The UK government has announced a set of guidelines to be applied to the Computer Misuse Act (part of the Police and Justice Act 2006) which will, if enforced, make it illegal to possess or distribute “hacking tools.”
The ban comes along with an increase in the maximum prison sentence available for computer-related offences to ten years and also a re-wording which makes denial of service attacks clearly illegal.
Many in the IT industry are grumbling about the ban, which would cover network tools such as Nmap
if misused. The government has so far failed to allay these fears, stating only that the authors of such tools will only be chased if “they intended it to be used to commit computer crime
” - no mention of what happens if a dual-use security tool is mis
used in such a way.
The guidelines, published by the Crown Prosecution Service
, do contain a get-out clause for commercial software: prosecutors are asked to take into account whether the software is “available on a wide scale commercial basis and sold through legitimate channels
”, which sadly leaves open-source and freeware tools out in the cold.
It's security researchers who have the most to fear from this draconian modification to an already pretty tough law, as many of the tools used in such research would be covered under the ban. Penetration testing – hacking into a company network with permission in order to detect security holes – is a growing business, and it's the practitioners of this lucrative art who stand to lose the most should distribution of useful network utilities be stopped.
The amendments to the Computer Misuse Act are expected to come into force some time around April of this year.
Any sysadmins out there livid at the thought of losing their network toolkit in a single hit, or are you all breathing a sigh of relief at your friendly government doing its bit to protect you? Give us a shout over in the forums