The story of the programmer, whose apartment was searched and whose entire work equipment was confiscated because he discovered a security flaw and a huge data leak in the software of the company Modern Solution from Gelsenkirchen, is outrageous, to say the least. An independently acting private person is punished for acting in the interests of public safety. Instead, the company should be punished for screwing up such a mess and thereby endangering the data of almost three quarters of a million citizens.
Whoever reported the programmer, the motive is clear: He should be punished for doing the right thing – in the interests of all of us. The only ones who don’t see it that way are probably the bunglers who thought it was a good idea to write unencrypted customer data directly to a server in the public network via an SQL connection. The same people who came up with the great idea of giving all of their customers the same access data to this database and then also permanently building the password into the app used by the customers.
Hacker Clause must go!
And instead of investigating a company that shows an almost criminal indifference when it comes to IT security and data protection, the police and the public prosecutor make themselves the helpers of people who prefer to cover up mistakes rather than publicly speaking to those affected to apologize. People who would rather sanction a conscientious security researcher with instruments of state sovereignty than reward him with money and recognition.
As a society we can only draw one conclusion from this: The hacker paragraph 202 StGB must go! It does more harm than good to us, as was shown not least last September after the CDU took action. Instead, we must use the full power of the GDPR against those who, out of stupidity, carelessness or sheer greed for money, do not properly protect their customers’ data. The natural processes of the market should cleanse such companies into the afterlife. And if that doesn’t happen, the state has to take regulatory action.
Fabian A. Scherschel wrote daily as an editor for heise online and c’t from 2012 to 2018, first in London in English, later in German from Hanover. Since 2019 he has been reporting as a freelance author and independent podcaster on IT security, operating systems, open source software and video games.
Making mistakes is one thing, mistakes happen to everyone. But putting the blame on others instead of working on yourself shows that he or she is not ready to get better. The next data leak at Modern Solution is programmed – in the truest sense of the word.