On Friday night the German Bundestag the lower chamber of Germany's
federal parliament passed without amendment a controversial government
bill designed to facilitate criminal prosecution of computer crimes.
Only the Left Party voted against it. At a hearing in March security
experts and representatives of IT companies raised many objections all
of which have been turned down.
It becomes an offence to create, sell, distribute or even aquire so
called Hacker Tools that are built to conduct criminal acts like
aquiring illegal access to protected data. It is feared by many that
this might keep administrators and security experts from doing their job
i.e. from properly testing applications or networks to enhance security
while on the other hand the blackhats don't really care that their
choosen tool has been made illegal now. Interestingly a similar clause
in the Police and Justice Act amendments to the UK Computer Misuse Act
has recently been suspended pending amendment for this very reason.
Another new offence is the unauthorized access of secured data by means
that require the disabling or circumventing of security measures. This
echoes the circumvention clause of the US Digital Millennium Copyright
Act, which is still highly controversial after almost a decade and has
been used in ways not anticipated by its creators to stifle legitimate
Whereas until now computer sabotage involving attacks on enterprises,
companies or public authorities was an offense, in a positive move this
protection is now extended by the legislation to private data
The "deliberate acquisition of data by tapping into a non-public
transmission of data or by way of reading radiation leaked by a data
processing system" also becomes an offence. This is an important and
long over-due clause; however, legislation couched in this type of very
specific technical terms has proved less than ideal in the past as it
can rapidly become obsolete as technologies change.
It remains to be seen whether this new legislation, expected to become
effective this summer, will serve its purpose to allow more effective
prosecution of cybercrime or indeed will turn out to be a step backwards
for computer security by keeping the good guys from doing their work.
Indeed, in the light of past experience in the UK and elsewhere, and
given the novelty and scope of these measures, it is not clear that they
will even prove enforceable.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com