France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand
from the going-from-bad-to-worse dept
Techdirt has been charting for a while France’s descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security. According to a story in Le Figaro, even worse is to come in the shape of a new law (original in French, found via @gchampeau):
[the proposed law] wants to force intermediaries to “detect, using automatic processing, suspicious flows of connection data”. Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.
As well as being extremely vague, none of this “automatic detection” will require a warrant, which means that the scope for abuse and errors will be huge. And then there’s this:
The Intelligence bill also addresses the obligations placed on operators and platforms “concerning the decryption of data.” More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.
As we’ve noted before, there is a global push to demonize encryption by presenting it as a “dark place” where bad people can safely hide. What’s particularly worrying is that the measures proposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.