diff options
Diffstat (limited to 'updates')
-rw-r--r-- | updates/2008/stellungnahme202c.en.md | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/updates/2008/stellungnahme202c.en.md b/updates/2008/stellungnahme202c.en.md new file mode 100644 index 00000000..283724af --- /dev/null +++ b/updates/2008/stellungnahme202c.en.md | |||
@@ -0,0 +1,86 @@ | |||
1 | title: Clause 202c of German penal code endangers German IT industry | ||
2 | date: 2008-07-21 00:00:00 | ||
3 | updated: 2009-04-18 19:12:41 | ||
4 | author: frankro | ||
5 | tags: update, pressemitteilung | ||
6 | |||
7 | In a substantial report to the Bundesverfassungsgericht (BVerfG, | ||
8 | German constitutional court) the Chaos Computer Club (CCC) has studied | ||
9 | the impacts of the so-called "Hacker Paragraph", a change to the penal | ||
10 | code. The CCC comes to the conclusion, that clause 202c is unsuitable | ||
11 | and even runs contrary to the legislator's intended goal. | ||
12 | |||
13 | <!-- TEASER_END --> | ||
14 | |||
15 | The programming, making available, distributing or aquisition of | ||
16 | so-called hacker-tools, necessary for the daily work of network | ||
17 | administrators and security experts, is sanctioned by clause 202c StGB | ||
18 | (German penal code). Due to a constitutional complaint against the new | ||
19 | clause, the BVerfG is looking into the question, whether it is generally | ||
20 | possible to distinguish so-called hacker-tools from allegedly harmless | ||
21 | software. The CCC also studied, the likely consequences this new law | ||
22 | will have and whether the use of potentially harmful software is | ||
23 | necessary for the revision of the security of computer systems. | ||
24 | |||
25 | In the opinion of the CCC, the new fundamental right to the | ||
26 | confidentiality and integrity of IT-Systems implies that everybody must | ||
27 | be able to test their computer systems for security issues. Therefore | ||
28 | the possession, testing, public information sharing and further | ||
29 | developing of so-called hacker-tools is mandatory. | ||
30 | |||
31 | The risk of legal proceedings against those, who find or research | ||
32 | security vulnerabilities has been intensified through the enactment of | ||
33 | clause 202c. It has already been observed that the voluntary publication | ||
34 | of detected security problems is clearly decreasing in Germany. The | ||
35 | clause's criminalization of dealing with malware therefore leads to a | ||
36 | worse situation for IT security in Germany. Security researchers and | ||
37 | companies are unable to perform their services anymore without taking up | ||
38 | the risk of criminal prosecution. | ||
39 | |||
40 | The impact of clause 202c are described in detail by the report. Media | ||
41 | in the field of IT security, for instance, has already begun to limit | ||
42 | its coverage since the clause has come into effect. Professional and | ||
43 | private security researchers are planning to emigrate from Germany and | ||
44 | research and teaching also has strongly restricted itself. Many fears, | ||
45 | already expressed by experts from the fields of computer science and | ||
46 | practice during the hearings in the Bundestag, have already come true. | ||
47 | |||
48 | "The fact, that the observable effects of the change to the penal code | ||
49 | are occuring exactly as predicted by the experts, surprises no one. In | ||
50 | the long term Germany will become a target for criminals and a gateway | ||
51 | for industrial espionage, as the computer networks can't be effectively | ||
52 | defended anymore", Frank Rieger, speaker of the CCC, comments. "The | ||
53 | industry, as well as normal computer users, are denied the possibility | ||
54 | of testing computers for security vulnerabilities." | ||
55 | |||
56 | Overall the CCC study makes clear, that the legislator's goal of | ||
57 | achieving an improvement of the IT security situation by limiting the | ||
58 | access to malware and attack tools was missed. The criminalization of | ||
59 | software producers and users will lower the standard of security in | ||
60 | Germany. Simultaneously it causes disadvantages for German computer | ||
61 | science research and industry. | ||
62 | |||
63 | "The change of law brings no advantages but some severe risks. It likely | ||
64 | violates the constitutional rights of many, as it restricts their | ||
65 | freedom to carry out their professional duties as well as restricting | ||
66 | the freedoms of researchers and press significantly. In order to not | ||
67 | jeopardize the German IT industry, clause 202c must be abolished as soon | ||
68 | as possible", Rieger claims. | ||
69 | |||
70 | ### Links | ||
71 | |||
72 | - \[1\] [CCC's report on the occasion of the constitutional complaint | ||
73 | against clause 202c StGB: Current and future effects of the change | ||
74 | of penal law on computer security, (in | ||
75 | German)](/202c/202cStellungnahme.pdf) | ||
76 | - \[2\] [Fundamental right to the confidentiality and integrity of it | ||
77 | systems, decision of Feb. 27th, 2008 (in | ||
78 | German)](http://www.bundesverfassungsgericht.de/entscheidungen/rs20080227_1bvr037007.html) | ||
79 | - \[3\] [Prohibition of computer security tools opens the floodgates | ||
80 | for the federal trojan (German | ||
81 | statement)](/updates/2007/paragraph-202c) | ||
82 | |||
83 | Media contact: | ||
84 | |||
85 | - presse\@ccc.de (preferred) | ||
86 | - 0700-CHAOSFON (0700 - 24267366) | ||