France & UK on the Edge of Kafkaesque Surveillance

_82765991_4a198504-d9b4-42c1-961c-d73863aa7f4f.jpg

Those opposed to the new French surveillance law say it will allow the government to keep a record of innocuous conversations.

The problem of our laws, wrote Kafka, is that they can involve arbitrary, secretive acts on the part of elites. The law, on this view, has “brought only slight, more or less accidental benefits, and done a great deal of serious harm, since it has given the people a false sense of security towards coming events, and left them helplessly exposed”.
“We live”, Kafka concluded, “on the razor’s edge”. Most would find Kafka’s parable, published in 1931, a miss-characterisation of the rule of law. In democracies with a separation of powers, there are checks and balances between legislative, executive and judicial branches of government. There is transparency, rigor and reason, rather than secrecy.

There is accountability and oversight.
Or so we would hope. But if ever there were a set of laws at the thin edge of the world, reeling back the swath of advances in civil rights and liberties during the century since Kafka resolved his thinking, and embodying his diagnosis with terrifying precision, they are the laws surrounding surveillance and counter-terror in the digital age.
Two decisions, one 11 days ago in Britain, and another last Thursday in France, highlight key concerns about the rule of law, cognitive dissonance around terror, the fated pursuit of a false sense of security, and the disassembled balance of power between citizens and the deep state.

The first story appears to contain a glimmer of hope. Two British MPs, Tom Watson and David Davis, crossed the party divide and with campaigning organisation Liberty, won a legal challenge against the rushed, undemocratic Data Retention and Investigatory Powers Act (Dripa), passed in July 2014. The High Court found that Dripa was unlawful because it did not adequately ensure that access to, and use of, communications data (though not its collection) was limited to what was necessary, appropriate and proportionate for preventing and detecting serious crime.

The law attracted impassioned cries about incursions on civil liberties – despite this, the French council approved it
The decision has been welcomed for, finally, recognising in the UK what a number of other countries and a slew of independent examiners have demanded: proper judicial oversight of a “general retention regime on a potentially massive scale”. Where it falls down, as do many of those reports, is in accepting, implicitly or explicitly, the euphemistic re-characterisation of mass surveillance as “bulk interception” or “bulk collection”, thus endorsing an incursion into our private lives, papers, thoughts and communications that has no precedent in the law of the land. However, the Dripa victory is likely short-lived. Immediately, the Home Office declared its disagreement with the High Court’s decision, pledging to appeal. And of course, the Conservative government has already made abundantly clear its intention to enact a single, comprehensive law – the so-called “snooper’s charter” – which many fear would unleash a tidal wave of surveillance at political and executive discretion.

This is where the other side of the channel comes in. Late on Thursday 23 July, in France’s highest constitutional body, the last safeguard of the rule of law fell, approving what is, by all measures, an intrusive, comprehensive, virtually-unchecked surveillance law.

A pipe-dream for two years, the French law gathered momentum in March this year in the wake of the Charlie Hebdo attack, and was put together in the French parliament under emergency procedures, drastically reducing discussion time and preventing any meaningful debate. The law was overwhelmingly approved by parliament in June and immediately referred to the constitutional council by nearly everyone who could do so, including François Hollande – the first time the president has deferred a law voted by parliament in the Fifth Republic.
 
The case also attracted an unheard of number of amicus briefs, many of which were made public, and most of which involved an impassioned cry about the unprecedented incursion on civil liberties that the law mandates.
And yet, despite this, the French council approved, with very few exceptions, a law that allows intelligence agencies to monitor phone calls and emails without prior judicial authorisation; to require internet service providers to install “black boxes” that filter all internet traffic, combing everyone’s metadata in order to identify deviant behaviours based on unknown parameters and provide access to the agencies; and to bug cars, homes and keyboards for images, sound and data.

All of this, of course, is discussed as being targeted at “suspected terrorists”. But all of it, equally and more significantly, touches us all; anyone and everyone who traverses the Internet. The law’s goal is to improve the agencies’ tools for a large variety of vaguely stated purposes: terrorism, but also political surveillance, competitive intelligence for France’s major economic, industrial and scientific interests, the fight against organised crime, and goodness knows what else to come.
The French case shows that the long-cherished secrecy of communications – a notion dating at least as far back as the French Revolution – has no constitutional priority. It shows the gripping appeal of laws that, in Kafka’s terms, provide a false sense of security and leave the people – particularly people in certain communities – helplessly exposed. On Sunday 26 July, the law came into effect.

Effective intelligence is critical to the challenges we face. But that intelligence must be targeted
The reality is that the French and British governments have discerned that a potent combination of public fear about extremism and political appetite for tough national security measures have cleared the path for draconian overreach and surveillance of all our communications. This is enacted even without proof that such tools will prevent the unpreventable, nor any cost-benefit analysis of all of the other ways that they leave us exposed, and society fragmented.

Effective intelligence is critical to the challenges we face. But that intelligence must be targeted, and it must be subject to due process, transparency and meaningful independent oversight. Measures that inhibit all of our freedoms must be subject to open, fair, evidenced-based debate, rather than cynical emergency procedures. And even if an individual is prepared to surrender all privacy in order to accept a minute reduction in risk of a catastrophic event, what safeguards are in place to prevent even greater catastrophes, in the hands of a state, oft-captured and oft-brutal, knowing and seeing all?

The tools that France and Britain are currently seeking are too blunt and intrusive for modern democracies. They stifle dissent with the same chilling turn uttered by Robespierre, one of the main leaders of the Reign of Terror during the French Revolution in condemning his former friend and close ally Danton to the guillotine for alleged counter-revolutionary activities: “anyone who trembles at this moment is guilty; for innocence never fears public surveillance”. We live it seems on the razor’s edge.
Guardian: http://bit.ly/1PbKFE5

« HTC: Rendered Worthless By Insecurity?
Twitter says U.S Government Want More User Account Information »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

Exabeam

Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.