France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand

from the going-from-bad-to-worse dept

Techdirt has been charting for a while France’s descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security. According to a story in Le Figaro, even worse is to come in the shape of a new law (original in French, found via @gchampeau):

[the proposed law] wants to force intermediaries to “detect, using automatic processing, suspicious flows of connection data”. Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.

As well as being extremely vague, none of this “automatic detection” will require a warrant, which means that the scope for abuse and errors will be huge. And then there’s this:

The Intelligence bill also addresses the obligations placed on operators and platforms “concerning the decryption of data.” More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.

As we’ve noted before, there is a global push to demonize encryption by presenting it as a “dark place” where bad people can safely hide. What’s particularly worrying is that the measures proposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , ,
Companies: apple, facebook, google, twitter

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand”

Subscribe: RSS Leave a comment
33 Comments
tqk (profile) says:

Re: Re:

It was like ‘I’m gonna go here.’ and then totally changed it’s mind at the last minute and went to a site about bomb making instead.

That happens to me all the time too. Here I am reading blog comments about some intelligence agency overreach, and the next minute, somebody posts a recipe for an explosive (?) in answer to another comment. I think it mentioned liquid Dawn soap and styrofoam.

What are we to do?

Anonymous Coward says:

Just Get to it

Why don’t they pass a law making RFC 3514 mandatory? All packets with the appropriate bit set could be routed straight to the local police. After all, that’s what they want and it shouldn’t be to hard to implement since there is already an RFC about it. For that matter, they could require setting the bit to 1 on any packets where there is any doubt.

Anonymous Coward says:

so, as was the case with the ‘poison dwarf, France is going to ignore what it wants from the EU and follow down the road the UK is treading, trying to spy on all citizens and, i’ll bet, be in league with the USA, handing over whatever data they can. privacy and freedom have, yet again, been thrown out the window, under the excuses of protecting against pornography and terrorism, when the real reasons are simply to keep a ‘BIG BROTHER’ eye on it’s own people and expecting them to not use, be allowed to use encryption or give the government the ability, at the drop of a hat, to break that encryption!
bearing in mind that, like other countries worldwide, France was condemning China, N.Korea, Tehran and other countries for the lack of freedom, privacy and human rights. strange how those particular countries now have better records in these departments than the so-called ‘top of the crop’ countries!!

Arcan says:

The obvious solution to this issue

The obvious solution on how to deal with france is to simply pull out. If most major US internet companies like Google or Facebook IP block france, it would absolutely gut the mainstream internet for them. You make the citizens pissed off enough that they go straight to the government to fix this. It’s something that would work on a lot of companies, about the only thing they couldn’t do is pull out of the US.

John Fenderson (profile) says:

Re: The obvious solution to this issue

I don’t agree with blocking any nation because they pass stupid laws. I think the better way to approach this is for non-French companies to simply remove all physical presence from the country and to ignore French law entirely.

The only way a nation could deal with that is to block those sites, so it would result either in the laws being revised to something more reasonable or France doing the blocking. French citizens would then be mad at their government rather than the companies.

Rekrul says:

Re: Re: The obvious solution to this issue

I don’t agree with blocking any nation because they pass stupid laws. I think the better way to approach this is for non-French companies to simply remove all physical presence from the country and to ignore French law entirely.

The problem with that idea is that all these big tech companies are apparently completely ignorant of how the internet works. They all believe that it’s mandatory to have an office in every country in the world, or those people won’t be able to access their service.

Max (profile) says:

Re: The obvious solution to this issue

“The obvious solution on how to deal with france is to simply pull out.”
Yeah, you wish. Nobody would even notice. France has its very own island off the internet – they don’t read and bloody surely don’t produce any pages in any other filthy language. You could have the best pro-class freeware app in the world – if you host it on a French site, nobody will ever know about it outside France because it will never get indexed in English. Oh, you think I’m kidding…?

Geno0wl (profile) says:

Apply everything to the real world

None of these people “get it” because they somehow treat the digital world different than the “real” world. How about when we are talking about these things we interpret them in “real” world sense.

Banning end-to-end Encryption. Forget the whole government easily reading your mail. How about the mailman. How would you feel if all of the mail being delivered wasn’t in envelopes but open? No? Well how about you can still put it in envelopes but keep a “backdoor”, aka no glue to hold it shut. Does that sound ok? That is what these governments are mandating.

Now lets get to no phone encryption. To better protect you the government is now mandating you are not allowed to have doors on your house. Wait you don’t like that suddenly. But it is for YOUR SAFETY to CATCH BAD GUYS! Ok fine you can have doors but the padlocks must open from the outside with a screwdriver. No exceptions or you go to jail.

Man what a wonderful and free society we live in!

Anonymous Coward says:

Same old same old.

“Techdirt has been charting for a while France’s descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security.”

Which France are you talking about? The one that for the most part gladly gave up it’s freedoms to invading Nazis in the illusory hope that licking Nazi boots would provide some security to the established order? That France?

Yes, there was a French resistance (otherwise known as terrorists), but for the most part they welcomed the Nazi’s with open arms.

Anonymous Coward says:

Good luck with that.

If I hold the keys, the “google, apple or whoever” will not be able to decrypt the information. What then? Force me?

When I have a Perfect Forward Secrecy, I won’t be able to decrypt old transmissions. Ever. What then? Force me to save the keys? And force the hard drives not to break? And software not to have bugs? Put the “calling authorities” feature? But where and how? I can use Open Software and build my own computers from chips – it might be slow, but completely in my control – force the chip manufacturers to put the back door? How?

And then comes the plausible deniability. “Random data? Must be encrypted – so you have to give us the keys (like in Britain)”. And so I will. To the disposable message. The real one will still be there, just not visible – good luck with that.

It might only work in Eurasia, maybe with Airstrip One.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...