Re: Publishing exploit code ruled illegal in France?

[Vincent Archer <var () deny-all com>]

On Thu, Mar 10, 2005 at 09:59:35AM -0700, Burnes, James wrote:
> So, in France, which of the following statements are true?
>
> 1. You must literally own the software in question before reverse
> engineering it?  A normal user license is not good enough.  In other
> words, only Microsoft may reverse engineer its own software.  Pointless,
> but whatever...
>
> 2. You may reverse engineer a copy that you have licensed.
>
> 3. You may reverse engineer a copy that a license owner has given you
> permission to examine.
>
> 4. You must have formal permission of a license owner in hand and
> notarized before you may examine such a piece of software.

That would be statement 2. 3 is probably also arguable in court, if the
license owner has formally contracted you (or is just your employer) to do
the reverse engineering on his behalf.

The reverse engineering is allowable thru exeptions to the general rules
protecting IP and trade secrets. The main one is that you're allowed to
reverse engineer software for interoperability purposes (i.e., you're
allowed to dissect Windows to find out the undocumented APIs that you
could use in your programs. Or to find out how the firewall work, so
you can control it or supplement it).

Reverse engineering and publishing your findings is not automatic. That's
where consumer protection laws start to interfere with IP, and that's
where lawyers start earning their fees.

At least, it's not DMCA.

-- 
Vincent ARCHER
varcher () denyall com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/