Back on topic for the evening... I like to keep a keen eye on security matters in my region and have many elves scouring the news mines for data security tidbits at all times. One such elf just forwarded an interesting story to me. I say elf, but that's just to cover up the fact that it was sent over by Walt Conway, who lives in San Francisco. Really, I'm still hibernating.
Back to the story then. Apparently UK government are going to ban possession of 'hacker tools'. Hmm... Alarm bells.
Issue 1: Who decides what is a hacker tool and what is a legitimate security testing tool?
Issue 2: How do you ban them?
Issue 3: When all the law-abiding sysadmins and support guys give up their vulnerability assessment tools, who will then find the vulnerabilities?
It's another case of legislating against the wrong thing. The bad guys are already bad. Making another law to say they are bad isn't going to make them give up the badness and suddenly want to be good.
I think this is a panicked governmental department trying to look as though they are taking action. There is also more front page news today of large data losses in the UK government. The story is now so common in the papers that people are going from being outraged to taking it for granted.
It seems like a reaction to a problem rather than a solution, which is largely politically motivated rather than thought through. For all the debating that goes on in Parliament, it seems that no actual education or information is sought before jumping to conclusions which seem to make the government look good.
I'm not going to get into my views on politicians and the media as I've decided to make 2008 a happy year, but needless to say, I'm not that impressed.