Cybersecurity : recent french courts cases



Similar documents
How To File A French Personal Injury Claim

MISSISSIPPI IDENTITY THEFT RANKING BY STATE: Rank 32, 57.3 Complaints Per 100,000 Population, 1673 Complaints (2007) Updated December 21, 2008

SETTLEMENT AGREEMENT AND RELEASE

Provided By Touchstone Consulting Group Workers Compensation Employer Penalties

The French Legal System

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

Updated Administration Proposal: Law Enforcement Provisions

College Policy on Drugs & Alcohol

Wisconsin Contractors Institute. Home Improvement Trade Practices ATCP 110 & 111

World Book. Protection of IP France TRADE MARKS 1.1 INTRODUCTION

Chapter 11 Torts in the Business Environment

AN ANTITRUST PRIMER FOR PROCUREMENT PROFESSIONALS

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

Walking Through a Trial

MISSOURI IDENTITY THEFT RANKING BY STATE: Rank 21, 67.4 Complaints Per 100,000 Population, 3962 Complaints (2007) Updated January 11, 2009

4. Laying of orders and regulations before Houses of Oireachtas.

OULAMINE LAW GROUP INTERNATIONAL BUSINESS LAW FIRM CASABLANCA - MOROCCO

WHITEPAPER HOW TO AVOID CONTRACTOR RISKS IN FRANCE

Discharge 3/14/2012. Chapter 16 Performance and Discharge Byron Lilly De Anza College Byron Lilly De Anza College

Fraud/Abuse and False Claims Act Compliance Education for Providers, Contractors, and Vendors. Presented by: by: Compliance Department

IDRAC GROUP Les Experts Bac + 4 Dominante International Business management

Chapter 7 Tort Law and Product Liability

Home Inspectors Professional Liability Application

The Rosenthal Fair Debt Collection Practices Act California Civil Code 1788 et seq.

OKLAHOMA LAWS RELATING TO IDENTITY THEFT

WEALTH MANAGEMENT. Review of tax compliance procedure for undisclosed foreign assets

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA TAMPA DIVISION. v. CASE NO. 8:15-CR-244-T-23AEP PLEA AGREEMENT

POLICY ON THE FALSE CLAIMS ACTS

PARIS FRANCE. UIA Training Course Compliance Challenges and Opportunities: How to Build and Implement an Effective Compliance Programme

Miami-Dade Police Department Burglar Alarm Ordinance

How To Pass A Bill Inmaryland

CURRICULUM VITAE = = = = = = = = = = = = = Abdul Hamid EL-AHDAB

Corona Police Department

Anatomy of a Hotel Breach

The language set forth in this Ordinance shall be interpreted in accordance with the following rules of construction:

ONLINE CREDIT REPORTING S SUITE SOLUTIONS MEMBERSHIP GUIDELINES

An Introduction to Identity Theft. Letbighelptoday.com. Your Free Copy

CALIFORNIA FAIR DEBT COLLECTION PRACTICES ACT Updated 1 January 2012

CHAPTER. What is Criminal Justice? Criminal Justice: Criminal Justice: Criminal Justice: What is the Definition of Crime?

1 Cour des comptes - Rappel du titre de la Date présentation THE COUR DES COMPTES

The Green Law Group, LLP Construction and Business Attorneys 1777 E. Los Angeles Ave. Simi Valley, CA 93056

Crimes relating to Digital Signature Certificates

CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008


DEBT COLLECTION LAW. DISTRICT OF COLUMBIA OFFICIAL CODE Copyright 2014 by the District of Columbia

MERGER-ACQUISITION OF MONEYLINE SA BY INGENICO SA

Clarity OSS Limited Share Trading Policy

NOTICE OF MEETING. Participating to the Shareholders Meeting

UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.:

WIPO LIST OF NEUTRALS BIOGRAPHICAL DATA. Telephone: Fax: cferal-schuhl@feral-avocats.

Chapter 15 Criminal Law and Procedures

Employee monitoring in France. January Contents. Legal Framework 1

INSIDER TRADING. a. Charles Fogarty d. Texas Gulf Sulphur. b. Martha Stewart e. U.S. Security and Exchange Commission

CREDIT REPAIR SERVICES (California Civil Code et seq.; 15 U.S.C.A et seq.)

Unauthorized Practice of Law

How TO APPEAL A DECISION OF A MUNICIPAL COURT

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

REPUBLIC OF NAMIBIA HIGH COURT OF NAMIBIA MAIN DIVISION, WINDHOEK. THE STATE and FREDERICK EKANDJO (HIGH COURT MAIN DIVISION REVIEW REF NO.

CRIMINAL PROCEEDING AND DEFENCE RIGHTS IN CANADA

HOUSE DOCKET, NO FILED ON: 2/28/2014. HOUSE... No The Commonwealth of Massachusetts PRESENTED BY: Paul R. Heroux

COMMONWEALTH OF PENNSYLVANIA, : IN THE SUPERIOR COURT OF Appellant : PENNSYLVANIA : v. : : JOSEPH MENDEZ, : Appellee : No.

THE CARTIER WOMEN S INITIATIVE RULES OF PARTICIPATION

*Reference Material For information only* The following was put together by one of our classmates! Good job! Well Done!

ELDERLY PERSONS DEFENDING YOUR RIGHTS. Professional services, free of charge

TTCU THE CREDIT UNION

PIKTRAKK GENERAL CONDITIONS OF SUBSCRIPTION TO THE MONITORING SERVICE FOR PUBLICATINONS ON THE INTERNET WITH THE DEBT RECOVERY SERVICE

Case Number XXX I. INTRODUCTION. 1. Defendants E.G.O. and E.R.O., prepare immigration documents for customers for a

INSOLVENCY RELATED LIABILITY OF DIRECTORS UNDER THE COMPANIES ACT, 1956

DEBT COLLECTION LAW. (1A) creditor means a claimant or other person holding a claim;

What is Title Insurance? What is a Title Search and Examination? What is a Title Defect or Encumbrance?

IN THE CIRCUIT COURT OF JACKSON COUNTY, MISSOURI AT KANSAS CITY

THE SUPERIOR COURT OF ARIZONA MARICOPA COUNTY

About D.U.I. (Driving Under the Influence) Published by The Alaska Court System PUB-11 (6/13)(green)

CRIMINAL DEFENSE FAQ. QUESTION: Am I required to allow law enforcement be allowed to search my house or my car?

JUDICIAL REVIEW JUDGE N. LORRIN FREEMAN

Fresno County DA & CA Contractor s State License Board s (CSLB) Statewide Investigative Fraud Team (SWIFT) Sting Operation

Senate Bill No. 86 Committee on Transportation and Homeland Security

WASHINGTON IDENTITY THEFT RANKING BY STATE: Rank 13, 76.4 Complaints Per 100,000 Population, 4942 Complaints (2007) Updated January 11, 2009

Checks written out to cash being negotiated by the elder s caregiver. Checks signed by the senior but filled out by someone else

Summary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum

Transcription:

Michel Toporkoff, Avocat à la Cour, Maison de la Communication 114 rue Chaptal (92300) Levallois-Perret (France) m.toporkoff@toporkoff-avocat.fr (+ 33) 6 18 37 73 30 Cybersecurity : recent french courts cases 1) Applicable french law 2) EDF vs. AFLD, Greenpeace et autres (Cour d appel de Versailles, february 6, 2013) 3) Sarenza vs. Jonathan L. et autres (Tribunal de grande instance de Paris 3ème section, 4ème chambre, february 21,2013) 4) Gautier vs SOCORPI, IMMOVAC et autres (Cour d'appel de Paris, 25 juin 2013)

Michel Toporkoff, Avocat à la Cour, Maison de la Communication 114 rue Chaptal (92300) Levallois-Perret (France) m.toporkoff@toporkoff-avocat.fr (+ 33) 6 18 37 73 30 Recent publications Print : Droit de la concurrence déloyale, Editions Lextenso, 2010 On line :. Advertising law : Dictionnaire juridiques des allégations publicitaires (Stratégies, 2012) http://www.strategies.fr/actualites/marques/187490w/dictionnaire-juridique-desallegations-publicitaires.html. Computer law : various articles in «Journal du Net» Suppression de la page Wikipedia d'un concurrent : la victime doit être particulièrement attentive à ses moyens de preuve (october 14, 2013) http://www.journaldunet.com/expert/55409/internet-et-concurrence-deloyale---gare-auparasitisme.shtml (october 7, 2013) http://www.journaldunet.com/ebusiness/expert/55317/internet-et-concurrence-deloyale--- comment-peuvent-reagir-les-sites-victimes.shtml (september 25, 2013)

Article 323-3 Unlawful introduction on a computer system or fraudulent alteration (or suppression) of data thereon is punishable by imprisonment of (up to) 5 years and a fine of 75 000 If a State-operated computer system running personal data was involved : (up to) 7 years of imprisonment and a fine of 100 000 Article 323-4 Participating in a group intending to commit any of the above actions is punished in the same manner as committing any of the above actions.

Cour d'appel de Versailles, 6 février 2013 (EDF vs/afld, Greenpeace et autres) Facts A sub-contractor of EDF was hacking a Greenpeace computer system This was discovered by OCLCTIC by pure accident : while investigating on an illegal access on the computer system of AFLD (french agency responsible for «doping» testing), they went to cycle runner Floyd Landis, who had been using a person in Morocco hacking not only AFLD but also Greenpeace (who did not know being hacked) ; investigators obtained a «commission rogatoire internationale» and discovered this (they also discovered hacking of a Paris attorney) Court judgments On November 10, 2011 : Tribunal correctionnel de Nanterre sentenced 2 EDF employees to jail + fine and EDF to 1,5 M itself for unlawful access On February 6, 2013, the Cour d appel de Versailles overturned this judgment and sentenced one EDF employee (working in the nuclear safety department) to 6 months of emprisonment but neither his superior nor the sub contractor (because of lack of proof of EDF giving orders to commit unlawful actions) The EDF employee and the sub contractor were also sentenced to damages (15 000 )

Major factors of success in locating the source of unlawful access Hard work of the part of OCLCTIC Good international cooperation between french and moroccan authorities Major problems for courts What when no written orders appear to have been issued? What when orders may be implicit? What when the employee or sub-contractor is only trying to please his manager (or client)? What when the (large) customer gives a great freedom of action to its sub-contractor? Is the customer not liable for what the sub-contractor does?

Tribunal de grande instance de Paris, 21 février 2013, Sarenza vs. Jonathan L. and others Facts Sarenza s (shoemaker selling on-line) access codes to its customer data base (including 4.7 million mail addresses) had been supplied to a third party (NA2J) by one of its employees, who gave NA2J the login account and the password of her manager ; NA2J used it for its own needs but also sold it to other corporations (Vivaki) Court judment The employee is fined ; the damage amount is estimated by the Court at 100 000 but the award is reduced by 30 000 as the Court finds Sarenza to have been negligent in not taking the appropriate safety measures to protect its data base The login and password of the employee s manager were also used by 4 other persons The Court also finds that Vivaki should have been alerted by the very low price it paid for the data base and should accordingly have wondered about the legality of the transaction NA2J is now bankrupt

Cour d appel de Paris, 25 juin 2013, Gautier c/ SOCORPI, IMMOVAC and others Facts Unlawful use of a data base : the data base of a real estate group of companies has been fraudulently used by the founder of the group (while selling its company which was a member of such group) for its new totally independent company Courts judgments Seller is sentenced (Tribunal de commerce de Paris, 12 octobre 2011) to damages amounting to 50 000 for «unfair practices» This is confirmed by Cour d appel de Paris on june 25, 2013

A few final remarks Very few «criminal» cases. Many cyber attacks remain unknown. French courts seem to feel somewhat uneasy about who to punish and about the appropriate punishment. A serious propension to blaming the victim for failure in protecting its own data A larger number of «busines cases». French courts feel more at ease in such cases

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information