Harvard Researcher Faces Imprisonment for Exploit Code
Guillaume Tena, a French researcher currently employed by Harvard, discovered the Viguard exploits in 2001 and subsequently published research indicating how the program worked, demonstrating security flaws and showing tests conducted with live viruses.
According to Tena’s website, his research proved that the software did not “detect and stop ‘100 percent of viruses’”, as the software’s publisher Tegam International claimed.
Following Tena’s publication of the exploits, Tegam filed a formal complaint in Paris.
“The company first reacted in a weird way,” writes Tena on his website. “They denounced me publicly as a [terrorist]. Later on, they filed a formal complaint against me in a Paris tribunal.”
The tribunal ordered the seizure of the French server hosting Tena’s former website and the site used to sign his emails was blocked at the registrar level, according to Tena.
“The actual problem is that I coded and shared a few ‘exploits,’ i.e. the practical demonstration of my theoretical analysis, which demonstrated the reality of the flaws I discovered in a way that everybody could reproduce them on their own computers,” Tena writes.
The French judge in the preliminary hearings held that Tena had violated the country’s copyright laws by publishing re-engineered source code from Tegam’s software.
Tena, however, maintains that such laws inhibit a well-informed software market.
“If independent researchers cannot analyze security softwares and publish their discoveries, final users will just have marketing press releases to assess the quality of a software,” writes Tena. “Unfortunately, it seems that we are heading to this kind of world in France and maybe in Europe.”
If convicted, Tena faces up to a four-month jail term and a $7,900 fine. Tegam is also pursuing a civil case against Tena, claiming $1.2 million in damages.