Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
In-Reply-To: <20040403204252.8002.qmail@xxxxxxxxxxxxxxxxxxxxxxxx>
>From: Chris Wysopal <cwysopal@xxxxxxxxxxx>
>Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>
>Sure looks like the penalty for publishing an exploit tool will be equivalent
>to using the tool to commit a computer crime. I guess there aren't going to be
>any computer security conferences in France ever again. Will Securityfocus
>and PacketStorm need to filter French addresses? Will we have to stop selling
>penetration testing products to French citizens?
>
Here is the last updated version of this Art. 323-3-1 :
"The fact, without legitimate reason, to import, hold, offer, yield or place at
the disposal a data-processing program conceived or especially adapted to
commit one or more offences envisaged by articles 323-1 to 323-3 is punished
sorrows planned for the infringement itself or the infringement most severely
repressed"
As you can see, the vicious legislators introduced into the new version of this
article the term "hold...without legitimate reason" -
Concretely, this wants to say : "Any person handling exploits/viruses
(researcher,consultant,hacker or kiddie) is guilty, and is in an illegal
situation which could lead him to be charged - And if you are charged, YOU have
to prove that you are innocent"
(Remember? "Universal Declaration of Human Rights (Article 11)")
So, if this law is voted next week, France will replace the presumption of
innocence by the "presumption of culpability", and all security
consultants/researchers here, will have the criminal status !
Bekrar Chaouki - Security Consultant
http://www.k-otik.com