Slashdot Mirror

← Back to Stories (view on slashdot.org)

Strict German Computer Crime Law Now in Effect

Posted by Zonk on from the going-to-jail-for-doing-your-job dept.

SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."

3 of 226 comments (clear)

  1. The good news for hackers. . . . by Anonymous Coward · · Score: 3, Interesting

    germany is now going to be a REALLY easy place to hack.

  2. As the author of Nmap ... by fv · · Score: 5, Interesting
    As the author of Nmap, I'm more than a little concerned about this law. It could mean that I can never again visit Germany, which is a shame because I have many friends there. But I don't want to risk a year in prison or the Halvar treatment. Many of these articles state as a matter of fact that the creation or distribution of Nmap (mentioned by name in TFA) is illegal now. If true, what does that mean for all the Linux distributors who include Nmap and other security tools?

    Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.

    I hope groups like the CCC (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!

    -Fyodor
    Insecure.Org

    1. Re:As the author of Nmap ... by julesh · · Score: 3, Interesting
      A Google translation of the relevant section is:

      (1) Who prepares a criminal offence after 202a or 202b, by he
      1. Passwords or other safeguard codes, those the entrance to data ( 202a
      Exp. 2) make possible, or
      2. Computer programs, whose purpose is committing such an act,
      manufactures, or another provided, sold, another leaves themselves, common
      or makes otherwise accessible, becomes with imprisonment up to one year or also
      Fine punishes.


      I find the idea that this is any worse than the UK law that passed strange:

      3A
      Making, supplying or obtaining articles for use in offence under section 1 or 3
      (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
      (2) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
      (3) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
      (4) In this section "article" includes any program or data held in electronic form.
      (5) A person guilty of an offence under this section shall be liable--
            (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
            (b) on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
            (c) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.


      Section (2) is much more general than the German law, requiring only that you believe it likely that the article supplied will be used in such a crime, while the German law requires intent that it be used in such a crime. Plus, the UK law allows 2 years imprisonment, the German law only one.

      So, all in all, I'd say you're on much safer grounds visiting Germany than the UK over this one.