Oh Great
Only script kiddies use "hacking tools". Real "hackers" use diagnostics and other utilities.
Are they going to ban nmap, ethereal, vi and friends?
Updates to Germany's computer crime laws banning so-called "hacking tools" have been criticised as ill-considered and counterproductive. The revamp to the German criminal code is designed to tighten definitions, making denial of service attacks and attempts to sniff data on third-party wireless networks, for example, clearly …
This is an excellent example of the dual standards European governments have for themselves and their electors. It is, of course, fine for an EU government to require ISPs to retain all data on users so that police, parking enforcement companies and anyone else can go fishing on the flimsiest excuse (e.g. the UK De-Regulation of Investigatory Powers legislation). In the absence of security testing software it will also be easier for those agencies to break into secured files and communication to further invade privacy and treat their entire population as criminal until they can prove themselves innocent.
On the other hand you could take this as an example of what happens when legislators panic over a visible problem and try to regulate an area they have no understanding of. The results are inevitably unworkable and will have no impact on serious crime in any case. Any criminal organisation using these tools as part of their crime is rather unlikely to worry about being caught in posession. This law makes as much sense as the US green card asking if you are a terrorist...
One wonders just how many Euros some 'consultancy' charged the German government to 'advise' them on this regulation.
*Looks over desktop*
Wireshark
Look@Host
Look@Lan
Quake. (It's a network testing tool. Really.)
*looks over desk*
Knoppix CD, containing utilities for recovering deleted files.
Oh boy, am I glad I don't live in Germany. I would *so* get arrested and locked up. :D
I use many of the same tools in my security assessments. I always get an acknowledgement and agreement from the customer, signed by an officer, before I start out. But I use things like nessus, netstumbler, airsnort and others. All tools also used by hackers.
I guess security assessments are now verboten in Germany.
While the wording is far from elegant and there sure as hell is a danger of criminalising everything security related if you look at the paragraphs alone, if you look at the notes that belong to the new paragraphs, you may find some of them put some of the danger into perspective. Still, this is one of the worst laws passed in a long time, if only because outside advice was mostly ignored entirely.
http://www.bmj.bund.de/media/archive/1317.pdf
(in German)
I read the text. ( I do read german, yes.... )
you can argue about how clear & crisp it is.....
but it solely deals with persons who, without permission, try to gather information of someone else's computer system(s) or disrupt computer processing or networks (wired or wireless).
I can't think of any circumstance where you would be forced to obtain access to anyone's computers & network without permission.
cheers.
..possession is illegal, regardless of what you actually do with the tools. Interesting.
So is that logic going to be applied to all aspects of everyday living? Like if you drive home from the supermarket with a six pack in the boot you must be a drunk driver as you are in possession of both alcohol and a car? Are all lumberjacks to be arrested as axe murderers?
Guess that's the trouble with leaving law makers to make decisions when clearly they are unfit to do so. More worryingly, who advised them?
I really must remember to leave my external hard drive at home if i ever go to Germany...don't want them to find the 6Gb of 'hacking' tools that i have on there and have me locked up before they even bother asking what i do for a living???
PS, it is security....in case anyone needs that made clear ;o) and i've posted anonymously, so El Reg please don't tell them who i am !!
These are the sorts of laws that are enacted by the common person for the common person. These legislators can be looked to for relief from the numerous dread viruses that can kill cell phone users.
The important thing now is to give up. Apparently if you can think for yourself and are willing to attack problems you are part of the problem and criminal. If everyone is accounted for and everyone is a criminal than everyone is governable. It's as old and darkly comical as one damn thing after another and being damned if you do and damned if you don't. While I don't pretend to the knowledge of a computer security professional I've spent many years learning to use an array of software in an attempt to make my windows machines safe from being suborned by a bot net. Perhaps my reward will be jail time. When everyone is a criminal than jail is a badge of honour and being a criminal is the only social door open to freedom. I wonder if these assholes have a clue as to what their fashioning.
This reminds me of the offence in English law of "Going equipped for burglary". If you have all the gear, the police officer doesn't have to wait until you have broken into a building before he can nick you.
So it must be time to trot out the associated joke about an old lag who was up before the beak charged with "going equipped". He protested his innocence, The beak had heard it all before and found him guilty. So the old lag spoke up just before sentence and asked for some other offences to be taken into account. [Normally used by the guilty to get even more guilt "off their chest"]. Surprised by this sudden burst of apparent remorse the magistrate asked for more details. "Going equipped for rape" was the reply. "But nobody has even made any complaints ...". "No, sir. But I've got the equipment!"
Guess I won't be doing any more contract work in Germany. How in HELL is a sysadmin supposed to do their work without any of the tools the ignorant, technophobic illiterates running that country have declared illegal?
I thought the US was bad with its DMCA crap, but it looks like Germany is trying hard to keep scoring points in the "stupid laws" competition.
As mentioned in "So What" by someone (that read the document in German) a couple of posts up, the law relates only to those people that do not have a legit reason to have or use such tools. This is much the same (here in the Uk) as carpet fitters being allowed to carry sharp knives while at work. Of course, if they carry a sharp knife into a pub (where they aren't fitting a carpet) then they could be in trouble.
Ok, so the definition of what is legit ownership might arise. But spotty school kid in bedroom armed with every network sniffing tool under the sun would probably be seen differently to security professional with network sniffing tools on his/her work machine. Once the clear distinction has been made between these two, the grey areas can be shaded in as things move forward. That's the way with most law making.
I'd say congratulations Germany for at least attempting to get to grips with a problem that is not about to go away of it's own volition in a hurry.
Talk has been made of our erstwhile leaders passing legislation on matters of which they are extremely ignorant. If that were made illegal, I fear we would never have any legislation at all - oh, other than anything concerning inflating one's expenses and putting one's family on the payroll..