France’s Intelligence Bill: legalising mass surveillance

The French government claims its new Intelligence Bill is defined in opposition to the American and British models – but this just doesn't hold once the text is examined - Quite the contrary! 
Recently French Prime Minister Manuel Valls organised a press conference to announce the Intelligence Bill that his government had just adopted and was presenting to Parliament. Confronting the media, Valls sought to dismiss growing concerns that the bill, the contents of which had been leaked to the press a few days earlier, would undermine the right to privacy. “This has nothing to do with the generalised surveillance of citizens”, Valls said to journalists. He even went on to claim that the bill would “forbid” mass surveillance.
 
This posture came all the more naturally to the French Government as it has kept its head down and weathered the storm since the Snowden disclosures began almost two years ago. Even when documents exposing the cooperation between the French General Directorate for External Security (DGSE) and the NSA and other Five-Eyes agencies (the LUSTRE agreement) came to light, public officials either refrained from any comment or issued denials. Today, the Valls government is claiming that the bill is simply a matter of securing the legitimate intelligence collection practices of the French security services, which hitherto lacked a proper legal framework.
These reassurances, however, do not survive proper scrutiny. A close reading of the Bill shows that it authorises the government to engage in preventive surveillance of private communications and public spaces for a broad range of motives – from terrorism to economic espionage and the monitoring of social movements – without proper ex ante control. It also orchestrates the legal whitewashing of mass surveillance, and legalizes tools and policies that directly echo those of other surveillance superpowers, like the US, the UK or Germany. Three examples are particularly telling.
The most fiercely debated item of the bill relates to so-called Internet “black boxes” aimed at detecting terrorist threats. Article 2 makes provision for the Prime Minister to require telecom operators and online platforms to install technical devices on their infrastructure (networks or servers) that will use custom algorithms to detect suspicious online behaviour.
According to examples quoted by government ministers and high-ranking officials in the intelligence community, the goal is to detect the use of particular encryption protocols or web browsing habits. Though the government denies this is the case, there is every indication that these black boxes will deploy some kind of Deep Packet Inspection (DPI) technology.
From a British and American perspective, these black boxes are hardly news. In the UK, a similar provision was debated as early as 2000, and eventually subsumed in the Regulatory Investigative Powers Act, section 12. More recently, documents leaked by Mark Klein, a former AT&T employee turned whistleblower, revealed that the NSA had implemented DPI technologies to monitor Internet traffic on US soil.
Traditionally surveillance has been justified by the practical limitations to the ability of states to engage in mass surveillance outside of their territory. But in the age of global and digital communications networks, where whole civilian populations have become subject to systematic surveillance, this outdated “laissez-faire” approach does not only completely negate the universality of human rights when it comes to foreigners. It also leads to opportunistic strategies where the cross-border nature of communications is used to bypass the checks-and-balances that protect the state's own citizens, all within the comfort of the national territory.
Open Democracy: http://bit.ly/1EyXKUr

 

« Largest U.S. Data Breaches in the Last 10 Years
Stellar Wind: CIA analysts didn’t use the NSA’s Spy program. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.