Slashdot Mirror

← Back to Stories (view on slashdot.org)

Strict German Computer Crime Law Now in Effect

Posted by Zonk on from the going-to-jail-for-doing-your-job dept.

SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."

7 of 226 comments (clear)

  1. Very smart move by SamP2 · · Score: 5, Funny

    Germany is making sure that when they start a new world war, there will be no legal tools to crack their enigmas!

    1. Re:Very smart move by fbjon · · Score: 5, Funny
      You're like some damn Godwin-law-Nazi.


      There you go.

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
  2. Insensitive, but... by Glowing+Fish · · Score: 5, Funny

    First they came for the botnet scripts, and I said nothing, because I was not a script kiddie
    Then they came for the portscanners, but I said nothing, because I was not trying to hack boxes
    Then they came for the packet sniffers, but I said nothing because I thought my firewall was strong enough
    Then they came for SATAN, and I didn't speak up because I wasn't an admin
    And then, they came for my elite box, and I had to go back to using my mom's e-Machine, and I cried and cried

    --
    Hopefully I didn't put any [] around my words.
  3. Time to SIGALRM before it's too late by dotslashdot · · Score: 5, Funny

    First they came for thread_id 0051, but I printed nothing to the console because that was not my thread.

    Then they came for process_id 0050, but I did not SIGTRP because I did not depend on that process.

    Then they came for process_id 0003, but I did not SIGALRM because my timer had not yet expired.

    When they came for me, there were no processes left from which to spawn.

  4. Re:There is no effective law against curiousity by iamdrscience · · Score: 5, Funny

    I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."
    Yes, but it is to be expected that most people won't understand that because after all, like Thomas Paine said: "Time makes more converts than reason".

    That's right, I countered your Thomas Paine quote with another Thomas Paine quote. I'm challenging you to a Thomas Paine quote-off! May the best Thomas Paine quoter win! I urgently await your reply.
  5. As the author of Nmap ... by fv · · Score: 5, Interesting
    As the author of Nmap, I'm more than a little concerned about this law. It could mean that I can never again visit Germany, which is a shame because I have many friends there. But I don't want to risk a year in prison or the Halvar treatment. Many of these articles state as a matter of fact that the creation or distribution of Nmap (mentioned by name in TFA) is illegal now. If true, what does that mean for all the Linux distributors who include Nmap and other security tools?

    Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.

    I hope groups like the CCC (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!

    -Fyodor
    Insecure.Org

  6. Law not just evil but also dumb by SamP2 · · Score: 5, Insightful

    Let us pause for a moment from discussing the "government versus people" debate, and (just for the sake of the argument) assume that we are living in an utopia where the government passes laws to protect citizens, not oppress them.

    OK, so we ignore the potential for abuse. But that still leaves the question: how, exactly, is the law supposed to protect anyone?

    - The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).

    - People who were and are willing and able to use these tools to attack other machines have already risked punishment far greater than the punishment meted out for merely possessing the equipment.

    - Think about this analogy: If you outlaw the possession of crowbars (because they are used by burglars), who will suffer more, the burglar or the construction worker who also happens to need a crowbar? Of course the construction worker -- the burglar operates in secret and the worker in open; and if caught, the punishment for burglary is significantly bigger to the point that someone willing to perform a burglary will not care for the (relatively small) additional punishment given for the possession of the crowbar. But for the construction worker, this law means losing his job.

    - Some people would see an analogy between this law and advocation of gun control (less guns = supposedly less violence). But unlike gun control, where restricting guns (at least theoretically) makes it harder for criminals to obtain them, this law cannot possibly do anything to prevent the obtainment of these "hacking" tools, which can only be detected ex post facto.

    So, if this law...

    - Does nothing to reduce the availability of these tools
    - Does nothing to reduce the potential destructive purpose of these tools
    - Does not provide a serious deterrent to would-be abusers of these tools
    - DOES, however, significantly limit the LAWFUL use of these tools by security professionals

    Then why the heck is it needed? Heck, if I was a blackhat, I'd be very, very happy that security auditors got the shaft, meaning I have a much better chance of finding exploits which the good guys didn't get a legal chance to find and close first.

    It seems that the quote "those who sacrifice liberty for security deserve nothing and lose both" never held truer, because not only liberty is sacrificed, but from any possible perspective hacking has became EASIER as a result of this law, not harder.