| ▲ | immibis 5 days ago |
| [flagged] |
|
| ▲ | rpdillon 5 days ago | parent | next [-] |
| Wait, installing nmap on your laptop from a Linux distribution's repositories is a crime in Germany? |
| |
| ▲ | ranger_danger 5 days ago | parent | next [-] | | No, OP loves to claim almost daily how nearly everything is illegal in Germany, and never provides any sources or court cases when asked for proof, just "google it yourself" or "the German criminal code". | |
| ▲ | to11mtm 5 days ago | parent | prev [-] | | Not really, so long as you don't use it for anything 'bad'. i.e. if you're just running against your local network, who's gonna report it? | | |
| ▲ | dwattttt 5 days ago | parent [-] | | Surely then it's the 'use', not the 'possession' that's a criminal offence? Or is it still a criminal offence to possess it, but you're fine as long as no one finds out? Because that doesn't stop it being a criminal offence. | | |
| ▲ | to11mtm 5 days ago | parent | next [-] | | My basic understanding is that a 'dual use' tool is moreso based on intent; using the same analogy as when this came up on HN over a decade ago [0], a good kitchen knife can be at least as dangerous as a lot of explicitly 'banned' knives but because it has a non-illegal use it doesn't fall into the same category as, say, a DDOS tool. And AFAIK there hasn't (yet) been a case where NMAP has gotten someone in Germany in trouble with the law for possessing or using within their local subnet. [0] - https://news.ycombinator.com/item?id=3797151 | | |
| ▲ | rpdillon 5 days ago | parent [-] | | This might be akin to lockpicks in the United States. Not illegal in and of themselves, but if you are possessing them with intent, it's a different matter. | | |
| ▲ | ranger_danger 3 days ago | parent | next [-] | | I think it's worth mentioning that this varies by state... while most allow you to possess lockpicking tools freely, some states do have "possession with intent" rules you need to be careful of. | |
| ▲ | immibis 5 days ago | parent | prev [-] | | And the police can always fabricate intent. |
|
| |
| ▲ | immibis 5 days ago | parent | prev [-] | | It's "whoever prepares for the commission of a [hacking] offence by acquiring computer programs for the commission of the offence" and it's been interpreted that downloading nmap can be preparing for an offence, therefore punishable. Giving copies to others (e.g. running a Debian mirror) is also likely illegal, but I doubt anyone's been charged for that yet. https://www.gesetze-im-internet.de/englisch_stgb/englisch_st... |
|
|
|
|
| ▲ | kace91 5 days ago | parent | prev | next [-] |
| >Not sure about US law, but in Germany, creating or possessing a hacking tool (including things like nmap) is a criminal offence. Surely that must be wrong, are security certs not a thing in Germany? |
| |
| ▲ | MaKey 5 days ago | parent [-] | | Unfortunately that's true: https://www.gesetze-im-internet.de/englisch_stgb/englisch_st... | | |
| ▲ | kace91 5 days ago | parent | next [-] | | Ugh. It does look like the wording gives some room though? As in, it requires “preparing the commission of an offense”. Does acquiring the tool for other uses like learning or professional training help? Or even better, shouldn’t lack of proof that the user had malicious intent be enough? | | |
| ▲ | immibis 5 days ago | parent [-] | | Police can always fabricate intent (this is not specific to Germany - they can just say you told them you were going to hack someone, or your actions or body language obviously showed it) and then in practice it's up to you to show an alternative interpretation of facts. If you're studying computer security, that might get you off - but who better than a computer security student to do actual hacking? |
| |
| ▲ | ranger_danger 5 days ago | parent | prev [-] | | Hard disagree, I think there is very important context missing here, notably: > 2. computer programs for the purpose of the commission of such an offence Big huge emphasis on "for the purpose of", meaning there must be clear intent to cause harm or break the law, especially for a criminal case. This assumes the purpose of the program is not inherently for hacking/criminal purposes, which I do not believe would be hard to argue that nmap is not designed as a "hacking tool". Germany appears to have a similar standard to US criminal cases where you are presumed innocent until proven guilty "beyond a reasonable doubt": https://law.stackexchange.com/questions/40966/innocent-until... |
|
|
|
| ▲ | kulahan 5 days ago | parent | prev | next [-] |
| In the US you’re allowed to have pretty much whatever code you want on your computer, obviously excepting binary representations of illegal photo/video content. How do they even enforce it? Or is it just an extra law to throw at someone already convicted of something? |
|
| ▲ | esseph 5 days ago | parent | prev [-] |
| That is fucking insane. Basically Linux itself would be classified as a "hacking tool". |
| |
| ▲ | wkat4242 4 days ago | parent [-] | | Well we are heading in that direction anyway. With software platforms getting more locked down. Having a rooted phone now is already enough to get banned from bank apps because you're not in the comfortable fluffy death grip of Google. |
|
