Strict German Computer Crime Law Now in Effect 226
SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."
So... (Score:4, Insightful)
Looks like I'm a criminal in Germany then. Wonder when they're gonna demand my extradition...
There is no effective law against curiousity (Score:5, Insightful)
Now a Damocles sword hangs over the head of the genuinely interested German hacker. And hacks will continue across the rest of the planet, because improvements are iterative lessons learned from mistakes.
Why not instead develop infrastructure that allows ISPs to eliminate machines controlled by bots? Or find a way to make a better international citizen out of PTT-behaving Deutche Telekom/T-Mobile? Or perhaps learn the lessons from the fear-engendering legislation that's now law.....
Re:Germany... (Score:4, Insightful)
Back to the topic, though; the internet should simply be declared a public place and laws pertaining to such public places shttp://www.dslreports.com/hould be applied, rather than creating a whole new set of laws for the internet. There are enough laws already; furthermore, laws everywhere are different; it just causes undue conflict.
Of course, sites which require the user to click a link indicating that they agree to a set of terms (door) or to login (lock) should be treated as private property and those laws should apply.
Here's the fun part: get every country with internet access to go along with this.
Hell, I'd be happy if they just did it in the US.
Re:Very smart move (Score:2, Insightful)
So, has anyone read the law? (Score:2, Insightful)
So, is there anyone reading this who 1) understands German and 2) has read the law?
Does it happen to say anything about "intent"? Cause most every law I've read in English that was reported similarly to this law has, and the reporting is just a blatant attempt to stir up hysteria.
Re:There is no effective law against curiousity (Score:5, Insightful)
I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."
What goes around, comes around. Perhaps the more this crap hits the geek community, the more you realize that "free speech" refers to "all speech" not just yours. The same with "free" anything. And the same whether it starts in Europe or here. The Socialists left Germany and Russia and eventually conquered America without firing a single shot. Thank John Dewey and the Prussian Socialist School System he pioneered for us "'murkens".
PS - there is NO "well intentioned" law that ever restricts any freedom, except that to take action and to garner the natural consequences of one's action. State enforced "consequences" (aka punishments) and "criminal" status that occurs via the stroke of a pen is never well intentioned. Only seems so to those who still believe in "random coincidences in politics".
Re:So, has anyone read the law? (Score:2, Insightful)
Re:There is no effective law against curiousity (Score:3, Insightful)
Obviously, this one was both ill-conceived and ill-executed.
It stops nothing but improvement.
Perhaps we can hire some ex-pat German coders! H1Bs ought to be easy now, right??
Mr. Putin, rebuild that wall. (Score:1, Insightful)
Reasonable use (Score:3, Insightful)
Likely, people with a good reason to posess hacker tools (eg. legitimate anti-virus folk) will be allowed controlled tools - much like how the people who design kevlar vests are allowed to have automatic weapons etc for legitimate test purposes.
Law not just evil but also dumb (Score:5, Insightful)
OK, so we ignore the potential for abuse. But that still leaves the question: how, exactly, is the law supposed to protect anyone?
- The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).
- People who were and are willing and able to use these tools to attack other machines have already risked punishment far greater than the punishment meted out for merely possessing the equipment.
- Think about this analogy: If you outlaw the possession of crowbars (because they are used by burglars), who will suffer more, the burglar or the construction worker who also happens to need a crowbar? Of course the construction worker -- the burglar operates in secret and the worker in open; and if caught, the punishment for burglary is significantly bigger to the point that someone willing to perform a burglary will not care for the (relatively small) additional punishment given for the possession of the crowbar. But for the construction worker, this law means losing his job.
- Some people would see an analogy between this law and advocation of gun control (less guns = supposedly less violence). But unlike gun control, where restricting guns (at least theoretically) makes it harder for criminals to obtain them, this law cannot possibly do anything to prevent the obtainment of these "hacking" tools, which can only be detected ex post facto.
So, if this law...
- Does nothing to reduce the availability of these tools
- Does nothing to reduce the potential destructive purpose of these tools
- Does not provide a serious deterrent to would-be abusers of these tools
- DOES, however, significantly limit the LAWFUL use of these tools by security professionals
Then why the heck is it needed? Heck, if I was a blackhat, I'd be very, very happy that security auditors got the shaft, meaning I have a much better chance of finding exploits which the good guys didn't get a legal chance to find and close first.
It seems that the quote "those who sacrifice liberty for security deserve nothing and lose both" never held truer, because not only liberty is sacrificed, but from any possible perspective hacking has became EASIER as a result of this law, not harder.
Re:There is no effective law against curiousity (Score:5, Insightful)
Defense by incompetance (Score:3, Insightful)
Re:Law not just evil but also dumb (Score:1, Insightful)
This is Germany. How is the law imprisoning those who express doubt in the holocaust supposed to protect anyone?
Re:More Generally, Fyodor (Score:5, Insightful)
I'm not going to use guns as a metaphor because of the whole "gun control" debate, and also because guns have the valid use of self-defense... So let's use something more aggressive, say, hand grenades.
There is no valid reason for a non-military person to be able to own a hand grenade. The grenade cannot be used for any peaceful purpose, nor for self defense, because of it's extremely high collateral damage. Even if there is a _potential_ valid use (I dunno, maybe throw it down a mole hole in your backyard to kill the pesky mole, LOL), the destructive potential vastly outweights any valid use, and therefore I accept as valid the restriction of owning a hand grenade by the average person.
The other option is to own, say, a knife or pickaxe. Yes, some people can (and do) use those as weapons for illegal purposes, but this does not stop the tool from having a valid, legal use (in fact, it's primary design is indeed a legal one). Therefore, outlawing pickaxes because some idiot happened to kill someone else with one, is not a valid move.
The German law is a prime example of the second option. As I explained in my other comment on this thread, the damage done to valid users is much bigger than any possible achieved restriction on criminals.
The road to hell *REALLY IS* paved with good inten (Score:1, Insightful)
The only thing more dangerous than crackers with security tools is a complacent society who thinks their laws will protect them from international threats which continuously transit their borders as the rain falls from the sky.
Any law that curtails the free flow of vulnerability data *locally* only serves to diminish the evolution of necessary countermeasures and knowledge which ultimately leave more people in Germany vulnerable to successful attack. (IE more people BURNING IN HELL)
No country can afford to pass laws which make their own people less prepared to deal with the real world. Especially one as insignifcant on the world stage as Nazi-less Germany.
This is obviously already having a chilling effect on several well known tool vendors.
Re:Reasonable use (Score:3, Insightful)
I'd add most or all system and network administrators. Suddenly, the group isn't very limited any longer. Anyone can be a system administrator if he owns at least one computer.
Re:Germany... (Score:4, Insightful)
No, you're eternally off-topic for responding to a troll post just to get a higher placement.
Re:More Generally, Fyodor (Score:3, Insightful)
Re:Oh wow... (Score:5, Insightful)
Re:So, has anyone read the law? (Score:3, Insightful)
unintended consequences (Score:2, Insightful)
Oops.
Is it against "hackers"? Or against self defense (Score:2, Insightful)
Wolfgang Schäuble (German's clinically paranoid home secretary) has been pushing hard to get the "Bundestrojaner" (federal trojan) approved and legal. Now, what is the worth of a trojan that can be detected?
I mean, it could be a coincidence that those things appear at the same time. I just don't believe in coincidence. Especially when you're dealing with unenforcable laws, since this one is not enforceable. Unless, of course, you have a good reason to believe that someone actually has those tools. Which, in turn, means that you have to have some kind of access to the machine(s) in question (or, rather, you should have some access but don't because something's blocking you).
Re:There is no effective law against curiousity (Score:3, Insightful)
Not really. At least not the way you like to understand it.
On a related side note -- not mentioned in the summary -- German legislation is currently pursuing efforts to get police and intelligence a new tool called "online searching", meaning just like they already can tap your phone or browse your bank account without you (or your phone company or bank) not even noticing they want to invade and raid your PC, scanning your HD and browsing your files.
Since this requires techniques commonly refered to as "spyware", "trojans", and "worms" they laid the foundation for outruling tools which are able to detect the governmental spyware.
*That* is the true reason behind this law. Not that they want keep the average joe from sniffing his neighbor's WLAN...
Re:More Generally, Fyodor (Score:1, Insightful)
The primary purpose of a slim jim was to break into cars, letting the theif hotwire the car, then drive it away without leaving telltale damage. In fact, they are popular enough that some cars include anti-slim jim lock covers inside the doors to prevent their use.
The secondary purpose of a slim jim, to help people get their locked keys from inside their cars without damaging them has come in handy to myself and others.
In your world, they would be outlawed, which would be a loss to us all. Especially since they can be easily replicated with a coat hanger, although a coat hanger may not be as easy to use and is more likely to damage the locking mechanism.
>There is no valid reason for a non-military person to be able to own a hand grenade.
Yes, there is. To defend yourself against a tyrannical government. You should count yourself lucky, for your government is benign. The majority of people live under a state of government that permits them few freedoms. The interesting fact is that many of those governments still own few weapons much more powerful than this, so an attack on the government by the people can be (and in many cases is) quite successful.
There is no greater damage done to humanity than that done by the restriction of freedom. Ever.
A hand grenade can kill a few people, at best. Restricting freedom imprisons everyone. Didn't many young men in your country lose their lives so you wouldn't have to live as a condemned man? Were they so wrong to do that? A few more lives to preserve that freedom so desperately fought for is the price of keeping us free.
Re:Germany... (Score:2, Insightful)
Further, you're not an IRC user, are you? Script-kiddies (with the same mentality of the people concealed-carry laws were created to protect us from) almost ALWAYS try to get their way by carrying their weapons where they can be seen. Immature, yes; but that doesn't make it any less common.
To paraphrase the analogy I originally made; a page requiring the user to agree to a set of terms before entry is liken to a door, a page requiring them to log in is liken to a lock. Anything behind a door is inherently safe from people who do not want to see it. Anything behind a locked door is inherently safe from those who are not allowed to see it. Anything else is happening in public view.
Yes, break-ins are possible. That's precisely why existing laws should apply; to protect those who secure their systems form those wishing to access them, rather than to protect those who go out in public looking for trouble. We have public areas, we have private areas, we have laws regarding those areas. Why make new laws when the existing ones apply just as well?
Why should someone who would be arrested for their actions, were they on the street, go free simply because it's the internet?
Simply put, if they are acting in a public area of the internet, they shouldn't.
Re:I'm German and have read the law. (Score:3, Insightful)
A lot of representative of the Bundestag have discussed that meaning of that article.
(http://www.abgeordnetenwatch.de/index.php?cmd=22
They all state that the PRIMARY INTENTION of the programmer / distributor / user has to be to hack someone.
( Danach sind nur Computerprogramme betroffen, die in erster Linie dafür ausgelegt oder hergestellt werden, um damit Straftaten nach 202a, 202b StGB zu begehen. )
A few have also said, that they possibly will have to act quickly and clarify that in the text if the wording is mis-interpreted in courts.