Vol. 10, No. 6, Page 3
Wernery's lawyer is trying to get him released pending his trial, which may not take place for some time. She confirmed that W...
Wernery's lawyer is trying to get him released pending his trial, which may not take place for some time. She confirmed that Wernery has not been charged under France's tough new computer fraud laws (see "New French computer fraud law" on page 2 of this issue) but under the existing criminal damage law. This case illustrates the fact that there is a clear distinction between people who access private computer systems for intellectual reasons, and those who hack computers for criminal It is one thing to catch criminals who damage or steal purposes. data from private computer systems. It is folly to penalize young As Hans Gliss argues, it people who will merely go underground. is far better to offer immunity from prosecution to hackers who are willing to disclose the security loopholes in their victims' computer systems. As the SPANet case shows, the hackers are often better able to detect leaks than the suppliers and manufacturers of computer systems.
NEW FRENCH COMPUTER FRAUD LAW
France has just passed a law which fills in a large legal void with respect to computer fraud. The first article of Law Number 88-19 (5 January 1988) states that any entry into a system and, particularly, any continued presence in such a system, without being invited, constitutes a crime. And this is without having to ask the question of alleged tampering with data or theft of data because legislators say that the act of entering the system will be sufficient to bring charges. The new law places entering data banks in the same league of crime as illegally breaking and entering into somebody's physical property. Hitherto in France, the only possibility of redress for a company whose data had been accessed or appropriated was to bring a case for theft of computer time, almost invariably left unpunished. Under the new law, any alteration or wiping of data, attempts to interfere in the functioning of a system and falsification of documents are punishable offences. Sentences will include a range of fines and/or imprisonment including the seizure of any material used in committing the offence. Because of the way the law has been designed, the thorny problem of theft of data has been avoided. It is not an offence because the very act of entering the system will lead to arrest. Some lawyers in France have criticized the law for being too imprecise, while others say that this is its strength: too many specifics linked to current technology could make the law out of date in a matter of years - much better, they say, to let legal precedent in the courts dictate the future. Philip Hill, Paris, France
COMPUTER FRAUD 81 SECURITY BULLETIN
o 1988 Elsevier Science Publishers B.V.. Amsterdam./tJ8/$0.00 + 2.20 No part of this publication may be reproduced. stored in a retrieval system, of transmitted by anv form or by any means. electronic. mechanical. photocopymg. recording or otherwse. wthout thr prior perrmss~on of the publwhers. (Readers III the U.S.A. - please see special regulations listed on back cover )