×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Strict German Computer Crime Law Now in Effect

Zonk posted more than 6 years ago | from the going-to-jail-for-doing-your-job dept.

Security 226

SkiifGeek writes "With little fanfare, section 202c of the German computer crime laws came into effect over the weekend. Worryingly for Security professionals, the laws make the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) many useful tools illegal. A similar law was proposed for the UK, however it was modified prior to passing through parliament due to the outcry from the industry. Phenoelit, KisMAC, the CCC, and the Month of PHP Bugs are just some of the relatively high profile projects and groups to have already taken measures to remove or modify content under this law."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

226 comments

Germany... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20208293)

First (post) they try to exterminate the Jews (which I'm totally cool with) and now this!

Re:Germany... (-1)

Anonymous Coward | more than 6 years ago | (#20208345)

Oh come on... if you really think that way, you should read this article [tinyurl.com] on tolerance.
 

Re:Germany... (4, Insightful)

BronsCon (927697) | more than 6 years ago | (#20208357)

Classy way to claim first post.

Back to the topic, though; the internet should simply be declared a public place and laws pertaining to such public places shttp://www.dslreports.com/hould be applied, rather than creating a whole new set of laws for the internet. There are enough laws already; furthermore, laws everywhere are different; it just causes undue conflict.

Of course, sites which require the user to click a link indicating that they agree to a set of terms (door) or to login (lock) should be treated as private property and those laws should apply.

Here's the fun part: get every country with internet access to go along with this.

Hell, I'd be happy if they just did it in the US.

Re:Germany... (3, Insightful)

el americano (799629) | more than 6 years ago | (#20209397)

Back to the topic...

No, you're eternally off-topic for responding to a troll post just to get a higher placement.

Re:Germany... (0)

Anonymous Coward | more than 6 years ago | (#20209033)

Perhaps Slashdot should implement some kind of AC Russian roulette system, where there's a chance that your username/IP will be printed with any AC post.

in my humble opinion... (0)

Anonymous Coward | more than 6 years ago | (#20208309)

Our precious series of tubes is doomed

Very smart move (5, Funny)

SamP2 (1097897) | more than 6 years ago | (#20208317)

Germany is making sure that when they start a new world war, there will be no legal tools to crack their enigmas!

Re:Very smart move (2, Insightful)

LarkaanSoban (748920) | more than 6 years ago | (#20208361)

Germany is making sure that when they start a new world war, there will be no legal tools to crack their enigmas!
A new record for Godwin's Law... Three posts. As for TFA itself (or at least the summary), this is what happens when the computer illiterate think they should try to do something about them computer thingies. Chaos insues, and they end up making themselves look like fools.

Re:Very smart move (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20208457)

actually, I've seen it by third post several times in the last few days...not a record.

Re:Very smart move (3, Informative)

sumdumass (711423) | more than 6 years ago | (#20208693)

My understanding of Godwin's Law is that you have to compare someone or something to hitler or nazi's and so on. Mere mentioning them wouldn't invoke it. Otherwise, how could you have a discussion over which tank was better during ww2 or whatever.

I'm not sure it was invoked here.

Re:Very smart move (2, Informative)

Knuckles (8964) | more than 6 years ago | (#20208963)

Disregarding the fact that the "comparison" case really is a corollary to the law (the law it self just states that the probability of such a comparison occurring approaches 1 with thread length), you have to compare someone/something that is obviously not comparable. Not every comparison violates Godwin's law. In fact, the law's intent is precisely to not let such comparisons become devalued, so that they can still be usefully applied when warranted.

Re:Very smart move (1, Informative)

Anonymous Coward | more than 6 years ago | (#20208751)

Germany is making sure that when they start a new world war, there will be no legal tools to crack their enigmas!
A new record for Godwin's Law... Three posts.
Godwin's Law is: "As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one."

Since Germany is the topic, and no comparison to Nazis or Hitler was involved, then no invocation of said law occurred.
 

Re:Very smart move (1)

mano_k (588614) | more than 6 years ago | (#20208953)

Godwin's Law is: "As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one." Since Germany is the topic, and no comparison to Nazis or Hitler was involved, then no invocation of said law occurred.
No, this is not a case of Godwin's law. Germany managed to start one world war without the Nazis!

So... (3, Insightful)

jamstar7 (694492) | more than 6 years ago | (#20208321)

I read TFA, but I'm still not clear on something. By 'create' a tool, they do mean compilers like gcc & fpc, and of course the bash shell, right?

Looks like I'm a criminal in Germany then. Wonder when they're gonna demand my extradition...

Oh wow... (3, Funny)

Spy der Mann (805235) | more than 6 years ago | (#20208485)

how will they manage to prevent EVIL hackers in germany from downloading their evil hacker tools from https://someip.org/hackertools/ [someip.org] ?

They won't even notice the URL. It'll be encrypted under SSL.

Re:Oh wow... (1)

sumdumass (711423) | more than 6 years ago | (#20208805)

How about they don't have to, you just have to worry that your brother doesn't tell on you or you can delete everything before going through that nasty breakup.

Outside of someone telling on you, I would imagine you telling on yourself or someone complaining that your IP did X which seems like hacker tools were used and they come checking.

Damn that bush, oh wait, this is Germany, damn that busch. (is but supreme leader of germany too?)

Re:Oh wow... (1)

aldo.gs (985038) | more than 6 years ago | (#20209421)

I actually clicked that link, and it didn't show anything! I demand some evil hacker tools!

Re:Oh wow... (4, Insightful)

Opportunist (166417) | more than 6 years ago | (#20209555)

Quite simple: They don't. It's just a handy law to have an excuse to get a warrant easily when you got nothing really tangible against someone.

Reasonable use (2, Insightful)

EmbeddedJanitor (597831) | more than 6 years ago | (#20208653)

If there is a reasonable alternative use then don't expect to get prosecuted. A maker of steel pipes won't get charged on firearms offences even though you could saw off a length of pipe, stuff it with explosives and nails and make a firearm.

Likely, people with a good reason to posess hacker tools (eg. legitimate anti-virus folk) will be allowed controlled tools - much like how the people who design kevlar vests are allowed to have automatic weapons etc for legitimate test purposes.

Re:Reasonable use (2, Insightful)

init100 (915886) | more than 6 years ago | (#20209211)

people with a good reason to posess hacker tools (eg. legitimate anti-virus folk)

I'd add most or all system and network administrators. Suddenly, the group isn't very limited any longer. Anyone can be a system administrator if he owns at least one computer.

Re:Reasonable use (1)

Fulcrum of Evil (560260) | more than 6 years ago | (#20209233)

Say what? What do automatic weapons have to do with kevlar?The vest isn't going anywhere - take your time. Also, if you want an auto bang bang, all you need is to live in a free state and pony up about $15k. Oh, and not be a felon.

Re:Reasonable use (1)

Opportunist (166417) | more than 6 years ago | (#20209573)

Oh, living in a free state ain't that easy. To do that, many people would have to believe in reincarnation and commit suicide.

Re:So... (1)

julesh (229690) | more than 6 years ago | (#20209399)

By 'create' a tool, they do mean compilers like gcc & fpc, and of course the bash shell, right?

I posted an automated translation of the law in response to Fyodor's thread, above. But the relevant fact is that the "purpose" of the tool must be hacking. So, you'd be pretty safe with these. Fyodor's on a little muddier ground, though.

Makes perfect sense... NOT (1)

Zondar (32904) | more than 6 years ago | (#20208325)

To reduce or eliminate computer crime, first step is to make illegal the tools to determine whether or not you are vulnerable, and tools that find unknown vulnerabilities.

Makes you wonder if any of the vulnerability scanner companies will ever be able to do business in Germany again. I guess every company that has such a scanner has to now turn the devices over to the state?

The good news for hackers. . . . (3, Interesting)

Anonymous Coward | more than 6 years ago | (#20208449)

germany is now going to be a REALLY easy place to hack.

With the New Crime Law in the Hand ... (0)

Anonymous Coward | more than 6 years ago | (#20209121)

Germany will be the new targeted http://en.wikipedia.org/wiki/Honeypot_(computing) [wikipedia.org] for the following hackers:
americans, englandians and germanians outside (& friends as franceians, chinaians, ...).

Wait a moment!!!

The Honeypots (as hacking's tools) are prohibited in Germany!!!

Germany will be e-bankrupted without honeypots!!!

I'm HyperJacker the RIPper too!!!
You have several options to carry your hacking tools:
* go to Switzerland (1).
* go to Luxemburg (2).
* go to Belgium (3).
* go to Netherlands (4).
* go to Russia (5).
* go to China (6).
* go to North Korea (7). Dangerous? Why? It's not dangerous, jacker!
* go to Iran (8). There are bunkers for jackers.

I'm only a "bear" protesting the politicians's agreements's acts.

i am afraid (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20209141)

as a young german citizen currently working in tech support i must state that i am very very afraid.
though my boss did not even know about this law (strange), it somehow makes me believe it could be good to try another profession.

Q: can one be prepared for the "kristallnacht", i ?

There is no effective law against curiousity (4, Insightful)

postbigbang (761081) | more than 6 years ago | (#20208329)

Well intentioned, this is the sort of reason why lawmakers need an education in how improvements are made in software and hardware. You can't stanch curiousity by outlawing it. The German software industry gave us improvements to Linux from SuSE, Project LiMux, and a raft of excellent tools for debugging, general hacking, and just plain good creative code.

Now a Damocles sword hangs over the head of the genuinely interested German hacker. And hacks will continue across the rest of the planet, because improvements are iterative lessons learned from mistakes.

Why not instead develop infrastructure that allows ISPs to eliminate machines controlled by bots? Or find a way to make a better international citizen out of PTT-behaving Deutche Telekom/T-Mobile? Or perhaps learn the lessons from the fear-engendering legislation that's now law.....

Re:There is no effective law against curiousity (4, Funny)

Prof.Phreak (584152) | more than 6 years ago | (#20208503)

...curiosity kills cats.

Re:There is no effective law against curiousity (4, Insightful)

epee1221 (873140) | more than 6 years ago | (#20208823)

Bah. Curiosity was framed. Ignorance killed the cat.

Re:There is no effective law against curiousity (2, Funny)

gbobeck (926553) | more than 6 years ago | (#20208899)

Ignorance may have killed the cat, but for a brief moment OJ Simpson was a prime suspect.

Schrodinger's Cat (4, Funny)

NotQuiteReal (608241) | more than 6 years ago | (#20208967)

...curiosity kills cats.

But in this case you won't know for sure if the cat is dead until the German police kick in your door to look.

Re:There is no effective law against curiousity (4, Insightful)

DaedalusHKX (660194) | more than 6 years ago | (#20208509)

Nah, its the same crap. Its just that when other "verboten" communities get hit (gun owners, free speech, etc) you get upset that they weren't hit harder.

I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."

What goes around, comes around. Perhaps the more this crap hits the geek community, the more you realize that "free speech" refers to "all speech" not just yours. The same with "free" anything. And the same whether it starts in Europe or here. The Socialists left Germany and Russia and eventually conquered America without firing a single shot. Thank John Dewey and the Prussian Socialist School System he pioneered for us "'murkens".

PS - there is NO "well intentioned" law that ever restricts any freedom, except that to take action and to garner the natural consequences of one's action. State enforced "consequences" (aka punishments) and "criminal" status that occurs via the stroke of a pen is never well intentioned. Only seems so to those who still believe in "random coincidences in politics".

Re:There is no effective law against curiousity (2, Insightful)

postbigbang (761081) | more than 6 years ago | (#20208549)

I'll reply with a useless aphorism that says that the road to hell is paved with good intentions.

Obviously, this one was both ill-conceived and ill-executed.

It stops nothing but improvement.

Perhaps we can hire some ex-pat German coders! H1Bs ought to be easy now, right??

Re:There is no effective law against curiousity (5, Funny)

iamdrscience (541136) | more than 6 years ago | (#20208639)

I believe it was Thomas Paine circa AD 1776 or so, who wrote: "In order that liberty be preserved, we must not allow oppression even unto our enemies, for in doing so we set a precedent that reaches back into ourselves."
Yes, but it is to be expected that most people won't understand that because after all, like Thomas Paine said: "Time makes more converts than reason".

That's right, I countered your Thomas Paine quote with another Thomas Paine quote. I'm challenging you to a Thomas Paine quote-off! May the best Thomas Paine quoter win! I urgently await your reply.

Re:There is no effective law against curiousity (2, Interesting)

Anonymous Coward | more than 6 years ago | (#20208703)

Yes, but it is to be expected that most people won't understand that because after all, like Thomas Paine said: "Time makes more converts than reason".

Well, I guess we're really screwed then. To quote Thomas Paine, "The greatest remedy for anger is delay."

By the time everyone else gets outraged about this, we'll all be cooled off.

Re:There is no effective law against curiousity (0)

Anonymous Coward | more than 6 years ago | (#20208771)

"We have it in our power to begin the world over again."

- Thomas Paine

Re:There is no effective law against curiousity (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20208809)

'Wow, that was the biggest shit I ever curled-out.'

- Thomas Paine, just after he'd taken a really big dump.

202c NOT well intentioned ! PARENT WRONG (1)

erlehmann (1045500) | more than 6 years ago | (#20209239)

parent says that this is "well intentioned". i for one, do not believe that.

the criminalisation of certain computer programs is a puzzle piece.

more puzzle pieces:
- data retentionpräventiv
- proposed "online search and seizure"
- RFID + biometry in pass documents
- nullifying of bank secercy
etc. pp.

hackers are the one in the know how to defeat those systems.
to criminalize them is only the logical conclusion.

IMHO, there are only two options:
a) massive resistance (won't happen [insert stalin quote here])
b) going to sweden, netherlands ...

Insensitive, but... (5, Funny)

Glowing Fish (155236) | more than 6 years ago | (#20208383)

First they came for the botnet scripts, and I said nothing, because I was not a script kiddie
Then they came for the portscanners, but I said nothing, because I was not trying to hack boxes
Then they came for the packet sniffers, but I said nothing because I thought my firewall was strong enough
Then they came for SATAN, and I didn't speak up because I wasn't an admin
And then, they came for my elite box, and I had to go back to using my mom's e-Machine, and I cried and cried

Bla,bla,bla,.. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20208505)

And the biggest problem of Germany is the Sovereignty [wikipedia.org] of USofA that Germany agreed its deal.

For WWII's nazis only: we've don't accept that USofAmericans kill iraqians in the present as the germanians did kill jews in the past.

USofA!!! You've stolen our "german empire"!!! We will steal your "american empire"!!!

Time to SIGALRM before it's too late (5, Funny)

dotslashdot (694478) | more than 6 years ago | (#20208387)

First they came for thread_id 0051, but I printed nothing to the console because that was not my thread.

Then they came for process_id 0050, but I did not SIGTRP because I did not depend on that process.

Then they came for process_id 0003, but I did not SIGALRM because my timer had not yet expired.

When they came for me, there were no processes left from which to spawn.

So, has anyone read the law? (1, Insightful)

QuantumG (50515) | more than 6 years ago | (#20208389)

Not being a German speaker I'm completely incapable of being informed on this issue. Not being in Germany, I could also care less.

So, is there anyone reading this who 1) understands German and 2) has read the law?

Does it happen to say anything about "intent"? Cause most every law I've read in English that was reported similarly to this law has, and the reporting is just a blatant attempt to stir up hysteria.

Re:So, has anyone read the law? (0)

Anonymous Coward | more than 6 years ago | (#20208431)

Not being in Germany, I could also care less.

I feel like being a smartass tonight. So... the expression is "I couldn't care less"! [incompetech.com]

Re:So, has anyone read the law? (1, Insightful)

QuantumG (50515) | more than 6 years ago | (#20208527)

I care a little.. I could care less.

Re:So, has anyone read the law? (0)

Anonymous Coward | more than 6 years ago | (#20208533)

Very nice graphic! It's one of my pet peeves, too.

Re:So, has anyone read the law? (0)

Anonymous Coward | more than 6 years ago | (#20208725)

Yes; and I care.

Sadly "intent" doesn't mean shit in this case; the "tools" are evil per se. Working on/with nmap, john, ... is now illegal over here; _fuck_

Greets and good luck with freesynd.

Re:So, has anyone read the law? (0)

Anonymous Coward | more than 6 years ago | (#20208933)

Intent you say?

In what way would intent play any interesting role when merely having the tools at your disposal would be illegal? Also, what good does a law like this really do? It really doesn't seem too useful all by itself. I guess possession of such and such tools will be treated as incriminating fact in more serious cases rather than a crime in it's own right. But that is just one reason more it should never have been passed as a law.

Re:So, has anyone read the law? (0)

Anonymous Coward | more than 6 years ago | (#20209015)

Wow, QuantumG DOESN'T have an opinion on something--AMAZING!

source code t-shirts again? (1)

visualight (468005) | more than 6 years ago | (#20208411)

Like people did with DeCSS?

Re:source code t-shirts again? (2, Funny)

RuBLed (995686) | more than 6 years ago | (#20208501)

Well according to the law that is legal, but just make sure you don't engrave the source code in an axe...

Re:source code t-shirts again? (4, Funny)

jamstar7 (694492) | more than 6 years ago | (#20208589)

Well according to the law that is legal, but just make sure you don't engrave the source code in an axe...

Don't you mean 'double sided double density hacker tool'?

(thanxx to Jerry Pournelle for that one...)

Re:source code t-shirts again? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20209153)

This is one of the best things Germany has done since Nazism - Just another example of that same sheepish mentality...

not fair (1)

Ep0xi (1093943) | more than 6 years ago | (#20208523)

Germans apply first the e-punishment laws then they allow you to do social networking and e-commerce, i found it, not safe, and not fair at all.

Read the law before you panic (0)

Anonymous Coward | more than 6 years ago | (#20208541)

I first saw mention of this several weeks ago and it was a red herring then; I suspect it is still a red herring. The law does not punish possession of "hacking tools" unless they are used in the commission of a crime, much like many US laws that increase the penalty of a crime of violence if it is committed using a firearm.

Take a deep breath and read the actual law.

Re:Read the law before you panic (1)

jamstar7 (694492) | more than 6 years ago | (#20208603)

first saw mention of this several weeks ago and it was a red herring then; I suspect it is still a red herring. The law does not punish possession of "hacking tools" unless they are used in the commission of a crime, much like many US laws that increase the penalty of a crime of violence if it is committed using a firearm.

Except that possession of 'criminal tools' such as lock picks, bump keys, etc if one is not a licensed locksmith is a criminal offense. What can be described as a 'criminal tool'? Why, anything that can be used in the commission of a crime. Say, for instance, I got convicted of 'uttering', that is to say, writing checks with no bank account to draw on them (419 phishers, anyone?). Legally, for me to possess an ink pen after my parole would be a violation of said parole, if they cared to push it. After all, ink pens are used to sign checks...

Re:Read the law before you panic (2, Informative)

Planesdragon (210349) | more than 6 years ago | (#20208849)

What can be described as a 'criminal tool'? Why, anything that can be used in the commission of a crime.
Behold the "reasonable man standard."

A criminal tool is something that a DA can stand in front of twelve randomly chosen citizens with no particular knowledge, and convince them that, not only that it can be used as a criminal tool, but that the defendant should have known that and did it anyway.

Re:Read the law before you panic (0)

Anonymous Coward | more than 6 years ago | (#20209201)

If this post is really true, why is the Kismac site down?

Re:Read the law before you panic (2, Informative)

innocent_white_lamb (151825) | more than 6 years ago | (#20209267)

Except that possession of 'criminal tools' such as lock picks, bump keys, etc if one is not a licensed locksmith is a criminal offense.
 
That depends on where you are. I live in Canada. In a former life I was a Sheriff. And I had a nice set of lock picks, a very slick pick gun, and a couple of slide hammers. Most of which were stamped "law enforcement use only". I was never a locksmith, though....

Re:Read the law before you panic (1)

hauntingthunder (985246) | more than 6 years ago | (#20209403)

possession of 'criminal tools' such as lock picks, bump keys, etc if one is not a licensed locksmith
Interesting point hmm so i have a security+ cert and various cisco ones so does that meen i have a get out :-)

Re:Read the law before you panic (0)

Anonymous Coward | more than 6 years ago | (#20209255)

You are very wrong. The law punishes the creation/usage/distribution of tools that *COULD BE* USED TO PREPARE A CRIME.

Mr. Putin, rebuild that wall. (1, Insightful)

iminplaya (723125) | more than 6 years ago | (#20208569)

So we can send the send the corrupt, authoritarian Germans back to the other side.

Re:Mr. Putin, rebuild that wall. (0)

Anonymous Coward | more than 6 years ago | (#20208755)

It's a letter for our friend dear Putin.

Mr. Putin,

We want to give your our gift of 'World War II Enigma' because of the approved Crime Law in Germany.
We were defeated by englandians and americans, and we don't give them our gift.

I've becomed an anti-NATO & pro-sovietic civilian.

I want to live with my hacker tools & my friends in houses out of Germany, in its frontiers with Russia.
If need then in China. I like its 'Great Wall'.

Signed by anonymous h4x0r.

Compilers banned (0)

Anonymous Coward | more than 6 years ago | (#20208621)

Update: Compilers banned in germany because they could be used to create evil software! Litigation of this manner can never solve computer problems, short of banning computers.

As the author of Nmap ... (5, Interesting)

fv (95460) | more than 6 years ago | (#20208707)

As the author of Nmap [insecure.org] , I'm more than a little concerned about this law. It could mean that I can never again visit Germany, which is a shame because I have many friends there. But I don't want to risk a year in prison or the Halvar treatment [slashdot.org] . Many of these articles state as a matter of fact that the creation or distribution of Nmap (mentioned by name in TFA) is illegal now. If true, what does that mean for all the Linux distributors who include Nmap and other security tools [sectools.org] ?

Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page [phenoelit.de] translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.

I hope groups like the CCC [ccc.de] (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!

-Fyodor
Insecure.Org [insecure.org]

More Generally, Fyodor (1)

lheal (86013) | more than 6 years ago | (#20208761)

Why do politicians try to outlaw tools used to commit crimes? A tool can be used for evil or for good, and a person out to do evil can turn even the most innocuous object into a tool.

Re:More Generally, Fyodor (4, Insightful)

SamP2 (1097897) | more than 6 years ago | (#20208957)

There is arguably a valid reason to prohibit tools which PRIMARY PURPOSE is to commit crimes. You correctly stated that almost any tool CAN be used to commit a crime, but there is a difference between the two.

I'm not going to use guns as a metaphor because of the whole "gun control" debate, and also because guns have the valid use of self-defense... So let's use something more aggressive, say, hand grenades.

There is no valid reason for a non-military person to be able to own a hand grenade. The grenade cannot be used for any peaceful purpose, nor for self defense, because of it's extremely high collateral damage. Even if there is a _potential_ valid use (I dunno, maybe throw it down a mole hole in your backyard to kill the pesky mole, LOL), the destructive potential vastly outweights any valid use, and therefore I accept as valid the restriction of owning a hand grenade by the average person.

The other option is to own, say, a knife or pickaxe. Yes, some people can (and do) use those as weapons for illegal purposes, but this does not stop the tool from having a valid, legal use (in fact, it's primary design is indeed a legal one). Therefore, outlawing pickaxes because some idiot happened to kill someone else with one, is not a valid move.

The German law is a prime example of the second option. As I explained in my other comment on this thread, the damage done to valid users is much bigger than any possible achieved restriction on criminals.

Re:More Generally, Fyodor (3, Insightful)

Hal9000_sn3 (707590) | more than 6 years ago | (#20209455)

If I am creating a shield against hand grenades, and it is not legal under any circumstances to have a hand grenade, then how shall I test my product?

Re:As the author of Nmap ... (1)

jeevesbond (1066726) | more than 6 years ago | (#20208861)

As the author of Nmap

As a person who has used Nmap for many legitimate, totally legal debugging I'd like to say thanks for a really handy tool. When using Nmap I always think something like: 'this would be illegal in Germany, how f*cking stupid.'

Being unable to use Nmap (and tools like it) means application developers and network administrators are unable to do their jobs without breaking the law. Admins should refuse to look into networking problems and software engineers should refuse to fix bugs, working on the premise that they'd have to break the law to use debugging tools. That'll get it overturned pretty quickly.

Isn't Windows distributed with the 'net' program? I'm sure that's been used for cracking, doesn't that make practically everyone in Germany a criminal?!

Re:As the author of Nmap ... (1)

eggnoglatte (1047660) | more than 6 years ago | (#20208863)

I wouldn't worry about that. Unlike some other countries, Germany is fairly strict about jurisdiction. Unless you carry any "offending" tools with you on your visit to Germany, or host the tools on a web page that is specifically aimed at german readers (say, in german language or on a .de server), they are not going to go after you for developing these tools in other countries where it is legal.

It is still an idiotic law, of course.

Re:As the author of Nmap ... (3, Interesting)

julesh (229690) | more than 6 years ago | (#20209371)

A Google translation of the relevant section is:

(1) Who prepares a criminal offence after 202a or 202b, by he
1. Passwords or other safeguard codes, those the entrance to data ( 202a
Exp. 2) make possible, or
2. Computer programs, whose purpose is committing such an act,
manufactures, or another provided, sold, another leaves themselves, common
or makes otherwise accessible, becomes with imprisonment up to one year or also
Fine punishes.


I find the idea that this is any worse than the UK law that passed strange:

3A
Making, supplying or obtaining articles for use in offence under section 1 or 3
(1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
(2) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence under section 1 or 3.
(3) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
(4) In this section "article" includes any program or data held in electronic form.
(5) A person guilty of an offence under this section shall be liable--
      (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
      (b) on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
      (c) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.


Section (2) is much more general than the German law, requiring only that you believe it likely that the article supplied will be used in such a crime, while the German law requires intent that it be used in such a crime. Plus, the UK law allows 2 years imprisonment, the German law only one.

So, all in all, I'd say you're on much safer grounds visiting Germany than the UK over this one.

Re:As the author of Nmap ... (1)

biglig2 (89374) | more than 6 years ago | (#20209477)

Hope this isn't going to be added to the crimes where the new European Arrest Warrant is available, otherwise you're never coming to the UK, or France, or Poland, etc. etc.

Law not just evil but also dumb (5, Insightful)

SamP2 (1097897) | more than 6 years ago | (#20208729)

Let us pause for a moment from discussing the "government versus people" debate, and (just for the sake of the argument) assume that we are living in an utopia where the government passes laws to protect citizens, not oppress them.

OK, so we ignore the potential for abuse. But that still leaves the question: how, exactly, is the law supposed to protect anyone?

- The possession of this software is virtually undetectable unless some kind of crime has been committed using them (such as using it to actually attack someone else's machine). Well guess what, attacking someone else's machine has ALREADY been illegal (and justly so).

- People who were and are willing and able to use these tools to attack other machines have already risked punishment far greater than the punishment meted out for merely possessing the equipment.

- Think about this analogy: If you outlaw the possession of crowbars (because they are used by burglars), who will suffer more, the burglar or the construction worker who also happens to need a crowbar? Of course the construction worker -- the burglar operates in secret and the worker in open; and if caught, the punishment for burglary is significantly bigger to the point that someone willing to perform a burglary will not care for the (relatively small) additional punishment given for the possession of the crowbar. But for the construction worker, this law means losing his job.

- Some people would see an analogy between this law and advocation of gun control (less guns = supposedly less violence). But unlike gun control, where restricting guns (at least theoretically) makes it harder for criminals to obtain them, this law cannot possibly do anything to prevent the obtainment of these "hacking" tools, which can only be detected ex post facto.

So, if this law...

- Does nothing to reduce the availability of these tools
- Does nothing to reduce the potential destructive purpose of these tools
- Does not provide a serious deterrent to would-be abusers of these tools
- DOES, however, significantly limit the LAWFUL use of these tools by security professionals

Then why the heck is it needed? Heck, if I was a blackhat, I'd be very, very happy that security auditors got the shaft, meaning I have a much better chance of finding exploits which the good guys didn't get a legal chance to find and close first.

It seems that the quote "those who sacrifice liberty for security deserve nothing and lose both" never held truer, because not only liberty is sacrificed, but from any possible perspective hacking has became EASIER as a result of this law, not harder.

Re:Law not just evil but also dumb (1, Insightful)

E++99 (880734) | more than 6 years ago | (#20208935)

But that still leaves the question: how, exactly, is the law supposed to protect anyone?

This is Germany. How is the law imprisoning those who express doubt in the holocaust supposed to protect anyone?

Re:Law not just evil but also dumb (1)

Viceroy Potatohead (954845) | more than 6 years ago | (#20209027)

Think about this analogy: If you outlaw the possession of crowbars (because they are used by burglars), who will suffer more, the burglar or the construction worker who also happens to need a crowbar? Of course the construction worker -- the burglar operates in secret and the worker in open; and if caught, the punishment for burglary is significantly bigger to the point that someone willing to perform a burglary will not care for the (relatively small) additional punishment given for the possession of the crowbar. But for the construction worker, this law means losing his job.
I suppose one way out of it would be to make the punishment for possession of a crowbar as draconian as punishment for burglary, but nobody'd be so [!!!I see a terror suspect!!!] stupid as to do that.

they are not dumb (1)

erlehmann (1045500) | more than 6 years ago | (#20209271)

why the heck is it needed?
criminalizing hackers effectively eliminates the informed ones who care about germany becoming a police state. we are not there yet, but i don't think they will lose time. - a concerned german citizen

Defcon must be good for something (2, Funny)

ipooptoomuch (808091) | more than 6 years ago | (#20208785)

At least you can still attend Defcon and put yourself on their network for a free penetration test from all of the friendly attendees. No illegal haxor tools needed.

Re:Defcon must be good for something (0)

Anonymous Coward | more than 6 years ago | (#20209225)

Or go there wearing nothing except for buttless leather chaps and get free penetration testing all night long.
 

Defense by incompetance (2, Insightful)

strider44 (650833) | more than 6 years ago | (#20208881)

Germany's taking the noted Ravenous Bugblatter Beast of Traal approach to security. By removing the things that lets you know if you're vulnerable or compromised, you're obviously secure! Screaming "la la la, I can't see you or hear you" is optional.

Re:Defense by incompetance (0)

Anonymous Coward | more than 6 years ago | (#20209325)

Very well put, - cuts right through the waffle

Every Browser is now Illegal (2, Interesting)

EEPROMS (889169) | more than 6 years ago | (#20208891)

Ive seen security analysts demonstrating breaking into websites with a web browser, you dont need specific hacking tools in many cases because what is available will often do the job just fine.

The road to hell *REALLY IS* paved with good inten (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20209051)

tions...

The only thing more dangerous than crackers with security tools is a complacent society who thinks their laws will protect them from international threats which continuously transit their borders as the rain falls from the sky.

Any law that curtails the free flow of vulnerability data *locally* only serves to diminish the evolution of necessary countermeasures and knowledge which ultimately leave more people in Germany vulnerable to successful attack. (IE more people BURNING IN HELL)

No country can afford to pass laws which make their own people less prepared to deal with the real world. Especially one as insignifcant on the world stage as Nazi-less Germany.

This is obviously already having a chilling effect on several well known tool vendors.

Security through Fascism! (1, Funny)

Anonymous Coward | more than 6 years ago | (#20209065)

Looks like "Security through Fascism" is the new improved version of "Security through Obscurity".

Obscurity through Fascism! Total Unsecurity!!! (0)

Anonymous Coward | more than 6 years ago | (#20209575)

Do you want Obscurity?
Hide your nearly-complete LiveCD Back|Track2 http://www.remote-exploit.org/backtrack.html [remote-exploit.org] !!!

Sr. Police, my OEM PC is running Windows only. My hard disk is 100% pure Hasefroch Windows.

1-hour ago ...:

Running Back|Track2 ...

$ dig http://bundestag.de/ [bundestag.de] ;; ANSWER SECTION:
bundestag.de. 43200 IN A 217.79.215.140

$ whois 217.79.215.140 # i'm waiting long time ... i break it with Ctrl-C
Interrupted by signal 2...
Timeout.
$ # how stupid am i if they are spying me with their hacking tools because the protocol's 'whois' doesn't answer me!!!
The 'whois' protocol is mangled by the e-government!!!
$ traceroute 217.79.215.140
664 * * *
665 ge-1-2-22-ed1.ixsolutions.net (212.68.205.83)
666 ge-0-2-22-bg1.ixsolutions.net (217.68.155.35)
667 ge-2-2-22-ed2.ixsolutions.net (217.79.208.25)
668 * * *
$ ./vir_collect_execute --propagate --redcode 80 --weeks 3 no-deutsch-crime-law.worm
$ halt & exit

Do we play to 'Who is who?' game?
Govern wins - you loses.

My redcode worm is running for you, byebye 8)

Google a crime? (0)

Anonymous Coward | more than 6 years ago | (#20209107)

From the TFA (my emphasis):

[...] made the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) tools like John, Kismet, KisMAC, Nessus, nmap, and the ability to Google effectively a crime.


Made ability to Google a crime? -- I knew Germany is working on a search engine to compete with Google, but this is ridiculous.

THC already hit (4, Informative)

postmodern modulus I (994339) | more than 6 years ago | (#20209435)

The THC (The Hackers Choice) group has already been forced to discontinue some of it's best projects due to this absurd law.

The Hacker's Choice is forced to discontinue several of its projects, as these might be effected by a new German 'anti-hacking' law. As a consequence all exploits and many releases have been removed from our web site. We are sorry.
http://www.thc.org/ [thc.org]

Silenced are THC's Credit, Hydra, Scan and War-Drive. Hydra will be the most missed, as it was one of the best authentication bruteforcers. Not dwelling on this defeat to freedom of information and the security community, I suggest everyone in the security community begin resisting this trend towards silencing the messenger of insecurities.

We should be working to create new tools and better means by which to distribute information and code, both securely and anonymously. The foolish politicians and companies who think they can dare enforce security by ignoring the problem and silencing individuals should be shown that this strategy does not work. This is yet another challenge to all the security researchers and programmers, will you allow others to dictate your creativity?

Ebayers, beware. (1)

Ihlosi (895663) | more than 6 years ago | (#20209619)

Selling old issues of computer magazines that came with CDs/DVDs might land you in prison if they contain, like, and old linux distro.


Don't laugh. The same thing happened when they outlawed CD/DVD copying software. Sell a stack of old magazines, get slapped with a hefty lawsuit and probably put on trial.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...