Strict German Computer Crime Law Now in Effect 226
SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."
The good news for hackers. . . . (Score:3, Interesting)
Re:There is no effective law against curiousity (Score:2, Interesting)
Well, I guess we're really screwed then. To quote Thomas Paine, "The greatest remedy for anger is delay."
By the time everyone else gets outraged about this, we'll all be cooled off.
As the author of Nmap ... (Score:5, Interesting)
Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page [phenoelit.de] translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.
I hope groups like the CCC [ccc.de] (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!
-Fyodor
Insecure.Org [insecure.org]
Every Browser is now Illegal (Score:2, Interesting)
i am afraid (Score:1, Interesting)
though my boss did not even know about this law (strange), it somehow makes me believe it could be good to try another profession.
Q: can one be prepared for the "kristallnacht", i ?
Re:As the author of Nmap ... (Score:4, Interesting)
I find the idea that this is any worse than the UK law that passed strange:
Section (2) is much more general than the German law, requiring only that you believe it likely that the article supplied will be used in such a crime, while the German law requires intent that it be used in such a crime. Plus, the UK law allows 2 years imprisonment, the German law only one.
So, all in all, I'd say you're on much safer grounds visiting Germany than the UK over this one.
Re:Law not just evil but also dumb (Score:2, Interesting)
The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).
I would say "you are right" by just looking at this law. Being a German citizen I can also see other attempts of the government that go into the direction of seeiking private PCs online and without letting the user know. Of course they say its against terrrorsts, but if we put away the fact that they will have some difficulties on the technical side it would give them the basics to see if you have those tools installed or not. And then the question is if you are a person that the government wants to get rid of or not. If you're harmless probably nothing will happen, if you're a danger for the government because you make the people think, then you have a good chance to be put behind bars for some silly reason.
Germany is actually close to the methods they were using 1933-1945 and 1945-1989 in Eastern Germany. The german constitution (aka "Grundgesetz") is changed frequently to allow new laws that would have made the people of 1949 who wrote the Rev. 1 think that George Orwell was an optimist.
The actual german government has lost the confidence of the people because they spend much more effort in installing the Big Brother than they spend efforts in solving the real problems of their country. Next elections will be very interesting.
I'm German and have read the law. (Score:2, Interesting)
202c
Vorbereiten des Ausspähens und Abfangens von Daten
-> Preparation to spy out or intercept data.
(1) Wer eine Straftat nach 202a oder 202b vorbereitet, indem er
-> Anyone preparing a criminal offense according to 202a or 202b by
1. Passwörter oder sonstige Sicherungscodes, die den Zugang zu Daten ( 202a Abs. 2) ermöglichen, oder
-> collecting passwords or similar security codes, which allow access to data ( 202a / 2), or
2. Computerprogramme, deren Zweck die Begehung einer solchen Tat ist, herstellt, sich oder einem anderen verschafft, verkauft, einem anderen überlässt, verbreitet oder sonst zugänglich macht, wird mit Freiheitsstrafe bis zu einem Jahr oder mit Geldstrafe bestraft.
-> produe, supply or sell Computer Software with aims at perpetrating such offenses, is punishable by one one year in prison or a fine.
Where 202a/b basically define the crime "getting at data you are not supposed to get at"
I think the real problem is the first sentence "Anyone preparing a criminal offense according to 202a or 202b by..." which creates a circular dependency. I really don't understand even from the German text if that means that 202c 1/2 only comes into effect if you really are preparing to actually hack someone specific (202a/b) of if it's the other way around.
I don't give that law a lot of time before it is changed. (At least I hope so)
Re:Germany... (Score:2, Interesting)
I think this whole fuss is somehwat overblown... my finacee is a german law student... pased her first state exams, about to go and do the "on the job learning" part. She's been translating the law for me (she wants to defend her country against all this fuss). Some points she made:
I understand that there's a lot of concern about how the laws will be applied, but this is hardly unique to Germany, tech crime is generally difficult for law enforcement agencies to deal with, we'll see what happens with that. My fiancee thinks that part of the problem is that most of us English speakers don't have a basic understanding of the German legal system
NB IANAL, my fiancee isn't(yet) and she's not your lawyer.