The fundamental rights NGO epicenter.works reported a critical security vulnerability in the Epidemiological Reporting System (EMS) and was prosecuted as a result. The case shows the fundamental flaws in Austria's approach to IT security.