EU ministers seek to ban creation of 'hacking tools'

Critics say a draft directive doesn't account for malicious use of legal software

Justice Ministers across Europe want to make the creation of "hacking tools" a criminal offense, but critics have hit back at the plans, saying that they are unworkable.

Ministers from all 27 countries of the European Union met on June 9 to discuss European Commission proposals for a directive on attacks against information systems. But in addition to approving the Commission's text, the ministers extended the draft to include "the production and making available of tools for committing offenses".

This is problematic, as much legal and legitimate software could be put to criminal use by hackers. The draft mentions "malicious software designed to create botnets or unrightfully obtained computer passwords," but goes no further in attempting to clarify what "tools" might be subject to criminal sanctions. For example, the distinction between a password cracker and a password recovery tool is not specified. Nor is there any mention of legitimate use for testing. Many tools that could be used for hacking in the wrong hands, are used by system administrators and security consultants to probe for vulnerabilities in corporate systems.

Illegal access, illegal system interference and illegal data interference as well as instigating, aiding, abetting and attempting to commit offences are already crimes under current E.U. law. However, ministers want to harmonize penalties for illegal interception of computer data, and see the imposition of a minimum two-year sentence for the most serious crimes. They also want to oblige member states to collect basic statistical data on cybercrimes and to respond to urgent requests for information by other member states within eight hours.

The creation of hacking tools is already a criminal offense in the United Kingdom under the Computer Misuse Act and in Germany under the 202C law, and is also cited in the Budapest Cybercrime Convention. But if included in an E.U. directive, all 27 member states would be required to ban production of these so-called "tools" in national law.

The introduction of the laws in Germany in 2007 and the U.K. in 2008 met with fierce criticism. In Germany many legitimate websites shut down or moved over fears that they might be prosecuted.

German PHP security professional Stefan Esser wrote on his blog at the time that the law was not clearly written and allows too much interpretation. "While our government says that they do not want to punish, for example, hired penetration testers, this is not written down in the law," Esser wrote.

The ministers' proposals will now be put to the European Parliament, which must approve the text before it can become law. It is likely that MEPs will question some of the ministers' assumptions and will seek to better define what is meant by "tools".

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

Tags securityeuropean commissiongovernmentlegislationExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jennifer Baker

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?