[A2k] Glyn Moody on high-tech French farce (using Linux Wget tool est dangereux)
manon.ress at keionline.org
Mon Feb 10 19:05:42 PST 2014
Frenchman Fined For 'Theft' And 'Fraudulent Retention' For Finding Health
Docs Via A Google Search
from the le-cluelessness dept
The basic downloading tool Wget is much in the news at the moment, and
here's another story where it plays a central role. The French blogger and
activist Olivier Laurelli, also known by his Twitter name Bluetouff, was
searching on Google for something else when he spotted an interesting link
that turned out to lead to several gigabytes of internal documents held on
the French National Agency for Food Safety, Environment, and Labor's
extranet (ANSES in French).
Ars Technica explains what happened next:
Laurelli merely used the Linux Wget tool to download all of the contents of
the Web directory that he found. He left the files on his drive for a few
days and then transferred them to his desktop for more convenient reading
(which the French government would later spin as "the accused made backup
copies of the documents he had stolen"). A few days later, Laurelli
searched through the documents he downloaded and sent some to a fellow ...
writer [on the activist news site Reflets.info], Yovan Menkevick. About two
weeks later, a few interesting scientific slides pertaining to
nano-substances from the cache were published on Laurelli's site.
When ANSES discovered this, it reported what it called "potential
intrusion" and "data theft" to the police. Then France's Central
Directorate of Interior Intelligence (DCRI in French) became involved. The
lower court that heard the case decided Laurelli should not be punished for
accessing data that was not secure; ANSES was happy to let it go at that,
but DCRI appealed.
It was clear that things would not go well in the appeals court when the
presiding judge seemed not to know even how to pronounce "Google " or
"login" -- he said "Googluh" and "lojin" (original in French.) The
prosecutor was just as bad: he started off his speech by admitting "I
didn't even understand half the terms I heard today." Ars Technica reports
the denouement of this high-tech French farce as follows:
The appeals court acquitted Laurelli of fraudulently accessing an
information system but saw fit to convict Bluetouff of theft of documents
and fraudulent retention of information. The court wrote: "It is well
demonstrated that he was conscious of his irregular retention in automated
data processing, accessed where he downloaded protected evidence; and that
investigations have shown that these data had been downloaded before
being... disseminated to others; that it is, in any event, established that
Olivier Laurelli made copies of computer files inaccessible to the public
for personal use without the knowledge and against the will of its owner"
Leaving aside the fact that the appeals court was clearly ill-equipped to
understand the technical issues involved, and that the original files were
completely unprotected and found by Google's crawler, not Laurelli, there
is another disquieting aspect to this affair. Alongside his writing and
activism, Laurelli also runs a small computer security company. One of the
services it offers is a standard VPN. He was using this VPN service when he
accessed the ANSES site, and the fact that his connection was routed via
Panama -- the VPN's exit node -- counted heavily against him, he believes:
"This VPN (in fact above all this Panamanian IP address) is probably one of
the strongest elements which had driven the prosecution to pursue a
criminal case," he wrote.
VPNs represent one of the few tools available to ordinary Internet users to
help them bolster their security and privacy against global surveillance.
It's deeply troubling that the mere fact of using a VPN to access a Web
site was apparently viewed by the court as evidence of criminal intent,
rather than simply good online practice in the post-Snowden world.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Manon Ress, Ph.D.
Knowledge Ecology International, KEI
manon.ress at keionline.org, tel.: +1 202 332 2670
More information about the A2k