France & UK on the Edge of Kafkaesque Surveillance

Uploaded on 2015-08-14 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

_82765991_4a198504-d9b4-42c1-961c-d73863aa7f4f.jpg

Those opposed to the new French surveillance law say it will allow the government to keep a record of innocuous conversations.

The problem of our laws, wrote Kafka, is that they can involve arbitrary, secretive acts on the part of elites. The law, on this view, has “brought only slight, more or less accidental benefits, and done a great deal of serious harm, since it has given the people a false sense of security towards coming events, and left them helplessly exposed”.
“We live”, Kafka concluded, “on the razor’s edge”. Most would find Kafka’s parable, published in 1931, a miss-characterisation of the rule of law. In democracies with a separation of powers, there are checks and balances between legislative, executive and judicial branches of government. There is transparency, rigor and reason, rather than secrecy.

There is accountability and oversight.
Or so we would hope. But if ever there were a set of laws at the thin edge of the world, reeling back the swath of advances in civil rights and liberties during the century since Kafka resolved his thinking, and embodying his diagnosis with terrifying precision, they are the laws surrounding surveillance and counter-terror in the digital age.
Two decisions, one 11 days ago in Britain, and another last Thursday in France, highlight key concerns about the rule of law, cognitive dissonance around terror, the fated pursuit of a false sense of security, and the disassembled balance of power between citizens and the deep state.

The first story appears to contain a glimmer of hope. Two British MPs, Tom Watson and David Davis, crossed the party divide and with campaigning organisation Liberty, won a legal challenge against the rushed, undemocratic Data Retention and Investigatory Powers Act (Dripa), passed in July 2014. The High Court found that Dripa was unlawful because it did not adequately ensure that access to, and use of, communications data (though not its collection) was limited to what was necessary, appropriate and proportionate for preventing and detecting serious crime.

The law attracted impassioned cries about incursions on civil liberties – despite this, the French council approved it
The decision has been welcomed for, finally, recognising in the UK what a number of other countries and a slew of independent examiners have demanded: proper judicial oversight of a “general retention regime on a potentially massive scale”. Where it falls down, as do many of those reports, is in accepting, implicitly or explicitly, the euphemistic re-characterisation of mass surveillance as “bulk interception” or “bulk collection”, thus endorsing an incursion into our private lives, papers, thoughts and communications that has no precedent in the law of the land. However, the Dripa victory is likely short-lived. Immediately, the Home Office declared its disagreement with the High Court’s decision, pledging to appeal. And of course, the Conservative government has already made abundantly clear its intention to enact a single, comprehensive law – the so-called “snooper’s charter” – which many fear would unleash a tidal wave of surveillance at political and executive discretion.

This is where the other side of the channel comes in. Late on Thursday 23 July, in France’s highest constitutional body, the last safeguard of the rule of law fell, approving what is, by all measures, an intrusive, comprehensive, virtually-unchecked surveillance law.

A pipe-dream for two years, the French law gathered momentum in March this year in the wake of the Charlie Hebdo attack, and was put together in the French parliament under emergency procedures, drastically reducing discussion time and preventing any meaningful debate. The law was overwhelmingly approved by parliament in June and immediately referred to the constitutional council by nearly everyone who could do so, including François Hollande – the first time the president has deferred a law voted by parliament in the Fifth Republic.
 
The case also attracted an unheard of number of amicus briefs, many of which were made public, and most of which involved an impassioned cry about the unprecedented incursion on civil liberties that the law mandates.
And yet, despite this, the French council approved, with very few exceptions, a law that allows intelligence agencies to monitor phone calls and emails without prior judicial authorisation; to require internet service providers to install “black boxes” that filter all internet traffic, combing everyone’s metadata in order to identify deviant behaviours based on unknown parameters and provide access to the agencies; and to bug cars, homes and keyboards for images, sound and data.

All of this, of course, is discussed as being targeted at “suspected terrorists”. But all of it, equally and more significantly, touches us all; anyone and everyone who traverses the Internet. The law’s goal is to improve the agencies’ tools for a large variety of vaguely stated purposes: terrorism, but also political surveillance, competitive intelligence for France’s major economic, industrial and scientific interests, the fight against organised crime, and goodness knows what else to come.
The French case shows that the long-cherished secrecy of communications – a notion dating at least as far back as the French Revolution – has no constitutional priority. It shows the gripping appeal of laws that, in Kafka’s terms, provide a false sense of security and leave the people – particularly people in certain communities – helplessly exposed. On Sunday 26 July, the law came into effect.

Effective intelligence is critical to the challenges we face. But that intelligence must be targeted
The reality is that the French and British governments have discerned that a potent combination of public fear about extremism and political appetite for tough national security measures have cleared the path for draconian overreach and surveillance of all our communications. This is enacted even without proof that such tools will prevent the unpreventable, nor any cost-benefit analysis of all of the other ways that they leave us exposed, and society fragmented.

Effective intelligence is critical to the challenges we face. But that intelligence must be targeted, and it must be subject to due process, transparency and meaningful independent oversight. Measures that inhibit all of our freedoms must be subject to open, fair, evidenced-based debate, rather than cynical emergency procedures. And even if an individual is prepared to surrender all privacy in order to accept a minute reduction in risk of a catastrophic event, what safeguards are in place to prevent even greater catastrophes, in the hands of a state, oft-captured and oft-brutal, knowing and seeing all?

The tools that France and Britain are currently seeking are too blunt and intrusive for modern democracies. They stifle dissent with the same chilling turn uttered by Robespierre, one of the main leaders of the Reign of Terror during the French Revolution in condemning his former friend and close ally Danton to the guillotine for alleged counter-revolutionary activities: “anyone who trembles at this moment is guilty; for innocence never fears public surveillance”. We live it seems on the razor’s edge.
Guardian: http://bit.ly/1PbKFE5

« HTC: Rendered Worthless By Insecurity?
Twitter says U.S Government Want More User Account Information »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

AirCUVE

AirCUVE

AirCUVE provide authentication and access control solutions for networks and mobile security.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.