Date post: | 13-Dec-2014 |
Category: |
Technology |
Upload: | zoobab |
View: | 689 times |
Download: | 0 times |
Hacking Tools, a criminal offence?
Benjamin Henrion (FFII.org), 22 Oct 2012
● Foundation for a Free Information Infrastructure eV● Active on many law related subjects:
■ ACTA■ Software Patents directive, now Unitary Patent■ IPRED1 (civil) and IPRED2 (criminal)■ Data retention■ Network of software companies and developers
● Personal■ zoobab.com @zoobab■ VoIP industry■ HackerSpace.be■ JTAG and reverse-engineering
About
● Judicial cooperation in criminal matters: combatting attacks against information systems (COD 2010/0273)
● Repealing Framework Decision JHA 2005● Lisbon treaty: new criminal competences for EU● First reading, deal between Council and Parliament
Proposed EU directive
"The proposal also target tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences."
Parliament press release
"[...] it will include new elements: (a) It penalises the production, sale, procurement
for use, import, distribution or otherwise making available of devices/tools used for committing the offences."
EESC opinion
● Tools are "neutral"● "Hacking" tools have positive/negative use● Intent: criteria for a judge● Following this logic, knifes or hammers should be
banned?● Publication of exploits is a crime● Level of security is lowered● Exodus of security companies abroad, attackers
from foreign countries are safe
Problems
Amendment example - Final art7
Amendment example - Final art8
Responsabilité des fabriquants"Les États membres prennent les mesures nécessaires afin de garantir que les fabricants soient tenus pour pénalement responsables de la production, de la mise sur le marché, de la commercialisation, de l'exploitation, ou du défaut de sécurité suffisante, de produits et de systèmes qui sont défectueux ou qui présentent des faiblesses de sécurité avérées qui peuvent faciliter des cyberattaques ou la perte de données."
Amendment example - Art 8bis
● "Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution."
German law of 2007
Kismac WiFi scanner
● Deal in secret closed doors Tri-logue (EC, EP, CM)● June 2012● Orientation vote in LIBE● Blocked because of Schengen discussions● Formality in LIBE● Formality in Plenary?
Status of the proposed directive
● Deal in secret closed doors Tri-logue (EC, EP, CM)● June 2012● Orientation vote in LIBE● Blocked because of Schengen discussions● Formality in LIBE● Formality in Plenary?
Status of the proposed directive
● Extracts● "Intent"● "Aiding abetting inciting" examples● Still ambiguous● "Minor act" not defined● Liability for IT systems vendors gone● Etc...
Compromise deal