Last year I discussed some of the hacking and security laws in the UK on michaeldaw.org; pdp also discussed this on GNUCITIZEN a few months back. Governments are looking at clamping down on security tool development and distribution to mitigate hacking risks. It looks like Germany are now following:

Whoever prepares a crime according to §202a or §202b and who creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to

  • passwords or other access codes, that allow access to data or
  • computer programs whose aim is to commit a crime

will be punished with up to one year jail or a fine. Additionally, this new section is interwoven with other laws, including the ones covering terrorism. The current interpretation includes the acceptance of others committing a crime using your (or our) material as violation of §202c.

The main question in my mind when trying to remain objective about this, is whether IT security can be classified within the same category as Locksmiths. Would you feel safe in your home if an open community developed free tools to open various locking mechanisms and distributed those openly? Currently, only registered Locksmiths are allowed toolkits within the UK.

I also see the point that crackers will get the upper-hand as they don’t care about such laws, it will be the security community that suffers.

Whether we like it or not, times are a changing. I strongly believe in win-win situations, the question really is can there by one if the future moves in this direction and what with Net Neutrality.