Wednesday, March 09, 2005

'Publishing vulnerabilities' illegal in France.

After the conviction in a French court on criminal charges of the security researcher Guillaume Tena it seems that in France at any rate the IT Security industry could find themselves falling foul of the law for publishing security vulnerabilities. Guillaume Tena in 2002 published a series of security vulnerabilities with the Viguard anti-virus software published by Tegam. However Tegam did not like this adverse publicity for their software and initiated legal action against Guillaume. That legal action resulted in a criminal case going to trial in a Paris Court. The prosecution claimed that Tena violated article 335.2 of the code of intellectual property, prosecutors asked the court for a four month jail term and a 6,000 euro fine. Guillaume alas was convicted by the court and was handed down a 5,000 euro fine, which was suspended on the provision that Guillaume does not re-offend, i.e. publish any more security vulnerabilities, otherwise he would be required to pay the fine. However the legal action goes on, Tegam is also proceeding with a civil action against Guillaume, in which they are demanding 900,000 euros in damages. As a result of the conviction, it sets a precedent for other security researchers that operate in France, that they could suffer a similar fate for publishing their so called 'research'.