0
Hacking Tools, a criminal        offence?  Benjamin Henrion (FFII.org), 22 Oct 2012
About● Foundation for a Free Information Infrastructure eV● Active on many law related subjects:      ■ ACTA      ■ Softwa...
Proposed EU directive● Judicial cooperation in criminal matters:  combatting attacks against information systems  (COD 201...
Parliament press release"The proposal also target tools used to commitoffences: the production or sale of devices such asc...
EESC opinion"[...] it will include new elements:    (a) It penalises the production, sale, procurementfor use, import, dis...
Problems● Tools are "neutral"● "Hacking" tools have positive/negative use● Intent: criteria for a judge● Following this lo...
Amendment example - Final art7
Amendment example - Final art8
Amendment example - Art 8bisResponsabilité des fabriquants"Les États membres prennent les mesures nécessairesafin de garan...
German law of 2007● "Many    other German security researchers,  meanwhile, have pulled their proof-of-concept  exploit co...
Kismac WiFi scanner
Status of the proposed directive●   Deal in secret closed doors Tri-logue (EC, EP, CM)●   June 2012●   Orientation vote in...
Status of the proposed directive●   Deal in secret closed doors Tri-logue (EC, EP, CM)●   June 2012●   Orientation vote in...
Compromise deal●   Extracts●   "Intent"●   "Aiding abetting inciting" examples●   Still ambiguous●   "Minor act" not defin...
Upcoming SlideShare
Loading in...5
×

Hacking tools-directive

445

Published on

Hacking tools directive

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
445
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Hacking tools-directive"

  1. 1. Hacking Tools, a criminal offence? Benjamin Henrion (FFII.org), 22 Oct 2012
  2. 2. About● Foundation for a Free Information Infrastructure eV● Active on many law related subjects: ■ ACTA ■ Software Patents directive, now Unitary Patent ■ IPRED1 (civil) and IPRED2 (criminal) ■ Data retention ■ Network of software companies and developers● Personal ■ zoobab.com @zoobab ■ VoIP industry ■ HackerSpace.be ■ JTAG and reverse-engineering
  3. 3. Proposed EU directive● Judicial cooperation in criminal matters: combatting attacks against information systems (COD 2010/0273)● Repealing Framework Decision JHA 2005● Lisbon treaty: new criminal competences for EU● First reading, deal between Council and Parliament
  4. 4. Parliament press release"The proposal also target tools used to commitoffences: the production or sale of devices such ascomputer programs designed for cyber-attacks, orwhich find a computer password by which aninformation system can be accessed, would constitutecriminal offences."
  5. 5. EESC opinion"[...] it will include new elements: (a) It penalises the production, sale, procurementfor use, import, distribution or otherwise makingavailable of devices/tools used for committing theoffences."
  6. 6. Problems● Tools are "neutral"● "Hacking" tools have positive/negative use● Intent: criteria for a judge● Following this logic, knifes or hammers should be banned?● Publication of exploits is a crime● Level of security is lowered● Exodus of security companies abroad, attackers from foreign countries are safe
  7. 7. Amendment example - Final art7
  8. 8. Amendment example - Final art8
  9. 9. Amendment example - Art 8bisResponsabilité des fabriquants"Les États membres prennent les mesures nécessairesafin de garantir que les fabricants soient tenus pourpénalement responsables de la production, de la misesur le marché, de la commercialisation, delexploitation, ou du défaut de sécurité suffisante, deproduits et de systèmes qui sont défectueux ou quiprésentent des faiblesses de sécurité avérées quipeuvent faciliter des cyberattaques ou la perte dedonnées."
  10. 10. German law of 2007● "Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution."
  11. 11. Kismac WiFi scanner
  12. 12. Status of the proposed directive● Deal in secret closed doors Tri-logue (EC, EP, CM)● June 2012● Orientation vote in LIBE● Blocked because of Schengen discussions● Formality in LIBE● Formality in Plenary?
  13. 13. Status of the proposed directive● Deal in secret closed doors Tri-logue (EC, EP, CM)● June 2012● Orientation vote in LIBE● Blocked because of Schengen discussions● Formality in LIBE● Formality in Plenary?
  14. 14. Compromise deal● Extracts● "Intent"● "Aiding abetting inciting" examples● Still ambiguous● "Minor act" not defined● Liability for IT systems vendors gone● Etc...
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×