It also has something to do with the so called "Hackerparagraph" [1] under which whitehat hacking is basically impossible in Germany. Even writing a program that could potentially be used for hacking is a crime. If you followed the law word for word the authors of e.g. curl could be charged under this law.

1: https://de.wikipedia.org/wiki/Vorbereiten_des_Aussp%C3%A4hen... [de]

It'll nevee cease to amaze me how some countries find such creative ways to stifle innovation while they look to be caring about safety or what not.

> If you followed the law word for word the authors of e.g. curl could be charged under this law.

They really couldn't. BVerfG (Germany's constitutional court) has clearly said that dual use tools have a presumption of not being tools to break the law. It's been very clear that mens rea matters. And that a narrow reading of the law is the only constitutional reading.

The problem here is taking "word for word" as "by dictionary meaning", which is never how laws are read.

It's still a problematic law (together with §202a/b) because it doesn't clearly carve out space for grey-hat activities (white-hat attacks with authorization really don't fall under it even with creative reading).

On the upside, Germany is considering fixing that. On the downside, it moves with the speed of classic German bureaucracy and is being "discussed" since 2024.