Guidelines issued for UK hacker tool ban

Posted by   Virus Bulletin on   Jan 1, 2008

Government issues guidelines in response to lobbying.

The British government has published a set of guidelines for the application of a law that makes it illegal to create or distribute 'articles for use in computer offences'.

The piece of legislation in question was among several amendments to the Computer Misuse Act 1990 that were introduced into UK law in November 2006 as part of the Police and Justice Act. While the law is clearly intended to protect against the malicious use of hacking tools, many in the security industry are concerned that the broadness of the description contained in the clause could affect the use of many valuable utilities and techniques in security and malware research. A large number of the tools and techniques used by malware researchers can be deemed to have dual use - while in the right hands they are useful tools for research, in the wrong hands they can be used for malicious purposes.

The wording of the clause prohibits the creation, adaptation or use of any tool which could be used to breach security, whether the developer or user intends it to be or only believes it is likely to be. Some commentators have suggested that this could even be taken as far as to outlaw the use of web browsers, as a poorly protected machine could be accessed without the need for more devious software.

The government's new set of guidelines come as the result of industry lobbying and address some of the concerns about these 'dual-use' tools.

The guidelines state that in order to prosecute the author of a tool it should be possible to show that it has been developed primarily, deliberately and for the sole purpose of committing computer crime (gaining unauthorised access to computer material). Other considerations the guidelines recommend to be taken into account are whether the tool is available on a wide-scale commercial basis and sold through legitimate channels, whether the tool is widely used for legitimate purposes and whether it has a substantial installation base.

While critics argue that open source tools are excluded from the category of items that are available on a wide-scale commercial basis, and that rapid product innovation will also result in items that fall through the net, the guidelines do represent a small step towards the clarification of the law - and it seems a little less likely that large numbers of the anti-malware community will end up behind bars, at least at this juncture.

The ban - along with other amendments to the Computer Misuse Act - is expected to come into force in May this year.

Posted on 05 January 2008 by Virus Bulletin

 Tags

legal spammer
twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.