause regarding “hacking tools”.  To quote the FT:

Types of activities that will become illegal under the proposed laws include making or supplying “hacking tools”- computer programmes or code that can help crack passwords or bypass security systems - and will be punishable by up to two years in prison.

The problem here is that one person’s “hacking tool” is another person’s means of doing their entirely legitimate job - for example, packet sniffing tools can be used nefariously to capture data as a prelude to encryption cracking; or they can be an essential diagnostics tool for resolving network problems.

Which when you think about it, is no different to carrying a hammer - I could use it for knocking in nails, or knocking little old ladies over the head.

Which suggests that intent to use the tool for nefarious purposes is a better measure (IANAL, or course) - but then we risk straying into a situation where mere possession of a certain piece of software can be presented as evidence of intent to commit a crime.

But with the current levels of government paranoia about the “terrorist threat”, it seems unlikely that a certain amount of common sense will prevail without some fairly vigorous lobbying.

Comments are closed.