Government attacked on hacker laws

 

Gallery

By Stuart Turton

Posted on 3 Jan 2008 at 09:28

The UK government has published its guidelines on the application of its proposed "anti-hacker" laws, drawing criticism from some sectors.

Under amendments to the existing Computer Misuse Act it will become illegal to create or distribute "hacking tools", however, industry analysts have criticised the government's vague definition of what constitutes a hacking-tool.

"The actual wording of the offence says 'supply or offer to supply, believing that it is likely to be used to commit, or to assist in the commission of [a Computer Misuse Act s1/s3 offence]' and so we need to know what 'believing that it is likely' might mean," says Richard Clayton on his blog, a security researcher at Cambridge University.

Clayton notes that many of these tools are used perfectly legally by system's administrators to test network security or perform stress checks.

The Crown Prosecution Service guidance suggests that prosecutors must consider whether the tool is "available on a wide-scale commercial basis and sold through legitimate channels". However, one critic on Clayton's blog describes this as "mindbogglingly stupid", given the widespread use of open-source software to develop perfectly legitimate tools.

This is not the first time critics have warned that new legislation could harm innocent developers. The Earl of Northesk's success in inserting a clause into the 2006 Police and Justice Bill making Denial of Service attacks illegal, was marred by a separate clause that made it illegal to distribute any program that's 'likely to be used' for a DoS, leading to fears that innocent developers could end up behind bars.

Northesk described the second clause as "pure idiocy" and "absolute madness", but his attempts to have it removed have failed.

The new legislation is expected to come into force in May.