In-Reply-To: <20040403204252.8002.qmail@search.securityfocus.com> >From: Chris Wysopal <cwysopal@atstake.com> >Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France > >Sure looks like the penalty for publishing an exploit tool will be equivalent to using the tool to commit a computer crime. I guess there aren't going to be any computer security conferences in France ever again. Will Securityfocus and PacketStorm need to filter French addresses? Will we have to stop selling penetration testing products to French citizens? > Here is the last updated version of this Art. 323-3-1 : "The fact, without legitimate reason, to import, hold, offer, yield or place at the disposal a data-processing program conceived or especially adapted to commit one or more offences envisaged by articles 323-1 to 323-3 is punished sorrows planned for the infringement itself or the infringement most severely repressed" As you can see, the vicious legislators introduced into the new version of this article the term "hold...without legitimate reason" - Concretely, this wants to say : "Any person handling exploits/viruses (researcher,consultant,hacker or kiddie) is guilty, and is in an illegal situation which could lead him to be charged - And if you are charged, YOU have to prove that you are innocent" (Remember? "Universal Declaration of Human Rights (Article 11)") So, if this law is voted next week, France will replace the presumption of innocence by the "presumption of culpability", and all security consultants/researchers here, will have the criminal status ! Bekrar Chaouki - Security Consultant http://www.k-otik.com
