home of the madduck/ blog/
Hacker tools in Germany

I am sure you've heard that "hacker tools", including nmap and other system administrastion essentials, may be considered illegal in Germany as of now. It'll depend on whether judges determine that e.g. nmap is a tool primarily used to do harm, so we all have not become criminals overnight, but there will be complications and ridiculous showdowns in courtrooms.

I was only one of thousands of protestors, when this bill was first discussed by our politicians. Back in October 2006, I wrote an email to Ilse Aigner, the spokesperson for education, research and the estimation of consequences of techynology (whatever that may be) of the Christian Democratic and Christian Socialist Unions, who is a member of the German Bundestag. She's the Bundestag representative for my hometown.

Surprisingly, I got a reply from her secretary, which I shall quote in full below:

im Auftrag von Frau Ilse Aigner ich habe mich bezüglich Ihres Anliegens bei unserem Referenten der CDU/CSU-Arbeitsgruppe für Recht erkundigt. Ich wurde darauf hingewiesen, dass die Bedenken Ihrer Branche hinsichtlich des Refentenentwurfs eines Strafrechtsänderungsgesetzes zur Bekämpfung der Computerkriminalität bekannt sind. Auch hat der Bundesrat eine Prüfbitte geäußert. Zwar ist der Referent der Meinung, dass die Gefahr der Illegalisierung schon jetzt nicht bestünde, trotzdem wolle man aber im laufenden Gesetzgebungsverfahren alle Bedenken beseitigen.

Seien Sie versichert, dass Sie auch in Zukunft weiterhin Ihre Arbeit ganz legal ausüben können.

That last sentence says: rest assured that you may continue to exercise your profession legally in the future.

In the spring of 2007, it seemed as if all protests were overheard, the Bundestag pushed the new legislation 202c StGB, and the Bundesrat drew in their horns and failed to appeal the decision.

I wrote another email to the secretary of Ilse Aigner asking whether I can still "rest assured", but this time, no response came back.

And now the law has been passed. Politics as we know it.

On the topic of whether the Debian project now has to provide a non-German archive for Germany, I find myself in the middle of the swamp of German legislation. On the one hand, publication or distribution of "hacker tools" has been made illegal, in addition to their (ab)use. On the other hand, however, the law only makes tools illegal which are (a) primarily used for cracking, and (b) are used with malevolent intentions.

It's the "yes or no?" — "maybe." bullshit which makes it impossible for people to do their job in Germany, if they actively want to stay on the legal side. A good example is the tax system where you have three options: do it yourself with minimal time investment and pay way more taxes than you have to, or let a tax advisor do it, or try to do it right yourself. If you do the latter, it's like walking a thin ridge in absolute darkness, except you won't be told immediately when you fall off.

I think Debian should not take any action. We're not malevolently or intentionally distributing tools primarily used for cracking, so we stand good chances of getting by with it. Apart, Debian is not a legal entity in Germany anyway, so who are they to sue?

NP: Overhead: Metaepitome

Update: Thomas Jollans writes in that Debian can't be sued, but the German mirror operators can, with which I have to agree. Then the solution is obviously to move the German mirrors. That's a topic for this thread.