AOH :: ISN-3121.HTM

Federal Ministry of Justice sees no need to change "hacker




Federal Ministry of Justice sees no need to change "hacker
Federal Ministry of Justice sees no need to change "hacker



http://www.heise.de/english/newsticker/news/79230 

10.10.2006

Despite the vociferous criticism directed at the new provision the 
Federal Ministry of Justice sees no need to modify or amend the planned 
"Hacker Software Paragraph" (PDF file). This position of the ministry 
Ralf Kleindiek, the head of the office of the Federal Minister of 
Justice Brigitte Zypries, confirmed in a talk with heise online.

Paragraph 202c of the German Penal Code (StGB), which is to be newly 
created within the framework of the Criminal Law Amendment Act with an 
eye to combating cyber crime, is designed to render acts preparatory to 
the commission of a computer crime a criminal offense. Thus among other 
things creating, handing over to others, distributing or procuring 
"hacker tools" that by their very nature are designed "to serve illegal 
purposes" will in future constitute a criminal offense. Thus it says in 
the draft:

Anyone who commits an act or acts preparatory to the commission of a 
criminal offense as defined in 202a or 202b by

[...]

2. Creating, procuring for themselves or others, selling, distributing, 
   handing over or in any other manner making available to others 
   computer programs the purpose of which is the commission of such a 
   criminal offense will be punished with a prison term of up to one 
   year or with a fine.

As the wording of the draft makes clear the sole criterion here is the 
objective risks inherent in the software -- and not as one might expect 
the purpose for which it is meant to be used. Thus it says verbatim:

In particular the potentially widespread distribution of hacker tools 
made possible by the Internet, their easy availability, as well as their 
simple use, constitute a considerable danger, which can only be combated 
effectively by making the distribution as such of such inherently 
dangerous tools a crime.

Thus it is suggested in Section 1 Subheading 2 that the committing of an 
act or acts preparatory to the commission of a criminal offense as 
defined in 202a or 202b StGB by creating, procuring, selling, 
distributing, handing over or in any other manner making available to 
others computer programs the purpose of which is the commission of such 
a criminal offense be penalized.

The draft has been vehemently criticized by German industry associations 
such as the Association for Information Technology, Telecommunications 
and New Media (Bitkom) (PDF file) and eco (PDF file) as well as the 
Chaos Computer Club (CCC).

The critics are unanimous in fearing that the draft could make the use 
of "hacker tools" for IT security purposes a criminal offense. Thus the 
eco association has expressed apprehension at what it calls a 
"criminalization frenzy" and has called for an amendment and 
clarification of the new provision. The Chaos Computer Club for its part 
has warned that implementing the draft could jeopardize the security of 
computer systems.

These objections the Federal Ministry of Justice apparently cannot 
understand. In a statement the ministry points out that if a computer 
program "is acquired or made available to others for the purpose of 
carrying out a security check or checks or developing security software" 
no criminal liability arises. The decisive criterion, the ministry 
writes, is whether or not "the act in question is one that is undertaken 
in preparation of a computer crime (? 202a, 202b, 303a, 303b StGB)."

If this interpretation of the draft bill were to stand then the 
criminalization threat that IT security measures face would to all 
intents and purposes disappear. Unlike the official reasons given for 
the draft bill, however, the statement of the ministry is by no means 
binding for the courts. With a view to, among other things, providing 
judges with an unambiguous interpretation and preventing them from 
overinterpreting the new provision critics of the same are consequently 
continuing to call for clarification of the wording of the law.

Mr. Kleindiek also pointed out to heise online that the status of the 
new provision was as yet that of a government draft. The latter would 
now be passed on to the upper (Bundesrat) and lower (Bundestag) chamber 
of Germany's federal parliament and discussed there in the appropriate 
committees, he said. In consequence the wording of the provision might 
yet be changed, he observed. He did not, however, consider this to be a 
necessity, Mr. Kleindiek asserted. He added that he considered the 
provision as it stood to be unequivocal and unambiguous. 
(Joerg Heidrich) (Robert W. Smith) / (jk/c't)

This article's URL:  
http://www.heise.de/english/newsticker/news/79230 

This article links to:
[1] http://www.heise.de/english/newsticker/news/78688 
[2] http://www.bmj.bund.de/media/archive/1317.pdf 
[3] http://www.spiegel.de/netzwelt/politik/0,1518,438969,00.html 
[4] http://www.bitkom.de/files/documents/Stellungnahme_BITKOM_StrAendG_12_07_06.pdf 
[5] http://www.eco.de/servlet/PB/show/1856416/20060801-StrRndG-Stellungnahme-eco-web.pdf 
[6] http://www.ccc.de/press/releases/2006/20060925/?language=de 
[7] mailto: jk (at) ct.heise.de


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods