Strict German Computer Crime Law Now in Effect

SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."

There is no effective law against curiousity

[postbigbang]

Well intentioned, this is the sort of reason why lawmakers need an education in how improvements are made in software and hardware. You can't stanch curiousity by outlawing it. The German software industry gave us improvements to Linux from SuSE, Project LiMux, and a raft of excellent tools for debugging, general hacking, and just plain good creative code.

Now a Damocles sword hangs over the head of the genuinely interested German hacker. And hacks will continue across the rest of the planet, because improvements are iterative lessons learned from mistakes.

Why not instead develop infrastructure that allows ISPs to eliminate machines controlled by bots? Or find a way to make a better international citizen out of PTT-behaving Deutche Telekom/T-Mobile? Or perhaps learn the lessons from the fear-engendering legislation that's now law.....

Re:There is no effective law against curiousity

[DaedalusHKX]

Nah, its the same crap. Its just that when other "verboten" communities get hit (gun owners, free speech, etc) you get upset that they weren't hit harder.

I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."

What goes around, comes around. Perhaps the more this crap hits the geek community, the more you realize that "free speech" refers to "all speech" not just yours. The same with "free" anything. And the same whether it starts in Europe or here. The Socialists left Germany and Russia and eventually conquered America without firing a single shot. Thank John Dewey and the Prussian Socialist School System he pioneered for us "'murkens".

PS - there is NO "well intentioned" law that ever restricts any freedom, except that to take action and to garner the natural consequences of one's action. State enforced "consequences" (aka punishments) and "criminal" status that occurs via the stroke of a pen is never well intentioned. Only seems so to those who still believe in "random coincidences in politics".

Re:There is no effective law against curiousity

[epee1221]

Bah. Curiosity was framed. Ignorance killed the cat.

Re:Germany...

[BronsCon]

Classy way to claim first post.

Back to the topic, though; the internet should simply be declared a public place and laws pertaining to such public places shttp://www.dslreports.com/hould be applied, rather than creating a whole new set of laws for the internet. There are enough laws already; furthermore, laws everywhere are different; it just causes undue conflict.

Of course, sites which require the user to click a link indicating that they agree to a set of terms (door) or to login (lock) should be treated as private property and those laws should apply.

Here's the fun part: get every country with internet access to go along with this.

Hell, I'd be happy if they just did it in the US.

Law not just evil but also dumb

[SamP2]

Let us pause for a moment from discussing the "government versus people" debate, and (just for the sake of the argument) assume that we are living in an utopia where the government passes laws to protect citizens, not oppress them.

OK, so we ignore the potential for abuse. But that still leaves the question: how, exactly, is the law supposed to protect anyone?

- The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).

- People who were and are willing and able to use these tools to attack other machines have already risked punishment far greater than the punishment meted out for merely possessing the equipment.

- Think about this analogy: If you outlaw the possession of crowbars (because they are used by burglars), who will suffer more, the burglar or the construction worker who also happens to need a crowbar? Of course the construction worker -- the burglar operates in secret and the worker in open; and if caught, the punishment for burglary is significantly bigger to the point that someone willing to perform a burglary will not care for the (relatively small) additional punishment given for the possession of the crowbar. But for the construction worker, this law means losing his job.

- Some people would see an analogy between this law and advocation of gun control (less guns = supposedly less violence). But unlike gun control, where restricting guns (at least theoretically) makes it harder for criminals to obtain them, this law cannot possibly do anything to prevent the obtainment of these "hacking" tools, which can only be detected ex post facto.

So, if this law...

- Does nothing to reduce the availability of these tools
- Does nothing to reduce the potential destructive purpose of these tools
- Does not provide a serious deterrent to would-be abusers of these tools
- DOES, however, significantly limit the LAWFUL use of these tools by security professionals

Then why the heck is it needed? Heck, if I was a blackhat, I'd be very, very happy that security auditors got the shaft, meaning I have a much better chance of finding exploits which the good guys didn't get a legal chance to find and close first.

It seems that the quote "those who sacrifice liberty for security deserve nothing and lose both" never held truer, because not only liberty is sacrificed, but from any possible perspective hacking has became EASIER as a result of this law, not harder.

Re:More Generally, Fyodor

[SamP2]

There is arguably a valid reason to prohibit tools which PRIMARY PURPOSE is to commit crimes. You correctly stated that almost any tool CAN be used to commit a crime, but there is a difference between the two.

I'm not going to use guns as a metaphor because of the whole "gun control" debate, and also because guns have the valid use of self-defense... So let's use something more aggressive, say, hand grenades.

There is no valid reason for a non-military person to be able to own a hand grenade. The grenade cannot be used for any peaceful purpose, nor for self defense, because of it's extremely high collateral damage. Even if there is a _potential_ valid use (I dunno, maybe throw it down a mole hole in your backyard to kill the pesky mole, LOL), the destructive potential vastly outweights any valid use, and therefore I accept as valid the restriction of owning a hand grenade by the average person.

The other option is to own, say, a knife or pickaxe. Yes, some people can (and do) use those as weapons for illegal purposes, but this does not stop the tool from having a valid, legal use (in fact, it's primary design is indeed a legal one). Therefore, outlawing pickaxes because some idiot happened to kill someone else with one, is not a valid move.

The German law is a prime example of the second option. As I explained in my other comment on this thread, the damage done to valid users is much bigger than any possible achieved restriction on criminals.

Re:Oh wow...

[Opportunist]

Quite simple: They don't. It's just a handy law to have an excuse to get a warrant easily when you got nothing really tangible against someone.