Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Government Politics Your Rights Online

Strict German Computer Crime Law Now in Effect 226

SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."
This discussion has been archived. No new comments can be posted.

Strict German Computer Crime Law Now in Effect

Comments Filter:
  • by SamP2 ( 1097897 ) on Sunday August 12, 2007 @11:23PM (#20208317)
    Germany is making sure that when they start a new world war, there will be no legal tools to crack their enigmas!
    • Re: (Score:2, Insightful)

      Germany is making sure that when they start a new world war, there will be no legal tools to crack their enigmas!
      A new record for Godwin's Law... Three posts. As for TFA itself (or at least the summary), this is what happens when the computer illiterate think they should try to do something about them computer thingies. Chaos insues, and they end up making themselves look like fools.
      • Re:Very smart move (Score:4, Informative)

        by sumdumass ( 711423 ) on Monday August 13, 2007 @12:28AM (#20208693) Journal
        My understanding of Godwin's Law is that you have to compare someone or something to hitler or nazi's and so on. Mere mentioning them wouldn't invoke it. Otherwise, how could you have a discussion over which tank was better during ww2 or whatever.

        I'm not sure it was invoked here.
        • by fbjon ( 692006 ) on Monday August 13, 2007 @01:05AM (#20208837) Homepage Journal
          You're like some damn Godwin-law-Nazi.


          There you go.

        • Re: (Score:3, Informative)

          by Knuckles ( 8964 )
          Disregarding the fact that the "comparison" case really is a corollary to the law (the law it self just states that the probability of such a comparison occurring approaches 1 with thread length), you have to compare someone/something that is obviously not comparable. Not every comparison violates Godwin's law. In fact, the law's intent is precisely to not let such comparisons become devalued, so that they can still be usefully applied when warranted.
      • by cp.tar ( 871488 )

        A new record for Godwin's Law... Three posts.

        You haven't read the first post, have you?

    • Too bad they can't enforce it in their old enemy, Russia.
    • by Jessta ( 666101 )
      More like, Germany is making sure that when they start a new world war, all there computer systems are vurnerable to attack because their computer security industry was completely destoryed over night.

      These cracking tools are great ways to check for security issues with a network. I use nmap all the time for general networking to find out what service are running on a server that I can use.

      Damn it Charles!
  • So... (Score:4, Insightful)

    by jamstar7 ( 694492 ) on Sunday August 12, 2007 @11:25PM (#20208321)
    I read TFA, but I'm still not clear on something. By 'create' a tool, they do mean compilers like gcc & fpc, and of course the bash shell, right?

    Looks like I'm a criminal in Germany then. Wonder when they're gonna demand my extradition...

    • Oh wow... (Score:4, Funny)

      by Spy der Mann ( 805235 ) <spydermann.slash ... minus physicist> on Sunday August 12, 2007 @11:49PM (#20208485) Homepage Journal
      how will they manage to prevent EVIL hackers in germany from downloading their evil hacker tools from https://someip.org/hackertools/ [someip.org] ?

      They won't even notice the URL. It'll be encrypted under SSL.
      • Re:Oh wow... (Score:5, Informative)

        by epee1221 ( 873140 ) on Monday August 13, 2007 @12:50AM (#20208775)

        how will they manage to prevent EVIL hackers in germany from downloading their evil hacker tools from https://someip.org/hackertools/ [someip.org] ?
        Obviously, they'll just watch for the EVIL bit!
      • How about they don't have to, you just have to worry that your brother doesn't tell on you or you can delete everything before going through that nasty breakup.

        Outside of someone telling on you, I would imagine you telling on yourself or someone complaining that your IP did X which seems like hacker tools were used and they come checking.

        Damn that bush, oh wait, this is Germany, damn that busch. (is but supreme leader of germany too?)
      • Re:Oh wow... (Score:5, Insightful)

        by Opportunist ( 166417 ) on Monday August 13, 2007 @03:34AM (#20209555)
        Quite simple: They don't. It's just a handy law to have an excuse to get a warrant easily when you got nothing really tangible against someone.
    • If there is a reasonable alternative use then don't expect to get prosecuted. A maker of steel pipes won't get charged on firearms offences even though you could saw off a length of pipe, stuff it with explosives and nails and make a firearm.

      Likely, people with a good reason to posess hacker tools (eg. legitimate anti-virus folk) will be allowed controlled tools - much like how the people who design kevlar vests are allowed to have automatic weapons etc for legitimate test purposes.

      • Re: (Score:3, Insightful)

        by init100 ( 915886 )

        people with a good reason to posess hacker tools (eg. legitimate anti-virus folk)

        I'd add most or all system and network administrators. Suddenly, the group isn't very limited any longer. Anyone can be a system administrator if he owns at least one computer.

      • Say what? What do automatic weapons have to do with kevlar?The vest isn't going anywhere - take your time. Also, if you want an auto bang bang, all you need is to live in a free state and pony up about $15k. Oh, and not be a felon.
        • Oh, living in a free state ain't that easy. To do that, many people would have to believe in reincarnation and commit suicide.
        • by Phisbut ( 761268 )

          Also, if you want an auto bang bang, all you need is to live in a free state and pony up about $15k.

          And where is that free state you are talking about? Certainly not between Canada and Mexico...

      • Looking at my own firewall is an eminently good reason.
      • by moxley ( 895517 )
        The problem comes with who makes the determination of what "good reason" is, and how that determination is made...One simple case I can think of right now is that it could stop someone from being able to experience one of the many great things about the net - the ability to be able to teach yourself something incredibly technical by being able to download the tools and look through tons of tutorials, etc without having to enroll in some institution.

        You're suggesting thatthe law wont be abused, but if those
      • by usrusr ( 654450 )
        Sadly, it doesn't work like that: it's easy, even for politicians, to see a connection between designing bullet proof vests and testing prototypes with guns. The same i snot true with network security issues, politicians in charge of thse things have been known to not even understand the term "we browser", they probably just click on "their internets", or have an equally clueless staff person do it for them. "So there are these evilthings and they are a problem. I think we should ban all evilthings, then th
    • by julesh ( 229690 )
      By 'create' a tool, they do mean compilers like gcc & fpc, and of course the bash shell, right?

      I posted an automated translation of the law in response to Fyodor's thread, above. But the relevant fact is that the "purpose" of the tool must be hacking. So, you'd be pretty safe with these. Fyodor's on a little muddier ground, though.
      • by usrusr ( 654450 )
        > But the relevant fact is that the "purpose" of the tool must be hacking.

        Fine, then bury the old unix mentality "one tool for one problem", add a picture viewer to your botnet-installer-rootkit-worm. Or an IM client to your DRM breaker, if you are more concerned with the original than with this new german DMCA++ clone. It's never as easy as you would like it to be.
  • To reduce or eliminate computer crime, first step is to make illegal the tools to determine whether or not you are vulnerable, and tools that find unknown vulnerabilities.

    Makes you wonder if any of the vulnerability scanner companies will ever be able to do business in Germany again. I guess every company that has such a scanner has to now turn the devices over to the state?
  • by postbigbang ( 761081 ) on Sunday August 12, 2007 @11:25PM (#20208329)
    Well intentioned, this is the sort of reason why lawmakers need an education in how improvements are made in software and hardware. You can't stanch curiousity by outlawing it. The German software industry gave us improvements to Linux from SuSE, Project LiMux, and a raft of excellent tools for debugging, general hacking, and just plain good creative code.

    Now a Damocles sword hangs over the head of the genuinely interested German hacker. And hacks will continue across the rest of the planet, because improvements are iterative lessons learned from mistakes.

    Why not instead develop infrastructure that allows ISPs to eliminate machines controlled by bots? Or find a way to make a better international citizen out of PTT-behaving Deutche Telekom/T-Mobile? Or perhaps learn the lessons from the fear-engendering legislation that's now law.....
    • by Prof.Phreak ( 584152 ) on Sunday August 12, 2007 @11:53PM (#20208503) Homepage
      ...curiosity kills cats.
    • by DaedalusHKX ( 660194 ) on Sunday August 12, 2007 @11:53PM (#20208509) Journal
      Nah, its the same crap. Its just that when other "verboten" communities get hit (gun owners, free speech, etc) you get upset that they weren't hit harder.

      I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."

      What goes around, comes around. Perhaps the more this crap hits the geek community, the more you realize that "free speech" refers to "all speech" not just yours. The same with "free" anything. And the same whether it starts in Europe or here. The Socialists left Germany and Russia and eventually conquered America without firing a single shot. Thank John Dewey and the Prussian Socialist School System he pioneered for us "'murkens".

      PS - there is NO "well intentioned" law that ever restricts any freedom, except that to take action and to garner the natural consequences of one's action. State enforced "consequences" (aka punishments) and "criminal" status that occurs via the stroke of a pen is never well intentioned. Only seems so to those who still believe in "random coincidences in politics".
      • Re: (Score:3, Insightful)

        by postbigbang ( 761081 )
        I'll reply with a useless aphorism that says that the road to hell is paved with good intentions.

        Obviously, this one was both ill-conceived and ill-executed.

        It stops nothing but improvement.

        Perhaps we can hire some ex-pat German coders! H1Bs ought to be easy now, right??
      • by iamdrscience ( 541136 ) on Monday August 13, 2007 @12:19AM (#20208639) Homepage

        I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."
        Yes, but it is to be expected that most people won't understand that because after all, like Thomas Paine said: "Time makes more converts than reason".

        That's right, I countered your Thomas Paine quote with another Thomas Paine quote. I'm challenging you to a Thomas Paine quote-off! May the best Thomas Paine quoter win! I urgently await your reply.
        • Re: (Score:2, Interesting)

          by Anonymous Coward

          Yes, but it is to be expected that most people won't understand that because after all, like Thomas Paine said: "Time makes more converts than reason".

          Well, I guess we're really screwed then. To quote Thomas Paine, "The greatest remedy for anger is delay."

          By the time everyone else gets outraged about this, we'll all be cooled off.

    • Re: (Score:3, Insightful)

      by Angstroem ( 692547 )

      Well intentioned

      Not really. At least not the way you like to understand it.

      On a related side note -- not mentioned in the summary -- German legislation is currently pursuing efforts to get police and intelligence a new tool called "online searching", meaning just like they already can tap your phone or browse your bank account without you (or your phone company or bank) not even noticing they want to invade and raid your PC, scanning your HD and browsing your files.

      Since this requires techniques co

    • It's only a Sword of Damocles if you are unaware of it. This isn't threat designed to teach someone the value of life (as Damocles did to his party guest) but a definite public threat instituted by a government that is either misinformed or misguided.

      Not that Germany is doing any worse in that regard than the U.S. or England. None of them seem to have a clue when it comes to networks and the Internet, and genuinely seem to wish it would all just go away.
  • by Glowing Fish ( 155236 ) on Sunday August 12, 2007 @11:32PM (#20208383) Homepage
    First they came for the botnet scripts, and I said nothing, because I was not a script kiddie
    Then they came for the portscanners, but I said nothing, because I was not trying to hack boxes
    Then they came for the packet sniffers, but I said nothing because I thought my firewall was strong enough
    Then they came for SATAN, and I didn't speak up because I wasn't an admin
    And then, they came for my elite box, and I had to go back to using my mom's e-Machine, and I cried and cried
  • by dotslashdot ( 694478 ) on Sunday August 12, 2007 @11:33PM (#20208387)
    First they came for thread_id 0051, but I printed nothing to the console because that was not my thread.

    Then they came for process_id 0050, but I did not SIGTRP because I did not depend on that process.

    Then they came for process_id 0003, but I did not SIGALRM because my timer had not yet expired.

    When they came for me, there were no processes left from which to spawn.
  • Not being a German speaker I'm completely incapable of being informed on this issue. Not being in Germany, I could also care less.

    So, is there anyone reading this who 1) understands German and 2) has read the law?

    Does it happen to say anything about "intent"? Cause most every law I've read in English that was reported similarly to this law has, and the reporting is just a blatant attempt to stir up hysteria.

    • Re: (Score:3, Informative)

      by hweimer ( 709734 )
      I am German and I am potentially affected by the new law as I publish exploit code from time to time. I have written a blog entry [quantenblog.net] about it, including a translation of the relevant section and some thoughts about the consequences.
  • by fv ( 95460 ) <fyodor@insecure.org> on Monday August 13, 2007 @12:33AM (#20208707) Homepage
    As the author of Nmap [insecure.org], I'm more than a little concerned about this law. It could mean that I can never again visit Germany, which is a shame because I have many friends there. But I don't want to risk a year in prison or the Halvar treatment [slashdot.org]. Many of these articles state as a matter of fact that the creation or distribution of Nmap (mentioned by name in TFA) is illegal now. If true, what does that mean for all the Linux distributors who include Nmap and other security tools [sectools.org]?

    Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page [phenoelit.de] translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.

    I hope groups like the CCC [ccc.de] (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!

    -Fyodor
    Insecure.Org [insecure.org]

    • Why do politicians try to outlaw tools used to commit crimes? A tool can be used for evil or for good, and a person out to do evil can turn even the most innocuous object into a tool.
      • by SamP2 ( 1097897 ) on Monday August 13, 2007 @01:29AM (#20208957)
        There is arguably a valid reason to prohibit tools which PRIMARY PURPOSE is to commit crimes. You correctly stated that almost any tool CAN be used to commit a crime, but there is a difference between the two.

        I'm not going to use guns as a metaphor because of the whole "gun control" debate, and also because guns have the valid use of self-defense... So let's use something more aggressive, say, hand grenades.

        There is no valid reason for a non-military person to be able to own a hand grenade. The grenade cannot be used for any peaceful purpose, nor for self defense, because of it's extremely high collateral damage. Even if there is a _potential_ valid use (I dunno, maybe throw it down a mole hole in your backyard to kill the pesky mole, LOL), the destructive potential vastly outweights any valid use, and therefore I accept as valid the restriction of owning a hand grenade by the average person.

        The other option is to own, say, a knife or pickaxe. Yes, some people can (and do) use those as weapons for illegal purposes, but this does not stop the tool from having a valid, legal use (in fact, it's primary design is indeed a legal one). Therefore, outlawing pickaxes because some idiot happened to kill someone else with one, is not a valid move.

        The German law is a prime example of the second option. As I explained in my other comment on this thread, the damage done to valid users is much bigger than any possible achieved restriction on criminals.
        • Re: (Score:3, Insightful)

          by Hal9000_sn3 ( 707590 )
          If I am creating a shield against hand grenades, and it is not legal under any circumstances to have a hand grenade, then how shall I test my product?
        • by chthon ( 580889 )

          If you are trained, you can kill people with your hands, elbows and feet. Just make these also illegal.

        • There is no valid reason for a non-military person to be able to own a hand grenade. The grenade cannot be used for any peaceful purpose, nor for self defense, because of it's extremely high collateral damage.

          Of course it can be used for self-defense. In fact, if guns are common enough that thugs will shoot you in the back before looting you, the defense against that would be to carry a hand grenade with you, connected to a dead mans trigger. If your heart stops, the grenade explodes, possibly killing t

    • As the author of Nmap

      As a person who has used Nmap for many legitimate, totally legal debugging I'd like to say thanks for a really handy tool. When using Nmap I always think something like: 'this would be illegal in Germany, how f*cking stupid.'

      Being unable to use Nmap (and tools like it) means application developers and network administrators are unable to do their jobs without breaking the law. Admins should refuse to look into networking problems and software engineers should refuse to fix bugs, wor

    • Hmm, it is a good thing that Suse is not based in Germany anymore.
    • Re: (Score:3, Funny)

      by DrSkwid ( 118965 )
      You'll never convince anyone after what Trinity did.
      • What's scary is that this is actually insightful. I'm quite sure that the German creators of this law draw their knowledge from this or similar sources.
    • by julesh ( 229690 ) on Monday August 13, 2007 @02:49AM (#20209371)
      A Google translation of the relevant section is:

      (1) Who prepares a criminal offence after 202a or 202b, by he
      1. Passwords or other safeguard codes, those the entrance to data ( 202a
      Exp. 2) make possible, or
      2. Computer programs, whose purpose is committing such an act,
      manufactures, or another provided, sold, another leaves themselves, common
      or makes otherwise accessible, becomes with imprisonment up to one year or also
      Fine punishes.


      I find the idea that this is any worse than the UK law that passed strange:

      3A
      Making, supplying or obtaining articles for use in offence under section 1 or 3
      (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
      (2) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
      (3) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
      (4) In this section "article" includes any program or data held in electronic form.
      (5) A person guilty of an offence under this section shall be liable--
            (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
            (b) on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
            (c) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.


      Section (2) is much more general than the German law, requiring only that you believe it likely that the article supplied will be used in such a crime, while the German law requires intent that it be used in such a crime. Plus, the UK law allows 2 years imprisonment, the German law only one.

      So, all in all, I'd say you're on much safer grounds visiting Germany than the UK over this one.
    • by biglig2 ( 89374 )
      Hope this isn't going to be added to the crimes where the new European Arrest Warrant is available, otherwise you're never coming to the UK, or France, or Poland, etc. etc.
    • Good luck convincing anyone that your hacker tools are only meant to be used in a professional, responsible manner, when you don't act responsibly yourself.

      n 2002, Fyodor was the victim of an impersonation attack by a Slashdot user who was posing as a woman. Fyodor sent an email to the fake "woman" in an attempt to solicit further conversation and a possible meeting. When the hoax was revealed, the hoaxer insulted fyodor (I believe the word was "wanker").

      Fyodor responded by using information disclosure vuln
      • Does anyone really care?

        You're using one example to justify a ridiculous generalization about the use of Nmap. Just because your example included the author of the tool (if this story is even true or not) is irrelevant.

        I think you missed the point of the argument entirely. Nmap has real, legitimate use. In fact, I use it on a regular basis to scan my local area network to make sure no suspicious ports are open that may be trojan infections. So when does trying to keep my network clean of viruses an
  • by SamP2 ( 1097897 ) on Monday August 13, 2007 @12:41AM (#20208729)
    Let us pause for a moment from discussing the "government versus people" debate, and (just for the sake of the argument) assume that we are living in an utopia where the government passes laws to protect citizens, not oppress them.

    OK, so we ignore the potential for abuse. But that still leaves the question: how, exactly, is the law supposed to protect anyone?

    - The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).

    - People who were and are willing and able to use these tools to attack other machines have already risked punishment far greater than the punishment meted out for merely possessing the equipment.

    - Think about this analogy: If you outlaw the possession of crowbars (because they are used by burglars), who will suffer more, the burglar or the construction worker who also happens to need a crowbar? Of course the construction worker -- the burglar operates in secret and the worker in open; and if caught, the punishment for burglary is significantly bigger to the point that someone willing to perform a burglary will not care for the (relatively small) additional punishment given for the possession of the crowbar. But for the construction worker, this law means losing his job.

    - Some people would see an analogy between this law and advocation of gun control (less guns = supposedly less violence). But unlike gun control, where restricting guns (at least theoretically) makes it harder for criminals to obtain them, this law cannot possibly do anything to prevent the obtainment of these "hacking" tools, which can only be detected ex post facto.

    So, if this law...

    - Does nothing to reduce the availability of these tools
    - Does nothing to reduce the potential destructive purpose of these tools
    - Does not provide a serious deterrent to would-be abusers of these tools
    - DOES, however, significantly limit the LAWFUL use of these tools by security professionals

    Then why the heck is it needed? Heck, if I was a blackhat, I'd be very, very happy that security auditors got the shaft, meaning I have a much better chance of finding exploits which the good guys didn't get a legal chance to find and close first.

    It seems that the quote "those who sacrifice liberty for security deserve nothing and lose both" never held truer, because not only liberty is sacrificed, but from any possible perspective hacking has became EASIER as a result of this law, not harder.
    • Then why the heck is it needed?

      Because the law was passed by idiots who don't understand the technology?

      The disturbing thing is that quite probably stupid laws are being passed all the time in other areas where we aren't experts - farming, food, pharma, etc. And to think that my [UK] government is made up almost entirely of professional politicians who don't have any scientific education at all beyond the bare minimum that finishes at age 16. (And they're probably proud of this). Is this any way to

    • Re: (Score:2, Interesting)

      The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).

      I would say "you are right" by just looking at this law. Being a German citizen I can also see other attempts of the government that go into the direction of seeiking private PCs online and without letting the user know. Of course they say it

      • by usrusr ( 654450 )
        > Next elections will be very interesting.

        You're an optimist :(

        As always, people will happily vote for the party whose Incredible Taxation Change Miracle promises to create the biggest net win for everybody, out of some deliberate calculation error deeply hidden within the dungeons of an overclomplex taxation system (parts of the insurance system included).
    • by dkf ( 304284 )

      But unlike gun control, where restricting guns (at least theoretically) makes it harder for criminals to obtain them, [...]

      One minor point here. The real reason for having gun control is to restrict the access of crazies to things with which they can cause large scale damage with. In the UK at least, it was recognized when the start of the current control regime was brought in that it was unlikely to have much effect on criminal access to guns, but it has had the effect of preventing a repeat of the Dunblane massacre [wikipedia.org].

  • At least you can still attend Defcon and put yourself on their network for a free penetration test from all of the friendly attendees. No illegal haxor tools needed.
  • by strider44 ( 650833 ) on Monday August 13, 2007 @01:14AM (#20208881)
    Germany's taking the noted Ravenous Bugblatter Beast of Traal approach to security. By removing the things that lets you know if you're vulnerable or compromised, you're obviously secure! Screaming "la la la, I can't see you or hear you" is optional.
  • Ive seen security analysts demonstrating breaking into websites with a web browser, you dont need specific hacking tools in many cases because what is available will often do the job just fine.
  • by adnonsense ( 826530 ) on Monday August 13, 2007 @02:02AM (#20209125) Homepage Journal

    And I've just run an nmap scan of bundestag.de [bundestag.de] .

    I await the knock on my door with interest.

  • THC already hit (Score:4, Informative)

    by postmodern modulus I ( 994339 ) on Monday August 13, 2007 @03:07AM (#20209435) Homepage

    The THC (The Hackers Choice) group has already been forced to discontinue some of it's best projects due to this absurd law.

    The Hacker's Choice is forced to discontinue several of its projects, as these might be effected by a new German 'anti-hacking' law. As a consequence all exploits and many releases have been removed from our web site. We are sorry.
    http://www.thc.org/ [thc.org]

    Silenced are THC's Credit, Hydra, Scan and War-Drive. Hydra will be the most missed, as it was one of the best authentication bruteforcers. Not dwelling on this defeat to freedom of information and the security community, I suggest everyone in the security community begin resisting this trend towards silencing the messenger of insecurities.

    We should be working to create new tools and better means by which to distribute information and code, both securely and anonymously. The foolish politicians and companies who think they can dare enforce security by ignoring the problem and silencing individuals should be shown that this strategy does not work. This is yet another challenge to all the security researchers and programmers, will you allow others to dictate your creativity?

  • Selling old issues of computer magazines that came with CDs/DVDs might land you in prison if they contain, like, and old linux distro.


    Don't laugh. The same thing happened when they outlawed CD/DVD copying software. Sell a stack of old magazines, get slapped with a hefty lawsuit and probably put on trial.

  • by Anonymous Coward
    So while in theory, the German govt. thought they were outlawing computer hacking, they actually outlawed computer security.

    Oops.
  • Self defense against the government, that is.

    Wolfgang Schäuble (German's clinically paranoid home secretary) has been pushing hard to get the "Bundestrojaner" (federal trojan) approved and legal. Now, what is the worth of a trojan that can be detected?

    I mean, it could be a coincidence that those things appear at the same time. I just don't believe in coincidence. Especially when you're dealing with unenforcable laws, since this one is not enforceable. Unless, of course, you have a good reason to believ
  • the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to)

    Where does it say 'possess'? As far as I can see, all it says is that if you break in or make it possible for others to break in, then you are violating the law. Your interpretation goes far beyond that, and I think it is likely because you want to see it as a violation of some sort of 'freedom'. If one were to use the same sort of interpretation on, say, breaking into a ho
  • The big problem here is that most people and most politians in Germany (and probably elsewhere aswell) couldn't care less about this sort of law and its effects. I've explained to academics the effects of the German law for protection of copyright on the internet and they said that nobody would pass such a law. I couldn't get them to realize that the law allready has been passed. It's the same with this one. Politicians couldn't care less. If major software companies with lots of employees would start to mo
  • Why not consider enforcing laws already on the books? Learning how criminals ply their trade is the first step in learning security. Criminals make good cops -- proved. The vast majority of people that 'play hacker' do so to improve their own knowledge of security.

    BillSF
     
    • by Ihlosi ( 895663 )
      Why not consider enforcing laws already on the books?



      What an absurd idea. That wouldn't get anyone elected. Besides, law enforcment is expensive and would be a drain on the governments finances. Making a couple of laws is so much cheaper and demonstrates activity to the voters.

  • by vorlich ( 972710 ) on Monday August 13, 2007 @05:04AM (#20209969) Homepage Journal
    We have been through all of this Red Herring before and it won't make any difference. There is no point trying to understand how unimportant this discussion is if you don't understand today's Germany. Germany is the biggest exporting nation on Earth and it is the biggest player in the EU - which is the biggest market on Earth. Post war Germany actively chose the social democrat model for their economy and political system. It has the finest constitution in Europe (modelled on the US but containing substantially more pages!) the welfare state supports everyone and the growing economy provides the work that creates the wealth that pays for all this. It is normal for such a society to create a bunch of laws odd to English speakers - but then my own country doesn't even have a written constitution and our councils tax the individuals home. The present day German is focussed on career, personal improvement and health and very little else.

    It is an unusual characteristic of Germany that everyone suffers from angst (fair enough, they invented the word) but the angst is all about really unlikely events (acrylimide in barbeque food causing cancer for example) and yet they throw caution to the winds the moment they get in a car.

    This angst condition is so endemic I have christened it "Fright Club". Only a few weeks ago they were obsessed with "wifi smog" people were switching of their routers and phones to protect themselves from this new scourge. It didn't appear to stop them from watching television or listening to the radio, but there you go - science and magic confused or just interchangeable.

    Coupled with this angst is another curious condition called Gründlichkeit or thoroughness. Gründlichkeit is just so much part of the German character. Back in Scotland you could read the important parts of the Blue Book tax guide in the bookshop and easily identify any new legal tax avoidance strategies. You couldn't do that with the German Tax Books because there are about 127 of them (the last time I tried to count them). My accountant just photocopies pages out and sticks them in the tax return. You have to pay canal tax but there's no canal and you don't get one either.

    In Germany when you change your address, you have to inform the special municipal department -Wohnanmeldegungamt- (department of names and addresses)of the change and fill in three forms. A group of students could not understand how this did not exist in Britain or USA. "What's to stop you getting on a plane, flying to the UK, robbing a bank and then flying home?" was their completely serious question and my answer: "Even German bank robbers don't normally use their identity cards or leave a forwarding address during the robbery," leaves them completely unconvinced.

    Conversation with Wohnamt Official:
    Official:"What is your father's occupation?"
    "He's dead, what difference does it make?"
    Official:"I have a space in the form for it"
    "which job would you like?"
    Official:"His last one..."


    Official:"What religion are you?"
    (proudly) "Agnostic"
    Official:"You can have: Catholic, Protestant or atheist."
    "But I'm an agnostic"
    Official: Ticks 'atheist'

    As for thoroughness, Non-German partners are often very surprised when they clean the entire house from top to bottom only to have their partner point out that they forgot the single cup they drank their post cleaning coffee in which is standing on the immaculate sink - dirty. There is no mention of all the good work, because the concept of balancing good things against negative things (one good thing outweighs loads of bad things) is rather specific to English speakers. German anthropology uses the concept of a linear measure of perfection (or distance from it!) and the streets are so clean you could eat your dinner off them. Well, almost but this is the real reason behind this action, more national character than conspiracy.

    • Re: (Score:3, Informative)

      by Doctor O ( 549663 )

      In Germany when you change your address, you have to inform the special municipal department -Wohnanmeldegungamt- (department of names and addresses)of the change

      Well, it's Einwohnermeldeamt (resident registration office), and the fun part is that it's even worse. The complete process includes:

      1) Going to the Einwohnermeldeamt of the place you've been living before, spend several hours in waiting rooms full of seriously pissed off people and get a written "deregistration" confirmation.
      2) Going to the Einwohnermeldeamt of the new place, spend several hours in waiting rooms full of seriously pissed off people, show said confirmation, and also give them the copy of th

  • computer systems are not created in such a manner to have inherent safety and security.

    Its an industry problem the legal system is failing to properly motivate correct where it is actually needed.

    Treating the symptom is not going to cure the disease. But it will lead to other symptoms that will further be treated.

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...