New legislation for IT developers

New legislation for IT developers

Aug 10, 2006
By David Howell
Left to right: Kay Dargue, head of South Tees Youth Justice Service, PCC Matt Storey and Chief Inspector John Dodsworth.

The amendment to Section 42 of the Police and Justice Bill that would criminalise anyone developing for distribution computer-based tools that could be used for hacking purposes has come under fire from lawyers who fear that legitimate IT professionals could fall foul of the new legislation.

Home Office minister Vernon Coaker has defended the proposed amendment that would change the current state of the Computer Misuse Act (CMA), stating: “Concerns have rightly been raised about whether the new offence will criminalise IT professionals who make and distribute these tools for legitimate purposes, such as penetration testing or identifying vulnerabilities. The test for the offence will be whether the person believed at the time that the tool would be used more criminally than legitimately, so IT professionals will not be affected.”

Critics of the amendment include Struan Robertson, senior associate at Pinsent Masons solicitors, who said: “I don`t think he`s right when he says `more criminally than legitimately` – that`s not what it says. A person is guilty if they believe the tools are likely to be used for any criminal purposes at all, not if the balance is more criminal than legitimate.

“If you supply software, how will you know what people will do with it in the future? You can`t ask a developer to predict the future about how his product is going to be used. Part B (of Section 42) is an unreasonable burden on developers.

“The law doesn`t distinguish between software used for legitimate purposes and that used primarily for hacking purposes. Firefox and Internet Explorer are tools that can be used to assist in hacking.”

Richard Starnes, president of the Information Systems Security Association, also commented: “The law regarding the production of hacking tools is unenforceable. Everyone I`ve talked to in the Infosecurity community has agreed – you just can`t enforce it from a practical standpoint.”

Related News

Select Vacancies


City of London Police

Chief Constable

Humberside Police

Copyright © 2024 Police Professional