Computer Crime Research Center


Interview: Germany and new cybercrime law

Date: July 11, 2007
Source: SecurityFocus
By: Federico Biancuzzi

... non EU and non European countries. It is more detailed and going far beyond than the Framework decision. I was involved in various activities in East European Countries as well as African and Arabic countries that are at least planning to sign and ratify the Convention.

Do you expect to see a real crackdown on german security researchers and companies who might be breaking the new laws using "security evaluation tools"? Or maybe we could discover how these laws will be applied only after the first lawsuit?

Marco Gercke: This is depending on the way security researchers work. In those cases where a company orders the security researchers to test the system these tests are not criminalised by the new law. The situation is the same in those cases where the tests are processed in a closed environment (eg. in a laboratory). The practice to attack a system without permission first of all and then ask for the permission was criminalised before as well.

Ok, but I have heard from multiple sources that one of the worst aspects of the new laws was that security tools such as nmap (a port scanner), would become illegal. Just having them on your computer will be enough. Is it true? Every detail about this topic would be appreciated...

Marco Gercke: The risk is there. Unlike Art. 6 of Convention on Cybercrime, Paragraph 202c Penal Code does not limit the criminalisation to tools that are primarily designed to commit certain computer crimes. Therefore it will be necessary to wait for the first verdicts. It is very likely that the courts will limit the application of the software with the result that the possession without link to criminal activities will not be punished.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo