If you outlaw hacking tools only criminals will have hacking tools.
This would make the EU less safe, since security experts will not be able to know what they're facing or check the security of their own systems against real attacks until they're really being attacked. Another clueless law that does the opposite of what it's supposed to do. Either that or it will be completely ignored.
I don't like this logic for guns, because most criminals (especially the less professional street gangs) get guns by stealing them from law abiding people.
I do like this logic for hacking tools, because most criminals make their tools themselves, or get them freely through distribution channels which are impossible to shut down.
If guns could be freely cloned, and sent through the mail for free (in locked boxes which the post office couldn't see into), it would be unbelievably stupid to ban them.
I require a source on your claim that most criminals get guns by stealing them from law-abiding people. I guess this might depend upon where you live but I've never heard this claim in the US. Even if it were true, are we saying a law-abiding citizen shouldn't have access to a legal firearm because a criminal might steal it?
I personally don't like any rules of this nature because the major problem becomes who defines what is a "hacking" tool? It's much like how the definition of burglary tools can be so broad that just having duct tape and a screwdriver in your trunk can be considered possessing burglary tools. Just for the sake of slapping another charge onto somebody during an arrest.
>Just for the sake of slapping another charge onto somebody during an arrest.
This hits the nail on the head right here. The way that you get a police state is by making everything illegal and then doing selective enforcement. That way when organizations that control law enforcement decide they don't like you; the police can arrest you with impunity and just find something to charge you with after the fact.
I also find it highly unethical to make things illegal for the sake of being able to slap defendants with another charge at trial. It usually ends up causing collateral damage to legitimate people and services (In the case of general laws like this that put blanket bans on things that shouldn't be blanket banned.), and seems like a lazy excuse to do more legislating. And to say nothing of artificially inflating peoples sentences because somehow the sentencing limits weren't enough.
I saw a very candid statement in the SMH about this:
Victoria Police Deputy Commissioner Graham Ashton said decriminalising drugs was a "simplistic idea" that the community should be cautious of.
"Dealing with the drug problem is not a 'war' as the American term 'war on drugs' suggests, because it is not a battle to be won or lost,'' he said in a statement.
"It is a societal problem that requires constant vigilance and the police role is one of community protection. The police fulfil this role by working to prevent deaths on our roads, prevent family violence in our homes and assaults in our streets."
Moves to decriminalise drugs would make it more difficult for police to prevent road fatalities, domestic violence and assaults, he said.
So, how is it that the police use drug laws to stop other crimes? Is it through preventing drug abuse, or giving them a charge to lay if assault is too hard to prove?
The logic of his statement doesn't stand up however.
Prohibition laws regarding popular and easily obtainable narcotics do not reduce other crimes, but rather, in several measurable ways increases them, the most obvious one being that it then directly finances a lot of other organised crime.
Police logic doesn't always stand up. They know what makes their job (catching bad guys, getting convictions) easier, not what stops crime at the source.
I think the argument goes, the more weapons out there period the easier it is for people to smuggle them into the hands of criminals.
You can't just build a handgun in your basement; you need a tool and die machine, know-how, etc. In other words, a factory.
If you live in a state where it's relatively easy to buy a handgun and the registration requirements are limited and so on, you're going to find it a lot easier to procure one on the black market than say, here in Canada where you need to take a course and file a report every time you want to take it out of your house.
Making a modern semi-automatic requires some expertise, but making a zipgun that can shoot a bullet or two and is accurate enough to hit someone in the same room as you isn't that hard.
http://en.wikipedia.org/wiki/Improvised_firearm
Culture tends to impact laws, but that wasn't the parent's point.
The general availability of a given product in a given area affects said products availability in said area's black market.
In this case, more guns in circulation = more guns on the black market.
This isn't to say that all black market guns originated from the legal (market), but supply does trickle down.
I don't know any source, but it sounds entirely plausible to me that most criminals get guns that entered the US legally. If handguns were outlawed in the US so there was no legal supply chain, where would the criminals get them? They'd need to set up a supply chain from some country with abundant gun supply. Instead, we now have Mexico complaining about rampant assault rifle flux across the border from the US.
If you define the question as "do most criminals get guns by stealing them from another law-abiding person", then maybe you're right. But there are many more sources that transfer legal guns to criminals, like: getting guns before becoming a criminal; stealing them from the supply chain (gun shops, manufacturers, etc); getting them through corruption in the supply chain; convincing a legal owner to lend/sell a gun to you, etc. If you define the question in a broader sense as in "do the guns most criminals possess come from a legal source inside the US" then it seems highly likely that's true, and the only reason that availability exists is because the legal supply exists.
To address one point, it is becoming clear that the reason so many weapons were entering Mexico was because of an ill-guided US government program to allow the weapons to leave the country.
As for the second point, since the primary sources of weapons for criminal acts are legal then we should make weapons themselves illegal? All that does is punish law-abiding citizens since all criminals have one thing in common, they break the law. How about we consider increasing the punishment for using a weapon in the course of committing a crime instead?
One thing to keep in mind, the original intention for having US citizens to be armed is not to protect against criminals. Though this is useful since the police do not have an obligation to protect you from criminals. The original intention was to have an armed populace to protect against a tyrannical government.
The original intention was to have an armed populace to protect against a tyrannical government.
Well, yes, and IMHO that's a completely and utterly obsolete clause. In the extremely unlikely event that this would actually be justified, do you really think that a bunch of citizens with handguns will make any difference against the largest and most high-tech military in the world?
As for the second point, since the primary sources of weapons for criminal acts are legal then we should make weapons themselves illegal? All that does is punish law-abiding citizens...
If one accepts that the desired outcome is to lower the amount of crime perpetrated against law-abiding citizens and that having guns is a means to that end, rather than an end in and of itself (in which case this particular argument is moot), then it would seem to follow that if it is found that the drawbacks of an increased supply guns trickling down to criminals outweigh the advantages in citizens being able to "defend" themselves, the rational conclusion must be that making guns illegal across the board is not in fact "punishing law-abiding citizens" but rather saving them from unnecessary crime.
A correlation of crime/murder rates and gun ownership across different nations does not give much support to the idea that having more guns make people safer. It seems like "security theater" to me.
>do you really think that a bunch of citizens with handguns will make any difference against the largest and most high-tech military in the world?
Considering the difficulty our armed services are having against even less sophisticated resistance in the middle east, i think you seriously underestimate the average american and overestimate the average soldier.
>the rational conclusion must be that making guns illegal across the board is not in fact "punishing law-abiding citizens" but rather saving them from unnecessary crime.
Save for that whole pesky second amendment thing, which affirms the right to keep and bear arms, "rationality" be damned.
I heavily disagree that it is a completely and utterly obsolete clause. Events happening around the world right NOW prove this incorrect. I also believe that an armed populace can successfully engage and defeat a government's military. Now, if that government somehow disarmed that populace under the guise of "safety" then you may have a point.
>but rather saving them from unnecessary crime
I see your point but I think you are being a bit naive here. Criminals will always commit crimes, regardless of your stance on the legality of how they go about it. Plus, if owning a weapon is legal one day but then illegal the next due to actions not performed by the person you are disarming, then you are in effect punishing that person to protect them from something that might not even happen.
Indeed the claim about where criminals get their guns is dubious, but that is not the essence of wisty's comment I think. He's making a good point about an important difference between guns and hacking tools (summarized in the third sentence), showing that a comparison would be flawed.
I checked, and he was right. A lot of guns are illegally gained, but not actually stolen. Most of the time, criminals will get someone else to buy it, or bribe the dealer.
But, very few guns are smuggled in from abroad, or stolen from the military. It's only when civilians can easily get guns that gun crime becomes a big problem.
Actually, you are right. I checked the stats, and it's only a portion (~20%?) of criminal's guns which were stolen, or stolen then traded.
Most come from "straw sales" (getting a friend to buy it), or corrupt licensed dealers.
However, I don't buy the idea that "criminals will always be able to get guns". In most countries, they can't (unless they really know what they are doing). In the US, you just get a friend to buy one for you.
Your average street thug would not be able to get a gun very easily, probably. Then again, neither would your average citizen, so they wouldn't need them. When your victims are unarmed, all you need to be is bigger and stronger than they are. Or bring a knife. Or a friend. Two on one with no guns involved is usually a foregone conclusion.
More relevant, are you honestly saying that organizations such as drug cartels, which have been known to make catapults, submarines, and whatever else they need as they need it, would be incapable of making firearms? The plans for many firearms are openly available and all it requires is some machining equipment (soon probably just 3d printing ability), and a lot are made outside the US. Taurus firearms, for example, are all made in Brazil. Do you think a suddenly growing underground market for weapons in the US would go untapped?
Not only that, the US has approximately 90 guns per 100 people. How long do you think it would take for all those to be 'destroyed'?
In short, you would gladly disarm law-abiding citizens, of which nearly all US gun owners are, so you can feel a bit safer, or perhaps feel as though you live in a country or state that is a bit more 'progressive'? How would you feel when one of those disarmed people is stabbed to death when the cops don't reach them in time? How would you feel when a woman is raped because she had no chance of fending off someone twice her size? Is it worth the tradeoff to you?
To me, the thought of people being forcibly disarmed and then assaulted or murdered with little to no ability to defend themselves is much more egregious than allowing people the freedom to defend themselves with the best tool for the job and dealing with the consequences of having outliers who abuse the right - and make no mistake, they are outliers - violent crime rates have been on the decline in the US for over a decade. But that isn't even the real point of the 2nd amendment, which is a conversation for another time.
If we're going to argue hypotheticals, how would you feel if one of those people instead of just having their wallet taken pulls out a gun and ends up getting shot? Or shoots an innocent bystander by accident? Or the kid who gets his hands on Daddy's gun and accidentally shoots himself or a friend?
You talk about outliers, but it's not obvious to me which are the most common outliers. It seems to me that pretty much every mass shooting (the one this week in Oakland, Congresswoman Giffords, Virginia Tech, Columbine, etc) have one thing in common: they were not perpetrated by people who would be characterized as "criminals" before the act, but by normal/unstable people who flipped and if they had not had easy access to guns the outcome would likely have been very different.
In response to your first argument - simple. Punish the crime where applicable and move on. In my examples, you have effectively tied a person's hands by banning the use of firearms, and now they are dead because of it. They had no chance because you wanted to feel safer. In your example, I merely enable people to act rationally and in their best interest by allowing them to own a firearm for their defense and the defense of others - this sometimes goes wrong, as people do not always act rationally. I don't feel bad about that, as they are responsible for their actions, not me, much in the same way I don't feel bad about owning a vehicle when someone drives theirs through a crowded market.
In response to your second argument, we can go on about that all day as to who is capable of evil and who is not (the answer is probably everyone). My point still stands - violent crime is on the decline, and no amount of hyping up the (relatively) few deaths that occur per year due to some 'random crazy guy with a gun' is going to change that fact. Most gun violence is drug related.
In the end, this argument comes down to a principle. Are you willing to try and disarm everyone to make a 'safer' society, even though you know that in doing so you are basically denying people the right to defend themselves, saying that their death is necessary to prevent the death of many more (maybe) and a generally safer society (arguably)? Or are you willing to give people the ability to purchase weapons from a legal (regulated) market to defend their lives, knowing that, in the end, the police can't be everywhere and can't save everyone?
Both have pros and cons, but I find the first option to be a particular form of collective restraint against the freedom of the individual that is morally unacceptable. Your mileage may vary.
If we're going to argue hypotheticals, what would have been the outcome if the lone nut had decided to drop some highly potent poison in to the local water supply?
Also, to point out one common thread with your examples of mass shootings, they took place in areas where it is illegal to have a weapon in your possession. Maybe not the Giffords example since I don't know the local laws about possessing a firearm in the presence of an elected official. But the key is they tend to target an area where they know people are not allowed to possess a firearm for defense, by law.
... they took place in areas where it is illegal to have a weapon in your possession. Maybe not the Giffords example...
You're right about the Giffords example. In fact, one of the attendees did have a handgun, but that did nothing to help the situation. He (wisely, one would argue) kept it in his pocket since a) he could not figure out who was shooting, and b) even if he had, he would not have been able to do anything without hitting bystanders, and c) if he had pulled the gun out, the likelihood of someone else around with a gun mistaking him for the primary shooter would leave a significant risk of him getting shot by mistake.
Germany has had such laws for quite some time now - and companies producing intrusion tools and other blackhat industries are doing as good as in any western country.
This is used to criminalize people releasing such tools to the public. The government doesn't like people sharing what it considers military technology.
It does not matter how it is used now. The point is that it could be easily used by any state at any time for any purpose against any citizen.
For example, someone carrying a laptop with any software installed on it, including bare operating system, or even just a portable drive/SD card with software on it. All those citizens are now potential criminals since almost any software can be used maliciously.
This is the kind of law that could be used to justify scanning people's hardware and person at airports or in general public in order to arrest them. Now combine this law with ACTA and you have a reason to arrest any citizen coming and going out of their own country if they have any kind of electronics on them at all...
Bad laws are bad laws, period, otherwise would all have happily lived under Stasi/secret police regimes and worse with no reason to complain.
If you have a web browser, you have a hacking tool. SQL injections are far, far too common, and most of the time require nothing more than an input box on a website.
Here is my concern: that the EU will make an exemption for security researchers/white-hat hackers, but only those recognised by a certain qualification or professional body. Governments around the world already mandate professional licenses for many industries, and IT is so critical that it's only a matter of time until we see a 'License to Code'.
I'm going to be clear with you; I've lost sleep over this. I continue to lose sleep over this.
The thing is, no matter how much I wish it were so. I don't feel that (and in reality I do not.) I have the financial or political capital to really do anything in the realm of significance about this. I'm not articulating the prior points because I seek pity or want to hear similar views from people who sympathize with my position. I instead would like a simple question answered:
What's the best thing I can do to stop things like this from happening?
Well… of course you do. You're a well educated, well informed professional capable of using the internet who is solidly in the middle class. People like you are the core of every group of people seeking change.
What do you do? You form an organization, a lobbying group. Organizations are the base unit of power.
You throw up a website, you get as many like minded people as possible (literally, thousands) to sign up for your mailing list and you badger every single person you can find across the political spectrum on the issue. You write letters to politicians, you write software that makes phone calls, you get people who run companies who would be affected by the issue to give you financial and moral support, and you try to talk directly to every politician or candidate to be a politician on the issue.
Ideally, albeit hard on this weird technocratic issue, you get some mass public outrage on the topic. With some luck, you can go: small company CEO who knows a medium company CEO who hangs out with someone higher up who can have a one on one with people who actually vote on the issue.
The catch is, before this is over it will be a more-than-full-time-job but… it's a startup like any other.
This is how any issue becomes mainstream: there are a bunch of people working round the clock on it. Think about illegal trade unions in Poland in 1978 or gay people going from being beaten indiscriminately by the cops in 1969 to being on the verge of legalizing marriage across the West.
In the meantime, get started by having you and all of your friends write personal letters and call your eurodeputies (not having clicked on TFA I assume that's the body in question).
There needs to be some angle that matters for regular people. With Polish strikes it was crashing economy and big regulated prices increase - freedom and truth in TV was important, and there were always people in opposition, but bread was the impulse that made the most people go to the strike.
Recent example - ACTA outrage.
There were people alerting public for years about the danger (Piotr Vaglewski comes to mind). Public just ignored them. Then Megaupload was shut down, and suddenly ACTA was everybody business (even thought it wasn't ACTA fault:) )
Stop stressing about things you're not going to do anything about. Or become an amazing politician. There's also organisations like the EFF in the UK and other EU countries that are working diligently every day for you. Donate or even better volunteer.
Where you from? If in the UK: http://www.openrightsgroup.org/ I saw a speech by these guys where they were relating how the whole of the UK was unable to edit Wikipedia because of one 'child porn' image and various other anti-digital laws (pretty certain it was them, do some research first though). They seem competent and actually talk to politicians and the big players. If you actually care that deeply do something.
Or start one. I helped start the Open Rights Group. We worked out that you could fund a single person's salary from monthly donations of around 1000 people. This was before Kickstarter or the current generation of equivalents, but we got a 1000 people to pledge using PledgeBank (http://www.pledgebank.com/) (which works anywhere). It was enough to get started.
It makes a difference. You could do it tomorrow. Anyone here could. Even if it's just a sideline to your business ideas, it'll help ensure that your business exists in a world you want to live in.
That means there will be 2 different classes of citizens? And also you mean Justice is not independent but serves some "other" interests? This just shows how low the human rights chart has fallen...
We already have government-mandated (and expensive) licenses for accountants, lawyers, boiler mechanics, shopkeepers, architects, construction companies, restaurateurs, etc.
Looks like the infamous German "Hackerparagraph" §202c StGB. A toothless piece of feel-good legislature since all the tools can also be used for "good" (pen-testing etc.).
What happens is that these charges are used in place of "real" charges when the police want to convict.
For instance, it is in general illegal to possess "burglary tools", with no definition thereof. You might think that that would penalize only people with specialized tools modified for burglary. You would be wrong to think that. An unmodified hammer, screwdriver, wrench, knife or anything like that can be charged as a burglary tool, if the police feel you are a bad person. And yes, people routinely go to prison for possessing a regular unmodified screwdriver. Using it for burglary is not required at all under the law.
It doesn't matter even a tiny bit if the tools can also be used for good.
So when your house gets raided and the police find no actual evidence that you've done anything wrong, but you possess hacking tools, well... if they don't lay any charges that means they were dumb for making the raid in the first place.
Two years in prison (the minimum ceiling for all new offences mentioned by the press release) is a bit much if this section is just for posturing and brownie points.
The actual quote reads: The maximum penalty to be imposed by Member States for these offences would be at least two years' imprisonment, ...
Each EU member will have to make this local legislation, and two years are the minimum time for the maximum sentence. The upper limit can not be lower than 2 years in other words.
I understand the quote, unpacking it doesn't change my point. It's a law that creates new criminal offences and prison sentences, of course it isn't a harmless feel-good law without consequences outside of the political arena.
Those feel-good provisions are the ones that aren't already covered by existing laws punishing actual computer fraud, that makes them the ones we should pay attention to.
I have just done the due diligence and actually contacted the MEP in question's office.
The spokesperson was able to confirm that this issue has been raised already and in the final text there will be explicit provisions that research and testing is still allowed.
Why pass such things? It's just another silly law to allow for applying another charge to someone during the arrest. In several cases you can see that the authorities slap on all kinds of charges in which most of them are eventually dropped. Kind like the throw pasts on the wall theory of law enforcement, something's bound to stick.
Plus it allows them to pick and choose who they arrest in any group when almost everyone in that group is possibly breaking a law they are not aware of.
That would be a useless law. For comparison: once murder is illegal, there is no need to have separate laws forbidding using a gun/screwdriver/BIC pen to kill somebody, is there?
Similarly, why would it make a difference whether someone usd hacking tools to commit a crime?
> "No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world" she added.
The difference here is who the law applies to. This is more like arresting people with the tools to remove airbags from cars.
True, carrying lock-picking tools is illegal in many places, but the act of picking locks isn't always illegal when performed by a locksmith.
That was my first thought. Will downloading tcpdump get you in trouble? What if it's "homemade"? Compilers will be next, since the enable the creation of these tools...
Are full details of the "draft law" visible to the public?
From the article:
The proposal also targets tools used to commit
offences: the production or sale of devices such as
computer programs designed for cyber-attacks, or which
find a computer password by which an information system
can be accessed, would constitute criminal offences.
Many tools can be used to "find a computer password by which an information system can be accessed". For example a browser's view source function could expose passwords in a (really insecure) site.
Depending on how the law is worded, tools like curl, wget (or even telnet) could be defined as hacking tools.
Won't matter. As long as one language exist, one can write a compiler for any other language in that language. Hopefully something other than Maelbolge will be the surviving language.
It's things like this seatbelt comparison that leave me scratching my head about politicians sometimes. How can you even argue with people who lack the most basic appreciation of the issue at hand?
I started R'ing TFA and thought the title of the post was just editorialising, until I got to this:
"The proposal also targets tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences."
I've known numerous sysadmins who regularly run a password cracker over their login database, so that they can warn people who have weak passwords. This helps out the individuals concerned and increases the overall security of the system, yet it looks like this would become a criminal offence as a result of this bill.
I can totally imagine a court in e.g. some backcountry town in the middle of nowhere declaring some standard utility bundled with Ubuntu a "hacking tool", and immediately every linux user in EU is a criminal.
<sarcasm>That should really improve security!</sarcasm>
Explanation: Obviously black hats will continue to do as before. White hats not being able to analyze threats though will be a serious problem. It's not sufficient to claim that special licenses will be given to worthy white hat operations with the proper certifications, protocols and willingness to bow to the man since nearly all vulnerability reports come from small operations and private parties that will be off the radar. These folks will simply stop.
I get that most of them obviously have a very limited competency in regards to technology in general (seatbelts?), but they do have advisors who should know better. What is next on the agenda? Banning BitTorrent/p2p clients, media players, cd/dvd ripping software, video/audio capture software to fight piracy?
What does this mean for the future of distros such as Backtrack Linux? Could anybody comment. It's still unclear as to what exactly they refer to by hacking tools. Such things were always a two-edged knife.
> [...] computer programs [...] which find a computer password by which an information system can be accessed, would constitute criminal offences.
So, possessing 'net use' and 'ssh' now criminal offense in EU?
Oh wait, so do all password recovering tools! One better never forget passwords or risk be prosecuted.
Nonsense. As such tools cannot be used to find and patch vulnerabilities. And even if banned, real hackers can code such apps themselves, while sysadmins are not that skilled and will be stuck with no weapons at all.
This would make the EU less safe, since security experts will not be able to know what they're facing or check the security of their own systems against real attacks until they're really being attacked. Another clueless law that does the opposite of what it's supposed to do. Either that or it will be completely ignored.