Germany Declares Hacking Tools Illegal

dubbelj writes "Germany has updated their computer crime law to declare 'hacking tools' illegal. This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]). Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal.' We discussed a similar measure in January when Australia considered the same kind of legislation. How will this affect Linux distribution in Germany, as most standard Linux distributions come with these kind of 'hacking tools' installed by default?"

Lock Hacking

[TheLazySci-FiAuthor]

How are hacking tools really different from locksmith's tools?

I certainly have found a locksmith to be very useful in very legal ways - but then again, I'm the kind of person who has key problems ;)

Re:Lock Hacking

[morgan_greywolf]

Yes, actually. Hacking tools like nmap, ethereal, dictionary crackers (i.e., cracklib), etc. are absolutely necessary in securing a network. There is no way I could lock down a network without scanning to see what ports are open or determine the security of traffic on a network without a packet sniffer. Heck, packet sniffers are useful in determining problems in misbehaving networked applications. How could I check the security of my users' passwords without a dictionary cracker?

Hacking tools are more like guns: make them illegal and only the criminals will have them.

Re:Lock Hacking

[Rakishi]

Uhm, can you comprehend basic english or not?
He is perfectly right, by definition if you make guns illegal the only people who own guns would be criminals (and law enforcement but then its not a total ban on guns). There may be many or a few of them but by definition his statement holds true.

Anyway in some of those places they use knives instead and kill more people than they did when they had guns. After all, why would they bother with a gun when they know their victim doesn't have one? Not only is the knife perfectly legal unlike a gun (convicted criminals can't legally own guns in most if not all of the US) but in a knife fight the criminal is probably much better off than in a gun fight. Remember that criminals are in better shape, younger, less prone to fear and are free to train with knives as much as they want (unlike guns which they can't train much with) compared to their victims.

In other places they all use guns since the main source of crime is gangs and they escalate the weapons used accordingly (their "victims" have guns in that case). Washington, DC bans almost all guns and there are tons of shootings there, the highest murder rate in the US by far actually.

In countries where guns are legal, deranged college students use them to kill their fellow students. Bringing guns onto the VT campus was/is illegal. As a result the only persons who had guns there were law enforcement and the deranged college student. Interestingly enough there is one case where a different deranged college student was shot dead by other students before he could do much damage.

So please heed your own advice and don't use statements that don't work.

So....

[Nick+Driver]

...when will they start requiring computer professionals to have to become licensed by the govt in order to to possess and use the tools necessary for them to do their jobs?

Wait, what?

[Xtense]

So how they are going to distinguish hacking tools from security software? Nmap can be used as both, and I sincerely cannot imagine securing anything without it. Next, packet loggers. Will Ethereal be banned too? It's one of the best tools IMO that gives a user the power to see exactly what he is sending or receiving, showing potential problems and vurnabilities, but it, of course, can be also exploited beyond any limits. And it's the case with all the rest of popular networking software.

Re:Wait, what?

So how they are going to distinguish hacking tools from security software?

Finally, a question which even I am qualified to answer.

It's simple -- who provided the tool?

If I install a rootkit on your computer, it's a hacking tool.

If Sony installs a rootkit on your computer, it's a perfectly legal way of enforcing their digital rights.

In simpler terms, it's a combination of gross annual income and number of legislators purchased.

what made the list?

[Original+Replica]

I imagine the list of tools useful only to hackers is pretty short. And I imagine that german hackers will find ways to use "legit" software to their ends.

On another note, expect little in the way of secure software innovation out of Germany in the next few years.

RMS is right

[Akaihiryuu]

Sure, some people think he sounds paranoid...but he's right. It'll take time for things to get really bad...but they will get there, slowly.

http://www.gnu.org/philosophy/right-to-read.html

End of Days||Daze

[packetmon]

That's humorous (in a scary way) considering the following:

The commission communication "towards a general policy on the fight against cyber crime"

There is no agreed definition of "cyber crime". From a strictly legal point of view, it can be questioned whether there is any need for the term at all - it could be argued that "cyber space" is just a new specific instrument used to commit crimes which are not new at all. The term may thus be most interesting from an operational point of view, i.e. the operational instruments and procedures to fight against this type of crime must be developed.

With that said, as an American, I can almost indicate any connection to me as being an illegal one and cost the German taxpayers a bucketload of money with false claims. Let's consider the following scenario.. Ping. Simple administrative tool, can also be used for DoS attacks. Suppose I start a business ... eFishSkinSales.com that sells fish skins... I find a German counterpart GermanFishSkin.com... I take their IP addressing and spoof a pingflood to my routers and send German authorities the logfiles. Would they know what a spoof is for one. How about the following... A German websurfer visits my page and does not close his browser. For the next nMinutes where n equals the amount of time he has his browser on my page, he will make repeated GET's thus resulting in a DoS attack of the lamest kind. What then. Are browsers hacking tools?

Let's take it a step further into XSS (cross site scripting)... The browser IS THE TOOL. Should all browsers be banned now. Oh those Germans. I know... What about a German, with a shell on a server in America developing tools. Now those tools don't reside ANYWHERE in Germany then what. I would have laughed that law all the way to the bitbucket. But... You're likely dealing with e-Incompetent lawmakers driving Beamers and Benz' who care little about the advances in LIFE as a whole thanks to computing both good and bad (malicious hacking has forced companies to improve themselves).

Reply: Well, no phreaking problem folks...HAVEFUN.

[OldHawk777]

Well anyway, I am not going to phreak out about hacker tool being illegal. Funny part: For the foreseeable future, any nation without citizens having, using, and learning hacker/cracker/phreaker/... tools (with hands-on experience) is defenseless in case of war/threat. Nations will need as many phreaked crackers, cracked phreakers, 31337 draftees/recruits as they can find (including the wheelchair, gay, and grandma ones).

In a MAD dash governments globally will make all "Hacker Tools" illegal. Zoll Gestapo will be contracted and trained by the US Government, then deployed to Russia, China, USA, France, Canada... All heidi-holes, small/large dark crevices, and generally anything that can be screwed will be looked into.

"Hacker Tools" from telnet, ping, TFTP ... to PGP, RMON, Tripwire, C++ compilers ... eventually all technology will be confiscated and most people will be in jail where they belong. Yes, the Germany government of the EU is proving to be as bright as the government of Mississippi in the USA.

Luddites love politics; because they are not required to know or do, anything right, and are paid anyway. Politics has become a form of welfare for the wealthy incompetent of the US, EU, Iran, Saudi, Russia, China, Egypt, India, Sudan, Mexico.... Politicians in any country are a pitiable basket of low intelligence, corrupt ethics, and fetid morals.

US, EU, and many others are in troubled/stupid times.

Bullshit law

[nukem996]

My university(in America) has the same rule for any computer connected to there network. I have always had etherape, ethereal, nmap, tcpdump, etc on my computers since I do computer repair. I decided to leave them on and just never tell anyone. Once I got a job in the CS department I noticed everyone had the same tools and really no one cared. Germany will probably do the same thing, no one will care about you having "hacking tools" until they really want you to go away, then you'll be charged for every program that can do anything that would manipulate data. Anyway shouldn't they have made cracking tools illegal?

The Facade of Law

There are 2 possibilities.

1. The lawmakers mean well, but don't understand the technology or the implications of this law.

2. They are deliberately transferring power from the Judicial Branch to the Executive Branch in order to appear "tough" on crime. When it's impractical to enforce a law that is broken by many people, the Executive Branch doesn't enforce it, unless they need an excuse to bust someone they don't like, or to search someone they're suspicious of. This gap between what is commonly enforced and what CAN be enforced, I like to call "The Facade of Law" as opposed to "The Rule of Law".

As long as the masses believe they are safe and the system is just, they won't riot/revolt. "Justice" is just an illusion to provide political and economic stability to a group of social (and hence moral) animals. (In my opinion)