EU ministers seek to ban creation of 'hacking tools'

EU ministers seek to ban creation of 'hacking tools'

www.computerworld.com

Ministers from all 27 countries of the European Union met on June 9 to discuss European Commission proposals for a directive on attacks against information systems. But in addition to approving the Commission's text, the ministers extended the draft to include "the production and making available of tools for committing offenses".

(visit the link for the full news article)

IDG News Service - Justice Ministers across Europe want to make the creation of "hacking tools" a criminal offense, but critics have hit back at the plans, saying that they are unworkable.

Now a bunch of political ministers; none of whom I imagine have any clue as to the difference between and SQL-Injection vulnerability and a denial of service attack are making laws...

The laws they propose makes "tools" the object of prohibition, specifically, the "production and making" of said tools.

The industry and community of those versed in networking technology must be all letting out a groan of disbelief as these people exemplify what it means to "not get it."

Software creation is not the same thing as forging the barrel of a gun. But it is with this kind of vagueness that they will encroach on the ability of people to engage in the development of new security tools, protocols, and other creative means to better our virtual infrastructure.

The law is so vague that it even fails to exclude those professionals who test vulnerabilities in systems by contract.

I hope the EU avails themselves of some of the talent in the Union to better explain to them that while it is possible to kill someone with a screwdriver, making them illegal is just ridiculous. Make the offense illegal, not the tool.

www.computerworld.com
(visit the link for the full news article)

Well from the article you sourced it appears that they are already questioning some of the law and are going to seek better definitions of it before they pass it.

So in short they are trying to pass better laws but the one up is questionable so it is going to be reviewed to make it more applicable before they consider it.

I don't see your problem

dmaned...in the last few months the EU got extremly towards NWO....whats happening...oh yes, 2012 and the awakening...

Start the REVOLUTION NOW!!!

Originally posted by kro32
I don't see your problem

Ministers from all 27 countries of the European Union met on June 9 to discuss European Commission proposals for a directive on attacks against information systems. But in addition to approving the Commission's text, the ministers extended the draft to include "the production and making available of tools for committing offenses".

and

The ministers' proposals will now be put to the European Parliament, which must approve the text before it can become law. It is likely that MEPs will question some of the ministers' assumptions and will seek to better define what is meant by "tools".

A) ....the ministers extended the draft to include "the production and making available of tools for committing offenses".

Why would 27 Ministers of nations actually capitulate to such a suggestion as to add this vague statement to a propose law? Have they no competence as legislators at all? Was there no input from their own brain-trusts in their nations at home over this nonsense? Or are they operating in an ivory-tower of isolation like so many other "leaders"? Perhaps you don't care to question governance as I do, but yes, I see that as a problem.

B) It is likely that MEPs will question some of the ministers' assumptions and will seek to better define what is meant by "tools".

The last sentence is a statement of fact delivered by a reporter. "It is likely" seems like a bold assertion, considering these 27 individuals - their staffs - and all who are associated with the legislation weren't "bright enough" to see the error of such a proposed law. Now the EU parliament will take it up and we are told - via the authoritative voice of the reporter, that it is "likely" that they will "better define" the word "tools"..... which says nothing about the notion of restricting the activities of any computer networking research that might possibly be used maliciously. Yeah.. I have a problem there too.

Sorry you don't share my concern.

L--------------------------------0--------------------------------L


So i guess they would need to disband the N.S.A since they would be breaking the law...

Uploaded with ImageShack.us
..

reply to post by Maxmars


I understand your concerns but it is important to remember that the ones proposing this law are not experts in everything and this issue certainly is included in that.

It looks to me as if they felt there was further legislation needed in this area and they crafted a law without getting the more detailed information they should have. That is certainly a mistake on their part.

However it appears the parliment has noticed this error and is going to have it corrected before it votes on it.

So while I understand your concern it seems in the process of being handled correctly.

reply to post by Maxmars


Politicians have so little knowledge on this subject it would be impossible to enforce, and with so many holes if someone was caught it shouldn't be a problem getting away.

It does give us a good chance to laugh because it gives us insight into how clueless and ill prepared they are. I can't wait to see this progress.

I was wondering were this thread had gone ...

Any coder can make a tool by reading of exploits online.

An update has appeared for this issue:

The proposed law, which was passed by the European Commission’s Civil Liberties Committee last week, still has a ways to go before going into effect — but the EFF’s international rights director Katitza Rodriguez says now is the time to raise awareness about the proposal.
...
The text of the newest version of the proposal has not yet been made public, but the summary published by the committee indicates that prohibition on ‘hacking tools’ remains.

The proposal also targets tools used to commit offenses: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offenses.

While the law seems aimed at blackmarket tools that can be used to create malware infested sites, it’s also likely to criminalize tools used by researchers, developers and black hats alike – including tools like fuzzers, the Metasploit penetration testing tool and the wi-fi sniffing tool Wireshark. (Perhaps even the command line would be outlawed.)

I get the fact that malicious cracking in most contexts should be punished but why is there so little emphasis being placed on software vendors and the like who continue to present opportunity through poor code. This is a certainly a slippery slope because if not for the whitehats so much could go unnoticed. Then you have morons like the Canadian government official Vic Toews. His tactics and arrogance surounding Anonymous clearly reveal that some people are out of their areas of expertise (if he even has one to begin with). It is unnerving when people writing legislation have no clue or direction on what it is they want to control. Guess I'm overstating the obvious though

src

brill

reply to post by brill


Thanks for following up on this. I was a little taken aback by the idea that people didn't share my sense of concern over the manner legislation is being inserted into the body of the law... granted I'm not European, but still... for goodness sake they must be completely computer illiterate to not realize what they are doing...