SlideShare uma empresa Scribd logo

Hacking tools-directive

Z
zoobab

This document discusses a proposed EU directive that would criminalize the production and distribution of hacking tools. It summarizes concerns that this could penalize security researchers and lower overall security. The directive aims to combat cyberattacks but could restrict beneficial security research and testing. It may force some security companies to move abroad and leave EU countries less protected against attackers. The document outlines amendments being considered and the status of negotiations between the EU Council, Parliament, and Commission on the final language.

Tecnologia
1 de 14
Baixar para ler offline
Hacking Tools, a criminal offence? Benjamin Henrion (FFII.org), 22 Oct 2012
About ● Foundation for a Free Information Infrastructure eV ● Active on many law related subjects: ■ ACTA ■ Software Patents directive, now Unitary Patent ■ IPRED1 (civil) and IPRED2 (criminal) ■ Data retention ■ Network of software companies and developers ● Personal ■ zoobab.com @zoobab ■ VoIP industry ■ HackerSpace.be ■ JTAG and reverse-engineering
Proposed EU directive ● Judicial cooperation in criminal matters: combatting attacks against information systems (COD 2010/0273) ● Repealing Framework Decision JHA 2005 ● Lisbon treaty: new criminal competences for EU ● First reading, deal between Council and Parliament
Parliament press release "The proposal also target tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences."
EESC opinion "[...] it will include new elements: (a) It penalises the production, sale, procurement for use, import, distribution or otherwise making available of devices/tools used for committing the offences."
Problems ● Tools are "neutral" ● "Hacking" tools have positive/negative use ● Intent: criteria for a judge ● Following this logic, knifes or hammers should be banned? ● Publication of exploits is a crime ● Level of security is lowered ● Exodus of security companies abroad, attackers from foreign countries are safe
Amendment example - Final art7
Amendment example - Final art8
Amendment example - Art 8bis Responsabilité des fabriquants "Les États membres prennent les mesures nécessaires afin de garantir que les fabricants soient tenus pour pénalement responsables de la production, de la mise sur le marché, de la commercialisation, de l'exploitation, ou du défaut de sécurité suffisante, de produits et de systèmes qui sont défectueux ou qui présentent des faiblesses de sécurité avérées qui peuvent faciliter des cyberattaques ou la perte de données."
German law of 2007 ● "Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution."
Kismac WiFi scanner
Status of the proposed directive ● Deal in secret closed doors Tri-logue (EC, EP, CM) ● June 2012 ● Orientation vote in LIBE ● Blocked because of Schengen discussions ● Formality in LIBE ● Formality in Plenary?
Status of the proposed directive ● Deal in secret closed doors Tri-logue (EC, EP, CM) ● June 2012 ● Orientation vote in LIBE ● Blocked because of Schengen discussions ● Formality in LIBE ● Formality in Plenary?
Compromise deal ● Extracts ● "Intent" ● "Aiding abetting inciting" examples ● Still ambiguous ● "Minor act" not defined ● Liability for IT systems vendors gone ● Etc...

Recomendados

Emerging internet trends that will shape the global economy
Emerging internet trends that will shape the global economyEmerging internet trends that will shape the global economy
Emerging internet trends that will shape the global economyWB_Research
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
Eiba 16.12.2017
Eiba 16.12.2017Eiba 16.12.2017
Eiba 16.12.2017Fabio Marazzi
 
Gdpr applies slides june 2019 [autosaved]
Gdpr applies slides june 2019 [autosaved]Gdpr applies slides june 2019 [autosaved]
Gdpr applies slides june 2019 [autosaved]Martin O'Dwyer
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in GreeceKevin Duffey
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
TRIPS & WIPO
TRIPS & WIPOTRIPS & WIPO
TRIPS & WIPOAbhinandan Kumar
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeDuncan Purves
 

Recomendados

Emerging internet trends that will shape the global economy
Emerging internet trends that will shape the global economyEmerging internet trends that will shape the global economy
Emerging internet trends that will shape the global economyWB_Research
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
Eiba 16.12.2017
Eiba 16.12.2017Eiba 16.12.2017
Eiba 16.12.2017Fabio Marazzi
 
Gdpr applies slides june 2019 [autosaved]
Gdpr applies slides june 2019 [autosaved]Gdpr applies slides june 2019 [autosaved]
Gdpr applies slides june 2019 [autosaved]Martin O'Dwyer
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in GreeceKevin Duffey
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
TRIPS & WIPO
TRIPS & WIPOTRIPS & WIPO
TRIPS & WIPOAbhinandan Kumar
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeDuncan Purves
 
Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementIoannis Krontiris
 
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...TokenEx
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview DunavNET
 
International business law ch. 17
International business law ch. 17International business law ch. 17
International business law ch. 17Frank Cavaliere
 
dcb1222 - Feature3
dcb1222 - Feature3dcb1222 - Feature3
dcb1222 - Feature3Julie Shennan
 
SMARTIE
SMARTIESMARTIE
SMARTIEDunavNET
 
Trips
TripsTrips
TripsMalla Reddy College of Pharmacy
 
Trips plus edited
Trips plus editedTrips plus edited
Trips plus editedAltacit Global
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabesegughana
 
TRIPS Agreement (Part-1)
TRIPS Agreement (Part-1)TRIPS Agreement (Part-1)
TRIPS Agreement (Part-1)A K DAS's | Law
 
Laws of interest to security professionals
Laws of interest to security professionalsLaws of interest to security professionals
Laws of interest to security professionalsShivani Gamit
 
Intellectual property in the wto and inter institutional cooperation
Intellectual property in the wto and inter institutional cooperationIntellectual property in the wto and inter institutional cooperation
Intellectual property in the wto and inter institutional cooperationSusan Isiko
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Trips
TripsTrips
TripsInstitute of Management in Kerala
 
Mobile Monday Brusselsmeeting220609
Mobile Monday Brusselsmeeting220609Mobile Monday Brusselsmeeting220609
Mobile Monday Brusselsmeeting220609Mobile Monday Brussels
 
Rin armenia icin 2020
Rin armenia icin 2020Rin armenia icin 2020
Rin armenia icin 2020Eduard Grasa
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoTFrancesca Giannoni-Crystal
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual propertiesWendy Lile
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Pierre-Jean Verrando
 
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...South Tyrol Free Software Conference
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Day 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfDay 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfSupport for Improvement in Governance and Management SIGMA
 

Mais conteúdo relacionado

Mais procurados

Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementIoannis Krontiris
 
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...TokenEx
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview DunavNET
 
International business law ch. 17
International business law ch. 17International business law ch. 17
International business law ch. 17Frank Cavaliere
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabesegughana
 
TRIPS Agreement (Part-1)
TRIPS Agreement (Part-1)TRIPS Agreement (Part-1)
TRIPS Agreement (Part-1)A K DAS's | Law
 
Laws of interest to security professionals
Laws of interest to security professionalsLaws of interest to security professionals
Laws of interest to security professionalsShivani Gamit
 
Intellectual property in the wto and inter institutional cooperation
Intellectual property in the wto and inter institutional cooperationIntellectual property in the wto and inter institutional cooperation
Intellectual property in the wto and inter institutional cooperationSusan Isiko
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Rin armenia icin 2020
Rin armenia icin 2020Rin armenia icin 2020
Rin armenia icin 2020Eduard Grasa
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual propertiesWendy Lile
 

Mais procurados (18)

Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data Management
 
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview
 
International business law ch. 17
International business law ch. 17International business law ch. 17
International business law ch. 17
 
dcb1222 - Feature3
dcb1222 - Feature3dcb1222 - Feature3
dcb1222 - Feature3
 
SMARTIE
SMARTIESMARTIE
SMARTIE
 
Trips
TripsTrips
Trips
 
Trips plus edited
Trips plus editedTrips plus edited
Trips plus edited
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 
TRIPS Agreement (Part-1)
TRIPS Agreement (Part-1)TRIPS Agreement (Part-1)
TRIPS Agreement (Part-1)
 
Laws of interest to security professionals
Laws of interest to security professionalsLaws of interest to security professionals
Laws of interest to security professionals
 
Intellectual property in the wto and inter institutional cooperation
Intellectual property in the wto and inter institutional cooperationIntellectual property in the wto and inter institutional cooperation
Intellectual property in the wto and inter institutional cooperation
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Trips
TripsTrips
Trips
 
Mobile Monday Brusselsmeeting220609
Mobile Monday Brusselsmeeting220609Mobile Monday Brusselsmeeting220609
Mobile Monday Brusselsmeeting220609
 
Rin armenia icin 2020
Rin armenia icin 2020Rin armenia icin 2020
Rin armenia icin 2020
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties"Innovations" of copyright and intellectual properties
"Innovations" of copyright and intellectual properties
 

Semelhante a Hacking tools-directive

Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Pierre-Jean Verrando
 
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...South Tyrol Free Software Conference
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Software Patents in Europe via caselaw of a Central Patent Court
Software Patents in Europe via caselaw of a Central Patent CourtSoftware Patents in Europe via caselaw of a Central Patent Court
Software Patents in Europe via caselaw of a Central Patent Courtzoobab
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet GovernanceKenny Huang Ph.D.
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summitElsa Prieto
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
Introduction to new technologies
Introduction to new technologiesIntroduction to new technologies
Introduction to new technologiesTracey Roberts
 
20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxtalhajann43
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)GrittyCC
 
EU Data Protection Regulation 26 June 2012
EU Data Protection Regulation 26 June 2012EU Data Protection Regulation 26 June 2012
EU Data Protection Regulation 26 June 2012Chris Marsden
 
Legal certainty as a tool for the spread of the internet of things
Legal certainty as a tool for the spread of the internet of thingsLegal certainty as a tool for the spread of the internet of things
Legal certainty as a tool for the spread of the internet of thingsGuido Noto La Diega
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
 
The potential impact of legislation on AI and Machine Learning (New Zealand f...
The potential impact of legislation on AI and Machine Learning (New Zealand f...The potential impact of legislation on AI and Machine Learning (New Zealand f...
The potential impact of legislation on AI and Machine Learning (New Zealand f...Daniil Ivshin
 

Semelhante a Hacking tools-directive (20)

Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
 
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
Day 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfDay 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdf
 
Software Patents in Europe via caselaw of a Central Patent Court
Software Patents in Europe via caselaw of a Central Patent CourtSoftware Patents in Europe via caselaw of a Central Patent Court
Software Patents in Europe via caselaw of a Central Patent Court
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
Introduction to new technologies
Introduction to new technologiesIntroduction to new technologies
Introduction to new technologies
 
20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)
 
EU Data Protection Regulation 26 June 2012
EU Data Protection Regulation 26 June 2012EU Data Protection Regulation 26 June 2012
EU Data Protection Regulation 26 June 2012
 
Legal certainty as a tool for the spread of the internet of things
Legal certainty as a tool for the spread of the internet of thingsLegal certainty as a tool for the spread of the internet of things
Legal certainty as a tool for the spread of the internet of things
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 
Gikii23 Marsden
Gikii23 MarsdenGikii23 Marsden
Gikii23 Marsden
 
The potential impact of legislation on AI and Machine Learning (New Zealand f...
The potential impact of legislation on AI and Machine Learning (New Zealand f...The potential impact of legislation on AI and Machine Learning (New Zealand f...
The potential impact of legislation on AI and Machine Learning (New Zealand f...
 
CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
 

Mais de zoobab

Stop Software Patents 25C3
Stop Software Patents 25C3Stop Software Patents 25C3
Stop Software Patents 25C3zoobab
 
Software authors lost their rights
Software authors lost their rightsSoftware authors lost their rights
Software authors lost their rightszoobab
 
Free700
Free700Free700
Free700zoobab
 
24 C3 Noooxml
24 C3 Noooxml24 C3 Noooxml
24 C3 Noooxmlzoobab
 
Software Patents v3.0
Software Patents v3.0Software Patents v3.0
Software Patents v3.0zoobab
 

Mais de zoobab (6)

Stop Software Patents 25C3
Stop Software Patents 25C3Stop Software Patents 25C3
Stop Software Patents 25C3
 
Software authors lost their rights
Software authors lost their rightsSoftware authors lost their rights
Software authors lost their rights
 
Free700
Free700Free700
Free700
 
Euepo
EuepoEuepo
Euepo
 
24 C3 Noooxml
24 C3 Noooxml24 C3 Noooxml
24 C3 Noooxml
 
Software Patents v3.0
Software Patents v3.0Software Patents v3.0
Software Patents v3.0
 

Último

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Último (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Hacking tools-directive

  • 1. Hacking Tools, a criminal offence? Benjamin Henrion (FFII.org), 22 Oct 2012
  • 2. About ● Foundation for a Free Information Infrastructure eV ● Active on many law related subjects: ■ ACTA ■ Software Patents directive, now Unitary Patent ■ IPRED1 (civil) and IPRED2 (criminal) ■ Data retention ■ Network of software companies and developers ● Personal ■ zoobab.com @zoobab ■ VoIP industry ■ HackerSpace.be ■ JTAG and reverse-engineering
  • 3. Proposed EU directive ● Judicial cooperation in criminal matters: combatting attacks against information systems (COD 2010/0273) ● Repealing Framework Decision JHA 2005 ● Lisbon treaty: new criminal competences for EU ● First reading, deal between Council and Parliament
  • 4. Parliament press release "The proposal also target tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences."
  • 5. EESC opinion "[...] it will include new elements: (a) It penalises the production, sale, procurement for use, import, distribution or otherwise making available of devices/tools used for committing the offences."
  • 6. Problems ● Tools are "neutral" ● "Hacking" tools have positive/negative use ● Intent: criteria for a judge ● Following this logic, knifes or hammers should be banned? ● Publication of exploits is a crime ● Level of security is lowered ● Exodus of security companies abroad, attackers from foreign countries are safe
  • 7. Amendment example - Final art7
  • 8. Amendment example - Final art8
  • 9. Amendment example - Art 8bis Responsabilité des fabriquants "Les États membres prennent les mesures nécessaires afin de garantir que les fabricants soient tenus pour pénalement responsables de la production, de la mise sur le marché, de la commercialisation, de l'exploitation, ou du défaut de sécurité suffisante, de produits et de systèmes qui sont défectueux ou qui présentent des faiblesses de sécurité avérées qui peuvent faciliter des cyberattaques ou la perte de données."
  • 10. German law of 2007 ● "Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution."
  • 12. Status of the proposed directive ● Deal in secret closed doors Tri-logue (EC, EP, CM) ● June 2012 ● Orientation vote in LIBE ● Blocked because of Schengen discussions ● Formality in LIBE ● Formality in Plenary?
  • 13. Status of the proposed directive ● Deal in secret closed doors Tri-logue (EC, EP, CM) ● June 2012 ● Orientation vote in LIBE ● Blocked because of Schengen discussions ● Formality in LIBE ● Formality in Plenary?
  • 14. Compromise deal ● Extracts ● "Intent" ● "Aiding abetting inciting" examples ● Still ambiguous ● "Minor act" not defined ● Liability for IT systems vendors gone ● Etc...