What is at issue is so-called hacking tools, and the problem arises because almost every hacking tool you can think of from perl to nmap is dual use — the good guys use it for good purposes, and the bad guys use it for bad. The bad guys are of course committing an offence, and the good guys are not … but the complexity surrounds “distribution”, if a good guy runs a website and a lot of bad people download the tool from it, has the good guy committed an offence?