France’s Intelligence Bill: legalising mass surveillance

Uploaded on 2015-05-06 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The French government claims its new Intelligence Bill is defined in opposition to the American and British models – but this just doesn't hold once the text is examined - Quite the contrary! 
Recently French Prime Minister Manuel Valls organised a press conference to announce the Intelligence Bill that his government had just adopted and was presenting to Parliament. Confronting the media, Valls sought to dismiss growing concerns that the bill, the contents of which had been leaked to the press a few days earlier, would undermine the right to privacy. “This has nothing to do with the generalised surveillance of citizens”, Valls said to journalists. He even went on to claim that the bill would “forbid” mass surveillance.
 
This posture came all the more naturally to the French Government as it has kept its head down and weathered the storm since the Snowden disclosures began almost two years ago. Even when documents exposing the cooperation between the French General Directorate for External Security (DGSE) and the NSA and other Five-Eyes agencies (the LUSTRE agreement) came to light, public officials either refrained from any comment or issued denials. Today, the Valls government is claiming that the bill is simply a matter of securing the legitimate intelligence collection practices of the French security services, which hitherto lacked a proper legal framework.
These reassurances, however, do not survive proper scrutiny. A close reading of the Bill shows that it authorises the government to engage in preventive surveillance of private communications and public spaces for a broad range of motives – from terrorism to economic espionage and the monitoring of social movements – without proper ex ante control. It also orchestrates the legal whitewashing of mass surveillance, and legalizes tools and policies that directly echo those of other surveillance superpowers, like the US, the UK or Germany. Three examples are particularly telling.
The most fiercely debated item of the bill relates to so-called Internet “black boxes” aimed at detecting terrorist threats. Article 2 makes provision for the Prime Minister to require telecom operators and online platforms to install technical devices on their infrastructure (networks or servers) that will use custom algorithms to detect suspicious online behaviour.
According to examples quoted by government ministers and high-ranking officials in the intelligence community, the goal is to detect the use of particular encryption protocols or web browsing habits. Though the government denies this is the case, there is every indication that these black boxes will deploy some kind of Deep Packet Inspection (DPI) technology.
From a British and American perspective, these black boxes are hardly news. In the UK, a similar provision was debated as early as 2000, and eventually subsumed in the Regulatory Investigative Powers Act, section 12. More recently, documents leaked by Mark Klein, a former AT&T employee turned whistleblower, revealed that the NSA had implemented DPI technologies to monitor Internet traffic on US soil.
Traditionally surveillance has been justified by the practical limitations to the ability of states to engage in mass surveillance outside of their territory. But in the age of global and digital communications networks, where whole civilian populations have become subject to systematic surveillance, this outdated “laissez-faire” approach does not only completely negate the universality of human rights when it comes to foreigners. It also leads to opportunistic strategies where the cross-border nature of communications is used to bypass the checks-and-balances that protect the state's own citizens, all within the comfort of the national territory.
Open Democracy: http://bit.ly/1EyXKUr

 

« Largest U.S. Data Breaches in the Last 10 Years
Stellar Wind: CIA analysts didn’t use the NSA’s Spy program. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Security Innovation Network (SINET)

Security Innovation Network (SINET)

SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.