With all the criminal behavior taking place on computers around the world, it appears that politicians are seeking some solutions. For instance, European Union Justice Ministers are proposing a ban on hacking tools. I suspect this law will work just as well as gun laws in the U.S. Simply criminalize the inanimate object (or code) and only the law-abiding citizens will comply. It creates the perfect storm for criminals to be able to continue doing what they do.
Furthermore, an unintended consequence of such tools being banned and kept from legitimate use like in the independent security assessment work that I and many of my colleagues do, then businesses in general suffer.
The burning question is: who decides what hacking tools really are? Are they password crackers? Vulnerability scanners? Perhaps Web browsers in general? I suspect they’ll have a panel of ignorant bureaucrats making the call like what our “leaders” here in the U.S. (Obama, Pelosi, etc.) envision with their ObamaCare death panels. Government knows best.
On a related note, just today the Japanese parliament enacted legislation that criminalizes the creation of malware. Is this any different? It can certainly be argued that malware serves no purpose other than to do harm. Of course, many people around the world believe the same thing about guns owned and used for the sole purpose of self-defense.
It’s a complicated world we live in…what to do now?
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”