Germany Declares Hacking Tools Illegal

dubbelj writes "Germany has updated their computer crime law to declare 'hacking tools' illegal. This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]). Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal.' We discussed a similar measure in January when Australia considered the same kind of legislation. How will this affect Linux distribution in Germany, as most standard Linux distributions come with these kind of 'hacking tools' installed by default?"

man ping

ping - a hacker tool used for detecting computers connected to the internet for the purpose of breaking in to them

Re:man ping

[blowdart]

Better than that;

Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten

Because of XSS that has just made all browsers illegal. Microsoft, Opera and Mozilla must report for prosecution.

Re:man ping

[MightyMartian]

Hah! I have Firefox and Internet Explorer, to determine if a webserver is running on a computer. I have telnet to test if any TCP ports are open on any host.

Re:man ping

[maxwell+demon]

I've got eyes which I could use to look at someone typing a password. I hope I'll not be forced to disable them! :-)

Re:man ping

How can the first post be Redundant? Anyways, the poster has a point, a hacker makes use of many standard tools.

Re:man ping

[2Paranoid]

When will law makers figure out that it is what you do with the tool that should be illegal, not the tool itself? Otherwise knives and cars should be illegal, because both have been used to kill.

Re:man ping

[rastos1]

Did you manufacture/install/spread them?

Re:man ping

[ACE209]

Don't think so.
But his parents are in serious troubles now.

Re:man ping

[zolaar]

Oh, you will. But don't worry.

They provide patches that'll do that for you...

::recommends the veal::

Re:man ping

[jafac]

This really IS the modern-day equivalent of "if your eye offends thee, pluck it out."

Re:man ping

[Master+of+Transhuman]

Browsers facilitate "Google hacking"!

In fact, so does TCP/IP!

So do Cisco routers!

No more Internet!

Problem Solved

[Blahbooboo3]

Great! Well, problem solved. We can all stop patching our servers and running firewalls now! Yippee!! :D

Re:Problem Solved

Well, we all know Linux IS a hacker tool

Re:Problem Solved

[Daravon]

"Mission Accomplished!"

I keed.

Re:Problem Solved

[garry_g]

Well, according to German politicians and security "experts", voting machines are secure, too --- because tampering with them is illegal and forbidden!

Any questions?

Sometimes I wonder if politicians are descendants from a certain Golgafrincham space ship's inhabitants ...

Re:Problem Solved

[bemenaker]

And what exactly does this solve?

Re:Problem Solved

[sparetiredesire]

Another great example of politicians making laws about things they know little of.

Re:Problem Solved

[soapy2000]

Well, they definately sh/would have been on the 'B' ark.

Re:Problem Solved

[diabloblue(12345)]

If your son has requested a new "processor" from a company called "AMD", this is genuine cause for alarm. AMD is a third-world based company who make inferior, "knock-off" copies of American processor chips. They use child labor extensively in their third world sweatshops, and they deliberately disable the security features that American processor makers, such as Intel, use to prevent hacking. AMD chips are never sold in stores, and you will most likely be told that you have to order them from internet sites. Do not buy this chip! This is one request that you must refuse your son, if you are to have any hope of raising him well.

That's possibly the best advice I've ever heard, well, besides:

BSD, Lunix, Debian and Mandrake are all versions of an illegal hacker operation system, invented by a Soviet computer hacker named Linyos Torovoltos, before the Russians lost the Cold War. It is based on a program called "xenix", which was written by Microsoft for the US government. These programs are used by hackers to break into other people's computer systems to steal credit card numbers. They may also be used to break into people's stereos to steal their music, using the "mp3" program. Torovoltos is a notorious hacker, responsible for writing many hacker programs, such as "telnet", which is used by hackers to connect to machines on the internet without using a telephone. Your son may try to install "lunix" on your hard drive. If he is careful, you may not notice its presence, however, lunix is a capricious beast, and if handled incorrectly, your son may damage your computer, and even break it completely by deleting Windows, at which point you will have to have your computer repaired by a professional. If you see the word "LILO" during your windows startup (just after you turn the machine on), your son has installed lunix. In order to get rid of it, you will have to send your computer back to the manufacturer, and have them fit a new hard drive. Lunix is extremely dangerous software, and cannot be removed without destroying part of your hard disk surface.

My God; Genius!!!

Hard to read.

[Beer_Smurf]

German is going to be even harder to read without space bars.

Re:Hard to read.

[__aaclcg7560]

If they close down all the "space bars", they don't have to worry about aliens, weird languages and hacking tools.

Re:Hard to read.

You have obviously never studied German. They hardly even use spaces. One famous example is: Donaudampfschiffahrtselektrizitätenhauptbetriebswe rkbauunterbeamtengesellschaft (0x20 inserted by Slashdot code) for "association for subordinate officials of the head office management of the Danube steamboat electrical services."

Re:Hard to read.

See, I *knew* there was a reason they have so much scheiße-porn in Germany... they've gone nuts from reading all those long words!

Re:Hard to read.

[An+ominous+Cow+art]

Good riddance to 'em. They always make me leave my 'droids outside.

Re:Hard to read.

[lostlyre]

Clearly, you fail to realize that Germans have already removed their space bars. Surely you've used Rindfleischetikettierungsüberwachungsaufgabenübert ragungsgesetz when talking about cattle marking and beef labelling supervision duties delegation law, or read about the Donaudampfschiffahrtselektrizitätenhauptbetriebswe rkbauunterbeamtengesellschaft.

Who is ...

[BosstonesOwn]

Default and why is he installing hacking tools in Linux distro's ?

On a serious note doesn't this basically make watching dvds on a linux computer illegal as well ? Sounds to me like this can be wide open for abuse much like our beloved DMCA.

Can't RTFA since the laws are in German.

Re:Who is ...

[u-bend]

>Who is Default?
If you don't know, default is your own.

Re:Who is ...

[iluvcapra]

Can't RTFA since the laws are in German

If they were in English would it really make a difference ;).

Re:Who is ...

[BosstonesOwn]

Probably not , since after all this is slashdot and we all know no one RTFA.

Re:Who is ...

Don't know what it's like wherever you live, but here in Germany NOBODY can read any laws.
They are write-only, almost like Perl.

Re:Who is ...

>Who is Default?
If you don't know, default is your own.

Ah, but is it an intelligent default?

Lock Hacking

[TheLazySci-FiAuthor]

How are hacking tools really different from locksmith's tools?

I certainly have found a locksmith to be very useful in very legal ways - but then again, I'm the kind of person who has key problems ;)

Re:Lock Hacking

[morgan_greywolf]

Yes, actually. Hacking tools like nmap, ethereal, dictionary crackers (i.e., cracklib), etc. are absolutely necessary in securing a network. There is no way I could lock down a network without scanning to see what ports are open or determine the security of traffic on a network without a packet sniffer. Heck, packet sniffers are useful in determining problems in misbehaving networked applications. How could I check the security of my users' passwords without a dictionary cracker?

Hacking tools are more like guns: make them illegal and only the criminals will have them.

Re:Lock Hacking

[ushering05401]

Last time I looked into it numerous U.S. states required certification before you could legally be in possesion of certain types of locksmithing tools. These certs were incrediblly easy to obtain (basically cash and a short course), making the whole thing look like yet another set of rules designed to increase cash flow for an industry.

From the N.C. statute:

" 74F-2. Purpose.
Locksmiths have the knowledge and tools to bypass or neutralize security devices in
vehicles, homes, and businesses. The laws of this State do not protect citizens from the
unscrupulous use and abuse of this knowledge and these tools by persons who are
untrained or have criminal intent. Therefore, the licensing of locksmiths is necessary to
protect public health, safety, and welfare."

Regards.

Re:Lock Hacking

[Hatta]

How are hacking tools really different from locksmith's tools?

Not at all. If you are against the prohibition of network security analysis tools you must also be against the prohibition of locksmithing tools.

Re:Lock Hacking

I have used ethereal for debugging. It sure is nice to read that SOAP packet right of the web and see what it contains (especially if it doesn't contain what it should ...).

Re:Lock Hacking

[X10]

Hacking tools are more like guns: make them illegal and only the criminals will have them.

That is sooooo untrue. In countries where guns are illegal, criminals don't use guns very often. In countries where guns are legal, deranged college students use them to kill their fellow students.
If you pick a metaphore, pick one that works.

Re:Lock Hacking

[GustoGaiden]

'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data' Its still fine for you to use tools on your own system to secure it. A locksmith is an authorized user after all. It sounds like it's just going to become harder to get your hands on a good set of lockpicks. I'm not sure if this is going to hurt anyone but admins.

Re:Lock Hacking

Hacking tools are more like guns: make them illegal and only the criminals will have them.

Of course. If hacking tools are illegal, then possessing them would make you a criminal.

Re:Lock Hacking

[Rakishi]

Uhm, can you comprehend basic english or not?
He is perfectly right, by definition if you make guns illegal the only people who own guns would be criminals (and law enforcement but then its not a total ban on guns). There may be many or a few of them but by definition his statement holds true.

Anyway in some of those places they use knives instead and kill more people than they did when they had guns. After all, why would they bother with a gun when they know their victim doesn't have one? Not only is the knife perfectly legal unlike a gun (convicted criminals can't legally own guns in most if not all of the US) but in a knife fight the criminal is probably much better off than in a gun fight. Remember that criminals are in better shape, younger, less prone to fear and are free to train with knives as much as they want (unlike guns which they can't train much with) compared to their victims.

In other places they all use guns since the main source of crime is gangs and they escalate the weapons used accordingly (their "victims" have guns in that case). Washington, DC bans almost all guns and there are tons of shootings there, the highest murder rate in the US by far actually.

In countries where guns are legal, deranged college students use them to kill their fellow students. Bringing guns onto the VT campus was/is illegal. As a result the only persons who had guns there were law enforcement and the deranged college student. Interestingly enough there is one case where a different deranged college student was shot dead by other students before he could do much damage.

So please heed your own advice and don't use statements that don't work.

Re:Lock Hacking

[ravenshrike]

Apparently Mexico, Russia, Estonia, South Africa, and Zimbabwe no longer qualify as countries

Re:Lock Hacking

[broeman]

It is an old story that lacks proof. I live in Denmark (No. 3 peaceful country), where we actually don't have many restrictions on buying guns (basically you have to be 18 years of age and go to a police station and get a gun permit), but there are some limits to types of weapons to buy. Hunters are pretty common in most OECD countries, and mostly only the US have larger issues with criminal gun use. Guns doesn't commit crime, people do.

I don't know how strict the weapon-law is in Germany (I have read about one year checkup), but they also have a share of school shootings.

Re:Lock Hacking

[linux_geek_germany]

> Hacking tools are more like guns: make them illegal and only the criminals will have them. Probably a significant majority of German politicians will not have a problem with that...

Re:Lock Hacking

[sheph]

Yes, this was exactly my thought as well. I think it makes much more sense to allow everyone to learn from these tools, and then tighten their security accordingly. Making these tools illegal actually gives the advantage to individuals who have little interest in obeying the law in the first place. Way to go Germany. First Hiter, now this .... WTF????

Re:Lock Hacking

I just got a job two weeks ago as the sysadmin for a bunch of linux servers, which happen to be used by a nuclear physics research group. Halfway decent machines with a decent amount of power. They've got weird configurations which, of course, are undocumented. Part of my job is to document how to use/fix the things they're using now. Second day on the job and there were massive network logon errors, and my boss was in another country, leaving me with no one to turn to.

Thankfully, years of screwing with packet sniffers and similar hacking tools in high school left me with enough experience to fire up tetheral and diagnose and fix the problem in a matter of minutes. And yes, of COURSE I was using them legitimately back then.... I SWEAR! ;)

The next day when my boss came back and heard that there had been logon problems, he literally ran to find me to suggest a way to maybe see if a service was running. I told him I fixed it, and mentioned roughly how. He looked at me funny for a moment, got a grin on his face, and said that he's "so glad to hire me."

Hacking tools illegal? I wouldn't have been able to fix this particular problem. Hacking tools only for licensed or otherwise privlidged people? I wouldn't have known how to apply them.

Re:Lock Hacking

[isorox]

Hacking tools are more like guns: make them illegal and only the criminals will have them.

No, they're more like screwdrivers. There are valid arguments against allowing ownership of guns (whether we agree or not is a moot point). Nobody in their right mind would try and ban screwdrivers.

Re:Lock Hacking

[rlp]

Hacking tools are more like guns: make them illegal and only the criminals will have them.

True, but not an effective argument to make to a European government.

Re:Lock Hacking

[maxwell+demon]

They don't want you to secure your network. If your network is secure, then how would they introduce the "federal trojan" into your computers?

Re:Lock Hacking

[un1xl0ser]

How could I check the security of my users' passwords without a dictionary cracker? 1) Set a strong password strength policy.
2) Set a 6 maximum age for all passwords.
3) Set sooner expirations in a phased roll-out to rotate passwords.
4) Enjoy.

It works, and it scales.

Re:Lock Hacking

[inviolet]

Hacking tools are more like guns: make them illegal and only the criminals will have them.

The parallel doesn't end there.

After the end of the Civil War, southern states passed gun-control laws that made it illegal to carry guns, or sometimes even to own them. These laws had to be written in general terms: the North would not countenance* a law written specifically to disarm blacks. But the local legislatures and the police understood that they were to be enforced only against blacks. Or perhaps the law was written to allow the sheriff 'discretion' in issuing permits to private citizens carry a gun, which meant the sheriff could simply choose to issue permits only to whites.

Later, the 'understanding' was forgotten, and now those laws are applied to all of us.

Sysadmins in Germany are now like the whites (white-hats?) after the Civil War: they expect to be overlooked by the enforcers, but how many years will it take for that understanding to be forgotten?

And another thing. Police love it when people accept a "It's understood that we good guys are going to break the law, because the law was written overbroad" law. Like speed limits. They love it because the policeman's only power is to crack down on lawbreakers... and oh what fun it is when the good guys -- once arrogantly immune to the policeman's intimidations -- are now required to break the law, and to place themselves on the defensive, in their normal course of business.

*My isn't it an addictive rush, feeling virtuous at someone else's expense.

Re:Lock Hacking

[compro01]

Probably a significant majority of politicians will not have a problem with that...

fixed that.

Re:Lock Hacking

[CastrTroy]

Set the password strength policy too strong, and make them change it too frequently and the following will happen

1. Dictionary attacks become easy because it's easy to guess how users will pick passwords to conform to "rules". For instance, if it must have 1 symbol, and 1 letter, then you can bet that those characters will be at the end or the beginning of the password. Also, if the minimum length is 8 characters, then you can bet that most passwords will be exactly 8 characters.
2. Users will forget their passwords
3. Users will write their password down on a post-it beside their monitor so they don't forget it.

Re:Lock Hacking

[Greyfox]

Yup, if one of those professors or even another student had been carrying a gun the massacre could have been stopped much earlier. People think the police are there to protect you but that is not the case. The police are there to clean up and figure out what happened after a crime takes place. There is no way they can protect all citizens, even in the police state that we're moving toward. Your safety is your responsibility.

Re:Lock Hacking

[un1xl0ser]

First off, don't make it too strong of a policy.

1. Online dictionary attacks are highly detectable. I'd prefer not to use any platform that would easily allow for an offline dictionary attack (i.e. kerberos 4, kerberos 5 w/o pre-auth, unix passwd file w/o separate shadow, plain ldap). Even with a dictionary that favors this kind of behavior, it will still take a LONG time if you requre 8 char passwords.
2. Not if they use it often.
3. At least it isn't posted on the internet. That should be against the security policy.

Re:Lock Hacking

[Asmandeus]

Yeah well, not everyone is a hardened, sharpshooting, ex-military badass. Welcome to reality.

Just because someone might of had a gun during that whole ordeal doesn't mean that they would of gotten the chance to use it OR even had the experience to use it in a positive manner. It's possible the whole situation would of been exacerbated for many reasons, including now you have two (or more) people in a building under extreme amounts of duress with the means to kill other people.

Re:Lock Hacking

[multipartmixed]

Screwdrivers were banned in America in the 1920s.

For that matter, so were Rusty Nails.

Re:Lock Hacking

>That is sooooo untrue. In countries where guns are illegal, criminals don't use guns very often. In countries where guns are legal, deranged college students use them to kill their fellow students.

Canada isn't a country anymore then?

In fact, lets look up "canada shooting" in news.google.ca. Oh look, another story, totally unrelated, posted 7 hours ago. Canada's gun laws really do work! Obviously it's just a misprint by the thousands of newspapers covering these stories. And 12 hours ago, ya, another misprint. And 22 hours ago. What's up with the news here, they can't report anything right!

These are all unrelated stories. As a country like the USA has ten times the population, and therefore for the same crime rate ten times the same number of crimes, I expect I should see much more than one story posted per hour if I look up "USA shooting", right? But I don't, I find the number to be less. Why is that, if you are correct? Perhaps more misprints. It's an epidemic, I tells ya!

Re:Lock Hacking

[UncleTogie]

It's possible the whole situation would of been exacerbated for many reasons, including now you have two (or more) people in a building under extreme amounts of duress with the means to kill other people.
Correction: You had LOTS of people in that building able to kill people. The problem was that none of them realized it. Don't assume that a firearm is the only way to kill another human.

Re:Lock Hacking

[Torvaun]

You forgot one.
5) Wander around the cubicles stealing the Post-It notes off their desk.

Re:Lock Hacking

[Asmandeus]

Or 9/11 could of been thwarted if people rushed the terrorists on the planes, etc.

People are quite feeble, much more than you might think. Just because someone has the ability to kill doesn't mean they'll make usage of it. Unfortunately this is fact, otherwise things would be just like Hollywood movies or video games.

Re:Lock Hacking

[BobDigiDigi]

Hacking tools are more like guns: make them illegal and only the criminals will have them.
Actually, guns are illegal in Germany and I'm sure that there are fewer criminals with guns per cop than in the USA.
Problem with hacking tools still is, there's no police in the internet =)

Re:Lock Hacking

[morgan_greywolf]

How do you think password strength policies work? On Linux, for example, cracklib is actually used to test the password against a known dictionary.

Re:Lock Hacking

[Eccles]

And another thing. Police love it when people accept a "It's understood that we good guys are going to break the law, because the law was written overbroad" law. Like speed limits. They love it because the policeman's only power is to crack down on lawbreakers... and oh what fun it is when the good guys -- once arrogantly immune to the policeman's intimidations -- are now required to break the law, and to place themselves on the defensive, in their normal course of business.

It's more than that, it's a tool they can use on those they "know" are guilty, but don't think they can prove to a jury's satisfaction. Just charge the person with the kitchen sink, and then you've got a better basis for forcing a plea bargain, and the case can be closed. "If they were innocent, they wouldn't be suspects."

Re:Lock Hacking

[Rakishi]

During 9/11 they didn't rush the terrorists because given their information it would have been beyond stupid. Pre 9/11 hijackers didn't fly planes into building, doing as the hijackers wanted would have saved more lives than a suicidal attempt to retake control.

As one of the planes showed, once people knew of what the hijackers wanted they were perfectly capable of rushing them.

Re:Lock Hacking

[Rakishi]

Not everyone is an utter spineless wimp incapable of getting adrenaline into their system without an injection. In the VT shooting a number of people sacrificed their own lives so that other could escape, they acted as human shields to hold door closed. Welcome to reality where a lot of people have a backbone, unlike you apparently.

If you have a gun for self defense than you likely know how to use it, classes exist and in a number of places they are free (given by the police). Gun ranges exist.

Re:Lock Hacking

[un1xl0ser]

Defining character classes and allowing at least a certain number of them. Examples would be uppercase, lowercase, symbols, digits. You can also restrict order, can't end with a digit, et cetera. Dictionary lookups at creation can also help.

Re:Lock Hacking

[YrWrstNtmr]

Just because someone might of had a gun during that whole ordeal doesn't mean that they would of gotten the chance to use it OR even had the experience to use it in a positive manner.

Being a 'gun-free' zone, the students and faculty at Virginia Tech had zero chance. I'll take 'maybe a chance' over 'zero chance' anytime.

including now you have two (or more) people in a building under extreme amounts of duress with the means to kill other people.

But only one with the intent to do so.

Re:Lock Hacking

[blazematrix]

> Hacking tools are more like guns: make them illegal and only the criminals will have them.

Remember our governments are letting you use a networking system, internet, etc!

We buy the chains that will hold us down.

BM

Re:Lock Hacking

[blazematrix]

> Patriotism is akin to racism. Good quote! An example of double think. BM

Re:Lock Hacking

[PDAllen]

I'd guess this is essentially where the law in question comes from. If you go around (in the UK) carrying that sort of thing, then you can be picked up and done for going equipped. Obviously a (proper) locksmith is allowed to, but they are also supposed to be registered.

I suspect the Germans have simply thought, well we already have a law against wandering around carrying a slimjim and a lockpick, why not extend it to computers. Unfortunately they haven't thought about the fact that making houses secure is pretty easy (good locks and a burglar alarm) and you don't really need to check it, while making a network secure is not so easy and it is a great help to be able to check by trying to hack in to your own network and stopping any holes you find that way.

Re:Lock Hacking

[EPDM]

> Hacking tools are more like guns: make them illegal and only the criminals will have them.

That's the plan, isn't it. Make them illegal for everybody else but let the happy few (read: rich few) live in the grey zone (and allow them to use it at their will).

This used to be called "Big Brother". The problem is that Big Brother is a small bunch of corrupt rich bastards filling their pockets as much as possible as fast as possible (usually they have a 4 year plan called "Legislative Term Limit")

And apparantly the same bastards rule both in the US and in Europe. We're ALL doomed.

Cheers

Re:Lock Hacking

[stonedcat]

So... what you're saying is that hacking tools are responsible for guns?

Re:Lock Hacking

Hacking tools are more like guns: make them illegal and only the criminals will have them. Yeah, I sometimes shoot myself to find my vulnerabilities. There is no way I could secure myself without a gun.

Re:Lock Hacking

[robot_lords_of_tokyo]

Actually guns aren't illegal in germany, ownership is simply more controlled.

I agree with your second point even though gun deaths are increasing, that is, more criminals are getting guns into their hands despite the legislation that should be making it much more difficult to privately own a gun. In the USA, I believe the criminals with guns per cop ratio has been dropping lately, whereas here (Germany, would guess the same for the rest of the EU) the trend is an increase to that ratio.

Bad legislation gets bad results. This is pretty shitty legislation which will just lead to another huge sinkhole of already stretched government coffers. And when the government mismanages its finances, they just dip in the deep reserves, which just so happen to be my pockets. Regardless of the analogy that is used, this will end up being expensive legislation which will completely fail in its aims.

Re:Lock Hacking

[UncleTogie]

People are quite feeble, much more than you might think. Just because someone has the ability to kill doesn't mean they'll make usage of it. Unfortunately this is fact, otherwise things would be just like Hollywood movies or video games.

Here, let me correct that for you:

People CAN be quite feeble, much fewer than I think. Just because people have the ability to kill doesn't mean they'll choose to make use of it. However, this is my opinion, which means things would be just like I expect them to be.

I'm 130 lbs, 6 tall, and have won fights with guys twice my mass, especially if I'm fighting for something important {and it usually HAS to be if I'm fighting} and I LOVE when they mistake me for "feeble". Honestly, if you want the Sheeple to stop being wusses, then lead by example. It works.

It never ceases to amaze me; it seems that many of the most vocal critics never seem to want to pitch in as much as they think WE should.

Re:Lock Hacking

[empeg]

Greyfox writes:Yup, if one of those professors or even another student had been carrying a gun the massacre could have been stopped much earlier.

Yup. Or one of those professors or even another student could have gone on a rampage and done the same thing for entirely different reasons... but no, I am sure that student was the only guy on the campus at the time who had "issues". Sorry, but watching from Australia, the whole gun-control debate in the US is a farce. You only have to look at the firearm fatality rates per capita of western countries to realise the US is massively out of whack. I know its OT but debates like this are a joke...

Re:Lock Hacking

[X10]

Bringing guns onto the VT campus was/is illegal
That is not my point. It doesn't help to make guns illegal on campus if it's easy to bring one to the campus. This deranged student isn't going to care if it's illegal or not. Fact is, he can get hold of a gun fairly easily.

In Holland, guns are illegal for everybody except law enforcement and the military. Guards don't carry guns. Permits for huntin rifles are extremely hard to get. Sports guns can be only small caliber, and are extremely hard to get a permit for. Of course, there's shootings. Criminals shoot each other, happened a couple of times in the last few years. If you really want to have a gun and you are ready to pay big money, you can. But it's not easy. I don't have the statistics at hand, but some time ago I found statistics that the number of murders in the use per capita is 20 times higher than in Holland.

But maybe the person from Denmark is right. Maybe there's no cause-effect relation between law and murders. Maybe there's other reasons why the number of murders is so much higher in some countries than in others.

X10 - who'd rather carry a switchblade

Re:Lock Hacking

[Rakishi]

That's a social issues, you can give every person in Japan an AK-47 for example and you wouldn't have too many new murders. You can remove every gun from a crime ridden inner city area and they'll either stab each other, import guns, make guns, blow each other up or use one of the many other ways of offing themselves.

That is not my point. It doesn't help to make guns illegal on campus if it's easy to bring one to the campus. This deranged student isn't going to care if it's illegal or not. Fact is, he can get hold of a gun fairly easily. It's impossible to truly ban guns in the US as gangs would make sure a supply exists. Mexican drug cartels would be all to happy to send some guns up north along with the drugs and illegal immigrants. Furthermore explosives can still be made and they have caused larger death tolls than guns.

Maybe there's no cause-effect relation between law and murders. There isn't as the UK, Australia, Canada and many US cities have banned guns only to see no effect on crime if lucky (in a number of cases there was an increase in crime). Like I said, in the UK they simply switched to knives.

Re:Lock Hacking

[DrugCheese]

Push that shit back in your ass please.

Why don't you take a look at gun statistics. Tough gun laws only disarm innocent civilians from protecting themselves. Ie WashingTon D.C., some of the toughest gun laws in this country, some of the worst gun crime.

Did you hear about that deranged killer who killed all those innocent people in Switzerland? Strange neither did I ...

Don't forget the worst school killing in American history was done with TNT. And the worst school killing in Great Britian was done with a knife.

Oh, and allied forces seized all the guns in Iraq back in 2003. Good thing we did that or we might of had some soldiers killed over there.

Re:Lock Hacking

[TheVelvetFlamebait]

I live in Australia. We have fairly restrictive gun control, and consequently we have very low gun crime. It keeps the potential criminals honest. Sure, some criminals do have handguns, but that's all they can really get. Anything bigger becomes harder to conceal. Plus, the community mostly supports gun control, so if one is seen on someone who isn't police/security, the police are often called. In other words, it's very hard to get and keep a gun here.

Compare with VT. Sure, guns weren't allowed on campus. That doesn't really do anything. The hardest parts of a gun crime have already been bypassed, and that is getting an automatic gun and being able to transport it to the place where you intend to commit the crime. The person is completely legal holding the automatic one step outside the campus. The easiest part is where you step onto campus and pull the trigger.

Re:Lock Hacking

[Rakishi]

I live in Australia. We have fairly restrictive gun control, and consequently we have very low gun crime. ...joy, so are you one of those insane people who doesn't care what the homicide rate as long as it's not guns doing the killing? Because that is what your statement seems to imply and I don't see what else it could possibly mean rationally. It doesn't matter if someone is stabbed, shot, hanged or set on fire to death as in the end they're all just as dead.

Also mass killing are so rare in the developed world that they're only important to those people who are so media crazed as to be nearly brain dead which I must admit is most of the developed world. Not to mention that some of the most memorable mass killing in the US (and the world as a whole, look at the middle east) were not done at once or were done using explosives.

Sure, some criminals do have handguns, but that's all they can really get. With the possible exception of RPGs: http://www.theaustralian.news.com.au/story/0,20867 ,20707130-5001561,00.html

Anything bigger becomes harder to conceal. In VT two handguns were perfectly capable of killing many people. Handguns are more dangerous because they can be concealed, larger weapons aren't a big problems unless you have gang wars that resemble small wars (ie: Mexico).

The person is completely legal holding the automatic one step outside the campus. Automatic? He used two perfectly normal semi-automatic handguns save for using extra large magazines:
http://en.wikipedia.org/wiki/Walther_P22
http://en.wikipedia.org/wiki/Glock_19

It's odd how people keep wanting to ban all these weapons because of the VT shooting which were not at all involved in it.

Re:Lock Hacking

[rtb61]

Technically speaking hacking tools are basically software code, so in reality a software coder is the hacking tool, as the hacking tool can be created on the fly with out being stored to the drive.

So is Germany going back into the concentration camp business and all of those nasty software coders, all of whom are potential hacking tool creators, will be interned and work under the close supervision of duly indoctrinated non-coding staff equipped with suitably shiny protective footwear, eww, sucks to be a German coder in Germany :(.

Realistically the only way it can be done is a specific piece of software must be registered and identified as a 'cracking' tool and publicly listed as such, otherwise how is the typical ignorant end user going to know what is or is not a cracking tool i.e. will you have committed a criminal offence if your computer gets infested by a trojan client as it is the hacking tool, so not only will you lose all your data, and your bank account details but you will pay a large fine and go to jail to boot, jackboot of course (in fact guilty until proven innocent).

Re:Lock Hacking

[rtb61]

Not to be picky, but statistically speaking those countries with strict gun control laws have low homicide rates, so yeah much joy all around for strict gun control and shit loads of misery for no gun control as a result of all the gun related homicides, resulting from a momentary flash of temper or inebriation and ready access to weapons where 'running away' provides no defence.

The stupidest statement in the world is to say a law should be cancelled because some people break it, no, that is the reason the law is there, so when they get caught with illegal weapons they get prosecuted and convicted and the weapon is removed from the streets where it is a threat. Hand guns, their only design function is a readily portable and concealable means of killing people.

Don't let us in Australia stop you, you can keep yours guns and your body count, but don't try to convince us to follow you. Did you know that in South Australia, swords, nunchucks, shuriken, daggers, switch blades, truncheons, brass knuckles etc. are also illegal with out a permit, do I feel unsafe as a result, no, does it have a benefit, yes, it tends to reduce the bodily harm when a bunch of drunken teenagers go violently stupid.

Forget the stupid American politics, laws do not stop people committing crimes they just penalise them when they do and remove them from the streets if necessary, so that they are not in a position to repeat the offence.

Re:Lock Hacking

[rohan972]

Sorry, but watching from Australia, the whole gun-control debate in the US is a farce.

Really? According to this article at the Sydney Morning Herald it seems to be that gun-control laws are the farce:
"Homicide patterns (firearm and non-firearm) were not influenced by the NFA, the conclusion being that the gun buyback and restrictive legislative changes had no influence on firearm homicide in Australia,"

You only have to look at the firearm fatality rates per capita of western countries to realise the US is massively out of whack.

And yet Canada and Switzerland have a high rate of gun ownership (including automatic military weapons in Switzerland) but not the murder rate of the US, so it would be logical to think that the US murder rate is affected by other issues. In addition to that, any review of gun deaths to determine the effects of gun control really should take into account deaths of civilians at the hands of the government, not just civilian murders. Approximately 100 million in the last hundred years by various despots. Regardless of gun laws, no western country is experiencing or ever seems likely to experience the level of civilian criminal activity necessary to compete with despots for death rates, and the surest prevention of despotism is an armed citizenry.

Re:Lock Hacking

[Rakishi]

Not to be picky, but statistically speaking those countries with strict gun control laws have low homicide rates Please do provide those statistics since I always thought Norway, Finland and Switzerland were such peaceful nations. After England instituted very strict gun control laws there was no real change in homicides.

Also as a statistician I can't help but laugh at you using the term "statistically" given that by your logic you can argue than the air force should always fly bombing mission against heavy enemy numbers as in WW2 there was a very strong correlation between bombing success rates and enemies in the air (hint: both were due to cloud cover).

so yeah much joy all around for strict gun control and shit loads of misery for no gun control as a result of all the gun related homicides, resulting from a momentary flash of temper or inebriation and ready access to weapons where 'running away' provides no defence. Yes I'll take tat small number of incidents over living in constant fears of criminals who know there is no one to stop them. I enjoy not having my house constantly burglarized which is what happens in England for example.

The stupidest statement in the world is to say a law should be cancelled because some people break it, no, that is the reason the law is there, so when they get caught with illegal weapons they get prosecuted and convicted and the weapon is removed from the streets where it is a threat. The police won't get all the guns and in many areas they can't get even a sizable chunk of them (heavy crime areas).

Hand guns, their only design function is a readily portable and concealable means of killing people. Your point? I enjoy living in a country where it is not only legal for someone to defend themselves if attacked but where people have the means to do so. The police are not there and have no obligation to keep you save or save your ass if you get attacked.

Don't let us in Australia stop you, you can keep yours guns and your body count, but don't try to convince us to follow you. Your point, the crime rate in Australia has very little to do with your gun control laws. It's mostly a social issue. The US has a high crime rate due to the war on drugs and high poverty in certain areas.

Did you know that in South Australia, swords, nunchucks, shuriken, daggers, switch blades, truncheons, brass knuckles etc. are also illegal with out a permit, do I feel unsafe as a result, no, does it have a benefit, yes, it tends to reduce the bodily harm when a bunch of drunken teenagers go violently stupid. Good point, they'll just use a metal pipe or baseball bat instead now. Maybe a cooking knife or brick.

Forget the stupid American politics, laws do not stop people committing crimes they just penalise them when they do and remove them from the streets if necessary, so that they are not in a position to repeat the offence. The US has more people in prison, percentage wise, than almost every other fucking nation in the world. It does jack shit for the crime rate and we can't stick any more in jail.

Do you think a gang member cares that he gets an extra 2 year of prison for using a gun to murder someone or for possessing drugs? People who are committing crimes with decade long jail sentences do not care about the risks of committing crimes.

Re:Lock Hacking

Posting anonymously to keep moderation... Of course it is not about laws or ownership, it is all about the trigger-happy state of mind, where you worship guns and are eager to use them. It is not about fear, it is about lust for heroism and make no mistake, same urge drives shooter criminals, VT student murderer being an explicit example. He is just your reflection in another, peculiarly twisted mirror.

Re:Lock Hacking

[Rakishi]

I'd also like to point out that Australia apparently beats the US by decent margin (ie: 100% in some cases) in burglaries, car thefts and rapes. They're somewhat lower in robberies right now but not by that much. Likewise people in the US feel safer than those in Australia but the margins aren't that big except for burglaries.

Also only 40% of homicides in the US are done with guns and the US non-firearm homicide rate is a lot higher than Australia's total homicide rate.

I predict a continual increase in the crimes rates in Australia as criminals better organize to take advantage of the almost free ride they're getting and are goign to get (police can't catch everyone and the victims can't fight back, legally even soon). I'd say homicides would be low for a while until the criminal groups begin competing then inter-gang violence would start up.

Re:Lock Hacking

[asninn]

The problem with the statement is that it falsely implies that *all* criminals will have guns. In reality, that's not true; if guns really were restricted, most wouldn't have any. Sure, Johnny-Tightlips-the-mafia-hitman would still have quite an arsenal, but he's not in any way representative of criminals in general.

Just go and look what the most common reason is why people are actually in jail in the USA. Hint: it's not murder.

Re:Lock Hacking

[rohan972]

VT student murderer ... He is just your reflection in another, peculiarly twisted mirror.

My reflection? No. Yours perhaps, if you recognise yourself in his acts. Here in Australia people used to do "cadets" at school, military training using military weapons. You could buy a gun over the shop counter without ID. Yet we have never had high murder rates. If I remember correctly, guns were used in approx 25% of murders when gun control was introduced. It was politically convenient and was nothing to do with public safety. In times of war, we could field newly recruited troops who actually knew how to aim and shoot.

Re:Lock Hacking

[brezel]

Yup, if one of those professors or even another student had been carrying a gun the massacre could have been stopped much earlier. People think the police are there to protect you but that is not the case. The police are there to clean up and figure out what happened after a crime takes place. There is no way they can protect all citizens, even in the police state that we're moving toward. Your safety is your responsibility. lol what a hilarious posting. that must be why america is the safest country on earth where noone ever shoots anyone.
MORE GUNS FOR MORE PEACE! now _that_ makes sense.
i don't really believe the numbers mentioned in 'bowling for columbine' but i am quite sure that the US have the most gun-related killings on this planet.

Re:Lock Hacking

[Alomex]

IANAL but it is my understanding that in Ontario it is illegal to carry a prybar without a valid legal reason. In particular being a construction worker is a good enough reason. So it seems to me that in Ontario hacking tools (by natural extension of the pry bar rule) are already illegal unless you are network admin or you are taking a course in network security or some other such valid legal reason.

Re:Lock Hacking

[ioshhdflwuegfh]

I don't think your parallel parallels that well what's up in Germany. Maybe this should be somewhat closer: First, there was a large influx of SuSe Lunux into the goverment sector (Over 500 German government agencies using open source). Then, a few years later, SuSe turns commercial.

Re:Lock Hacking

[ioshhdflwuegfh]

I don't think your parallel parallels that well what's up in Germany. Maybe this should be somewhat closer: First, there was a large influx of SuSe Lunux into the goverment sector (Over 500 German government agencies using open source). Then, a few years later, SuSe turns commercial.

So....

[Nick+Driver]

...when will they start requiring computer professionals to have to become licensed by the govt in order to to possess and use the tools necessary for them to do their jobs?

Re:So....

[drinkypoo]

Instead, they decided to just deny them the ability to do their jobs. WTG Germany! And here I thought they were on the right track, with all their environmental goodness.

Re:So....

[HoosierPeschke]

This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]).

(Emphasis Mine)

If I'm an admin, I'm probably authorized to test my own network's security. I hack and probe my server constantly to determine my own security. The real gray area is if I'm guilty simply because I possess these tools or if I'm unauthorized to do something with those tools.

Re:So....

As the saying goes, a government big enough to give you everything you want is big enough to take everything you have.

Re:So....

[jt418-93]

i said a long long time ago (80s i think) that one day you will have to have a gov approved license to get hold of a compiler. at some point they will lock down everyone who can make tools, as well as the tools themselves. it's just the next step along our decline into the 2nd dark ages.

yay team!

Re:So....

[32771]

It seems to me that you have to be in the chain which leads to a criminal offense. I think that if somebody does something criminal with a tool you provided in some way and you are involved in the preparation of this offense then you are guilty.

I guess somebody still has to prove that you knew about a particular criminal offense to get you into trouble.

I'm not a lawyer though, so we will see what the future holds.

Re:So....

[DavidSev]

So you're sitting in a cafe somewhere, using there wireless, on your work laptop.
Its a work laptop with all kinds of useful tools on it, and the cafe has an unsecured network.
At the click of a few buttons you could sniff every packet, you're not, but you could.
Some moron comes over, sees the wireshark icon of your desktop, or worse you're going over logs from an old capture, and before your know it your in jail.

2 years?
3?

That or the law will get scrapped the first time its tested in court.

Or it'll be scrapped when all big business who do any kind of network operations there leave the country.

Wouldn't it be cool if google switched the google.de page out for 'sorry but our german datacenters are down due to us being unable to secure them. we'll have the page back in a few weeks once we beef up the centres in nearby countries.'

Re:So....

[BubbaFett]

Right, so we just add a disclaimer to our scanning tools, "for authorized use only" and we can distribute them as we wish? That renders the law completely useless other than a means of putting haxors (to avoid either overloaded term "hacker" and "cracker") in double jeopardy, since haxing is already illegal.

Computers

[Normal+Dan]

can be used as a tool to 'hack', are they going to outlaw computers too?

Re:Computers

[dextromulous]

Axes can be used as a tool to hack as well. Actually, that is their intended purpose.

Re:Computers

[kalirion]

The rulebook of my high school explicitly forbid bringing to school "anything that can be used as a weapon." I brought up the point that this would effectively expel all small freshmen who could be picked up and thrown at other people.

Re:Computers

[Broken+scope]

I prefer chopping.

Re:Computers

The rulebook of my high school explicitly forbid bringing to school "anything that can be used as a weapon." I brought up the point that this would effectively expel all small freshmen who could be picked up and thrown at other people.

The pen is mightier then the sword.

Re:Computers

[RockoTDF]

Ah, but you didn't bring the freshmen to school, now did you? In this case, tell your district that they are just gonna have to fire all the bus drivers...

Re:Computers

Nah, the computers are fine. They won't be much of a threat after computer users are found to be illegal. Just because they exist does not mean they pose a threat. It's the people that use them that cause all the problems.

Re:Computers

[CastrTroy]

Some text books are pretty thick too. You could probably get away with not bringing those too. Or at least stopping the teachers from handing them out. Also, I remember when a kid got a compass (for drawing circles) in the eye. Although it was just because they were fooling around, and there was no harm intended. Maybe we can stop doing geometry. Or even get pencils and pens labelled as weapons. On a more serious note, I've heard stories of kids getting expelled for bringing forks and knives (butter knives or the plastic knives) to school to eat their lunch.

Re:Computers

[bhsurfer]

If there was anything in my High School more dangerous to students than the Pizza Burgers they served us I'd like to know what it was... [shudders]

Re:Computers

[maxwell+demon]

You know, the most dangerous weapon is the human mind. So you have a perfect excuse for being mindless! :-)

Re:Computers

Live by the pen, die by the pen.

Re:Computers

[Mr.+Underbridge]

The rulebook of my high school explicitly forbid bringing to school "anything that can be used as a weapon." I brought up the point that this would effectively expel all small freshmen who could be picked up and thrown at other people.

Other things that would be illegal:

Tacks, compasses, pens, pencils, rubber bands, combination locks, D-ring binders, glue, erasers, shoes, belts, bookbags, books, calculators. Good luck doing much without any of that.

Re:Computers

Just a small question... how do they plan to have you work without hands and feet?

Re:Computers

Also: Pants.

Strangulation danger!

Bablefish of the CCC article

[davecb]

Prohibition of computer safety tools opens Bundestrojaner door and gate

May 25, 2007 (46halbe)
The Bundestag has today the prohibition of computer safety tools invariably durchgewunken (criminal law law of change for the fight of the computer criminality, more again 202 StGB). To be punished is in particular a manufacturing, a programming, a leaving, a spreading or providing software, which is urgently necessary for the daily work of network administrators and safety experts.

The Bundestag has today the prohibition of computer safety tools invariably durchgewunken (criminal law law of change for the fight of the computer criminality, more again 202 StGB). To be punished is in particular a manufacturing, a programming, a leaving, a spreading or providing software, which is urgently necessary for the daily work of network administrators and safety experts.

With it the delegates acted against the express advice of the experts belonged in the committees with the consultation of the law out of science and practice. Also on the part of the InterNet economy and from the Upper House of Parliament the law change had been criticized sharply. With exception of the Party of Democratic Socialism and a lonely SPD delegate now the completely large coalition that votierte notion lots to make Germany the professional disqualification zone for computer safety experts.

By expressed far version law becomes possession, which production and the spreading of preventive tools, with which security can be examined by computers, in Germany punishable. These tools are however essential, in order to ensure the security from computer systems to. The general prohibition of this software is to be forbidden about as helpfully as the production and the sales of hammers, because sometimes thereby also damages are accomplished.

Andy Mueller Maguhn, speaker of the chaos computer club, commentated: "the prohibition of the possession of computer safety tools opens also for the employment of the Bundestrojaners door and gate industry and citizen systematically the possibility is taken of examining their systems adequately for security. This prohibition endangers the security of the IT location Germany."

As the automobile industry, is examined in the computer industry the system security makes its vehicles with Crashtests safer by the controlled employment by attack programs. It will be legally no longer free of doubts possible in the future for sensitive computer systems will test whether they are safe or not.

On the yearly congress of the federal office for security in the information technology (BSI) Minister of the Interior Schaeuble announced planned certifying "more trustworthily" to Sicherheitsdienstleister. With this step obviously the abilities and the knowledge, which are necessary for effective safety examinations of computer systems, are into which hands by yard suppliers handread out by the government are monopolized, while the independent computer safety research can be kriminalisiert as desired selectively.

CCC speaker Mueller Maguhn in addition: "the explanations of the Minister of the Interior for computer security are pure lip-service. Here systematically the legal and organizational framework is created, in order to make citizens and enterprises defenseless opposite computer attacks, restaurant economics and also the Bundestrojaner. Safety research can take place only in an unacceptable legal gray area."

Re:Bablefish of the CCC article

[secPM_MS]

The German parliment has just provided a very strong argument for the emigration of the German security community to other locations outside of Germany. Since Germany is in the EU, which supports labor mobility within the EU, it should not prove difficult for the German security experts to relocate within the EU. Unless modified, I would expect it to force the movement of the profession from the country. There are some very good German security analysis tool builders. I would expect them to start working from other locales.

Stupid! Stupid! Stupid!

We have here a demonstration that other Western Democracies have large populations of professional politicians that can give US politicians a run for its money on stupidity and short sightedness.

Re:Bablefish of the CCC article

[davecb]

And, since German companies will still need their services, they'll get to pay a higher price to the same people, now relocated to Austria, Holland and Kitchener/Waterloo ...

--dave

Re:Bablefish of the CCC article

[Arancaytar]

Sure, sure, the translation sucks, but I'm amazed at how well the real point of the article came through:

the explanations of the Minister of the Interior for computer security are pure lip-service. Here systematically the legal and organizational framework is created, in order to make citizens and enterprises defenseless opposite computer attacks, restaurant economics and also the Bundestrojaner. Safety research can take place only in an unacceptable legal gray area.

Nothing lost in translation there.

IE illegal?

[rasteri]

You can use a browser to hack poorely written web apps (some forum software springs to mind). Doesn't this effectively make all browsers illegal?

Re:IE illegal?

[arth1]

I would expect the lawmakers to exclude software that has genuine non-contrived uses, whether it also can be used as a cracker tool.
In other words, the web browser and telnet would be kosher despite telnet being THE most prevalent hacking tool, while it might be hard to argue with a straight face how phishing botnet software was used legally.

Re:IE illegal?

Don't forget, you can ssh or ftp in and guess the password, humans conduct brute force which is a form of hacking, which would I guess make them us ourselves a hackers tool.

I guess we should outlaw people too.

Re:IE illegal?

[Opportunist]

You look at the laws they created so far and you can be this sure that they thought about this? Or at least know about it?

Re:IE illegal?

[BosstonesOwn]

Nope , just the stupid ones who use simple passwords !

Well Im getting on the first train out of Germany , I know Im screwed when it comes to stupidity.

Re:IE illegal?

[Thanatiel]

I can use my brain to test and/or circumvent security.
Does that makes me illegal ?

Futile effort?

[ThadG]

Laws like these never seem to do more than frustrate "normal" users while the people it is designed to inhibit find a way around it and continue on their merry way, or as just another charge to tack on when one of these people actually gets caught.

Wait, what?

[Xtense]

So how they are going to distinguish hacking tools from security software? Nmap can be used as both, and I sincerely cannot imagine securing anything without it. Next, packet loggers. Will Ethereal be banned too? It's one of the best tools IMO that gives a user the power to see exactly what he is sending or receiving, showing potential problems and vurnabilities, but it, of course, can be also exploited beyond any limits. And it's the case with all the rest of popular networking software.

Re:Wait, what?

[Randseed]

You could make the argument that "netstat" is a hacking tool. Which, I suppose, makes the C library a hacking tool, and the C compiler a hacking tool, and the kernel... Agggggh. Make it stop.

Re:Wait, what?

So how they are going to distinguish hacking tools from security software?

Finally, a question which even I am qualified to answer.

It's simple -- who provided the tool?

If I install a rootkit on your computer, it's a hacking tool.

If Sony installs a rootkit on your computer, it's a perfectly legal way of enforcing their digital rights.

In simpler terms, it's a combination of gross annual income and number of legislators purchased.

Re:Wait, what?

Exactly. It's not the tools themselves that are the problem, it's not even how they are used, it's why they are used that needs control.

Knives are bad, they stab people, so let's ban knives.

I use nmap, ethereal, telnet to strange ports at random and type random things, inject faked emails into SMTP streams, and generally poke away at everything related to TCP/IP every day. That's coz I'm a SysAdmin, and if I wasn't able to do this, within a few months most of what I'm responsible for to keep running (ie. to make my existence invisible to the user) will have crumbled away.

"Sorry, I can't trace what's happening to your email to that particular address, I'd be breaking the law".

"I've no idea why that machine can't contact your extranet which we host, as the tools I would use have been banned".

Ridiculous.

EB

Re:Wait, what?

[jc42]

From TFA:

Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal.

Not just security scanning tools. The above description applies to the su and sudo commands on unix-like systems, so presumably they will be removed from distros sold (or downloaded) in Germany.

It also seems obvious that any programming language would qualify, since "software that can circumvent security measures" must be written in some language, making a compiler or interpreter into a circumvention enabling tool.

I'd think it would be pretty easy for someone to work up a test case in which they have used such verboten software on their own machine. A use of su should be an especially trivial basis for such a case, since what it does is disable all unix security measures. So maybe some sysadmin could arrange to be arrested and charged with disabling security via su on a work machine in order to install new software in a system library. It would be then shown in court how this law makes it illegal to install software on any of the company's computers. Even a judge should be able to understand the absurdity of this situation.

Outlaws

[dbzero]

If "hacking tools" are outlawed, only outlaws will have "hacking tools."

Re:Outlaws

[mulvane]

Maybe they should outlaw idiots so only outlaws would have them...Or is outlaw now a synonym for government?

Here's something legislators never learn

[Rosco+P.+Coltrane]

As with firearms, it's the shooter that commits a murder, not the gun. In this case, it's hackers that commit hacking, not the tool. And just as with guns, when they outlaw hacking tools, only outlaws will have them, and the new laws will just annoy the shit out of legit users.

Re:Here's something legislators never learn

[Corbets]

The irony of this comment that you may not realize is that Germans tend to be very anti-firearm. ;-) So this argument probably won't sway many up there!

Re:Here's something legislators never learn

[duckle]

You can take it even farther than that. Guns don't really have a positive use. No one is really hunting for survival anymore. Many hacking tools were created with sysadmins in mind. I personally have run into a situation where I either have to reinstall IRIX from scratch (licensing and all) or run john the ripper on the root password for a while. Yes, there is a way around in this case, but completely legitimate use of John the ripper saved me tons of time. I don't even want to think where I'd be without the likes of tcpdump, nmap, or other tools. We would have to guess our systems are secure without actually knowing.

Re:Here's something legislators never learn

[gadgetman]

Yeah, no doubt.

"This year will go down in history. For the first time, a civilized nation has full gun
        registration. Our streets will be safer, our police more efficient, and the
        world will follow our lead into the future!"
--Adolph Hitler, 1935

They have a history of following stupid facists movements.

Re:Here's something legislators never learn

[mcrbids]

As with firearms, it's the shooter that commits a murder, not the gun. In this case, it's hackers that commit hacking, not the tool.

Yep. Standard mantra posted various times in various forms on this page.

But what's interesting for me is that viruses and worms, especially polymorphic ones, have the potential to commit hacking of their own accord. How long will it be until a polymorphic virus is written with a recombinant genetic algorithm (not unlike DNA) that achieves long-term viability? Somehow, such a virus combined with the tremendous (and largely wasted) computing resources now available online strikes me as the most likely candidate for true, "artificial intelligence" and/or "artificial life".

So, in this case, wouldn't a GA polymorphic virus actually be "doing the hacking"?

Re:Here's something legislators never learn

[ravenshrike]

Yes, because defending yourself isn't a positive thing at all. Sooo, have you put "No Guns Here" signs outside your house yet?

Re:Here's something legislators never learn

[Dan+Ost]

I'm not a big guy, but when armed, I have the means to effectively defend myself and my loved ones against those who might otherwise do us harm.

How is that not a positive use?

Re:Here's something legislators never learn

How is that not a positive use?

It's not for the shitfucker who posted. He's a convicted child rapist, you know, and hates guns because his last victim's father held him at gunpoint until the cops arrived.

Then, in the slammer, the other inmates found out about him and cut his microscopic testicles off.

That's why he's a gun-hater, you know.

Re:Here's something legislators never learn

[jae471]

Somehow, such a virus combined with the tremendous (and largely wasted) computing resources now available online strikes me as the most likely candidate for true, "artificial intelligence" and/or "artificial life".

You are not the only one. I've been thinking that for years. After all, a computer virus is almost exactly like a real virus -- capable of defense and reproduction, targets specific weaknesses very well but ineffective against things it wasn't designed to interact with, requires a host to actually do anything, and cannot move to another host without some vector.

Re:Here's something legislators never learn

[duckle]

It's not a "fight fire with fire" issue. You don't NEED a gun to defend yourself. Plenty of people have home surveillance / security systems that keep people out without the need to own a gun. Firearms were invented with the INTENDED purpose, to kill. "Hacking Tools" actually have a positive purpose, some people just happen to use them with malicious intent. I'm aware that there are other uses for guns, I was simply stating that Hacking tools and guns are different because of their intended purpose. Let's stay focused on the issue. I was already well aware of the worlds reasoning for hating Americans. Thanks.

Re:Here's something legislators never learn

[turbidostato]

...the system went on-line on August 4th, 1997. Human decisions are removed from strategic defense. Skynet begins to learn, at a geometric rate. It becomes self-aware at 2:14 am, eastern time, August 29th. It then decided our fate in a microsecond: extermination.

what made the list?

[Original+Replica]

I imagine the list of tools useful only to hackers is pretty short. And I imagine that german hackers will find ways to use "legit" software to their ends.

On another note, expect little in the way of secure software innovation out of Germany in the next few years.

Re:what made the list?

[Xtense]

There is also the problem of using these "only useful to hackers" tools to evaluate your security. If this is outlawed, how can you keep yourself secure legally, if these tools are basically churned off daily, with newer and newer methods of attacking? This is basically suicide for legal safety. If this law is passed, I can actually see German government websites being hacked on a daily basis not long from now.

Re:what made the list?

[necro2607]

No doubt - even the most common software used by "hackers" is just as often used by totally legit network admins. nmap, ethereal, John The Ripper, and so on. Sweet, yet another blanket law slapped on, making criminals out of an even larger percentage of totally decent people.

Re:what made the list?

[einhverfr]

Legit software, like telnet and a hex editor to exploit buffer overruns manually.

I have never understood the desire to outlaw hacking tools. Unlike firearms, you can't make the argument that "oh, well, at least we are preventing deadly accidents in which kids accidently kill eachother." A better analogy would be outlawing bokkens because someone who is skilled with it can kill someone easily with it.

Now, I have few problems with outlawing production of certain forms of malicious software (viruses intentionally released into the wild, keyboard loggers, and the like), but that seems overly broad for a prohibition.

Re:what made the list?

[BosstonesOwn]

What you don't know is it is actually a conspiracy to put all the geeks in jail. Then only then my friend will all the user$ roam free and admin-less to destroy our years of trouble making and tweaking the tech gadgets they love so much !

I for one would like to welcome our , new non-geeky , law making non-technically inclined overlords.

Re:what made the list?

[zolaar]

I imagine the list of tools useful only to hackers is pretty short.

Sure, sure, but lest you forget!

All some hacker needs to do is drop a 128-bit logic bomb right down our SCSI valve, and we'd be done for!

I mean, seven monitors!

Like banning guns

[Grishnakh]

This sounds like banning guns in a hypothetical country where there's a lot of gun violence, and people commonly wear bulletproof vests. (Note the "hypothetical" here; this is just for the sake of argument.) Suddenly, a new law banning guns is passed, and the vest-making companies can't develop new vests because they have no way of testing them.

Brilliant.

Another parallel: this is like making it illegal to wreck a car, whether by accident or intentionally. With a law like this, cars can't be crash-tested, and auto crash safety research comes to a stop.

Of course, in the real world, computer simulations can be used to get around these problems. But with this new real-world law, the simulations themselves are illegal!

Re:Like banning guns

[Ironsides]

Of course, in the real world, computer simulations can be used to get around these problems.

Not really. Simulations generally need to be verified by actual tests. No simulation is perfect as there is always something that could not be included in the simulation or was not/is not yet known about. If simulations were perfect, why would we bother to perform tests at all?

Re:Like banning guns

[Grishnakh]

Simple: because real tests cost too much. So what we do instead is just release the untested products to the marketplace and allow the consumers to test them....

That seems to be the general trend these days anyway.

Re:Like banning guns

[Ironsides]

Only in the Computer world and Google do they do that. Others actually test their products.

Re:Like banning guns

[gnuman99]

Nice hyperbole.

Does your country that banned guns have a police force? An army? Isn't a much more realistic example of banning guns to ban private ownership of guns?? There, problems solved.

Re:Like banning guns

[Grishnakh]

Define "computer world". So much stuff now has embedded computers, and rarely do they work properly on the first spin. Haven't you noticed how you have to get firmware updates for everything now? Hell, even simple DVD players need firmware updates now! Pretty soon, your car, your refrigerator, and your washing machine will need their firmware updated too, if they don't already.

Re:Like banning guns

[Grishnakh]

Does your country that banned guns have a police force? An army? Isn't a much more realistic example of banning guns to ban private ownership of guns?? There, problems solved.

Police use bulletproof vests, right? So if private ownership of guns is banned, then how do the vest-makers design and test vests? The police certainly don't have the resources to engineer and manufacture their own, just like they don't make their own guns.

Then again, if guns are illegal for private citizens to own, then the police don't need bulletproof vests unless they're fighting against rogue police, right?

Re:Like banning guns

Police use bulletproof vests, right? So if private ownership of guns is banned, then how do the vest-makers design and test vests?

Please -- this one is too easy. The mfrs send the manufactured vest to the police for testing on their own ground, possibly with mfr reps observing.

You may return when you have devoted at least five minutes to consideration of your stupid questions.

How about Cain & Abel?

[necro2607]

I wonder if this will make Cain & Abel illegal in Germany...? This software is an extremely useful "multi-tool" for any network/server administrator, and I've been using it for years to recover lost passwords, evaluate security, etc. but I imagine it is used constantly to assist with people's [sic?] questionable hacking activities.

Of course, being in Canada, these blanket-like laws won't have any jurisdiction here, but I still wonder about what kind of effect this is going to have on sysadmins in Germany. Pretty messed up. We've all heard the horror stories of technically-challenged judges not understanding the key concepts behind potentially grey-area situations (using someone's open WiFi network, for example).

Re:How about Cain & Abel?

[Tuoqui]

Yeah I mean its not like any judge doesnt know what a website is

All we can hope is that these old farts croak before they do much damage to the law landscape with 'precedent setting cases' based on faulty logic and not understanding basic technology.

doesn't that illegalize any programming language?

[jimstapleton]

at least, any language with a networking library?

Add netcat to that as well. It's not a programming language but it's Frickin' useful for network processes.

netcat + bzip2 + dd combine to make my favorite backup tool...

RMS is right

[Akaihiryuu]

Sure, some people think he sounds paranoid...but he's right. It'll take time for things to get really bad...but they will get there, slowly.

http://www.gnu.org/philosophy/right-to-read.html

Single User Mode

[duckle]

Booting into root without a password seems like it fits their definition of a hacking tool. Can't use the Apple or 's' keys anymore!

Well...

[Crazy+Taco]

This is going to stop a lot of software companies from opening up German software houses. Just trying to maintain any computer network for regular developers would probably be illegal under these rules, because a lot of network maintanence tools could be considered "hacking tools" under this definition. Without those tools, it would be prohibitive to try to support an enterprise infrastructure.

Re:Well...

[Jesus_666]

Heck, my IT Security course this semester is illegal, as much of it involves subverting web applications, nmapping subnets of the university network and using Metasploit to get admin rights on VMs running badly-patched Windows images. Okay, so Metasploit is script-kiddish, but it's very useful to demonstrate how easily a single overflow bug can lead to a thoroughly compromised system.

Quick! Unplug the internet!

[flyingfsck]

Hmm, to stay legal, someone will have to pull the plug on Germany.

so, is gdb illegal now?

[ameline]

So are debuggers illegal now? How about compilers? Logic analysers? I'm pretty sure Germany has extradition treaties with USA/Canada/the rest of Europe. Does that make most of us criminals?

What about debugging by printf or cout?

Pretty soon we'll have to be licensed members of the programmers guild. Please line up to pee in the cup and be fingerprinted for your mandatory background check. (oh, and your papers please) (does that count as a Godwin when we're talking about the Germans? :-)

Re:so, is gdb illegal now?

[IthnkImParanoid]

I'm pretty sure Germany has extradition treaties with USA/Canada/the rest of Europe. Does that make most of us criminals?

Extradition treaties don't make one country's laws applicable in another, they allow people who commit crimes in one country to be returned to that country after fleeing to another.

Re:so, is gdb illegal now?

[ameline]

That's a nice theory -- I wish the USA would subscribe to it.

Re:so, is gdb illegal now?

(does that count as a Godwin when we're talking about the Germans? :-) Not yet, but it probably would if you mentioned Schäuble (minister of interior) somewhere in there.
That's technically the same as saying Hitler.

Re:so, is gdb illegal now?

Tell that to Marc Emery:
http://en.wikipedia.org/wiki/Marc_Emery

The USA is trying to extradite him for "crimes" he supposedly committed in Canada:
http://en.wikipedia.org/wiki/Marc_Emery#2005_arres t

Overgrow the gouvernment!

Re:so, is gdb illegal now?

[Cederic]

Sadly under the terms of the European Arrest Warrant legislation, pretty much everyone in Europe is now fucked if the Germans choose to get arsey.

Re:so, is gdb illegal now?

[asninn]

Actually, extradition of German nationals is specifically prohibited by the German constitution; exceptions are allowed for extradition to EU member states and international courts under certain circumstances.

So, no - they don't have extradition treaties with the USA or Canada, for example, and none with European nations that aren't EU members (like Iceland, Norway or Switzerland), either. And BTW, as far as the USA are concerned, do the USA ever extradite people, anyway, or are the extradition treaties you have one-way? I've never heard about a US-American being taken to, say, the UK or Australia or so to be tried there, anyway...

A C compiler and a text editor

[Palmyst]

are also hacking tools. Are they banned now?

Re:A C compiler and a text editor

[wtarreau]

are also hacking tools. Are they banned now? Why would you want a text editor ? => gcc -xc -

Re:obligatory attempt at lame humor

[Biff+Stu]

Sorry, somebody posted this two minutes beore you did. You will now get modded to -1 for redundancy. Kiss your karma goodbye.

Exactly

There's no such thing as "hacking tools". Imagine a law banning "murder tools", guns, sharp instruments, blunt instruments, pillows...

Germans should ask the government for compensation when their networks are hacked as a result of an ambiguous law that prohibits the very tools required to perform a security audit. Actually it's not fair taxpayers have to carry the can, those who draft such stupidity should be directly liable.

Where was the German IT industry when this law was being written?

going equipped

[Colin+Smith]

http://www.police-information.co.uk/legislation/le gislationindexeng.html#G

It's the intent which matters. Doesn't matter what the tool is.

MOD PARENT UP!!!

+5 Funny

Obligatory

[kalirion]

When you outlaw hacking tools, only outlaws will have hacking tools.

Our brains...

[Etherwalk]

Brains are the best hacking tools of them all, and the only ones necessary--anything else can be rebuilt from scratch, or worked around. (Though it would take a while, in some cases.)

So they've outlawed brains.

Brilliant. =)

Re:Our brains...

[Hognoxious]

Brains are the best hacking tools of them all

True but irrelevant, it's Germany we're talking about.

Re:Our brains...

[BosstonesOwn]

Yeah haven't you ever seen Hogans Hero's , it proves that the Germans are dumb !

Germany has actually sprouted some of the great minds in the security industry , one has to wonder how they let this slide by.

Re:Our brains...

Not like they're used nowadays anyway. The average Joe Schmoe won't even notice if it's shut off.

I wonder what counts as hacking tools.

[smellsofbikes]

GCC? Excel macros? using Word to create cross-site-scripting-attack webpages? Just using IE with ActiveX enabled?

Morons

[unity100]

let me tell you whats gonna happen - they are going to take back that law. thats whats going to happen.

ALL lawmakers and judiciaries should be OBLIGED to take courses in I.T. before ever attempting to do anything about it.

Re:Morons

[sheph]

No, that's not flamebait (not very well articulated, but it's a valid point). Seriously, how can one write laws, and set legal precident regarding issues that one does not understand? This is precisely the problem. The people responsible for dealing with these issues (malicious activity, spam, etc) don't have a clear grasp on how the technology works, or the long term consequences of their actions. I think it's an excellent idea for these people to educate themselves before foisting their "solutions" on society.

End of Days||Daze

[packetmon]

That's humorous (in a scary way) considering the following:

The commission communication "towards a general policy on the fight against cyber crime"

There is no agreed definition of "cyber crime". From a strictly legal point of view, it can be questioned whether there is any need for the term at all - it could be argued that "cyber space" is just a new specific instrument used to commit crimes which are not new at all. The term may thus be most interesting from an operational point of view, i.e. the operational instruments and procedures to fight against this type of crime must be developed.

With that said, as an American, I can almost indicate any connection to me as being an illegal one and cost the German taxpayers a bucketload of money with false claims. Let's consider the following scenario.. Ping. Simple administrative tool, can also be used for DoS attacks. Suppose I start a business ... eFishSkinSales.com that sells fish skins... I find a German counterpart GermanFishSkin.com... I take their IP addressing and spoof a pingflood to my routers and send German authorities the logfiles. Would they know what a spoof is for one. How about the following... A German websurfer visits my page and does not close his browser. For the next nMinutes where n equals the amount of time he has his browser on my page, he will make repeated GET's thus resulting in a DoS attack of the lamest kind. What then. Are browsers hacking tools?

Let's take it a step further into XSS (cross site scripting)... The browser IS THE TOOL. Should all browsers be banned now. Oh those Germans. I know... What about a German, with a shell on a server in America developing tools. Now those tools don't reside ANYWHERE in Germany then what. I would have laughed that law all the way to the bitbucket. But... You're likely dealing with e-Incompetent lawmakers driving Beamers and Benz' who care little about the advances in LIFE as a whole thanks to computing both good and bad (malicious hacking has forced companies to improve themselves).

What about the script kiddies?

[farker+haiku]

What are all the script kiddies going to do now? For the love of god, won't somebody think of the children?

Re: obligatory attempt at lame humor

[evansvillelinux]

Sorry, somebody posted this two minutes before you did. You will now get modded to -1 for redundancy. Kiss your karma goodbye. Karma's highly over-rated. And /. should display comments faster. Then maybe there wouldn't be so much redundancy. ;)

Re:doesn't that illegalize any programming languag

[Opportunist]

Don't worry, VB is still legal.

Sounds good on paper

But as the technically educated know, many tools that can be useful for diagnostics, troubleshooting, performance optimization, and usage monitoring can also be used for hacking. This, like many laws, will likely be arbitrarily enforced based on criteria not specified in the law.

Knives are tools that can be used to stab people, but we do not make them illegal. If we *did* make them illegal (defining the item as "tools that can be used to stab people") then in actual practice the law will only be used to increase the charges already leveled against someone, or to target someone who has otherwise broken no law but is doing something of which the powers-that-be disapprove (such as...i dunno...criticizing this or that government official or policy).

Evil Bit

[Doc+Ruby]

Just make sure the evil bit is unset on your "hacking tools", and they'll be hunky-dory.

Re: obligatory attempt at lame humor

[BosstonesOwn]

That post in and of itself was redundant ! That has been posted many times before ;)

Illegal Security

[Bent+Mind]

Cool. Germany just made computer security illegal. The real question is what will their next step be? Will they realize their mistake and revoke the law? Or, once no one can scan their own network for security breaches, will they make it worse and start outlawing software like netcat?

Reply: Well, no phreaking problem folks...HAVEFUN.

[OldHawk777]

Well anyway, I am not going to phreak out about hacker tool being illegal. Funny part: For the foreseeable future, any nation without citizens having, using, and learning hacker/cracker/phreaker/... tools (with hands-on experience) is defenseless in case of war/threat. Nations will need as many phreaked crackers, cracked phreakers, 31337 draftees/recruits as they can find (including the wheelchair, gay, and grandma ones).

In a MAD dash governments globally will make all "Hacker Tools" illegal. Zoll Gestapo will be contracted and trained by the US Government, then deployed to Russia, China, USA, France, Canada... All heidi-holes, small/large dark crevices, and generally anything that can be screwed will be looked into.

"Hacker Tools" from telnet, ping, TFTP ... to PGP, RMON, Tripwire, C++ compilers ... eventually all technology will be confiscated and most people will be in jail where they belong. Yes, the Germany government of the EU is proving to be as bright as the government of Mississippi in the USA.

Luddites love politics; because they are not required to know or do, anything right, and are paid anyway. Politics has become a form of welfare for the wealthy incompetent of the US, EU, Iran, Saudi, Russia, China, Egypt, India, Sudan, Mexico.... Politicians in any country are a pitiable basket of low intelligence, corrupt ethics, and fetid morals.

US, EU, and many others are in troubled/stupid times.

So does that include google and other indexers?

[jofny]

I mean...so much of "hacking" involves gathering information...and lately some of the best information is off of the google and etc...

Well, let's see what we'll get that way...

[Opportunist]

I am usually quite wary when it comes to prediction, unless I can be fairly certain that I'm right. So let's take a look at the not so far future...

"Hacking" tools are outlawed. Now, "hacking" tools usually work two ways, like pretty much everything on the internet (that's another thing our legislator just don't seem to get), i.e. they can be used to find security holes in networks.

In other words, it's now illegal in Germany to test your network against security holes.

This, in turn, means that, no matter what kind of guru you may be in the field of network security, you will sooner or later leave a hole open (or, like in my case, ignore yet another bullshit law, but let's assume you actually still care about the manure that house creates).

A criminal, with criminal intentions (hence the name) doesn't care about the law either. He has those tools, that's a given. He will find the security hole you didn't find. And there he goes and grabs your last year's research.

Now, this isn't something most companies really like. They tend to keep their research under cover 'til they can patent it. They'll be royally pissed, I tell you that. And they'll realize that:

a) Germany is insecure
b) Wages in Germany are still pretty high when compared to, say, Poland.
c) Poland is now also a member of the EU.

And you can wave another "invention company" good bye. Not necessarily without their skilled staff, the Germans are already pretty mobile when it comes to working (no kidding, look around Germany and you'll see a lot of "foreign workers", Germans working in Austria, the Netherlands, France...).

Taxes, of course, will be paid to Poland.

Well, every country has the government it deserves. But even Germany hasn't deserved to suffer this badly.

Coordinated International Effort

[mpapet]

To criminalize so-called hackers.

Most policy wonks that deal with this sector have already spread the word that computers are dangerous tools in the wrong hands. So, step 1 is to make the tools illegal. For example, "Your honor we found hacking applications wireshark installed on the defendants computer." No questions about approved uses are allowed because that makes things too complicated.

Don't bother with legal challenges, the objective is to make computers a content delivery device. Anything else is too threatening to governments, regardless of their borders.

Best case scenario as other posts have pointed out, the government gives out licenses that allow you to use/own "hacking" software. In the U.S., probably a process similar to getting a clearance would be required. This is happening internationally.

Since this is the /. echo chamber, no one will do anything but whine and go back to their work/entertainment.

Required reading for Americans unhappy with their political process: http://www.vanityfair.com/politics/features/2007/0 6/murphy200706?printable=true&currentPage=all

Virus

[Nick_taken]

Good luck with virus, with no cracking/reverse engineering tools theres no way to get rid of them, and yes, virus have protection measures.

So called malicious software

[stardyne]

Even programs that contain keyboard loggers have their uses. Most automated software testing tools use keyboard logging as part of the testing process. Viruses have their uses, as well. On a limited network, I have heard of admins using viruses that are "mutated" so they install patches without any user intervention.

Re:So called malicious software

[einhverfr]

Even programs that contain keyboard loggers have their uses. Most automated software testing tools use keyboard logging as part of the testing process. Viruses have their uses, as well. On a limited network, I have heard of admins using viruses that are "mutated" so they install patches without any user intervention. Ok. Point taken about keyboard loggers. I personally suggest that writing self-replicating patches is pretty dangerous though. Iirc one of the first worms (not seen in the wild) was an attempt by Intel on their internal network to upgrade a network driver. At some point, the transmission of the driver got interrupted part way, and so a whole lot of systems got upgraded to broken drivers...

Making Admin's Jobs Harder

[wiseguy02]

If a hacker is using these tools for illegal purposes, what is this law going to do. They are already acting in illegal activities, so what.. now they have illigeal software. This will just limit what software admins are going to be able to use to test their security. IMHO.

Running In Place

[blueZhift]

This is just the usual running in place that politicians do so that they can say they've done something. I'm sad to see that it is the case in Germany, just as the US. In the end, this law will do nothing to stop the real criminals and be a potential pain for the professionals charged with thwarting said real criminals. h4x0r ftw!

Let's cut to the chase

[spun]

We should just make everything illegal. That way, when the government figures out that someone is a bad person, they will have a whole list of things to charge them with. What could possiblie go wrong?

Re:Let's cut to the chase

[BungaDunga]

Or just make nothing illegal, ala Nineteen Eighty Four, but spirit people away.

DRM?

Digital Rights Management (ahem, excuse me, "Digital Consumer Enablement") technologies can be used to obtain private information from my system, to prevent certain parts of my system from functioning, and to install unwanted and potentially malicious executable code on my system, all without my knowledge or consent.

Sounds to me like DRM "can be used for hacking," and is therefore now illegal in Germany.

Keep leading the way, Germany!

CCC

[jbdaem]

So does that mean the camp this summer is also an illegal thing? WTF>?

When hacking tools are outlawed.....

[JDAustin]

...only hackers will have hacking tools.

Re:When hacking tools are outlawed.....

This is probably just a test. It's a joke right??? German people are smart and I don't believe this is for real... period!

Re:Reply: Well, no phreaking problem folks...HAVEF

Hey.. I'm the governor of Mississippi, you insensitive clod.

How did the US do it?

[TopSpin]

Just read through most of the >0 posts. Admitted I read fast but usually it doesn't take much effort to pick out the posts that explain precisely how this was caused by the US. I assume it was; practically anything that lands on the evil side of the TruthDot ledger is satisfactorily explained by some US policy. Lemme go back and read so more...

Re:How did the US do it?

[Jesus_666]

Well, the USA have made some remarkably dumb and exploitable laws recently (eg. the DMCA). Maybe German lawmakers decided that they, too, should make a law unburdened by things like real life.

I'll give you....

[simm1701]

I'll give you a certain way to tell a hacking tool apart from a security tool, after you show me the same for a power tool and a potential murder weapon.

Define "hacking tool"

[jshriverWVU]

Would something like ping, ethereal/wireshark, etc be considered hacking tools? Or are they more concerned with programs such as "Double Click here to launch attack on Windows Box, prebuilt hacking packages. Not really sure what hackers use, but as a system admin I hope the others aren't.

Re:Define "hacking tool"

Are you willing to put years of your life on the line to be a test case?

Re:licensed by the govt

"Gentlemen, you're everything we've come to expect from years of government training." MIB

Hmmm....

[davermont]

This is the kind of legislation causes more harm than good. Because of the overwhelmingly large volume of software that falls into the "grey" area here, this sets a dangerous precedent for the abuse, i.e., misapplication of the law against legitimate users of security/communications software.

Bullshit law

[nukem996]

My university(in America) has the same rule for any computer connected to there network. I have always had etherape, ethereal, nmap, tcpdump, etc on my computers since I do computer repair. I decided to leave them on and just never tell anyone. Once I got a job in the CS department I noticed everyone had the same tools and really no one cared. Germany will probably do the same thing, no one will care about you having "hacking tools" until they really want you to go away, then you'll be charged for every program that can do anything that would manipulate data. Anyway shouldn't they have made cracking tools illegal?

Re:Bullshit law

[archen]

And those are tools that are at least definable that you installed yourself. Mac OSX comes with netcat installed. As the "swiss army knife" of hacking what are owners of Apple computers supposed to do? Return them to Apple, destroy their computers, or just march directly to jail?

Re:Bullshit law

Anyway shouldn't they have made cracking tools illegal?

You missed the point.

Re:Bullshit law

[fsdev]

The point is that this is now illegal, this means that every IT professional is doing something illegal so if you make some political point that embarrasses someone in authority or even park your car in a way that ticks someone off you can end up in jail for possessing tools that everyone has but only those that the authority cares about are charged.

The NC tool is a big problem

[Marrow]

It is VERY usefull for many legit things. Not even security related
things. But it also has features that might raise eyebrows and even
NortonAv defines it as a hacking tool.

While I can replace the functionality easily (and have), it is great
to have it everywhere in case I need it. Its there, it works, and its
easy to type.

Does this trend mean that we will have to have -sanitized- versions
of popular tools like nc?

Forbid every software?

[blh42]

In my opinion any software that can communicate with anything else then it self can be considered a "hacking tool" when used in a way as such. When connecting to an FTP, typing the wrong password. Is that a hacking tool? Many FTP software keeps trying even if the login attempt failed. Maybe Windows and its talkative SMB protocol may be considered a hacking tool as the built in authorization mechanism by default attempts to login to resources using "the current users credentials" before asking the user.

German contractors, show your balls!

I expect some harsh response from all those companies that manage network security for german government. This law equates to outlawing screwdrivers for electricians.
Lets just hope they have a good set of bollocks to send an adequate response to the german government.

Unenforceable

[sizzzzlerz]

Just like attempts to outlaw pornography, this one will fail as well. What is pornography is one person's eye is art in another. Just what is a hacking tool? Who gets to say? If it has some socially redeeming value, is it still a hacking tool? Although I don't read German, it didn't appear there were any specific programs specified in the law so I suspect this is one of those "I don't know how to define it, I just know when I see it" kind of laws.

When will politicians ever learn? sigh...

Re:Unenforceable

[cpghost]

When will politicians ever learn? sigh...

When will we learn to elect only smart politicians?

After all, laws are nothing but formalized wishes of people who don't know exactly what they'd like for Christmas. And as far as wishes go, we seldom get that what we wished for; especially when we've been sloppy or overly broad. Or, put another way: garbage in, garbage out.

Fortunately, silly laws are seldom obeyed; not even by ubercorrect Germans. They're just putting in some catch-all clauses in case they need to get rid of a few talented hackers, that would get too smart and identify spying tools like the planned "Bundestrojaner" (a planned state-sponsored/-pushed malware/keylogger/... that would infect "suspects'" Windows machines - "suspect" meaning there the whole population). I'm not expecting this paragraph to be actively enforced in any way other than to prevent detection or even hacking of this kind of malware.

Re:Unenforceable

So the german government just granted itself an exclusive license to hack.

Re:Reply: Well, no phreaking problem folks...HAVEF

[paulmer2003]

Uhhhh, troll much?

Enact a license to hack....

[foniksonik]

Like getting a hunting license or a license to carry a firearm, maybe there should be a license to hack.

Just a thought.

Wrong Approach

[Greyfox]

How about requiring any software manufacturer that sells software in the country make public a detailed log of security testing that went into their product and require citizens to be responsible for the security of their home systems? You wouldn't need to have much of a penalty for citizens, perhaps something like a traffic violation where you have to attend a class on how to secure your computer if your system is found to have been compromised and used to attack some other party?

Back in the 90's when I was working at Data General I was on a team of people who were reading the source code to every function in the C library, operating system and utilities. For each function we wrote a document saying roughly "Here's what the function does, here are any potential side effects, here is the source code we used to make sure the function didn't break or compromise security in interesting ways." Data General was a pretty small company and yet they managed to find the resources to do this. I'm sure Microsoft or Intel would have no problem assembling a team that could do this. This would improve security of systems worldwide a lot more than some foolhardy attempt to prevent a set of applications from being developed.

Re:Reply: Well, no phreaking problem folks...HAVEF

[Mattintosh]

All heidi-holes, small/large dark crevices, and generally anything that can be screwed will be looked into.

Yeah, Heidi is such a slut.

CCC Article + Babelfish + cleanup

[Sapphon]

Prohibition of computer safety tools opens door and gate for Federal trojans*.

May 25, 2007 (46halbe)
The Bundestag has today waved through, unchanged, a ban again computer safety tools (Bill for the change of Criminal law in order to fight computer criminality, new 202 StGB). Chiefly targeted is the manufacturing, programming, leaving (for someone), distribution, or procurement of software, which is urgently necessary for the daily work of network administrators and safety experts.

With this decision the delegates acted against the express advice given by experts from research and business to the committees consulting on the proposal. The law was also sharply criticised by the Internet economy sector and the Upper House of Parliament. With exception of the Party of Democratic Socialism and a lonely SPD delegate, the complete Great Coalition of the Clueless now voted to make Germany a professional disqualification zone for computer safety experts.

Through the markedly broad scope of the law, the possession, production and distribution of preventive tools with which to examine computer security will become punishable in Germany. These tools are, however, essential in order to ensure the security of computer systems. Banning this software is about as helpful as banning the production and the sales of hammers because sometimes these are also used to cause damages.

Andy Mueller-Maguhn, speaker of the Chaos Computer Club, commented: "banning the possession of computer safety tools leaves the door wide open for the use of Federal Trojans. Industry and citizens are systematically being robbed of the possibility of examining their systems adequately for security. This prohibition endangers the security of the German IT sector."

As the automobile industry makes its vehicles safer with crash tests, so does the computer industry test its system security through the controlled employment of attack programs. It will in future no longer be possible be to test sensitive computer systems for security in ways that are without a doubt legal.

At the yearly congress of the Federal Office for Security in the Information Technology (BSI), Minister of the Interior Schaeuble announced plans to certify "trustworthy" security providers. With this step, the abilities and knowledge necessary for effective safety examinations of computer systems shall apparently be monopolised by handpicked government suppliers, while the independent computer safety research can be selectively criminalised as desired.

CCC speaker Mueller-Maguhn added: "the explanations of the Minister of the Interior for computer security are pure lip-service. A legal and organizational framework is being systematically created here in order to make citizens and enterprises defenseless against computer attacks, industrial espionage and also Federal trojans. Safety research can take place only in an unacceptable legal gray area."

*N.B. "Bundestrojaner", which I've translated as Federal Trojans, are the programs the police/gov't use to search through people's computers remotely (newly legalised, or given greater scope, I believe)

Hard to stay legal - by design?

[dpilot]

Another opportunity to bring up my favorite old, "New York State Thruway" analogy.

Back in the days of uniform 55MpH, that was the speed limit on the New York State Thruway, as well. But the mean speed on the road was somewhere between 65 and 70Mph, so in essence, everyone was breaking the law. Had you obeyed the law and driven 55MpH, everyone would need to change lanes to the bottleneck to traffic you'd become. In this environment the police could stop pretty much *anyone* and know that they were at least speeding. With nearly everyone potentially a lawbreaker, they could institute whatever criteria they chose for stopping someone.

I have no indication that this ever happened, or that there was ever any "selective law enforcement."

But the situation was ripe for abuse.

Now apply the situation to "hacker tools", leaving the definition sufficiently nebulous. They potentially have the tools to haul almost any sophisticated computer user into court, at will. Remember, Al Capone was put behind bars for income tax evasion, not bootlegging, mob hits, or anything like that. Crack any DVDs lately? Used libdvdcss to watch a DVD under Linux? If you're also running Linux, how many of those "standards" could also be taken as "hacking tools?"

Re:Hard to stay legal - by design?

I have no indication that this ever happened, or that there was ever any "selective law enforcement."

I suppose you've heard of the supposed traffic offenses known as DWB and DWA? Driving While Black and Driving While Asian and, more recently, Driving While Arab?

Re:Hard to stay legal - by design?

[dpilot]

I have no personal knowledge or hearsay about that type of thing happening on the NYST. I was merely pointing out the possibility for it.

Re:Hard to stay legal - by design?

In this environment the police could stop pretty much *anyone* and know that they were at least speeding. With nearly everyone potentially a lawbreaker, they could institute whatever criteria they chose for stopping someone.

Congratulations, you have just described how modern government works ("modern" in the sense of post-medieval).

debugging, anyone?

[dAzED1]

I use both ethereal and nmap multiple times a week to help debug problems. I also use lots of trace programs for the same thing. I'm not checking for security, nor trying to hack myself...I'm trying to debug a problem. Yet, the tools are the same.

Re:debugging, anyone?

[t35t0r]

So is GDB/softice/pice and any other disassembler considered a hacking tool in .de and as such considered illegal? This is as stupid as making hammers/cars illegal because these could be used to kill people.

Secure data, or is it

[SlashDev]

"new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data" Data is not secure if the hacking tool was able to access it, thus the law doesn't apply.

Lets just all turn ourselfs in

[32771]

This would be a drastic measure, but it might make a point. Somehow I would guess though that the judge would rule that people have to pay a fine instead of going to prison.

The link to the law StGB shows only the old version without the new paragraph 202.
Besides,in it you can find the following line:

Ausfertigungsdatum: 15.05.1871

Which must mean something like issue date 15.05.1871, now that is incremental change!

I just found the paragraph here: http://www.kes.info/archiv/online/06-6-006.htm
Seems like it took until May the 25th (since 2006) to get it signed.

Paragraph 202c says:

(1) Wer eine Straftat nach 202a oder 202b vorbereitet, indem er
  1. Passworte oder sonstige Sicherungscodes, die den Zugang zu Daten ( 202a
Abs. 2) ermöglichen, oder
  2. Computerprogramme, deren Zweck die Begehung einer solchen Tat ist,
  herstellt, sich oder einem anderen verschafft, verkauft, einem anderen überlässt, ver-
breitet oder sonst zugänglich macht, wird mit Freiheitsstrafe bis zu einem Jahr oder mit
Geldstrafe bestraft.

In English that means that if you prepare a criminal offense according 202a/b through

1.) providing passwords
2.) providing software to achieve the above mentioned criminal offence

you will go to prison for a year or pay a fine.

The article mentioned above explains that security companies should still be able to write
tools to test their systems since the criminal offense wasn't planned even though it was on peoples minds that the tool might be used for that.

Damn this sounds bad, I agree with the CCC now that this is a gray area. This would require some mind reading capabilities I guess.

The other two paragraphs address gathering and collection of data which is not meant for you or protected from you in some way.

The pdf file for the change proposal can be found here:
http://www.bmj.bund.de/files/-/1317/RegE%20Compute rkriminalit%E4t.pdf

BTW, I'm not a lawyer. This might also explain my bad english, how could one possibly translate between German and English legalese anyway ;)

Not found

[maxwell+demon]

I now looked at the linked law text, and couldn't find anything about tools. Am I just blind? Or maybe the newest change isn't yet displayed?

Obligatory...

[DieByWire]

You can have my nmap when you pry my cold, dead hands from the keyboard.

Prophetic, isn't it?

[tokuchan]

"Programmers still needed debugging tools, of course, but debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers. The debugger Dan used in software class was kept behind a special firewall so that it could be used only for class exercises."
-- Richard Stallman, The Right to Read

Illegal in a country near you...

Since you can't hack a computer without another computer except if you're on-site, Isn't a computer a "hacking tool?" Doesn't that make computers illegal in germany?

And doesn't this make the floppy and the CD, which can bypass security, illegal? Of course, without a computer what good is a floppy?

And since you can use an axe, screwdriver, hammer, etc to break into a building with a computer, doesn't that make carpenters' tools illegal as well?

You Germans are fuX0red!

I'm glad we're not the only nation with clueless fucktards running things! There is hope for USA after all!

-mcgrew

(OT but that capcha is fucking EVIL. It's "rations" but in the context presented here it looks like "nations", especially where the extra lines are drawn. In short, it is easier for a bot to read than for a human, as bots don't have contextual limitations!)

Can't you guys read german?

[Jens+Egon]

http://www.bmj.bund.de/media/archive/1317.pdf

And the relevant words in english (my translation)

German penal code section 202c

Whosoever prepares a felony according to section 202a or section 202b by

• enabling passwords or other such codes, or
• selling, obtainig, or giving computer programs for that purpose to another

Note: sections 202a and 202b are both about gaining access to data meant for somebody else.

My favorite hacking tools

[russotto]

• hexdump
• objdump (especially with the -d option)
• gdb
• gas
• gcc
• emacs (or vi or even ex)
• dd
• ps
• Rubber hose (for defeating strong crypto)

Oddly enough all those tools have legitimate uses -- even uses that Authority would consider legitimate. How are people going to water their gardens without a rubber hose?

when you want to outlaw something...

... would it not be more effective to outlaw hackable systems?

For example, it could be forbidden to put a system on the internet that is vulnerable to hijacking. Anyone with a trojaned PC could be made to pay a fine and mandatorily follow a course in system administration.

This would quickly end the SPAM problem (or at least the SPAM-via-trojaned-PC problem).

broad definition

[DaMattster]

As other slashdotters have noted, outlawing hacking tools is way too broad a definition such as to make enforcement virtually impossible. Most system admins would be facing incarceration. That would make things like tcpdump, dig, etc. illegal to possess or use. I guess this is the result of having a politician claiming to know everything about hacking without doing the research. Imagine life without your "troubleshooting" tools. I like the idea of outlawing harmful viri and malware (those caught doing this should rightfully face punitive measures), but if you take away my troubleshooting tools, what am I to do when things go wrong? Should I shrug my shoulders and throw up my hands? Hopefully this law will be found null and void due to overbreadth.

What a bunch of Nazis

[jidar]

Someone had to say it...

not yet

Well the Bundesrat could veto the law. If they do not the law could go live in about 3-6 weeks..

Bunch of Nazis

[tehIvyn]

Bunch of Nazis

Better the reverse !

[wtarreau]

Wait, it's far more common for carefully written apps to hack IE than the reverse !

Chill...it's like burglar's tools...

[bartwol]

It is illegal in many places to carry "burglar's tools". Yes, there is no difference between a burglar's tools and common household tools. However, when a person is caught in the act of breaking into some place, it can [almost always] be reasonably inferred that the tools used to break in meet the definition of "burglar's tools."

Such a prohibition can be a valuable mechanism to invoke penalties against people who engage in criminal behavior but get caught before completing the act. So even though the potential victim has no loss, the perpetrator is still guilty of a crime, which in this case would be possession of burglar's tools.

Re:Chill...it's like burglar's tools...

[grikdog]

"No difference"...? What, pray tell, is the "normal household use" of a prybar and pick? In the case of a prybar, perhaps sproingy games with spitwads? But a pick doesn't even have a sharp end, just a nubby bump.

I think this gotcha is meant to fall into class of urban inanities like "marijuana tax", like we have here in Iowa. It works like this: Marijauana is illegal, you're not supposed to have it. But if you do have it, well, bub, you should have applied for a marijuana stamp and slapped that on your stash. No stamp? Gotcha!

Yes, it is a Soup Nazi sort of law. Instead of legislating harsher penalties for existing felonies, our lawmakers get their twisted rocks off by thinking up, green and Grinch-like, extra spankings for all.

Re:licensed by the govt

[blazematrix]

LOL!
Yes, keep thinking inside the box.

BM

yet again

[kaizokuace]

another case of idiots making decisions for the not idiots! This disproves darwinian evolution maybe... haha unless its currently better to be an idiot to survive.

Oh Great - now what

[bizitch]

What am I gonna do without ping? or Angry IP scanner?

how or what?

[btaranto]

I have i knife!
Now i have a gun!
But i don't like guns!
Now i will go to jail? :(

Who will feed me?
Where's my mom? Jail too? :(

CLOSE ALL ARMS COMPANY! THAT'S WHAT WE NEED!
STOP THE WAR!

As a resident of the German People's Republic

[vorlich]

and of course Scottish*, (but legally Bavarian) I do hope you will continue to post material like this that demonstrates a complete lack of understanding of
A) The Germans.
B) The German political system
C) The German Psyche.
D) That anyone who was 20 in 1945 is 82 this year.
and
E) Todays Germans are a composite of changes in the population that occurred after WWII (ie they're different!)

Slight Technical Aside
The change to the law is pretty much the same as the Scottish Crime (readers who don't think Scotland is a country with a separate legal system should stop reading at this point.) of "going equipped to commit a theft or housebreaking" The article in German is just a scrape of The Register and other pages and the Babelfish rip is typical of the gobblydegook that is internet translatation.
Google always translates Ich weiss (I know) as I white, which is sub-Noam-Chomsky-stupid.
German is a language that lends itself not to dumb dictionary look up programs. The word compile for example never comes out as 'list' in a dictionary - apart from the larger Duden English/Deutsch. Usually it is 'collect together' and sorgen (to worry) becomes 'ensure' although in print dictionaries it is usually translated hilariously as 'solicitious' which when used in an essay on Digital Media is just too funny for words.

So keep up the good work because for me it means:
A) Going snowboarding for 18 Euros instead of going to the pub on Friday night for 60 Euros plus hangover because the alps are on my doorstep.
B) Wine for 1.49 a bottle (Euro/Dollar about the same, dude.)
C) More holidays than you can poke with a stick
D) Working half the hours I did back in Bonnie Scotland.
E) A country full of beautiful people, almost every single one of whom is liberal (see if Google can translate that.)
F) I get to be that British guy who explains why the USA is not the Great Satan and what 'Dude', 'Geek' or 'excellent' means.

Just as long as you keep scaring away all the English speaking part of the world.
Cheers!

*Kiltwearingpennypinching
haggisbashingporridge
eatingbraveheartwatching
worldcuplosingbagpipepla ying
harddrinking buckfastloving
snpvotingballotpaperspoilingstereo typefulfilling.

Re:As a resident of the German People's Republic

[Zoxed]

> E) A country full of beautiful people, almost every single one of whom is liberal

I can agree with the other items, but as a 10-years-in-Hessen Mancunian I think this one is a little off target. (Unless by "liberal" you mean some kind of American-English definition !!)

G) Whiskey is cheaper in Germany than in Scotland or England :-)

Re:As a resident of the German People's Republic

[vorlich]

Yes
G) Whisky particularly Malt Whiskies are a case of substitute Euro sign for pound sign
H) Cuban cigars are half the price too, something sadly unavailable to our American Cousins unless they live near the Bahamas.
Liberal in the sort of American sense of the word although socks and sandals are still common.
But let's keep all this between ourselves.

Stop that!

[ggggrrrrrrrrrrrrr]

"If evolution is outlawed, only outlaws will evolve" Jello Biaffra

fallacy...

Arguing by analogy is like making bad things go away by closing your eyes.

(yes, I know I just made an argument by analogy to demonstrate the invalidity of argument by analogy. That was on purpose.)

Oh and if we make child porn illegal, then only criminals will have child porn.

I personally see that whole issue as irrelevant. The sweeping statement "any program that could be used for hacking" is just too broad to be useful, though the people making that statement probably don't realize this.

A lot of concepts in the computer/information domain simply don't map well to concepts in the solid-objects/material-world domain, and mismapping them causes a whole lot of bad litigation, bad business decisions, injustice, and needless suffering.

Sorry Germany, but you gotta unplug...

[tubapro12]

Without many tools which can easily be used to hack the modern Internet as we know it won't work. An IT pro can't get their work done without tools so its either auf Wiedersehen to the law or the IT industry. Sounds like the problem we have in America... the people trying to administer laws to this 'intraweb' just don't know what they're doing...And its also similar to gun control... and locks... and...YOU'RE ONLY HURTING THE INNOCENT PEOPLE! (Oh, so the style attribute doesn't work on /....)

not really.

[robertpaun]

Has anybody pointed out yet this law is still just a draft and not through yet? Germany has not declared hacking tools illegal and according to the harsh and devastating critics of germany's IT industry on this law it probably never will. Bye.

Re:not really.

[robertpaun]

Besides... it's quiet an exegeration to present the view of a few popularistic politicians of one german party as the view/position of the whole country. The article says "Germany...", not "two members of the german parlament has presented a law...". That a big difference.

The road paved with good intentions leads...

[jhantin]

Trade and commerce, if they were not made of India rubber, would never manage to bounce over the obstacles which legislators are continually putting in their way; and, if one were to judge these men wholly by the effects of their actions, and not partly by their intentions, they would deserve to be classed and punished with those mischievous persons who put obstructions on the railroads. -- Henry David Thoreau

It seems that the prime function of legislative bodies is to generate well-intentioned but ill-conceived responses to the latest moral panic. Undoubtedly some fraction of the developer community will want to engage in 'hacktivism', but for most life and work must still go on. Competent developers know how to work around legislative obstruction and still do business: a jurisdiction configuration that specifies whether each of the system's jurisdiction-sensitive features are permitted, limited, and/or forbidden.

• Gambling games are configured to permit or forbid features like electronic funds transfer and define the threshold at which wins are recorded for tax purposes.
• Commercial cryptography toolkits are configured to specify which cipher suites are available, what maximum key strengths are used, and how the inclusion of law enforcement access features modifies the limits.
• Even the GPLv2 itself permits geographic restriction of a license to allow compliance with jurisdictional issues.

As a German once said

[z-j-y]

"First they came for the Ethereal, but I did not use Ethereal, so I said nothing.
Then they came for the Portscan, but I did not use Portscan, so I did nothing.
Then came the Firefox, but I can live without a browser.
And then they came for the Computer, but I was fine with a caculator.
Then when they came for me, there was no one left who could stand up for me."

Re: obligatory attempt at lame humor

[serialdogma]

As has yours, and mine also I suppose.
Drats, whats my compliant again?

how is this news?

[Anonymous+Cowpat]

'Germany now run by fascist nutjobs with no grasp of reality'. That hasn't been news since 1933!

About time...

[hurfy]

that they outlawed Sony CDs there........

CyberWatch

[bluefoxlucid]

Meanwhile in the US, CyberWATCH (funded by the National Science Foundation I think) is desperately encouraging students to explore computer security because they want more hackers in the working class. There's too many hackers in the asshole class and we need someone sitting on our networks, in our banks, in our schools, protecting us from these people. Germany may think they can just take our toys away, but here we realize the only people who are gonna give them up are the ones that are gonna save our asses.

CyberWATCH is awesome too because they sponsor the mid-atlantic regional collegiate cyberdefense competition, which is sweet. This involves a lot of hacking and a lot of defending against hacking (us doing the defending, while some volunteer red cell does the hacking). Students experience something very few people get to experience... (and we love it).

The Facade of Law

There are 2 possibilities.

1. The lawmakers mean well, but don't understand the technology or the implications of this law.

2. They are deliberately transferring power from the Judicial Branch to the Executive Branch in order to appear "tough" on crime. When it's impractical to enforce a law that is broken by many people, the Executive Branch doesn't enforce it, unless they need an excuse to bust someone they don't like, or to search someone they're suspicious of. This gap between what is commonly enforced and what CAN be enforced, I like to call "The Facade of Law" as opposed to "The Rule of Law".

As long as the masses believe they are safe and the system is just, they won't riot/revolt. "Justice" is just an illusion to provide political and economic stability to a group of social (and hence moral) animals. (In my opinion)

Re:The Facade of Law

[qazsedcft]

They are deliberately transferring power from the Judicial Branch to the Executive Branch in order to appear "tough" on crime. When it's impractical to enforce a law that is broken by many people, the Executive Branch doesn't enforce it, unless they need an excuse to bust someone they don't like, or to search someone they're suspicious of. This gap between what is commonly enforced and what CAN be enforced, I like to call "The Facade of Law" as opposed to "The Rule of Law".

Actually, this is common practice in totalitarian governments such as countries from the former communist block. Over here in Poland we still have left over laws like this. Some are self-contradictory. Some exist only to allow police and government workers to get bribes. I hear that in neighboring Russia and Belarus these things are even more common than here. One funny example I heard recently was the obligation, in Russia, to have a first aid kit in your car. But hold on! The kit must contain a condom and must be purchased in Russia. Obviously, people driving across the border for the first time are screwed.

Re:The Facade of Law

[lazyl]

3. The media and the general population don't understand the technology or the implications of the law.

See, even if the politician does understand the problems with the proposed law, if the population doesn't then he can't oppose the law without taking a severe hit on his popularity. People will just think he supports illegal hacking activities and it's very hard for him to explain his position to people who don't understand the technology. That's also, I think, the reason why so many states in the US have passed stupid anti-violent games bills. Voting no is much more likely to get you booted out of office then voting yes. Even politicians who understand the stupidity of it are just thinking: "I don't want to lose my job over this.. lets just pass the law and let the courts deal with it."

The Facade of Law

[InterDisciple]

I see 2 possibilities:

1. The lawmakers mean well, but don't understand the technology or the implications of this law.

2. They are deliberately transferring power from the Judicial Branch to the Executive Branch in order to appear "tough" on crime. When it's impractical to enforce a law that is broken by many people, the Executive Branch doesn't enforce it, unless they need an excuse to bust someone they don't like, or to search someone they're suspicious of. This gap between what is commonly enforced and what CAN be enforced, I like to call "The Facade of Law" as opposed to "The Rule of Law".

As long as the masses believe they are safe and the system is just, they won't riot/revolt. "Justice" is just an illusion to provide political and economic stability to a group of social (and hence moral) animals. (In my opinion)

That's a brilliant plan!

[cpghost]

There's a brilliant plan here:

1. German government outlaws security tools.
2. Germany's high tech industries' IT security becomes permeable like swiss cheese.
3. CIA, NSA and all the other lovely bunch breaks into german computers, stealing trade secrets en masse.
4. ElInt harvest is then donated/spread to local companies.
5. ???
6. Profit!

A great way to enhance German-US relations! And German-Chinese relations, and German-Russian relations, and German-French relations... Danke, Frau Merkel! That was your most brilliant idea so far.

Guilty of Rape

A man who owned a vintage still as a museum piece was arrested and charged with "moonshining", or distilling illegal alcohol. Even though the man protested that he never used the still and in fact studied it for academic reasons did not dissuade the judge who found him guilty ". . . since he had the equipment." Based on this logic, the man was also found guilty of rape.

Not like guns, or like locksmith tools

[fatalGlory]

'hacking tools' we should also keep in mind are not like physical commodities. This is what FSF has been on about since the beginning. What halfway serious german hacker is going to absolutely *need* to download tools? Not many, how hard is it to write your basic brute force password cracker for instance? Not that difficult.

So with no (necessary) download records (p.s. if that seems unreasonable, wiping the history is usually within reach, lol), that means that to convict someone, the tools would have to be found on storage media that they own. Now lets say that I have a simple php script to brute force a password. One text file. Now imagine that it has permissions set so you must be root to read it. If I happen to have 'forgotten' the root password to the machine, in order to convict me, you would have to hack my root account... without (necessarily) having any evidence to warrant a warrant.

Basically, if a judge cannot be convinced that it is reasonable to suspect you as an teh_uber_hacker, you cannot be legally caught!

Reply:The Facade of Law, PLEASE, don't tell anyone

[OldHawk777]

I agree with your reasoning, but I am a delusional paranoid, and as always ... entertained by a little humor.

THANKS

The best way to make German PCs secure now is...

...blocking all of its access ports, including Port 80. Germany should thus ban the internet and everyone's computer in Germany will be secure. Of course, the people will riot and Germany will be left behind, but hey, it's secure! =D

Madness

[obeythefist]

Any tool, or component thereof that could be used in the act of breaking a law shall be illegal.

Guns, therefore, shall be illegal.

The barrel of a gun, which is in essence a straight pipe, shall be illegal.

The internet, which is made of tubes (another kind of pipe) shall be illegal.

Once nobody has any network connected computers, there will be no computer crime.

Germany has nailed this one.

Chemistry

This is precisely the mindset that many amateur scientists/hobbiests thought about home chemistry kits and supplies before it became illegal to buy or possess an Erlenmeyer flask or organic solvents or reagents, because now if you are not a licensed chemist, or an authorized employee of a chemical company that is licensed, or a senior-enough member of an institute of higher learning that is licensed, you cannot buy most chemistry supplies, else you are automatically guilty of committing drug crimes.

Slimjim's are illegal, so why not hacking tools?

[GISGEOLOGYGEEK]

In Canada you can't posess a slimjim (device for popping the lock on a car door - not the greasy pseudo-meat snack product) ... unless you are a licensed locksmith, tow-truck operator, or similar.

It's just a harmless thin piece of metal with a knotch in it.

But walk down the street with a set of them and you could be picked up for possessing tools that can be used to commit a crime.

So what's the big deal over hacker tools?

I think its the perpetual problem of people who wouldnt dream of breaking into a car and stealing it, that somehow manage to simutaneously think that its perfectly fine to hack into whatever the hell they want.

Good for the rest of the world

[Max+Littlemore]

Hacking tools like nmap, ethereal, dictionary crackers (i.e., cracklib), etc. are absolutely necessary in securing a network.

At least there'll be plenty of work securing publicly exposed German networks from outside of Germany. I wonder if they thought of that.......

Re:Good for the rest of the world

hell yes, since most external hacks cross international borders I don't see how this law has any hope of doing anything but hamstringing the people who protect the networks in germany. At least for gun crime you have to (more or less) be in the same country as your victim

just means I can't work in germany

[vuffi_raa]

so long as they don't float the laws this way I crack and rip forensic data for litigants. I would need to find a new job

Definition of Politicks.

[splutty]

As we all know, the definition of Politicks is quite straight forward. It's a mangling of different languages and words.

Poly from the Greek 'multiple'
Tick from the little bloodsucking insect.

So Politicks are Multiple Bloodsucking Insects. See! There. Inrefutable proof.

Some facts for a change (actual law text f.ex.)

[IIXII]

Instead of getting all worked up and randomly speculating and inventing what law prohibits, how about actually reading the text of the law??

First, it's not about "sections 200 and following" (section 200 is followed by a break, and a new block, the one that concerns protection of privacy, begins with section 201). More specific, it's really only about changing 202a and adding 202b and 202c.

The proposal that now became law, together with detailed explanations, can be found on this official government site:

http://www.bmj.bund.de/files/-/1317/RegE%20Compute rkriminalit%E4t.pdf

The only controversial one of the additions is the second number under 202c:

(1) Wer eine Straftat nach 202a oder 202b vorbereitet, indem er
  1. Passworte oder sonstige Sicherungscodes, die den Zugang zu Daten ( 202a Abs. 2) ermöglichen, oder
  2. Computerprogramme, deren Zweck die Begehung einer solchen Tat ist,
[herstellt, sich oder einem anderen verschafft, verkauft, einem anderen überlässt, verbreitet oder sonst zugänglich macht,]
wird mit Freiheitsstrafe bis zu einem Jahr oder mit Geldstrafe bestraft.

Translated:

(1) The person who prepares an offence according to 202a or 202b by
[creating, procuring for himself or someone else, selling, leaving to someone, disseminating or make accessible by other means,]
  1. Passwords or other security codes, which allow the access to data ( 202a Abs. 2), or
  2. Computer programs, whose purpose is the commiting of such an offence,
will be punished by a term of imprisonment of up to one year or a fine.

So what's said in the article ("Manufacturing, programming, installing, or spreading software that
can circumvent security measures is verboten) is wrong. Only "Computer programs, whose *purpose*
is the commiting of such an offence" are forbidden. Computer programs which may be use for circumventing
security (like packet sniffers, port scanners...) but whose purpose is not expressly mainly to illegally
gain access to other people's data are not prohibited. As an example of a program that would be, take
your common trojan whose main purpose is to hide on someone's computer and secrectly sniff data.

Re:doesn't that illegalize any programming languag

[jimstapleton]

except VB.NET, then your hosed.

Re:doesn't that illegalize any programming languag

[catprog]

No VB6 has the ability for networking

Re:doesn't that illegalize any programming languag

[Opportunist]

So? A Trabant has the ability to drive and still I wouldn't consider it a useful car to get anything done.

(Just to bring up one of the oh-so-much appreciated car analogies)

The ways you can get access to networking resources is SO limited in VB that it doesn't really matter.

use the -e parameter to turn off the evil bit!

[freaker_TuC]

try the -ne parameter, it will turn off your evil bits so it won't be taken as hacking.

NAME
          ping - send ICMP HACK_REQUEST packets to network hosts

          -ne
                          Stop sending (and receiving) evil bit packets.