In December 2014, the French government published a decree enacting an internet surveillance law that was passed a year before. The measure allowed authorities ‘administrative access to connection data,’ and came into force on the 1st January 2015.
The decree, provided French officials with access to data including phone calls, text messages and internet access by both private users and operators. The enactment of the law came as a surprise as less than two months previously, François Hollande, had expressed his “deep disapproval” to Barack Obama at revelations that the NSA had been intercepting millions of phone calls in France. He described it as an “unacceptable practice.”
The new powers created an “interdepartmental group” in charge of security interceptions and administrative access, gathering requests for certain data and obtaining it from operators. Several branches within the French Interior Ministry, the Ministry of Defense and a directorate at the Ministry of Finance are now entitled to “order” intercepts.
These powers have been granted under the flag of protection from the terrorist threat. An oversight body called the National Control Commission for Security Interceptions (CNCIS) was also setup to supervise these new governmental data control powers.
Conveniently (for the French authorities) it is allowed to oversee documents and information asked to be disclosed to the authorities but it has no power to sanction anyone, or alert any third party of abuse of the new powers.
A snapshot of the “bag of tricks” now available to the participating departments include:
- Monitor emails and phone calls of suspects and their contacts without seeking authorization from a judge;
- Obligation on telecommunications and internet companies to automatically filter vast amounts of metadata to flag suspicious patterns;
- Make all of this data freely available to intelligence services;
- The intelligence services are also now permitted to plant cameras and bugs in the homes of suspects without court orders;
- And the use of keystroke-loggers to track their online behavior is also sanctioned at the discretion of the French departments and intelligence agencies.
Privacy International, Amnesty International, human rights organizations, the French National Digital Council and several French web hosting companies have expressed alarm over the laws. The commercial outfits though are more concerned that the threat of constant government intrusion would undermine their business/profits rather than result in illegal and unwarranted surveillance of citizens.
Under the law, internet service providers would have to install monitoring mechanisms — referred to by the French media as “black boxes” — that would use algorithms to detect, in real time, suspicious behaviors in internet metadata.
Supporters stress that this metadata would remain anonymous and that content of communications would not be automatically swept up, but the behaviors that would constitute a “terrorist-like” pattern are still unclear.
Critics say it is mass surveillance on a disproportionately large scale. Under the bill, recordings could be stored for up to one month, and metadata for up to five years.
The often quoted East German Stasi method of using a network of 2,000,000 HUMINT assets as the largest government sanctioned breach of privacy rights in history now seems like amateur day when compared to the 66,000,000 SIGINT black boxes now monitoring the French population.