[ad]
This has been floating around for a while and you might have noticed a warning on some German based security sites that they’ve had to move their tools due to this new legislation known as 202(c) – a couple of examples are KisMAC and Phenoelit.
Basically the new law prohibits manufacturing, programming, installing, or spreading software that has the primary goal of circumventing security measures is, which means that some security scanning & hacking tools might become illegal.
Security researchers in Germany continued to pull down exploit code from their sites last week, scrambling to comply with a German law that makes illegal the distribution of software that could be used to break into computers.
The German law — referred to as 202(c) — went into effect on Sunday. Many experts have complained that the language of the law is very unclear, but a strict reading appears to make illegal the distribution, sale and possession of security tools which could be used to commit a crime.
In the latest move, PHP security professional Stefan Esser removed on Friday all exploit code from his Web site dedicated to the Month of PHP Bugs. While reasonable prosecutors would not likely pursue security researchers, the risk is too great, Esser stated.
Source: Security Focus
It’s a pretty worrying state of affairs. It means under strict enformencent the majority of Linux distributions are now illegal in Germany as they tend to include nmap by default!
I also believe it could back-fire causing more problems that solutions.
Germany’s new antihacker law could open the door to more cybercrime and not less, security experts warn.
The legal uncertainty created by the new law will make the work of security experts in Germany more difficult, according to Müller-Maguhn.
“The law is counterproductive,” said Marcus Rapp, product specialist at the German subsidiary of Finnish security vendor F-Secure. “It will make the security situation worse, not better.”
Rapp is concerned about what he calls the law’s “broad interpretation” of hacking and the legal uncertainty it creates.
Interesting stuff…and I really doubt they are going to reverse it.
Let’s just hope no other countries follow suit with such retarded laws.
Source: Infoworld
There’s also a very interesting article on the whole matter by Dark Reading here:
Hacking Germany’s New Computer Crime Law
You can read what Computer Chaos Club says about it (CCC) here [German].
dre says
i talked with jerome athias about these laws, and he says that france has similar laws in place right now. it appears the whole EU will likely implement something like this
Sandeep Nain says
Well it seems like a good news for hackers in the other parts of the world.. as in europe there won’t be many security professionals left to test or secure the applications i.e. good chances of finding vulunerabilities in applications developed in europe
Sir Henry says
Does this not seem like anti-logic? This law simply puts a target on Germany as a playground for hackers. How can one combat a hacker without having the tools to understand said hacker?
Maiku says
i live in germany! its true… its been all over the news!
:( it really sucks but they wont reach anything with this! to many websites plus people will find ways to continue doing this…
police should leave us alone!
Pantagruel says
Let
goodpeople says
One of my (dutch) students is from German descent. Although he lives in The Netherlands, he has lots of relatives and friends in Germany. I urge him to leave his laptop at home when he visits his family across the border.
Nobody_Holme says
Thats a good point… they may not be legally able to arrest/prosecute on this law if you’re a foreign citizen, due to their own treaties…
Hmm.
Pantagruel says
@Nobody_Holme
Scream ‘terrorist’ and the majority of people will rather have one false positive behind lock and key instead of a false negative running about.
It’s worrying me that, even among better educated people, the idea of trading in some privacy for potentially more security is gaining ground.
Again educations seems to be key to demistifying the FUD that is being spread about to justify the reduction of privacy in general.
Nobody_Holme says
Well, to be honest, i have no problem in losing privacy for security, as long as its implemented well. Like i’d have no problem with security cameras on every single inch outside my house, but theres no way thats financially viable.
anywho. I meant Legally cant, not wont… just means they have to let you go, rather than prosecute.
Pantagruel says
@Nobody_Holme
It’s exactly this implementations that is bothering.
With many of these privacy and surveillance related the bureaucrats seem to go for the ‘security by obscurity’ approach. In the Netherlands there is talk about a big electronic ‘patient’ database, this to reduce possible mix-ups when handing out drugs or performing therapy. They do discuss what is needed for the system to work, but are reluctant to disclose the actual protective measurements. I an kinda worried that is is just as crappy as our ‘transport card’ system (recently a tech student cloned a day pass, it is rumored the German CCC has data on cloning a full blown card.
James C says
The problem here is Intelligence or lack there of.
Intelligent people are to smart to think being a Politician is a good career those, and we
Pantagruel says
@ James C
So damn true , it’s quite said if you think of it and realise your country is being run by someone who is a high school drop out (and is complaing he should earn more becase it’s a responsible job).