[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] Legality of Open Source Tools
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: Re: [FD] Legality of Open Source Tools
- From: Volker Tanger <vtlists@xxxxxxx>
- Date: Sat, 5 Apr 2014 00:59:57 +0200
Greetings!
> I believe Germany passed a law about exploits and/or "security
> tools". [...] I *believe* it is taken pretty seriously in
> Germany though.
Of course it's taken seriously here in Germany.
We take EVERYTHING seriously.
;-)
The law (§202c StGB) and its application already have been evaluated in
court - after a German computer magazine publisher reported itself for
such an offence (by offering downloads for nmap etc.)
It only is illegal to program, distribute, own, ... programs that are
EXPLICITLY designed to commit a(n actual) criminal offence with it.
Dual-use tools are lacking the law's "designed for an actual crime"
requirement.
Thus the banking-trojan is illegal - the PoC of its infection vector
not, even if it calls the same bank's web page.
According to governmental papers (DRS 17/10379 if 24.07.2012) even the
DDoS tool LOIC is not clearly enough falling under this singular-purpose
requirement and thus usually considered dual-use and thus not illegal.
Having a disclaimer explicitly stating the "for educational or research
purposes only" design won't hurt, though, as it will derail the
exclusively-for-crime requirement - even if only "officially".
Bye
Volker
PS:
IANAL, thus ask your own lawyer, of course.
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@xxxxxxx PGP Fingerprint
5F25 AF01 D104 70E0 539A 3575 05F9 F616 BBE2 192C
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/