Germany's new antihacker law could open the door to more cybercrime and not less, security experts warn.

The law, which the German government approved in May and put into effect on Saturday, aims to crack down on the sharp rise in attacks on computers in the public and private sectors.

Although Germany already has approved numerous laws to curb attacks on IT systems, the most recent one aims to close any remaining loopholes. Punishable cybercrimes include DOS attacks and computer sabotage attacks on individuals, which would extend the existing law that limited sabotage to businesses and public authorities.

The new law defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data. Offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes. They could face up to 10 years in prison for major offenses.

"Dual use is at the root of the problem with the new law," said Andy Müller-Maguhn, a spokesman for the German hacker club Chaos Computer Club e.V. "You can develop tools, for instance, to test the security of a network system but you can use the very same tools to hack a system. Our concern is that if a person has to go to court for having a hacker tool on his system, he will have to prove his good intentions."

The legal uncertainty created by the new law will make the work of security experts in Germany more difficult, according to Müller-Maguhn.

"The law is counterproductive," said Marcus Rapp, product specialist at the German subsidiary of Finnish security vendor F-Secure Corp. "It will make the security situation worse, not better."

Rapp is concerned about what he calls the law's "broad interpretation" of hacking and the legal uncertainty it creates.

"We use hacker tools to test the security of computer systems; that's an essential part of our business," he said. "Could our use of these tools get us in trouble someday? That's what we don't know."

Russian rival Kaspersky Lab Ltd. shares a similar opinion.

Hacker tools are "constantly" used by vendors of security software to close security holes, wrote Andreas Lamm, managing director of Kaspersky Labs GmbH, in an e-mail. It's also "unrealistic" to believe, he added, that the new law will eliminate the illegal use of these tools as clever criminal hackers will continue to find ways to operate under the police radar.

The IDG News Service is a Network World affiliate.