Frenchman Fined For 'Theft' And 'Fraudulent Retention' For Finding Health Docs Via A Google Search

from the le-cluelessness dept

The basic downloading tool Wget is much in the news at the moment, and here's another story where it plays a central role. The French blogger and activist Olivier Laurelli, also known by his Twitter name Bluetouff, was searching on Google for something else when he spotted an interesting link that turned out to lead to several gigabytes of internal documents held on the French National Agency for Food Safety, Environment, and Labor's extranet (ANSES in French). Ars Technica explains what happened next:

Laurelli merely used the Linux Wget tool to download all of the contents of the Web directory that he found. He left the files on his drive for a few days and then transferred them to his desktop for more convenient reading (which the French government would later spin as "the accused made backup copies of the documents he had stolen"). A few days later, Laurelli searched through the documents he downloaded and sent some to a fellow … writer [on the activist news site], Yovan Menkevick. About two weeks later, a few interesting scientific slides pertaining to nano-substances from the cache were published on Laurelli's site.
When ANSES discovered this, it reported what it called "potential intrusion" and "data theft" to the police. Then France's Central Directorate of Interior Intelligence (DCRI in French) became involved. The lower court that heard the case decided Laurelli should not be punished for accessing data that was not secure; ANSES was happy to let it go at that, but DCRI appealed.

It was clear that things would not go well in the appeals court when the presiding judge seemed not to know even how to pronounce "Google " or "login" -- he said "Googluh" and "lojin" (original in French.) The prosecutor was just as bad: he started off his speech by admitting "I didn't even understand half the terms I heard today." Ars Technica reports the denouement of this high-tech French farce as follows:

The appeals court acquitted Laurelli of fraudulently accessing an information system but saw fit to convict Bluetouff of theft of documents and fraudulent retention of information. The court wrote: "It is well demonstrated that he was conscious of his irregular retention in automated data processing, accessed where he downloaded protected evidence; and that investigations have shown that these data had been downloaded before being... disseminated to others; that it is, in any event, established that Olivier Laurelli made copies of computer files inaccessible to the public for personal use without the knowledge and against the will of its owner"
Leaving aside the fact that the appeals court was clearly ill-equipped to understand the technical issues involved, and that the original files were completely unprotected and found by Google's crawler, not Laurelli, there is another disquieting aspect to this affair. Alongside his writing and activism, Laurelli also runs a small computer security company. One of the services it offers is a standard VPN. He was using this VPN service when he accessed the ANSES site, and the fact that his connection was routed via Panama -- the VPN's exit node -- counted heavily against him, he believes:

"This VPN (in fact above all this Panamanian IP address) is probably one of the strongest elements which had driven the prosecution to pursue a criminal case," he wrote.
VPNs represent one of the few tools available to ordinary Internet users to help them bolster their security and privacy against global surveillance. It's deeply troubling that the mere fact of using a VPN to access a Web site was apparently viewed by the court as evidence of criminal intent, rather than simply good online practice in the post-Snowden world.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: anses, bluetouff, documents, france, liability, olivier laurelli, retention, search, security, theft, wget

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 10 Feb 2014 @ 1:53pm


    -- Wait, what now? Isn't the fact that he found this on a Google search prima facie evidence that the data was, in fact, accessible to the public?

    No, bureaucrats will only consider something as being publicly accessible if they have first said it is publicly accessible

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.