The law could soon turn out to be a problem. Indeed, the USA have already voted many laws to regulate data processing over networks, and those laws are far too authoritative (even considered as fascist by some "fellow americans"), and such laws are about to be accepted in other countries.
In France, the LEN (Projet de Loi sur la Confiance dans l'Économie Numérique) [15, Projet de loi] could become a threat to security specialists and any IT jobs using tools that *could* be used to hack into a machine (this law is also a big problem for ISP : Internet Services Providers, but that's out of the scope of this report) [16, ODEBI] :
Art. 323-3-1. - Le fait, sans motif légitime, d'importer, de détenir, d'offrir, de céder ou de mettre à disposition un équipement, un instrument, un programme informatique ou toute donnée conçus ou spécialement adaptés pour commettre une ou plusieurs des infractions prévues par les articles 323-1 à 323-3 est puni des peines prévues respectivement pour l'infraction elle-même ou pour l'infraction la plus sévèrement réprimée.
It's obvious that if pen-tester aren't allowed to use their tools anymore, this job will die (as well as all the other IT security jobs), and in the case of France, that could destroy the french market.
All this is quite pessimistic, but politicians will have to realise sooner or later that laws should take care of seperating the good and evil use that can be made with those softwares, and that only the second category should be punished. But, IMHO, supressing one is suppressing the other because it becomes too complicated to make the difference between two uses, so those laws are idealistic and irrealistic in our world.