As of last weekend, it has become a crime in Germany to build, sell, obtain or distribute so-called "hacking tools", which experts say will damage overall computer security by severely curtailing legitimate research and analysis, and prevent "good" hackers from discovering and plugging system security holes.
The intention of the lawmakers, who proposed the item last year and passed it in late May, was to crack down on attacks on government and private-sector computer systems. Penalties include prison sentences of up to 10 years and fines, IDG News Service reported.
But some security industry representatives are worried the law will actually make the nation less safe because they believe it will be more difficult for "good" hackers employed by companies to do research. They say the law could make it illegal to use popular free tools like nmap, an open-source network exploration program, and Nessus, top-rated network vulnerability-scanning software.
"Already it seems that the law will have the unintended consequence of making legitimate research just that much harder, only deterring the legitimate researchers and the opportunistic attacker," a representative from the Australia-based security research firm Sunnet Beskerming wrote on the company's Web site last weekend.
According to the site: "The serious criminal will just keep on going with their malicious activity, probably a little bit bolder--safe in the knowledge that the German government has just made it a little bit more difficult for them to be found".
Some security experts say it's arguably still kosher for them to report on security vulnerabilities and how to exploit them, but it's possible some tools they would use to derive those findings could be verboten.
Still, like the well-documented phenomenon of corporations moving their operations to more favourable tax-law climates, some groups and firms have already opted to shift operations that they believe may run afoul of the law to outside German borders.
The makers of a product called KisMAC, a wireless network discovery tool for Mac OS X, said in a note at their Web site that the law shows "complete incompetence" but vowed to resume their activities in the nearby Netherlands.
"Even worse, politicians still believe in the successful ban of digital information, obviously not reckoning globalisation," the KisMAC representative wrote. "We are heading straight to a country I do not want to be living in."
A group called Phenoelit also recently abandoned its German Web site and relocated its network packet-sniffing and password-cracking tools to a US Web server.
For those of you who can read German, the government's explanation of the new law is available in PDF form.
