[ISN] Proposed German law a 'win-win' for black hats?

From: InfoSec News (alerts@private)
Date: Thu Sep 21 2006 - 22:16:06 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9003516

By John Blau
September 21, 2006
IDG News Service

New legislation proposed by the German government aims to make computer 
hacking a punishable crime.

The draft law, announced Wednesday, defines hacking as penetrating a 
computer security system and gaining access to secure data, without 
necessarily stealing data.

As part of the draft, groups that intentionally create, spread or 
purchase hacker tools designed for illegal purposes could be punished by 
law, the Federal Ministry of Justice said in a statement.

Other punishable cybercrimes include denial-of-service attacks and 
computer sabotage attack on individuals, which would extend the existing 
law that limited sabotage to businesses and public authorities. 
Offenders could face up to 10 years in prison for major offenses.

Although Germany already has a comprehensive penal law against attacks 
on IT systems, the proposed revision aims to close any remaining 
loopholes, the ministry said.

Some security experts warn, however, that "good" hackers, also known as 
"white hats" who work for security companies, could be restricted in 
their ability to help software makers and businesses as a result of the 
proposed law.

If hackers can't share their tools with the public, "white hats will not 
be able to get them and use them internally for testing or external 
security consultants won't be able to do security testing," a hacker, 
known by the pseudonym van Hauser, wrote in an e-mail. "It's a win-lose 
law in favor for the bad guys."

Van Hauser is president of The Hacker's Choice, a noncommercial group of 
security experts.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Thu Sep 21 2006 - 22:32:57 PDT