From 0f45c09e796d5978766bd54098e61f6c1129b984 Mon Sep 17 00:00:00 2001 From: frankro Date: Sat, 18 Apr 2009 19:12:41 +0000 Subject: committing page revision 1 --- updates/2008/stellungnahme202c.en.md | 86 ++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 updates/2008/stellungnahme202c.en.md (limited to 'updates') diff --git a/updates/2008/stellungnahme202c.en.md b/updates/2008/stellungnahme202c.en.md new file mode 100644 index 00000000..283724af --- /dev/null +++ b/updates/2008/stellungnahme202c.en.md @@ -0,0 +1,86 @@ +title: Clause 202c of German penal code endangers German IT industry +date: 2008-07-21 00:00:00 +updated: 2009-04-18 19:12:41 +author: frankro +tags: update, pressemitteilung + +In a substantial report to the Bundesverfassungsgericht (BVerfG, +German constitutional court) the Chaos Computer Club (CCC) has studied +the impacts of the so-called "Hacker Paragraph", a change to the penal +code. The CCC comes to the conclusion, that clause 202c is unsuitable +and even runs contrary to the legislator's intended goal. + + + +The programming, making available, distributing or aquisition of +so-called hacker-tools, necessary for the daily work of network +administrators and security experts, is sanctioned by clause 202c StGB +(German penal code). Due to a constitutional complaint against the new +clause, the BVerfG is looking into the question, whether it is generally +possible to distinguish so-called hacker-tools from allegedly harmless +software. The CCC also studied, the likely consequences this new law +will have and whether the use of potentially harmful software is +necessary for the revision of the security of computer systems. + +In the opinion of the CCC, the new fundamental right to the +confidentiality and integrity of IT-Systems implies that everybody must +be able to test their computer systems for security issues. Therefore +the possession, testing, public information sharing and further +developing of so-called hacker-tools is mandatory. + +The risk of legal proceedings against those, who find or research +security vulnerabilities has been intensified through the enactment of +clause 202c. It has already been observed that the voluntary publication +of detected security problems is clearly decreasing in Germany. The +clause's criminalization of dealing with malware therefore leads to a +worse situation for IT security in Germany. Security researchers and +companies are unable to perform their services anymore without taking up +the risk of criminal prosecution. + +The impact of clause 202c are described in detail by the report. Media +in the field of IT security, for instance, has already begun to limit +its coverage since the clause has come into effect. Professional and +private security researchers are planning to emigrate from Germany and +research and teaching also has strongly restricted itself. Many fears, +already expressed by experts from the fields of computer science and +practice during the hearings in the Bundestag, have already come true. + +"The fact, that the observable effects of the change to the penal code +are occuring exactly as predicted by the experts, surprises no one. In +the long term Germany will become a target for criminals and a gateway +for industrial espionage, as the computer networks can't be effectively +defended anymore", Frank Rieger, speaker of the CCC, comments. "The +industry, as well as normal computer users, are denied the possibility +of testing computers for security vulnerabilities." + +Overall the CCC study makes clear, that the legislator's goal of +achieving an improvement of the IT security situation by limiting the +access to malware and attack tools was missed. The criminalization of +software producers and users will lower the standard of security in +Germany. Simultaneously it causes disadvantages for German computer +science research and industry. + +"The change of law brings no advantages but some severe risks. It likely +violates the constitutional rights of many, as it restricts their +freedom to carry out their professional duties as well as restricting +the freedoms of researchers and press significantly. In order to not +jeopardize the German IT industry, clause 202c must be abolished as soon +as possible", Rieger claims. + +### Links + +- \[1\] [CCC's report on the occasion of the constitutional complaint + against clause 202c StGB: Current and future effects of the change + of penal law on computer security, (in + German)](/202c/202cStellungnahme.pdf) +- \[2\] [Fundamental right to the confidentiality and integrity of it + systems, decision of Feb. 27th, 2008 (in + German)](http://www.bundesverfassungsgericht.de/entscheidungen/rs20080227_1bvr037007.html) +- \[3\] [Prohibition of computer security tools opens the floodgates + for the federal trojan (German + statement)](/updates/2007/paragraph-202c) + +Media contact: + +- presse\@ccc.de (preferred) +- 0700-CHAOSFON (0700 - 24267366) -- cgit v1.2.3