According to the FT this morning, plans are afoot to tighten the laws around hacking, partly in response to last year’s acquittal of someone charged with an email-based denial-of-service attack. That loophole has been closed, but more worrying is the clause regarding “hacking tools”. To quote the FT:
Types of activities that will become illegal under the proposed laws include making or supplying “hacking tools”- computer programmes or code that can help crack passwords or bypass security systems - and will be punishable by up to two years in prison.
The problem here is that one person’s “hacking tool” is another person’s means of doing their entirely legitimate job - for example, packet sniffing tools can be used nefariously to capture data as a prelude to encryption cracking; or they can be an essential diagnostics tool for resolving network problems.
Which when you think about it, is no different to carrying a hammer - I could use it for knocking in nails, or knocking little old ladies over the head.
Which suggests that intent to use the tool for nefarious purposes is a better measure (IANAL, or course) - but then we risk straying into a situation where mere possession of a certain piece of software can be presented as evidence of intent to commit a crime.
But with the current levels of government paranoia about the “terrorist threat”, it seems unlikely that a certain amount of common sense will prevail without some fairly vigorous lobbying.