Slashdot Mirror
Germany Declares Hacking Tools Illegal
dubbelj writes "Germany has updated their computer crime law to declare 'hacking tools' illegal. This will place most of the professionals in the network admin and computer security fields in a sort of legal grey area. 'The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]). Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal.' We discussed a similar measure in January when Australia considered the same kind of legislation. How will this affect Linux distribution in Germany, as most standard Linux distributions come with these kind of 'hacking tools' installed by default?"
ping - a hacker tool used for detecting computers connected to the internet for the purpose of breaking in to them
Great! Well, problem solved. We can all stop patching our servers and running firewalls now! Yippee!! :D
Default and why is he installing hacking tools in Linux distro's ?
On a serious note doesn't this basically make watching dvds on a linux computer illegal as well ? Sounds to me like this can be wide open for abuse much like our beloved DMCA.
Can't RTFA since the laws are in German.
This package Does Not Contain a Winner
How are hacking tools really different from locksmith's tools?
;)
I certainly have found a locksmith to be very useful in very legal ways - but then again, I'm the kind of person who has key problems
Read my Very Short "Stories"
...when will they start requiring computer professionals to have to become licensed by the govt in order to to possess and use the tools necessary for them to do their jobs?
Prohibition of computer safety tools opens Bundestrojaner door and gate
May 25, 2007 (46halbe)
The Bundestag has today the prohibition of computer safety tools invariably durchgewunken (criminal law law of change for the fight of the computer criminality, more again 202 StGB). To be punished is in particular a manufacturing, a programming, a leaving, a spreading or providing software, which is urgently necessary for the daily work of network administrators and safety experts.
The Bundestag has today the prohibition of computer safety tools invariably durchgewunken (criminal law law of change for the fight of the computer criminality, more again 202 StGB). To be punished is in particular a manufacturing, a programming, a leaving, a spreading or providing software, which is urgently necessary for the daily work of network administrators and safety experts.
With it the delegates acted against the express advice of the experts belonged in the committees with the consultation of the law out of science and practice. Also on the part of the InterNet economy and from the Upper House of Parliament the law change had been criticized sharply. With exception of the Party of Democratic Socialism and a lonely SPD delegate now the completely large coalition that votierte notion lots to make Germany the professional disqualification zone for computer safety experts.
By expressed far version law becomes possession, which production and the spreading of preventive tools, with which security can be examined by computers, in Germany punishable. These tools are however essential, in order to ensure the security from computer systems to. The general prohibition of this software is to be forbidden about as helpfully as the production and the sales of hammers, because sometimes thereby also damages are accomplished.
Andy Mueller Maguhn, speaker of the chaos computer club, commentated: "the prohibition of the possession of computer safety tools opens also for the employment of the Bundestrojaners door and gate industry and citizen systematically the possibility is taken of examining their systems adequately for security. This prohibition endangers the security of the IT location Germany."
As the automobile industry, is examined in the computer industry the system security makes its vehicles with Crashtests safer by the controlled employment by attack programs. It will be legally no longer free of doubts possible in the future for sensitive computer systems will test whether they are safe or not.
On the yearly congress of the federal office for security in the information technology (BSI) Minister of the Interior Schaeuble announced planned certifying "more trustworthily" to Sicherheitsdienstleister. With this step obviously the abilities and the knowledge, which are necessary for effective safety examinations of computer systems, are into which hands by yard suppliers handread out by the government are monopolized, while the independent computer safety research can be kriminalisiert as desired selectively.
CCC speaker Mueller Maguhn in addition: "the explanations of the Minister of the Interior for computer security are pure lip-service. Here systematically the legal and organizational framework is created, in order to make citizens and enterprises defenseless opposite computer attacks, restaurant economics and also the Bundestrojaner. Safety research can take place only in an unacceptable legal gray area."
davecb@spamcop.net
You can use a browser to hack poorely written web apps (some forum software springs to mind). Doesn't this effectively make all browsers illegal?
So how they are going to distinguish hacking tools from security software? Nmap can be used as both, and I sincerely cannot imagine securing anything without it. Next, packet loggers. Will Ethereal be banned too? It's one of the best tools IMO that gives a user the power to see exactly what he is sending or receiving, showing potential problems and vurnabilities, but it, of course, can be also exploited beyond any limits. And it's the case with all the rest of popular networking software.
"We are the music makers, and we are the dreamers of dreams [...]."
If "hacking tools" are outlawed, only outlaws will have "hacking tools."
Axes can be used as a tool to hack as well. Actually, that is their intended purpose.
There are two types of people in the world: those who divide people into two types and those who don't.
I imagine the list of tools useful only to hackers is pretty short. And I imagine that german hackers will find ways to use "legit" software to their ends.
On another note, expect little in the way of secure software innovation out of Germany in the next few years.
We are all just people.
This sounds like banning guns in a hypothetical country where there's a lot of gun violence, and people commonly wear bulletproof vests. (Note the "hypothetical" here; this is just for the sake of argument.) Suddenly, a new law banning guns is passed, and the vest-making companies can't develop new vests because they have no way of testing them.
Brilliant.
Another parallel: this is like making it illegal to wreck a car, whether by accident or intentionally. With a law like this, cars can't be crash-tested, and auto crash safety research comes to a stop.
Of course, in the real world, computer simulations can be used to get around these problems. But with this new real-world law, the simulations themselves are illegal!
Sure, some people think he sounds paranoid...but he's right. It'll take time for things to get really bad...but they will get there, slowly.
http://www.gnu.org/philosophy/right-to-read.html
This is going to stop a lot of software companies from opening up German software houses. Just trying to maintain any computer network for regular developers would probably be illegal under these rules, because a lot of network maintanence tools could be considered "hacking tools" under this definition. Without those tools, it would be prohibitive to try to support an enterprise infrastructure.
Beware of bugs in the above code; I have only proved it correct, not tried it.
If they close down all the "space bars", they don't have to worry about aliens, weird languages and hacking tools.
Brains are the best hacking tools of them all, and the only ones necessary--anything else can be rebuilt from scratch, or worked around. (Though it would take a while, in some cases.)
So they've outlawed brains.
Brilliant. =)
It's nothing but crumpled porno and Ayn Rand.
That's humorous (in a scary way) considering the following:
... eFishSkinSales.com that sells fish skins... I find a German counterpart GermanFishSkin.com... I take their IP addressing and spoof a pingflood to my routers and send German authorities the logfiles. Would they know what a spoof is for one. How about the following... A German websurfer visits my page and does not close his browser. For the next nMinutes where n equals the amount of time he has his browser on my page, he will make repeated GET's thus resulting in a DoS attack of the lamest kind. What then. Are browsers hacking tools?
The commission communication "towards a general policy on the fight against cyber crime"
There is no agreed definition of "cyber crime". From a strictly legal point of view, it can be questioned whether there is any need for the term at all - it could be argued that "cyber space" is just a new specific instrument used to commit crimes which are not new at all. The term may thus be most interesting from an operational point of view, i.e. the operational instruments and procedures to fight against this type of crime must be developed.
With that said, as an American, I can almost indicate any connection to me as being an illegal one and cost the German taxpayers a bucketload of money with false claims. Let's consider the following scenario.. Ping. Simple administrative tool, can also be used for DoS attacks. Suppose I start a business
Let's take it a step further into XSS (cross site scripting)... The browser IS THE TOOL. Should all browsers be banned now. Oh those Germans. I know... What about a German, with a shell on a server in America developing tools. Now those tools don't reside ANYWHERE in Germany then what. I would have laughed that law all the way to the bitbucket. But... You're likely dealing with e-Incompetent lawmakers driving Beamers and Benz' who care little about the advances in LIFE as a whole thanks to computing both good and bad (malicious hacking has forced companies to improve themselves).
Infiltrated dot Net
You can take it even farther than that. Guns don't really have a positive use. No one is really hunting for survival anymore. Many hacking tools were created with sysadmins in mind. I personally have run into a situation where I either have to reinstall IRIX from scratch (licensing and all) or run john the ripper on the root password for a while. Yes, there is a way around in this case, but completely legitimate use of John the ripper saved me tons of time. I don't even want to think where I'd be without the likes of tcpdump, nmap, or other tools. We would have to guess our systems are secure without actually knowing.
The rulebook of my high school explicitly forbid bringing to school "anything that can be used as a weapon." I brought up the point that this would effectively expel all small freshmen who could be picked up and thrown at other people.
But as the technically educated know, many tools that can be useful for diagnostics, troubleshooting, performance optimization, and usage monitoring can also be used for hacking. This, like many laws, will likely be arbitrarily enforced based on criteria not specified in the law.
Knives are tools that can be used to stab people, but we do not make them illegal. If we *did* make them illegal (defining the item as "tools that can be used to stab people") then in actual practice the law will only be used to increase the charges already leveled against someone, or to target someone who has otherwise broken no law but is doing something of which the powers-that-be disapprove (such as...i dunno...criticizing this or that government official or policy).
I prefer chopping.
You mad
Just make sure the evil bit is unset on your "hacking tools", and they'll be hunky-dory.
--
make install -not war
Well anyway, I am not going to phreak out about hacker tool being illegal. Funny part: For the foreseeable future, any nation without citizens having, using, and learning hacker/cracker/phreaker/... tools (with hands-on experience) is defenseless in case of war/threat. Nations will need as many phreaked crackers, cracked phreakers, 31337 draftees/recruits as they can find (including the wheelchair, gay, and grandma ones).
... to PGP, RMON, Tripwire, C++ compilers ... eventually all technology will be confiscated and most people will be in jail where they belong. Yes, the Germany government of the EU is proving to be as bright as the government of Mississippi in the USA.
In a MAD dash governments globally will make all "Hacker Tools" illegal. Zoll Gestapo will be contracted and trained by the US Government, then deployed to Russia, China, USA, France, Canada... All heidi-holes, small/large dark crevices, and generally anything that can be screwed will be looked into.
"Hacker Tools" from telnet, ping, TFTP
Luddites love politics; because they are not required to know or do, anything right, and are paid anyway. Politics has become a form of welfare for the wealthy incompetent of the US, EU, Iran, Saudi, Russia, China, Egypt, India, Sudan, Mexico.... Politicians in any country are a pitiable basket of low intelligence, corrupt ethics, and fetid morals.
US, EU, and many others are in troubled/stupid times.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
To criminalize so-called hackers.
/. echo chamber, no one will do anything but whine and go back to their work/entertainment.
0 6/murphy200706?printable=true¤tPage=all
Most policy wonks that deal with this sector have already spread the word that computers are dangerous tools in the wrong hands. So, step 1 is to make the tools illegal. For example, "Your honor we found hacking applications wireshark installed on the defendants computer." No questions about approved uses are allowed because that makes things too complicated.
Don't bother with legal challenges, the objective is to make computers a content delivery device. Anything else is too threatening to governments, regardless of their borders.
Best case scenario as other posts have pointed out, the government gives out licenses that allow you to use/own "hacking" software. In the U.S., probably a process similar to getting a clearance would be required. This is happening internationally.
Since this is the
Required reading for Americans unhappy with their political process: http://www.vanityfair.com/politics/features/2007/
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Even programs that contain keyboard loggers have their uses. Most automated software testing tools use keyboard logging as part of the testing process. Viruses have their uses, as well. On a limited network, I have heard of admins using viruses that are "mutated" so they install patches without any user intervention.
Digital Rights Management (ahem, excuse me, "Digital Consumer Enablement") technologies can be used to obtain private information from my system, to prevent certain parts of my system from functioning, and to install unwanted and potentially malicious executable code on my system, all without my knowledge or consent.
Sounds to me like DRM "can be used for hacking," and is therefore now illegal in Germany.
Keep leading the way, Germany!
I'm not a big guy, but when armed, I have the means to effectively defend myself and my loved ones against those who might otherwise do us harm.
How is that not a positive use?
*sigh* back to work...
My university(in America) has the same rule for any computer connected to there network. I have always had etherape, ethereal, nmap, tcpdump, etc on my computers since I do computer repair. I decided to leave them on and just never tell anyone. Once I got a job in the CS department I noticed everyone had the same tools and really no one cared. Germany will probably do the same thing, no one will care about you having "hacking tools" until they really want you to go away, then you'll be charged for every program that can do anything that would manipulate data. Anyway shouldn't they have made cracking tools illegal?
When will politicians ever learn? sigh...
Back in the 90's when I was working at Data General I was on a team of people who were reading the source code to every function in the C library, operating system and utilities. For each function we wrote a document saying roughly "Here's what the function does, here are any potential side effects, here is the source code we used to make sure the function didn't break or compromise security in interesting ways." Data General was a pretty small company and yet they managed to find the resources to do this. I'm sure Microsoft or Intel would have no problem assembling a team that could do this. This would improve security of systems worldwide a lot more than some foolhardy attempt to prevent a set of applications from being developed.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Yeah, Heidi is such a slut.
Prohibition of computer safety tools opens door and gate for Federal trojans*.
May 25, 2007 (46halbe)
The Bundestag has today waved through, unchanged, a ban again computer safety tools (Bill for the change of Criminal law in order to fight computer criminality, new 202 StGB). Chiefly targeted is the manufacturing, programming, leaving (for someone), distribution, or procurement of software, which is urgently necessary for the daily work of network administrators and safety experts.
With this decision the delegates acted against the express advice given by experts from research and business to the committees consulting on the proposal. The law was also sharply criticised by the Internet economy sector and the Upper House of Parliament. With exception of the Party of Democratic Socialism and a lonely SPD delegate, the complete Great Coalition of the Clueless now voted to make Germany a professional disqualification zone for computer safety experts.
Through the markedly broad scope of the law, the possession, production and distribution of preventive tools with which to examine computer security will become punishable in Germany. These tools are, however, essential in order to ensure the security of computer systems. Banning this software is about as helpful as banning the production and the sales of hammers because sometimes these are also used to cause damages.
Andy Mueller-Maguhn, speaker of the Chaos Computer Club, commented: "banning the possession of computer safety tools leaves the door wide open for the use of Federal Trojans. Industry and citizens are systematically being robbed of the possibility of examining their systems adequately for security. This prohibition endangers the security of the German IT sector."
As the automobile industry makes its vehicles safer with crash tests, so does the computer industry test its system security through the controlled employment of attack programs. It will in future no longer be possible be to test sensitive computer systems for security in ways that are without a doubt legal.
At the yearly congress of the Federal Office for Security in the Information Technology (BSI), Minister of the Interior Schaeuble announced plans to certify "trustworthy" security providers. With this step, the abilities and knowledge necessary for effective safety examinations of computer systems shall apparently be monopolised by handpicked government suppliers, while the independent computer safety research can be selectively criminalised as desired.
CCC speaker Mueller-Maguhn added: "the explanations of the Minister of the Interior for computer security are pure lip-service. A legal and organizational framework is being systematically created here in order to make citizens and enterprises defenseless against computer attacks, industrial espionage and also Federal trojans. Safety research can take place only in an unacceptable legal gray area."
*N.B. "Bundestrojaner", which I've translated as Federal Trojans, are the programs the police/gov't use to search through people's computers remotely (newly legalised, or given greater scope, I believe)
Antiquis temporibus, nati tibi similes in rupibus ventosissimis exponebantur ad necem.
http://www.bmj.bund.de/media/archive/1317.pdf
And the relevant words in english (my translation)
German penal code section 202c
Whosoever prepares a felony according to section 202a or section 202b by
Note: sections 202a and 202b are both about gaining access to data meant for somebody else.
Live by the pen, die by the pen.
Good riddance to 'em. They always make me leave my 'droids outside.
and of course Scottish*, (but legally Bavarian) I do hope you will continue to post material like this that demonstrates a complete lack of understanding of
eatingbraveheartwatchinga yingo typefulfilling.
A) The Germans.
B) The German political system
C) The German Psyche.
D) That anyone who was 20 in 1945 is 82 this year.
and
E) Todays Germans are a composite of changes in the population that occurred after WWII (ie they're different!)
Slight Technical Aside
The change to the law is pretty much the same as the Scottish Crime (readers who don't think Scotland is a country with a separate legal system should stop reading at this point.) of "going equipped to commit a theft or housebreaking" The article in German is just a scrape of The Register and other pages and the Babelfish rip is typical of the gobblydegook that is internet translatation.
Google always translates Ich weiss (I know) as I white, which is sub-Noam-Chomsky-stupid.
German is a language that lends itself not to dumb dictionary look up programs. The word compile for example never comes out as 'list' in a dictionary - apart from the larger Duden English/Deutsch. Usually it is 'collect together' and sorgen (to worry) becomes 'ensure' although in print dictionaries it is usually translated hilariously as 'solicitious' which when used in an essay on Digital Media is just too funny for words.
So keep up the good work because for me it means:
A) Going snowboarding for 18 Euros instead of going to the pub on Friday night for 60 Euros plus hangover because the alps are on my doorstep.
B) Wine for 1.49 a bottle (Euro/Dollar about the same, dude.)
C) More holidays than you can poke with a stick
D) Working half the hours I did back in Bonnie Scotland.
E) A country full of beautiful people, almost every single one of whom is liberal (see if Google can translate that.)
F) I get to be that British guy who explains why the USA is not the Great Satan and what 'Dude', 'Geek' or 'excellent' means.
Just as long as you keep scaring away all the English speaking part of the world.
Cheers!
*Kiltwearingpennypinching
haggisbashingporridge
worldcuplosingbagpipepl
harddrinking buckfastloving
snpvotingballotpaperspoilingstere
Posts, MyBio or Sig, may contain satire, sarcasm, bolded nouns be sardonic or even witty & be Church of SD
Has anybody pointed out yet this law is still just a draft and not through yet? Germany has not declared hacking tools illegal and according to the harsh and devastating critics of germany's IT industry on this law it probably never will. Bye.
that they outlawed Sony CDs there........
There are 2 possibilities.
1. The lawmakers mean well, but don't understand the technology or the implications of this law.
2. They are deliberately transferring power from the Judicial Branch to the Executive Branch in order to appear "tough" on crime. When it's impractical to enforce a law that is broken by many people, the Executive Branch doesn't enforce it, unless they need an excuse to bust someone they don't like, or to search someone they're suspicious of. This gap between what is commonly enforced and what CAN be enforced, I like to call "The Facade of Law" as opposed to "The Rule of Law".
As long as the masses believe they are safe and the system is just, they won't riot/revolt. "Justice" is just an illusion to provide political and economic stability to a group of social (and hence moral) animals. (In my opinion)