The U.K. government is proposing a ban on the creation and distribution of “hacking tools” as a means to bolster its existing Computer Misuse Act.
Computer security professionals have expressed concern about the drafting of the changes, however.
The most-discussed change, contained in Section 3A of the CMA, makes it illegal for someone to create an application that is “likely” to be used for hacking. But the precise definition of “likely” has prompted fears the law could potentially target those undertaking activities such as penetration testing.
The definition of “hacking software” is vague and may be up for interpretation. Security researchers and system administrators regularly use many tools that fit the above description for penetration testing and network monitoring.
While the government has come out with some guidelines on the “dual-use” tools, not all concerns have been allayed, especially concerning the open-source tools in this sector.
Expert: CPS hack tool guidance ‘confused’ (ZDNet)
New UK hacking laws make ‘hacking tools’ illegal (Tech Blorge)
UK Crown Prosecution Service publishes Computer Misuse Act guidance (Heise Security)