France’s Intelligence Bill: legalising mass surveillance

Uploaded on 2015-05-06 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The French government claims its new Intelligence Bill is defined in opposition to the American and British models – but this just doesn't hold once the text is examined - Quite the contrary! 
Recently French Prime Minister Manuel Valls organised a press conference to announce the Intelligence Bill that his government had just adopted and was presenting to Parliament. Confronting the media, Valls sought to dismiss growing concerns that the bill, the contents of which had been leaked to the press a few days earlier, would undermine the right to privacy. “This has nothing to do with the generalised surveillance of citizens”, Valls said to journalists. He even went on to claim that the bill would “forbid” mass surveillance.
 
This posture came all the more naturally to the French Government as it has kept its head down and weathered the storm since the Snowden disclosures began almost two years ago. Even when documents exposing the cooperation between the French General Directorate for External Security (DGSE) and the NSA and other Five-Eyes agencies (the LUSTRE agreement) came to light, public officials either refrained from any comment or issued denials. Today, the Valls government is claiming that the bill is simply a matter of securing the legitimate intelligence collection practices of the French security services, which hitherto lacked a proper legal framework.
These reassurances, however, do not survive proper scrutiny. A close reading of the Bill shows that it authorises the government to engage in preventive surveillance of private communications and public spaces for a broad range of motives – from terrorism to economic espionage and the monitoring of social movements – without proper ex ante control. It also orchestrates the legal whitewashing of mass surveillance, and legalizes tools and policies that directly echo those of other surveillance superpowers, like the US, the UK or Germany. Three examples are particularly telling.
The most fiercely debated item of the bill relates to so-called Internet “black boxes” aimed at detecting terrorist threats. Article 2 makes provision for the Prime Minister to require telecom operators and online platforms to install technical devices on their infrastructure (networks or servers) that will use custom algorithms to detect suspicious online behaviour.
According to examples quoted by government ministers and high-ranking officials in the intelligence community, the goal is to detect the use of particular encryption protocols or web browsing habits. Though the government denies this is the case, there is every indication that these black boxes will deploy some kind of Deep Packet Inspection (DPI) technology.
From a British and American perspective, these black boxes are hardly news. In the UK, a similar provision was debated as early as 2000, and eventually subsumed in the Regulatory Investigative Powers Act, section 12. More recently, documents leaked by Mark Klein, a former AT&T employee turned whistleblower, revealed that the NSA had implemented DPI technologies to monitor Internet traffic on US soil.
Traditionally surveillance has been justified by the practical limitations to the ability of states to engage in mass surveillance outside of their territory. But in the age of global and digital communications networks, where whole civilian populations have become subject to systematic surveillance, this outdated “laissez-faire” approach does not only completely negate the universality of human rights when it comes to foreigners. It also leads to opportunistic strategies where the cross-border nature of communications is used to bypass the checks-and-balances that protect the state's own citizens, all within the comfort of the national territory.
Open Democracy: http://bit.ly/1EyXKUr

 

« Largest U.S. Data Breaches in the Last 10 Years
Stellar Wind: CIA analysts didn’t use the NSA’s Spy program. »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Nasuni

Nasuni

The Nasuni File Data Platform offers the protection, detection, and recovery of file shares from ransomware attacks or random disasters within minutes.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

Cyber Unit

Cyber Unit

Cyber Unit offer next level protection from cyber attacks in packages and pricing options that are accessible to smaller organizations.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

Exaforce

Exaforce

At Exaforce, we are on a mission to 10× improve the productivity and efficacy of security and operations teams using our transformative multi-model AI engine.