I find myself quite torn by this statement, because while I dont think hacking tools should be illegal, this is the exact same argument pro-gun people make, and i'm quite anti-gun (I'm from UK). Then again, in America drug paraphernalia is illegal but in the UK its not and i personally dont think you should be locked up for having a bong because theoretically you might only use it for tobacco.

Anyway, personally i'm quite adamant in the blanket statement that no software should be illegal.

You're not anti-gun. You're anti-'private gun ownership'. You're fine with the state employing guns. It's an important difference.

Bongs are legal in the US. You just can't advertise them for use with pot. They are sold as water pipes.

I am anti-gun, so while you may be right, you shouldn't presume you are about the person you're replying to.

I'm not a moron, I don't know if we could ever learn to live without armies/armed police, and I'm not calling for a drastic change such as "the UK should give up all armed forces", obviously it doesn't work that way.

But you have the same problems for private gun ownership - for example, how would you set about making it illegal in the US given how many people already own guns, it would be a crazily difficult task. However that doesn't stop people from being in favour of finding a way to do it.

There is a pretty easy philosophical workaround for your unease. Support banning doing things, not having things.

Pretty easy, and superficially appealing, but I find that there must surely be exceptions to a rule such as this. Nuclear weapons (and similarly, some chemical weapons) are the obvious special case.

Edit: reminded reading a comment below that child pr0n is another one that the general moral consensus has problems with (I refer to the 'consensus' not because I think it is always correct but simply as it provides cases worth thinking about), and also handling stolen goods (although this can be justified through property rights).

Seems kind of like the "Godwin's law" of rule of law. The fact of the matter is that we simply don't encounter these sorts of situations often enough for myself to understand using them as policy setters.

What about having things that can only be used for doing things that are banned?

Seems to me that in that case, banning owning this hypothetical something would be redundant. Just use the laws that already ban doing whatever it is that they are doing.

Of course, your milage may vary. I also support repealing intoxicated driving laws, since I reason that reckless driving laws already cover that sort of behavior. For reasons that I don't really understand myself, people tend to think I'm off my rocker there too ;)

Let's not compare gun control with software. They're not really the same thing at all.

More importantly, if security professional has never created any kind of malware he or she is probably pretty bad at infosec. The fields are just two sides of the same coin.

You are absolutely right it is the same argument for guns and it is correct for both.

Laws aren't going to affect hackers off in Romania and Russia and China and the NSA/CIA.

But studying the code and testing it is overwhelmingly the best, and likely essential way to understand how to protect against security threats.

Internet activity to a significant extent does not have national borders.

Mexico might be a good if rather simplistic "gun" analogy. Tons of illegal weapons flowing over from the U.S., arming drug runners and other criminals who are terrorizing (hmm, I suddenly realize the additional nuances that that word carries these days) the general population.

Back to computers: You can't make secure systems without having appropriate tools and research at your disposal. And we've yet to see any security effectively "legislated", especially world-wide.

So, make the jobs of those who are effective difficult or impossible -- or highly restricted and privileged through special sanctioning and/or the requirement of having very significant capital, investment, and influence -- while gaining no real security advantage. Yeah, that sounds like a good plan.

Lockpicking tools are illegal and yet locksmiths and companies that make locks are allowed to have them. That seems pretty directly analagous; I see no particular reason why we couldn't have licensed and bonded digital security experts/companies.

Bit of a nitpick (and I'm not sure where you live) but lock picks are generally legal in the US. In some areas however they become illegal if they can prove malicious intent.

That's all fine and good if you only take companies and security consultants into account, but I'm not sure it's 100% analogous. What about random hypothetical geeky teenager who wants to contribute security patches to an open source project? I don't think there's a lockpick equivalent to that.

There is an analogy: Locksporting. Groups like Toool and individuals across the world pick and design locks as a hobby, and have shown flaws in high-security designs like Medeco that were later corrected.

"A fondness for power is implanted, in most men, and it is natural to abuse it, when acquired." - Alexander Hamilton

Funny that that quote should come from Alexander Hamilton, who was a leader in the federalist movement to consolidate and centralize power in the US government.

Power tends to corrupt and absolute power corrupts absolutely - lord baron acton