Germany passes antihacking law

Hackers may want to avoid Germany, after the approval of a law that makes their activity a punishable crime.

The legislation, which the German government proposed earlier last year and approved Friday with no changes, aims to crack down on the sharp rise in computer attacks in the public and private sectors.

Although Germany already has a comprehensive penal law against attacks on IT systems, the new legislation looks to close any remaining loopholes.

It defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data. Offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes. They could face up to 10 years in prison for major offenses.

Other punishable cybercrimes include DOS (denial-of-service) attacks and computer sabotage attacks on individuals, which would extend the existing law that limited sabotage to businesses and public authorities.

The new law, however, has drawn criticism by several groups, including the hacker club Chaos Computer Club e.V., which points to the work of "good" hackers, also known as "white hats," who work for security companies. These computer experts, the club argues, could be restricted in their ability to help software makers develop secure products and businesses to deploy them.

That opinion is shared by some hackers as well.

In an e-mail, a hacker, known by the pseudonym van Hauser, wrote that if hackers are unable to share their tools with the public, white hats will not be able to get them and use them internally for testing or external security consultants won't be able to do security testing. "It's a win-lose law in favor for the bad guys," he wrote.

Chaos Computer Club also warns that the law could make it much easier for the German government to allow law enforcement officials to install spyware on computers of suspected criminals without their knowledge. The club is concerned about the ability of consumers and businesses to protect their systems from government spyware without support from the hacker community.

In February, the country's High Court handed down a landmark decision banning police from installing spyware, delivering a blow to the plans of the German Interior Minister Wolfgang Schäuble to give the Federal Criminal Police Office greater power to monitor terrorists and other criminals online, and peek inside their computers.

But Schäuble is seeking ways ever since to have the court revise its decision.