Hacker News new | past | comments | ask | show | jobs | submit login

> The sole possession of hardware, software or other tools that can be used to commit cybercrime can constitute a criminal offence according to Sec. 202c of the German Criminal Code.

https://iclg.com/practice-areas/cybersecurity-laws-and-regul...




We'd all be arrested in Germany then as we all have computers with compilers installed on them.


Well that is kinda the point of these vague laws. Just like they eventually nailed Al Capone with taxes in the US - if you can't hit someone directly, you can hit them with the "three felonies a day".

I'm German... our politicians, at least most of them are a bunch of pathologically technologically incompetent buffoons. A lot of that was masked during the Merkel era because she herself was a literal nuclear physics doctorate, but now that she's gone, it's painfully obvious what's going on.


Except §202c StGB https://www.gesetze-im-internet.de/englisch_stgb/englisch_st... isn't actually vague. The simple reason it doesn't outlaw compilers is that compilers aren't built for the purpose of giving unauthorized access to other people's data, even though they can help achieve that aim.

It's similar to how weapons designed to be used against people are regulated differently from tools that merely happen to be usable as weapons.

In the concrete case of sharing tools to explore the attack surface of KakaoTalk, this is not a crime under §202c StGB as long as you do not intend them to be used to hack accounts you do not own.


Good luck proving you have an exploit in your machine but you _do not intend_ to use it to hack accounts to a judge.


The burden of proof is supposed to be the other way around, as presumption of innocence is a thing in Germany (Unschuldsvermutung).

Good luck to the prosecution trying to prove that you did intend to hack other people's accounts when you can point to this blog post where the author demonstrates hacking their own account and reports the vulnerability to get it fixed.

I think people who get convicted of one of the "preparation to commit a crime" crimes mostly:

1. fail to come up with any alternative explanation for their behavior

2. put their plans in writing or told someone about their intentions


> The burden of proof is supposed to be the other way around, as presumption of innocence is a thing in Germany (Unschuldsvermutung).

Theoretically.

Unfortunately, judges who are actually fit in IT topics are rare, especially in the criminal courts. They tend to rather believe what the prosecutor tells them. I'm just happy we don't have US-style juries because that would be even worse given our collective love as a society for faxes and writing information on highly processed dead trees (i.e. paper).




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: