« Database State Workshop @ UCL on 1st November | Main | How much smuggled radioactive material has actually been seized by the authorities ? »

Police and Justice Bill - dual use "hacker tools" - has the Government finally seen sense ?

The Police and Justice Bill, which includes huge controversies such as the amalgamation of regional police forces, the abolition of the independent Prisons Inspectorate etc., Opposition attempts to amend the lop sided US-UK Extradition procedures etc., is due for its Report Stage in the House of Lords next week.

If we have found the correct version of the text of the bill on the newly re-designed Parliament website, then, perhaps, at least the badly draughted and controversial clause 42 Making, supplying or obtaining articles for use in computer misuse offences seems to be set to have its worst aspect removed.

The Labour Government seems to have tabled an Amendment:

Clause 42


Page 34, line 13, leave out from "3" to end of line 14 and insert—
"( ) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3."

Government Amendments are almost always passed.

The original wording of line 14:

(b) believing that it is likely to be so used.

would have caused massive economic and national security damage to the UK.

It would have criminalised innocent IT systems and network administrators, and software developers and security researchers, because they cannot honestly claim that many of the "dual use" software tools and utilities which they use or create or modify every day, could never be used by criminals, in attacks or to assist in illegal access or denial or service attacks against some arbitrary computer system, anywhere in the world, at some indeterminate time in the future.

Law abiding software developers and security consultants tend to take the written word of the law even more literally than many lawyers and politicians do.

Therefore this would have led to massive potential economic loss and a reduction in UK IT security, as these people, and the companies who employ them would have to re-locate outside of the UK.

We still think that the amendments to the Computer Misuse Act 1990 supposed to deal with Denial of Service attacks are totally inadequate.

Bringing the outdated Computer Misuse Act into the internet age and beyond involves far more complicated problems than these few amendments tagged onto the much larger Police and Justice Bill.

A full, new, Information Technology Security and Privacy Bill is long overdue.

Hat tip to Rupert White at the Law Society Gazette

Post a comment