May 25, 2007

Germany leads the way with tough anti-hacking law

Opponents warn legislation could let government to insert spyware on systems

By John Blau, IDG News Service

---

The Germany government has passed a tough new law against hacking.

The legislation, which the German government proposed earlier last year and approved Friday with no changes, aims to crack down on the sharp rise in computer attacks in the public and private sectors.

Although Germany already has a comprehensive penal law against attacks on IT systems, the new legislation looks to close any remaining loopholes.

It defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data. Offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes. They could face up to 10 years in prison for major offences.

Other punishable cybercrimes include DOS (denial-of-service) attacks and computer sabotage attacks on individuals, which would extend the existing law that limited sabotage to businesses and public authorities.

The new law, however, has drawn criticism by several groups, including the hacker club Chaos Computer Club eV, which points to the work of "white hat" hackers who work for security companies. These experts, the club argues, could be restricted in their ability to help software makers develop secure products and businesses to deploy them.

That opinion is shared by some hackers as well.

In an e-mail, a hacker, known by the pseudonym van Hauser, wrote that if hackers are unable to share their tools with the public, white hats will not be able to get them and use them internally for testing or external security consultants won't be able to do security testing. "It's a win-lose law in favour for the bad guys," he wrote.

Chaos Computer Club also warns that the law could make it much easier for the German government to allow law enforcement officials to install spyware on computers of suspected criminals without their knowledge. The club is concerned about the ability of consumers and businesses to protect their systems from government spyware without support from the hacker community.

In February, the country's High Court handed down a landmark decision banning police from installing spyware, delivering a blow to the plans of the German Interior Minister Wolfgang Schäuble to give the Federal Criminal Police Office greater power to monitor terrorists and other criminals online, and peek inside their computers.

But Schäuble is seeking ways ever since to have the court revise its decision.

Newsletters

Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.