http://www.heise.de/english/newsticker/news/79230 10.10.2006 Despite the vociferous criticism directed at the new provision the Federal Ministry of Justice sees no need to modify or amend the planned "Hacker Software Paragraph" (PDF file). This position of the ministry Ralf Kleindiek, the head of the office of the Federal Minister of Justice Brigitte Zypries, confirmed in a talk with heise online. Paragraph 202c of the German Penal Code (StGB), which is to be newly created within the framework of the Criminal Law Amendment Act with an eye to combating cyber crime, is designed to render acts preparatory to the commission of a computer crime a criminal offense. Thus among other things creating, handing over to others, distributing or procuring "hacker tools" that by their very nature are designed "to serve illegal purposes" will in future constitute a criminal offense. Thus it says in the draft: Anyone who commits an act or acts preparatory to the commission of a criminal offense as defined in 202a or 202b by [...] 2. Creating, procuring for themselves or others, selling, distributing, handing over or in any other manner making available to others computer programs the purpose of which is the commission of such a criminal offense will be punished with a prison term of up to one year or with a fine. As the wording of the draft makes clear the sole criterion here is the objective risks inherent in the software -- and not as one might expect the purpose for which it is meant to be used. Thus it says verbatim: In particular the potentially widespread distribution of hacker tools made possible by the Internet, their easy availability, as well as their simple use, constitute a considerable danger, which can only be combated effectively by making the distribution as such of such inherently dangerous tools a crime. Thus it is suggested in Section 1 Subheading 2 that the committing of an act or acts preparatory to the commission of a criminal offense as defined in 202a or 202b StGB by creating, procuring, selling, distributing, handing over or in any other manner making available to others computer programs the purpose of which is the commission of such a criminal offense be penalized. The draft has been vehemently criticized by German industry associations such as the Association for Information Technology, Telecommunications and New Media (Bitkom) (PDF file) and eco (PDF file) as well as the Chaos Computer Club (CCC). The critics are unanimous in fearing that the draft could make the use of "hacker tools" for IT security purposes a criminal offense. Thus the eco association has expressed apprehension at what it calls a "criminalization frenzy" and has called for an amendment and clarification of the new provision. The Chaos Computer Club for its part has warned that implementing the draft could jeopardize the security of computer systems. These objections the Federal Ministry of Justice apparently cannot understand. In a statement the ministry points out that if a computer program "is acquired or made available to others for the purpose of carrying out a security check or checks or developing security software" no criminal liability arises. The decisive criterion, the ministry writes, is whether or not "the act in question is one that is undertaken in preparation of a computer crime (? 202a, 202b, 303a, 303b StGB)." If this interpretation of the draft bill were to stand then the criminalization threat that IT security measures face would to all intents and purposes disappear. Unlike the official reasons given for the draft bill, however, the statement of the ministry is by no means binding for the courts. With a view to, among other things, providing judges with an unambiguous interpretation and preventing them from overinterpreting the new provision critics of the same are consequently continuing to call for clarification of the wording of the law. Mr. Kleindiek also pointed out to heise online that the status of the new provision was as yet that of a government draft. The latter would now be passed on to the upper (Bundesrat) and lower (Bundestag) chamber of Germany's federal parliament and discussed there in the appropriate committees, he said. In consequence the wording of the provision might yet be changed, he observed. He did not, however, consider this to be a necessity, Mr. Kleindiek asserted. He added that he considered the provision as it stood to be unequivocal and unambiguous. (Joerg Heidrich) (Robert W. Smith) / (jk/c't) This article's URL: http://www.heise.de/english/newsticker/news/79230 This article links to: [1] http://www.heise.de/english/newsticker/news/78688 [2] http://www.bmj.bund.de/media/archive/1317.pdf [3] http://www.spiegel.de/netzwelt/politik/0,1518,438969,00.html [4] http://www.bitkom.de/files/documents/Stellungnahme_BITKOM_StrAendG_12_07_06.pdf [5] http://www.eco.de/servlet/PB/show/1856416/20060801-StrRndG-Stellungnahme-eco-web.pdf [6] http://www.ccc.de/press/releases/2006/20060925/?language=de [7] mailto: jk (at) ct.heise.de _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Oct 10 2006 - 22:43:51 PDT