To some people, a balaclava-clad stranger outside a city bank may seem suspicious and perhaps particularly so to a police officer who'd be inclined to arrest - or at least ask questions of the person - about wearing such a provocative accessory in the vicinity of a bank. But ask an IT security vendor about such headwear and you'd probably get a simple explanation - the person's cold, or bald.
Without proof of a fiendish plot an arrest - or even questioning - is over-zealous.
On balaclavas, Check Point Software regional manager Peter Sandilands says they have a legitimate use, "they keep the head warm".
No surprises here. Under the draft Cybercrime Bill 2001 IT security vendors will soon become those balaclava-clad strangers as the legislation makes it illegal to possess hacker toolkits, scanners and virus code. These are 'tools of the trade' for security vendors and, as Sandilands points out, "they are going to have to arrest everyone with Unix and Windows", because network diagnostic tools such as Trace-route and Ping are "base level hacker tools".
He claims most testing tools used by administrators in a networked environment are used not for evil but for the common good.
I doubt if there are too many security vendors plotting diabolical scams to take over the world, but instead of fine-tuning this Draconian legislation, what does the government propose to do?
Yep, you guessed it, introduce licensing.
By accrediting IT security vendors, the Government can bump up revenues and argue there is a pressing need to set industry standards. Those wearing black hats can be thrown in the slammer leaving the good, clean and industrious white hats to maintain the new world order. But in the murky world of IT security, the scenery is invariably a misty grey, a shade of colour obviously too complex for bureaucrats drafting legislation. As the National Office for the Information Economy (NOIE) begins researching a policy paper on the introduction of licensing, industry pundits can contemplate the irony of the proposed bill which allows the Government to 'legally' hack anyone 'at will." Forget licences, warrants or any other form of accountability these guys have more access rights in our fair nation than Batman and you can bet they use these new found powers too.
Meanwhile, the corporates in Gotham City will be forced 'by law' to reveal passwords, keys, codes, cryptographic and steganographic methods used to protect information.
As Sandilands so succinctly points out: "Under the Westminster law our rights are only those the Government grants us, whereas those in the US are granted all rights unless the Government explicitly denies them or takes them away."