bmitchell wrote:
] Researchers that reverse engineer software to discover
] programming flaws can no longer legally publish their findings
] in France after a court fined a security expert on Tuesday.

This is unfortunate if true. France has already shown little hesitation in suing american sites that violate french law. I wonder if they're going to start fining security companies anytime a new vunlerability is published?

jlang wrote:
] This is fucked up. France has already shown little hesitation
] in suing american sites that violate french law. I wonder if
] they're going to start fining security companies anytime a new
] vunlerability is published?

This isn't a criminal statute. Its civil. If you reverse engineer my software I can sue you. Whether or not you or I need to have actually been in France I'm not sure, but I'll bet that cases which are unrelated to France have little to be concerned with.

All tolled, the USA is much worse. The DMCA is a criminal statute, and the police have snagged foreign nationals accused of reverse engineering when they've made short trips to the US.

Decius wrote:
] This isn't a criminal statute. Its civil. If you reverse
] engineer my software I can sue you. Whether or not you or I
] need to have actually been in France I'm not sure, but I'll
] bet that cases which are unrelated to France have little to be
] concerned with.

No, this was a criminal case, not a cival case. The judge ruled that jail time was not an appropriate in this case for violating the equivilant of their DMCA (article 335.2 of the IP code).

In a seperate unrelated matter, the company in question is also seeking in civil court 900k euros for damages.

I don't know if the DMCA is much worse, as I can't actually find the text of 335.2, and if I could it's unlikely that there's a version translated into english.

The DMCA, in many ways, is not nearly as bad as this. It does not outlaw reverse engineering in any general way, and it has several provisions exempting the forms of reverse engineering it does outlaw.

The DMCA is bad, but it seems to me that the france decision is much broader in scope.

bmitchell wrote:
] No, this was a criminal case, not a cival case. The judge
] ruled that jail time was not an appropriate in this case for
] violating the equivilant of their DMCA (article 335.2 of the
] IP code).

Oh, you're right. The text "initiated legal action" appears in all these stories and its a bit confusing as to whether that means "pressed charges" or "filed suit." I suppose it must mean the later as stored refer to a separate civil action. I had assumed it meant the former. My bad.

bmitchell wrote:
] Researchers that reverse engineer software to discover
] programming flaws can no longer legally publish their findings
] in France after a court fined a security expert on Tuesday.

From the ISN list:

forwarded from: security curmudgeon jericho@attrition.org

According to reports on other lists, by people who apparently read and speak French better than most American journalists, the court ruling is not about him reverse engineering software and publishing bugs so much as the fact he did it on unlicensed copies of the software. If that is the case, this ruling is more about using pirated software for security research than posting vulnerability information.