Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France

[K-OTiK Security <Special-Alerts@xxxxxxxxxx>]

In-Reply-To: <20040403204252.8002.qmail@xxxxxxxxxxxxxxxxxxxxxxxx>


>From: Chris Wysopal <cwysopal@xxxxxxxxxxx>
>Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>
>Sure looks like the penalty for publishing an exploit tool will be equivalent 
>to using the tool to commit a computer crime. I guess there aren't going to be 
>any computer security conferences in France ever again.  Will Securityfocus 
>and PacketStorm need to filter French addresses?  Will we have to stop selling 
>penetration testing products to French citizens? 
>

Here is the last updated version of this Art. 323-3-1 :

"The fact, without legitimate reason, to import, hold, offer, yield or place at 
the disposal a data-processing program conceived or especially adapted to 
commit one or more offences envisaged by articles 323-1 to 323-3 is punished 
sorrows planned for the infringement itself or the infringement most severely 
repressed"

As you can see, the vicious legislators introduced into the new version of this 
article the term "hold...without legitimate reason" - 

Concretely, this wants to say : "Any person handling exploits/viruses 
(researcher,consultant,hacker or kiddie) is guilty, and is in an illegal 
situation which could lead him to be charged - And if you are charged, YOU have 
to prove that you are innocent"

(Remember? "Universal Declaration of Human Rights (Article 11)")

So, if this law is voted next week, France will replace the presumption of 
innocence by the "presumption of culpability", and all security 
consultants/researchers here, will have the criminal status !

Bekrar Chaouki - Security Consultant
http://www.k-otik.com