RT | February 10, 2014
A French appeals court has fined an activist 3,000 euros for publishing documents accessed via an open hyperlink in a Google search. The “hacker” was prosecuted despite the fact that the government agency owning the files didn’t pursue a case against him.
For the French blogger, Olivier Laurelli, nicknamed “Bluetouff,” it all started with a simple Google search. While browsing the web for what he claims was an irrelevant subject, the co-founder of the tech-savvy activist news site Reflets.info came across a link to an online documents archive of the French National Agency for Food Safety, Environment, and Labor (ANSES).
The link led to a trove of 7.7 Gigabytes of files on public health, and Laurelli decided they might be worth looking through. For what he later said was for more convenient reading, the activist downloaded the entire online directory with a common Linux tool, and then transferred them to his desktop.
At the time, the blogger judged that the freely available documents of a public establishment “ought to be” legally available for the public to see, quotes the Ars Technica blog.
But soon after posting some scientific slides from the archives on his website, Laurelli realized that he was wrong.
ANSES discovered their archive was accessed only after the slides on “nano-substances” went public on Reflets.info, French media said. Citing possible “intrusion into a computer system and data theft from a computer,” the agency filed a report with the police, also prompting the French Central Directorate of Interior Intelligence (DCRI) to launch a case.
According to the activist himself, the investigators’ decision to pursue a criminal case against him was fueled by the fact he used a Virtual Private Network (VPN) service that masked his IP address as a Panamanian one. The VPN was actually provided by a security company he owned called Toonux.
Laurelli was then indicted with fraudulently accessing and keeping data, which, according to the French Criminal Code carries up to 2 years in prison and a maximum fine of 30,000 euro (about $41,000).
While testifying, Laurelli admitted he did spot a requirement for login and password at an upper level directory when he tried browsing the ANSES resource further, but there was no explicit indication that the directly accessible files he stumbled on required authorization and were illegal to obtain.