France’s Intelligence Bill: legalising mass surveillance

Uploaded on 2015-05-06 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The French government claims its new Intelligence Bill is defined in opposition to the American and British models – but this just doesn't hold once the text is examined - Quite the contrary! 
Recently French Prime Minister Manuel Valls organised a press conference to announce the Intelligence Bill that his government had just adopted and was presenting to Parliament. Confronting the media, Valls sought to dismiss growing concerns that the bill, the contents of which had been leaked to the press a few days earlier, would undermine the right to privacy. “This has nothing to do with the generalised surveillance of citizens”, Valls said to journalists. He even went on to claim that the bill would “forbid” mass surveillance.
 
This posture came all the more naturally to the French Government as it has kept its head down and weathered the storm since the Snowden disclosures began almost two years ago. Even when documents exposing the cooperation between the French General Directorate for External Security (DGSE) and the NSA and other Five-Eyes agencies (the LUSTRE agreement) came to light, public officials either refrained from any comment or issued denials. Today, the Valls government is claiming that the bill is simply a matter of securing the legitimate intelligence collection practices of the French security services, which hitherto lacked a proper legal framework.
These reassurances, however, do not survive proper scrutiny. A close reading of the Bill shows that it authorises the government to engage in preventive surveillance of private communications and public spaces for a broad range of motives – from terrorism to economic espionage and the monitoring of social movements – without proper ex ante control. It also orchestrates the legal whitewashing of mass surveillance, and legalizes tools and policies that directly echo those of other surveillance superpowers, like the US, the UK or Germany. Three examples are particularly telling.
The most fiercely debated item of the bill relates to so-called Internet “black boxes” aimed at detecting terrorist threats. Article 2 makes provision for the Prime Minister to require telecom operators and online platforms to install technical devices on their infrastructure (networks or servers) that will use custom algorithms to detect suspicious online behaviour.
According to examples quoted by government ministers and high-ranking officials in the intelligence community, the goal is to detect the use of particular encryption protocols or web browsing habits. Though the government denies this is the case, there is every indication that these black boxes will deploy some kind of Deep Packet Inspection (DPI) technology.
From a British and American perspective, these black boxes are hardly news. In the UK, a similar provision was debated as early as 2000, and eventually subsumed in the Regulatory Investigative Powers Act, section 12. More recently, documents leaked by Mark Klein, a former AT&T employee turned whistleblower, revealed that the NSA had implemented DPI technologies to monitor Internet traffic on US soil.
Traditionally surveillance has been justified by the practical limitations to the ability of states to engage in mass surveillance outside of their territory. But in the age of global and digital communications networks, where whole civilian populations have become subject to systematic surveillance, this outdated “laissez-faire” approach does not only completely negate the universality of human rights when it comes to foreigners. It also leads to opportunistic strategies where the cross-border nature of communications is used to bypass the checks-and-balances that protect the state's own citizens, all within the comfort of the national territory.
Open Democracy: http://bit.ly/1EyXKUr

 

« Largest U.S. Data Breaches in the Last 10 Years
Stellar Wind: CIA analysts didn’t use the NSA’s Spy program. »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.

SITS Group

SITS Group

SITS Group excel in delivering a comprehensive range of Cyber Security consulting and managed services, from cloud transformation to risk management.