back to article UK.gov delay means hacking laws are so last century

The government has suspended legislation to update the outdated Computer Misuse Act in England, Wales and Northern Ireland, leaving Scotland the only part of the UK with laws to tackle 21st century hackers. Amendments to the CMA - which was passed in 1990 before the widespread use of the internet - were due to come into force …

COMMENTS

This topic is closed for new posts.
  1. Steve

    Dual use tools.

    "Obtaining, adapting, supplying or offering to supply tools such as wireshark would likewise be above board. But distributing such dual use tools remains an offence, to the chagrin of security experts."

    Wait, how can "supplying" be OK but "distributing" is not?

    If you come to my house you can use the software and burn a copy to take home with you as that would be supplying on my part and obtaining on your part. But, if I burn the CD and bring it to your home, I would arguably be distributing.

    Secondly, where do you draw the line between distributing and obtaining. If I am transporting physical objects like CDs then I would be distributing. But, if I simply make the software available online and you download it, am I "distributing" it or are you "obtaining" it?

  2. Anonymous Coward
    Anonymous Coward

    Whistleblower protection

    1. The vendors of insecure products should be named and shamed, with freely distributed exploit code and example videos and lectures from experts showing how and why their products are insecure. It should be *encouraged* to distribute example exploits because that is often the only reason vendors fix their broken products.

    MS sat on a Javascript exploit for over a year, it was only the available of exploit code and Firefox that caused them to actually bother to fix it!

    We *need* whistleblower protection to protect people from vendors covering up their crappy faults with spurious lawsuits, not laws to prevent whistleblowers from releasing their exploit code. This is a very bad thing.

    2. Broadcast wifi continues to be a problem with people setting their Wifi to broadcast as 'open and available', then turning around and pretend a person 'hacked' into their Wifi spot. The UK is out of step with the world here. There is nothing wrong with offering an open wifi point, and the handshake the Wifi does is the permission. You cannot both have your wifi point says 'here I am connect to me' and at the same time complain that people connect to your wifi point!

    3. DOS needs to distinguish between DDOS with a single person behind the botnet and slashdottings. That's hard, perhaps if they focus on the original hack that created the botnet?

  3. scot stockwell
    Flame

    @ Steve

    If you want to know if "making available" is a crime, ask the RIAA and pals.

  4. Anonymous Coward
    Anonymous Coward

    damn it

    so they're gonna ban ping and telnet >.<

  5. richard

    great

    This is great!! Maybe that letter I wrote to my MP actually hit home. It seriously needed a rewrite - specifically the dual-use bit - hopefully with some sense this time around.

  6. Anonymous Coward
    Anonymous Coward

    Phorm

    Phorm is still illegal without changes:-

    1 (1) A person is guilty of an offence if

    (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer,

    (b) the access he intends to secure is unauthorised; and

    (c) he knows at the time when he causes the computer to perform the function that that is the case.

    With the Javascript insertions, they get section 3 with a possible 2 year sentence as well.

    3 (1) A person is guilty of an offence if

    (a) he does any act which causes an unauthorised modification of the contents of any computer; and

    (b) at the time when he does the act he has the requisite intent and the requisite knowledge.

    So actually it's not just RIPA.

  7. Anonymous Coward
    Anonymous Coward

    So, what's a computer?

    Is a digital camera a computer?

    Because if it is, anyone who wants to delete a picture needs to have the proper authorisation.

  8. Will
    Thumb Down

    @ Whistleblower protection #2

    There have already been previous prosecutions in the UK for people piggybacking on unsecured wireless connections; the point is that the person accessing the network did not get express permission or consent beforehand and therefore broke the law. The Register in fact ran an article on this in 2005:

    http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/

  9. Steve Evans

    @Will

    The only problem with that is sometimes it's impossible to know who to ask!

    Someone who's not got the brains to configure wep/wpa isn't going to manage to change the SSID from the default "Netgear".

    Plus even if they did, would you put your address on as the SSID, which might attract someone with a van and a habit of long term borrowing of equipment in the middle of the night?

    Given that most routers supplied by ISPs, Sky, BT etc, are all WEPed up when they arrive, I would argue that an open wifi point has been deliberately left open as a service to the community.

  10. Jack

    @AC

    I don't see why classing a digital camera asa computer would be a problem in that sense, you should need requisite permission to delete photographs just as you would to gain control of a PC and delete files.

  11. Anonymous Coward
    Anonymous Coward

    >the handshake the Wifi does is the permission

    It's just not, protocol handshakes aren't the same as the owner saying you can, they are different things.

    In the same way, just because a file on a computer system has world read permissions set it doesn't mean that the entire population of the planet is allowed to read it.

  12. Will

    @ Steve Evans

    However, anyone without the brains to set up WEP/WPA (ie: Joe Schmoe) is probably just trying desperately to get all their stuff plugged in and working without having to phone up PC World to get one of their guys to charge for the installation. An open wireless access point is usually just the result of a default setup by a naieve user; someone who actively wanted people to come along and use their wifi would advertise the fact. Bottom line is, just because there's no-one around to ask doesn't mean that you have permission to do it. Like stealing from a car with an open window - just because it's easy and no-one will know, doesn't mean it is right. The law is clear on this.

  13. Anonymous Coward
    Happy

    "... distributing such dual use tools remains an offence ..."

    Fantastic. I can hardly wait for the new laws, I'm going to have Microsoft prosecuted for distributing such dual use tools as ping, traceroute, tftp and telnet with their operating systems. Then I'll report Cnet downloads.com, and Google, and every massive corporation I can think of, until someone decides to repeal this stupid law.

  14. heystoopid
    Alert

    So

    So , the Parliamentary wankers and wowsers are far too busy crafting laws that allow the creation of a full Stalin Style Soviet Police State replete with a separate corrupt ruling elite to worry about mundane ordinary every day things like protecting people's rights in the real world !

  15. Mike Silver badge

    "idiot excuse"

    "i set up a wireless access point that they could use, set to give everyone permission to use it, but arrest them anyway because i'm an idiot" - hardly a good argument

    if a person puts all their belongings out in the street and sticks a sign on them saying "Take whatever you want" and hires a bloke to walk around the streets shouting to everyone "FREE STUFF, YOU CAN TAKE ANYTHING YOU WANT" then you go and accept their invitation and take some of the property they gave to you, you are a thief? "i did give you it, but at the time i didn't know it was worth money so you're a thief for taking something i gave to you"

    if you are granted permission, you are granted permission - they set the thing up to give you access, they chose the option of granting you explicit permission, coming out with "well when i gave you permission i didn't know what i was doing" does not change the fact that they gave that permission and therefore you did not do anything wrong, as using it with the owners permission is clearly not wrong! (this is going on the assumption they were able to either disable the wifi, or enable some form of encryption)

    now if they had enabled WEP and you had gone and broken the WEP key, then this is a different matter - because although it is not secure, it is also not an open invitation granting you access, and you only got access using forged credentials

    it is a clear thing, access points have a way of indicating if they are public open networks that you are allowed to use, if the owner uses that system to inform me that it is indeed such a network, then i have the owners permission to connect - if i did not have permission then i would not be receiving broadcasts from the thing telling me that i do have permission, and additionally i would not be receiving replies to my connection requests confirming that yes, I "MAC Address xyz" do in fact have permission to connect and use it

    of course things like an access point broadcasting it is a public open access point, then using MAC Filtering to only respond to certain MAC Addresses is another issue and is not clear cut as it is a muddled mix of both things - thankfully i have only seen a few such networks (I assume that one of the devices using it has problems with WEP/WPA? only reason I can think of...) - in that case I think it should be considered that as it is being broadcast as public and open it is free to use, as a private network would have such public broadcasting disabled at the very least, and a network which does not broadcast that it is open to all, and which only responds to connection requests for selected devices, is not an open access point (even if no encryption is used)

  16. Anonymous Coward
    Black Helicopters

    illegal software!

    ha! take that microsoft! we will rid the country of your monopolistic operating system by making it illegal to distribute it! as it can be used for unlawful purposes, actually it's multiple offences for every single utility and command that comes with it, each being a separate piece of unlawful software distribution!

    microsoft getting several criminal charges for every copy of windows they distribute, i knew there was something that would be able to convince me to buy vista!

    AC and black helicopters, because i sense bily might come get me to stop me taking down his empire with my evil plan to donate some money to buy a copy of vista (of course not for installation purposes) and take him down

  17. michael

    @Steve Evans

    I was guilty of this acdentley my home wireless had the defult id and open (yes I know I should have changed it but I lived in the middle of noware in scotland anyboady close enought to puck it up had to be sitting on my drive) when I stayed in a flat in didcot my computer auto connected to one with the same iisd and no conectin it was only when my brother msned me I noticed

  18. Anonymous Coward
    Anonymous Coward

    That WiFi one really needs to be cleaned up

    "Someone who's not got the brains to configure wep/wpa isn't going to manage to change the SSID from the default "Netgear"."

    Worse still they connect their Wii, or whatever to their "Netgear" router and sometimes it's not their "Netgear" router.

    Really they should set it up, and turn off broadcasting. We can't expect joe punter to know how to set up security but they can simply stop advertising their Wifi connection as available.

    For the uninitiated:

    Your wifi is typically located at one of the following addresses on your network. Open a browser and try them till you find your wifi's home page:

    http://192.168.1.1

    http://192.168.0.1

    http://192.168.1.100

    http://192.168.2.1

    Locate the entry in the web page that says "Broadcast SSID" and turn it to off and click save.

    When it's on your Wifi is broadcasting a signal saying "here I am I am 'Linksys' or 'Netgear' or whatever the name of your router is set to", and you're inviting people to connect to it. When it's off you're not.

    If you leave it on, and people connect to it, don't whine and call the cops, turn it off. It only needs to be switched on when you're connecting new devices anyway, and only if you need to find the router easier. But then you should give it a unique name anyway, otherwise you'll end up in the dock accused of hacking your neighbours router under a law written in 1991 before Wifi and the internet!

This topic is closed for new posts.