• Save
Hacking tools, a criminal offence?
Upcoming SlideShare
Loading in...5
×
 

Hacking tools, a criminal offence?

on

  • 231 views

by Benjamin Henrion

by Benjamin Henrion

Statistics

Views

Total Views
231
Views on SlideShare
222
Embed Views
9

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 9

http://researchtalks.com 9

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Hacking tools, a criminal offence? Hacking tools, a criminal offence? Presentation Transcript

  • Hacking Tools, a criminal offence? Benjamin Henrion (FFII.org), 22 Oct 2012
  • About● Foundation for a Free Information Infrastructure eV● Active on many law related subjects: ■ ACTA ■ Software Patents directive, now Unitary Patent ■ IPRED1 (civil) and IPRED2 (criminal) ■ Data retention ■ Network of software companies and developers● Personal ■ zoobab.com @zoobab ■ VoIP industry ■ HackerSpace.be ■ JTAG and reverse-engineering
  • Proposed EU directive● Judicial cooperation in criminal matters: combatting attacks against information systems (COD 2010/0273)● Repealing Framework Decision JHA 2005● Lisbon treaty: new criminal competences for EU● First reading, deal between Council and Parliament View slide
  • Parliament press release"The proposal also target tools used to commitoffences: the production or sale of devices such ascomputer programs designed for cyber-attacks, orwhich find a computer password by which aninformation system can be accessed, would constitutecriminal offences." View slide
  • EESC opinion"[...] it will include new elements: (a) It penalises the production, sale, procurementfor use, import, distribution or otherwise makingavailable of devices/tools used for committing theoffences."
  • Problems● Tools are "neutral"● "Hacking" tools have positive/negative use● Intent: criteria for a judge● Following this logic, knifes or hammers should be banned?● Publication of exploits is a crime● Level of security is lowered● Exodus of security companies abroad, attackers from foreign countries are safe
  • Amendment example - Final art7
  • Amendment example - Final art8
  • Amendment example - Art 8bisResponsabilité des fabriquants"Les États membres prennent les mesures nécessairesafin de garantir que les fabricants soient tenus pourpénalement responsables de la production, de la misesur le marché, de la commercialisation, delexploitation, ou du défaut de sécurité suffisante, deproduits et de systèmes qui sont défectueux ou quiprésentent des faiblesses de sécurité avérées quipeuvent faciliter des cyberattaques ou la perte dedonnées."
  • German law of 2007● "Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution."
  • Kismac WiFi scanner
  • Status of the proposed directive● Deal in secret closed doors Tri-logue (EC, EP, CM)● June 2012● Orientation vote in LIBE● Blocked because of Schengen discussions● Formality in LIBE● Formality in Plenary?
  • Status of the proposed directive● Deal in secret closed doors Tri-logue (EC, EP, CM)● June 2012● Orientation vote in LIBE● Blocked because of Schengen discussions● Formality in LIBE● Formality in Plenary?
  • Compromise deal● Extracts● "Intent"● "Aiding abetting inciting" examples● Still ambiguous● "Minor act" not defined● Liability for IT systems vendors gone● Etc...