summaryrefslogtreecommitdiff
path: root/updates/2008
diff options
context:
space:
mode:
Diffstat (limited to 'updates/2008')
-rw-r--r--updates/2008/stellungnahme202c.en.md86
1 files changed, 86 insertions, 0 deletions
diff --git a/updates/2008/stellungnahme202c.en.md b/updates/2008/stellungnahme202c.en.md
new file mode 100644
index 00000000..283724af
--- /dev/null
+++ b/updates/2008/stellungnahme202c.en.md
@@ -0,0 +1,86 @@
1title: Clause 202c of German penal code endangers German IT industry
2date: 2008-07-21 00:00:00
3updated: 2009-04-18 19:12:41
4author: frankro
5tags: update, pressemitteilung
6
7In a substantial report to the Bundesverfassungsgericht (BVerfG,
8German constitutional court) the Chaos Computer Club (CCC) has studied
9the impacts of the so-called "Hacker Paragraph", a change to the penal
10code. The CCC comes to the conclusion, that clause 202c is unsuitable
11and even runs contrary to the legislator's intended goal.
12
13<!-- TEASER_END -->
14
15The programming, making available, distributing or aquisition of
16so-called hacker-tools, necessary for the daily work of network
17administrators and security experts, is sanctioned by clause 202c StGB
18(German penal code). Due to a constitutional complaint against the new
19clause, the BVerfG is looking into the question, whether it is generally
20possible to distinguish so-called hacker-tools from allegedly harmless
21software. The CCC also studied, the likely consequences this new law
22will have and whether the use of potentially harmful software is
23necessary for the revision of the security of computer systems.
24
25In the opinion of the CCC, the new fundamental right to the
26confidentiality and integrity of IT-Systems implies that everybody must
27be able to test their computer systems for security issues. Therefore
28the possession, testing, public information sharing and further
29developing of so-called hacker-tools is mandatory.
30
31The risk of legal proceedings against those, who find or research
32security vulnerabilities has been intensified through the enactment of
33clause 202c. It has already been observed that the voluntary publication
34of detected security problems is clearly decreasing in Germany. The
35clause's criminalization of dealing with malware therefore leads to a
36worse situation for IT security in Germany. Security researchers and
37companies are unable to perform their services anymore without taking up
38the risk of criminal prosecution.
39
40The impact of clause 202c are described in detail by the report. Media
41in the field of IT security, for instance, has already begun to limit
42its coverage since the clause has come into effect. Professional and
43private security researchers are planning to emigrate from Germany and
44research and teaching also has strongly restricted itself. Many fears,
45already expressed by experts from the fields of computer science and
46practice during the hearings in the Bundestag, have already come true.
47
48"The fact, that the observable effects of the change to the penal code
49are occuring exactly as predicted by the experts, surprises no one. In
50the long term Germany will become a target for criminals and a gateway
51for industrial espionage, as the computer networks can't be effectively
52defended anymore", Frank Rieger, speaker of the CCC, comments. "The
53industry, as well as normal computer users, are denied the possibility
54of testing computers for security vulnerabilities."
55
56Overall the CCC study makes clear, that the legislator's goal of
57achieving an improvement of the IT security situation by limiting the
58access to malware and attack tools was missed. The criminalization of
59software producers and users will lower the standard of security in
60Germany. Simultaneously it causes disadvantages for German computer
61science research and industry.
62
63"The change of law brings no advantages but some severe risks. It likely
64violates the constitutional rights of many, as it restricts their
65freedom to carry out their professional duties as well as restricting
66the freedoms of researchers and press significantly. In order to not
67jeopardize the German IT industry, clause 202c must be abolished as soon
68as possible", Rieger claims.
69
70### Links
71
72- \[1\] [CCC's report on the occasion of the constitutional complaint
73 against clause 202c StGB: Current and future effects of the change
74 of penal law on computer security, (in
75 German)](/202c/202cStellungnahme.pdf)
76- \[2\] [Fundamental right to the confidentiality and integrity of it
77 systems, decision of Feb. 27th, 2008 (in
78 German)](http://www.bundesverfassungsgericht.de/entscheidungen/rs20080227_1bvr037007.html)
79- \[3\] [Prohibition of computer security tools opens the floodgates
80 for the federal trojan (German
81 statement)](/updates/2007/paragraph-202c)
82
83Media contact:
84
85- presse\@ccc.de (preferred)
86- 0700-CHAOSFON (0700 - 24267366)