[ISN] Germany passes Anti-Hacking laws

From: InfoSec News (alerts@private)
Date: Mon May 28 2007 - 23:03:34 PDT


http://www.heise-security.co.uk/news/90255

26.05.2007

On Friday night the German Bundestag the lower chamber of Germany's 
federal parliament passed without amendment a controversial government 
bill designed to facilitate criminal prosecution of computer crimes. 
Only the Left Party voted against it. At a hearing in March security 
experts and representatives of IT companies raised many objections all 
of which have been turned down.

It becomes an offence to create, sell, distribute or even aquire so 
called Hacker Tools that are built to conduct criminal acts like 
aquiring illegal access to protected data. It is feared by many that 
this might keep administrators and security experts from doing their job 
i.e. from properly testing applications or networks to enhance security 
while on the other hand the blackhats don't really care that their 
choosen tool has been made illegal now. Interestingly a similar clause 
in the Police and Justice Act amendments to the UK Computer Misuse Act 
has recently been suspended pending amendment for this very reason.

Another new offence is the unauthorized access of secured data by means 
that require the disabling or circumventing of security measures. This 
echoes the circumvention clause of the US Digital Millennium Copyright 
Act, which is still highly controversial after almost a decade and has 
been used in ways not anticipated by its creators to stifle legitimate 
security reaearch.

Whereas until now computer sabotage involving attacks on enterprises, 
companies or public authorities was an offense, in a positive move this 
protection is now extended by the legislation to private data 
processing.

The "deliberate acquisition of data by tapping into a non-public 
transmission of data or by way of reading radiation leaked by a data 
processing system" also becomes an offence. This is an important and 
long over-due clause; however, legislation couched in this type of very 
specific technical terms has proved less than ideal in the past as it 
can rapidly become obsolete as technologies change.

It remains to be seen whether this new legislation, expected to become 
effective this summer, will serve its purpose to allow more effective 
prosecution of cybercrime or indeed will turn out to be a step backwards 
for computer security by keeping the good guys from doing their work. 
Indeed, in the light of past experience in the UK and elsewhere, and 
given the novelty and scope of these measures, it is not clear that they 
will even prove enforceable.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 28 2007 - 23:16:04 PDT