1 files changed, 86 insertions, 0 deletions
diff --git a/updates/2008/stellungnahme202c.en.md b/updates/2008/stellungnahme202c.en.md
new file mode 100644
index 00000000..283724af
--- /dev/null
+++ b/updates/2008/stellungnahme202c.en.md
@@ -0,0 +1,86 @@
+title: Clause 202c of German penal code endangers German IT industry
+date: 2008-07-21 00:00:00 
+updated: 2009-04-18 19:12:41 
+author: frankro
+tags: update, pressemitteilung
+In a substantial report to the Bundesverfassungsgericht (BVerfG,
+German constitutional court) the Chaos Computer Club (CCC) has studied
+the impacts of the so-called "Hacker Paragraph", a change to the penal
+code. The CCC comes to the conclusion, that clause 202c is unsuitable
+and even runs contrary to the legislator's intended goal.
+<!-- TEASER_END -->
+The programming, making available, distributing or aquisition of
+so-called hacker-tools, necessary for the daily work of network
+administrators and security experts, is sanctioned by clause 202c StGB
+(German penal code). Due to a constitutional complaint against the new
+clause, the BVerfG is looking into the question, whether it is generally
+possible to distinguish so-called hacker-tools from allegedly harmless
+software. The CCC also studied, the likely consequences this new law
+will have and whether the use of potentially harmful software is
+necessary for the revision of the security of computer systems.
+In the opinion of the CCC, the new fundamental right to the
+confidentiality and integrity of IT-Systems implies that everybody must
+be able to test their computer systems for security issues. Therefore
+the possession, testing, public information sharing and further
+developing of so-called hacker-tools is mandatory.
+The risk of legal proceedings against those, who find or research
+security vulnerabilities has been intensified through the enactment of
+clause 202c. It has already been observed that the voluntary publication
+of detected security problems is clearly decreasing in Germany. The
+clause's criminalization of dealing with malware therefore leads to a
+worse situation for IT security in Germany. Security researchers and
+companies are unable to perform their services anymore without taking up
+the risk of criminal prosecution.
+The impact of clause 202c are described in detail by the report. Media
+in the field of IT security, for instance, has already begun to limit
+its coverage since the clause has come into effect. Professional and
+private security researchers are planning to emigrate from Germany and
+research and teaching also has strongly restricted itself. Many fears,
+already expressed by experts from the fields of computer science and
+practice during the hearings in the Bundestag, have already come true.
+"The fact, that the observable effects of the change to the penal code
+are occuring exactly as predicted by the experts, surprises no one. In
+the long term Germany will become a target for criminals and a gateway
+for industrial espionage, as the computer networks can't be effectively
+defended anymore", Frank Rieger, speaker of the CCC, comments. "The
+industry, as well as normal computer users, are denied the possibility
+of testing computers for security vulnerabilities."
+Overall the CCC study makes clear, that the legislator's goal of
+achieving an improvement of the IT security situation by limiting the
+access to malware and attack tools was missed. The criminalization of
+software producers and users will lower the standard of security in
+Germany. Simultaneously it causes disadvantages for German computer
+science research and industry.
+"The change of law brings no advantages but some severe risks. It likely
+violates the constitutional rights of many, as it restricts their
+freedom to carry out their professional duties as well as restricting
+the freedoms of researchers and press significantly. In order to not
+jeopardize the German IT industry, clause 202c must be abolished as soon
+as possible", Rieger claims.
+### Links
+-   \[1\] [CCC's report on the occasion of the constitutional complaint
+    against clause 202c StGB: Current and future effects of the change
+    of penal law on computer security, (in
+    German)](/202c/202cStellungnahme.pdf)
+-   \[2\] [Fundamental right to the confidentiality and integrity of it
+    systems, decision of Feb. 27th, 2008 (in
+    German)](http://www.bundesverfassungsgericht.de/entscheidungen/rs20080227_1bvr037007.html)
+-   \[3\] [Prohibition of computer security tools opens the floodgates
+    for the federal trojan (German
+    statement)](/updates/2007/paragraph-202c)
+Media contact:
+-   presse\@ccc.de (preferred)
+-   0700-CHAOSFON (0700 - 24267366)

diff --git a/updates/2008/stellungnahme202c.en.md b/updates/2008/stellungnahme202c.en.md new file mode 100644 index 00000000..283724af --- /dev/null +++ b/updates/2008/stellungnahme202c.en.md
@@ -0,0 +1,86 @@
	1	title: Clause 202c of German penal code endangers German IT industry
	2	date: 2008-07-21 00:00:00
	3	updated: 2009-04-18 19:12:41
	4	author: frankro
	5	tags: update, pressemitteilung
	6
	7	In a substantial report to the Bundesverfassungsgericht (BVerfG,
	8	German constitutional court) the Chaos Computer Club (CCC) has studied
	9	the impacts of the so-called "Hacker Paragraph", a change to the penal
	10	code. The CCC comes to the conclusion, that clause 202c is unsuitable
	11	and even runs contrary to the legislator's intended goal.
	12
	13	<!-- TEASER_END -->
	14
	15	The programming, making available, distributing or aquisition of
	16	so-called hacker-tools, necessary for the daily work of network
	17	administrators and security experts, is sanctioned by clause 202c StGB
	18	(German penal code). Due to a constitutional complaint against the new
	19	clause, the BVerfG is looking into the question, whether it is generally
	20	possible to distinguish so-called hacker-tools from allegedly harmless
	21	software. The CCC also studied, the likely consequences this new law
	22	will have and whether the use of potentially harmful software is
	23	necessary for the revision of the security of computer systems.
	24
	25	In the opinion of the CCC, the new fundamental right to the
	26	confidentiality and integrity of IT-Systems implies that everybody must
	27	be able to test their computer systems for security issues. Therefore
	28	the possession, testing, public information sharing and further
	29	developing of so-called hacker-tools is mandatory.
	30
	31	The risk of legal proceedings against those, who find or research
	32	security vulnerabilities has been intensified through the enactment of
	33	clause 202c. It has already been observed that the voluntary publication
	34	of detected security problems is clearly decreasing in Germany. The
	35	clause's criminalization of dealing with malware therefore leads to a
	36	worse situation for IT security in Germany. Security researchers and
	37	companies are unable to perform their services anymore without taking up
	38	the risk of criminal prosecution.
	39
	40	The impact of clause 202c are described in detail by the report. Media
	41	in the field of IT security, for instance, has already begun to limit
	42	its coverage since the clause has come into effect. Professional and
	43	private security researchers are planning to emigrate from Germany and
	44	research and teaching also has strongly restricted itself. Many fears,
	45	already expressed by experts from the fields of computer science and
	46	practice during the hearings in the Bundestag, have already come true.
	47
	48	"The fact, that the observable effects of the change to the penal code
	49	are occuring exactly as predicted by the experts, surprises no one. In
	50	the long term Germany will become a target for criminals and a gateway
	51	for industrial espionage, as the computer networks can't be effectively
	52	defended anymore", Frank Rieger, speaker of the CCC, comments. "The
	53	industry, as well as normal computer users, are denied the possibility
	54	of testing computers for security vulnerabilities."
	55
	56	Overall the CCC study makes clear, that the legislator's goal of
	57	achieving an improvement of the IT security situation by limiting the
	58	access to malware and attack tools was missed. The criminalization of
	59	software producers and users will lower the standard of security in
	60	Germany. Simultaneously it causes disadvantages for German computer
	61	science research and industry.
	62
	63	"The change of law brings no advantages but some severe risks. It likely
	64	violates the constitutional rights of many, as it restricts their
	65	freedom to carry out their professional duties as well as restricting
	66	the freedoms of researchers and press significantly. In order to not
	67	jeopardize the German IT industry, clause 202c must be abolished as soon
	68	as possible", Rieger claims.
	69
	70	### Links
	71
	72	- \[1\] [CCC's report on the occasion of the constitutional complaint
	73	against clause 202c StGB: Current and future effects of the change
	74	of penal law on computer security, (in
	75	German)](/202c/202cStellungnahme.pdf)
	76	- \[2\] [Fundamental right to the confidentiality and integrity of it
	77	systems, decision of Feb. 27th, 2008 (in
	78	German)](http://www.bundesverfassungsgericht.de/entscheidungen/rs20080227_1bvr037007.html)
	79	- \[3\] [Prohibition of computer security tools opens the floodgates
	80	for the federal trojan (German
	81	statement)](/updates/2007/paragraph-202c)
	82
	83	Media contact:
	84
	85	- presse\@ccc.de (preferred)
	86	- 0700-CHAOSFON (0700 - 24267366)