Online Vulnerability Scanners
>>* Should fear of extradition be a factor and service be denied to German customers?<<
The law is only applicable in Germany so you will be safe if you sit in another country. Only you can never go back to Germany for a visit. At least for 35 years. Extradition is an option but then i also want the extradition of spammers ;). The cahnces of getting an extradition are slim to non-existent. The use of nessus is not illegal in the UK therefore you didn't break any laws in the UK regardless of where the target system stands. And also the server owner contracted you to do this scan.
>>* Should this new law be seen as a possible marketing tactic as nobody in Germany is now allowed to run Nessus? :)<<
Surely somebody will base marketing based on this. ;)
>>* What if the German customer is based in Germany but his server is located in another country?<<
Doesn't matter, the law is broadly enough defined so you will be busted as long as you sit in Germany when you use the tool.
God only knows what they thought when they introduced this law, but it certainly shows that the german government knows absolutely nothing about the technology. Also displayed in the suggested change of law with regards to secret online searches. I still wonder how they want to do this as there are very easy and effective methods to prevent this, which the determined terrorist will know for sure. So far they could storm into a house and size the equipment, boot the machine and read what is on the HDD. Now they will have to break very strong full HDD encryption and pre-boot authentication systems and will never read what is on the HDD. Ohhh well... stupidity never dies out.
Is like sending a suspect a letter with 'We will search your home in one weeks time'.