It also has something to do with the so called "Hackerparagraph" [1] under which whitehat hacking is basically impossible in Germany. Even writing a program that could potentially be used for hacking is a crime. If you followed the law word for word the authors of e.g. curl could be charged under this law.
1: https://de.wikipedia.org/wiki/Vorbereiten_des_Aussp%C3%A4hen... [de]
Isn’t that by design so governments can prosecute citizens they don’t like? For example, curl is probably ok but that one annoying Kim Dotcom guy is probably going to catch a case under some dubious law.
It'll nevee cease to amaze me how some countries find such creative ways to stifle innovation while they look to be caring about safety or what not.
> some countries find such creative ways to stifle innovation while they look to be caring about safety or what not
I'm not sure white-hat hacking is broadly compatible with German culture. Keep in mind that going bankrupt in Germany permanently closes off lots of avenues, from future lending to whether you can be in senior management at a public company.
> If you followed the law word for word the authors of e.g. curl could be charged under this law.
They really couldn't. BVerfG (Germany's constitutional court) has clearly said that dual use tools have a presumption of not being tools to break the law. It's been very clear that mens rea matters. And that a narrow reading of the law is the only constitutional reading.
The problem here is taking "word for word" as "by dictionary meaning", which is never how laws are read.
It's still a problematic law (together with §202a/b) because it doesn't clearly carve out space for grey-hat activities (white-hat attacks with authorization really don't fall under it even with creative reading).
On the upside, Germany is considering fixing that. On the downside, it moves with the speed of classic German bureaucracy and is being "discussed" since 2024.