France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand

from the going-from-bad-to-worse dept

Techdirt has been charting for a while France's descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security. According to a story in Le Figaro, even worse is to come in the shape of a new law (original in French, found via @gchampeau):
[the proposed law] wants to force intermediaries to "detect, using automatic processing, suspicious flows of connection data". Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.
As well as being extremely vague, none of this "automatic detection" will require a warrant, which means that the scope for abuse and errors will be huge. And then there's this:
The Intelligence bill also addresses the obligations placed on operators and platforms "concerning the decryption of data." More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.
As we've noted before, there is a global push to demonize encryption by presenting it as a "dark place" where bad people can safely hide. What's particularly worrying is that the measures proposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: encryption, france, free speech, internet companies, liability, suspicious behavior
Companies: apple, facebook, google, twitter


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Michael, 17 Mar 2015 @ 6:20am

    "detect, using automatic processing, suspicious flows of connection data"

    I saw some data flowing suspiciously just the other day. It was like 'I'm gonna go here.' and then totally changed it's mind at the last minute and went to a site about bomb making instead.

    reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 17 Mar 2015 @ 9:24am

      Re:

      It was like 'I'm gonna go here.' and then totally changed it's mind at the last minute and went to a site about bomb making instead.

      That happens to me all the time too. Here I am reading blog comments about some intelligence agency overreach, and the next minute, somebody posts a recipe for an explosive (?) in answer to another comment. I think it mentioned liquid Dawn soap and styrofoam.

      What are we to do?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 6:33am

    The text does not specify, but this could mean frequent connections to monitored pages.

    That is because the government want everything, as using the Internet is a suspicious activity.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 6:51am

    People deserve it.

    They are the leaders they support.

    And of course, those leaders will deserve it when the people get fed up and protest or rebel.

    The cost going into protecting a nation from every last racist comment or terrorist threat on the interwebs is going to bankrupt the nations.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 6:54am

    And this is what happens when you have technological retards in charge of policy making.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 7:10am

    Just Get to it

    Why don't they pass a law making RFC 3514 mandatory? All packets with the appropriate bit set could be routed straight to the local police. After all, that's what they want and it shouldn't be to hard to implement since there is already an RFC about it. For that matter, they could require setting the bit to 1 on any packets where there is any doubt.

    reply to this | link to this | view in chronology ]

    • identicon
      jackn, 17 Mar 2015 @ 7:15am

      Re: Just Get to it

      why not just send ALL packets to the cops. Start with the assumption that everyone is suspicious, and then let the each and every citizen prove their innocence.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Mar 2015 @ 7:29am

        Re: Re: Just Get to it

        That's right!

        Guilty until proven innocent! The way every politician wants it.

        The Electorate(or whatever passes for one) in every nation has pretty much failed their own nation.

        Politicians should be never trusted! The moment you do, is the moment they will prove why they can't be.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Mar 2015 @ 7:34am

        Re: Re: Just Get to it

        What you have satirized is the very basis of Neapolitan law.

        If the police arrest you it is up to you to prove your innocence not for the police to prove you are guilty as in English and American law.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 7:19am

    So what I want to know is how France is planning on getting a these encryption keys or how they expect the IPSs to. That's going to be really cute when everyone goes to encrypted VPNs to maintain privacy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 7:27am

    Anything associated with Tor-valds

    is automatically suspicious.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 7:29am

    The French have cracked the "halting problem"

    Good to know.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 7:34am

    so, as was the case with the 'poison dwarf, France is going to ignore what it wants from the EU and follow down the road the UK is treading, trying to spy on all citizens and, i'll bet, be in league with the USA, handing over whatever data they can. privacy and freedom have, yet again, been thrown out the window, under the excuses of protecting against pornography and terrorism, when the real reasons are simply to keep a 'BIG BROTHER' eye on it's own people and expecting them to not use, be allowed to use encryption or give the government the ability, at the drop of a hat, to break that encryption!
    bearing in mind that, like other countries worldwide, France was condemning China, N.Korea, Tehran and other countries for the lack of freedom, privacy and human rights. strange how those particular countries now have better records in these departments than the so-called 'top of the crop' countries!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 7:43am

    Anyone who accesses the internet is a terrorist. Anyone who uses encryption to access the internet is a well-disciplined terrorist.
    The trouble with satire is that it so often comes true.

    reply to this | link to this | view in chronology ]

  • identicon
    Arcan, 17 Mar 2015 @ 8:07am

    The obvious solution to this issue

    The obvious solution on how to deal with france is to simply pull out. If most major US internet companies like Google or Facebook IP block france, it would absolutely gut the mainstream internet for them. You make the citizens pissed off enough that they go straight to the government to fix this. It's something that would work on a lot of companies, about the only thing they couldn't do is pull out of the US.

    reply to this | link to this | view in chronology ]

    • identicon
      Arcan, 17 Mar 2015 @ 9:21am

      Re: The obvious solution to this issue

      and the fun thing, US companies choosing not to do business with france to change the law would be terrorism.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 17 Mar 2015 @ 9:51am

      Re: The obvious solution to this issue

      I don't agree with blocking any nation because they pass stupid laws. I think the better way to approach this is for non-French companies to simply remove all physical presence from the country and to ignore French law entirely.

      The only way a nation could deal with that is to block those sites, so it would result either in the laws being revised to something more reasonable or France doing the blocking. French citizens would then be mad at their government rather than the companies.

      reply to this | link to this | view in chronology ]

      • identicon
        Rekrul, 19 Mar 2015 @ 12:24am

        Re: Re: The obvious solution to this issue

        I don't agree with blocking any nation because they pass stupid laws. I think the better way to approach this is for non-French companies to simply remove all physical presence from the country and to ignore French law entirely.

        The problem with that idea is that all these big tech companies are apparently completely ignorant of how the internet works. They all believe that it's mandatory to have an office in every country in the world, or those people won't be able to access their service.

        reply to this | link to this | view in chronology ]

    • icon
      Max (profile), 17 Mar 2015 @ 11:34am

      Re: The obvious solution to this issue

      "The obvious solution on how to deal with france is to simply pull out."
      Yeah, you wish. Nobody would even notice. France has its very own island off the internet - they don't read and bloody surely don't produce any pages in any other filthy language. You could have the best pro-class freeware app in the world - if you host it on a French site, nobody will ever know about it outside France because it will never get indexed in English. Oh, you think I'm kidding...?

      reply to this | link to this | view in chronology ]

  • identicon
    Martins, 17 Mar 2015 @ 8:15am

    blog

    I support that pulling out is best solution on dealing with france in this issue.

    reply to this | link to this | view in chronology ]

  • icon
    Geno0wl (profile), 17 Mar 2015 @ 8:18am

    Apply everything to the real world

    None of these people "get it" because they somehow treat the digital world different than the "real" world. How about when we are talking about these things we interpret them in "real" world sense.

    Banning end-to-end Encryption. Forget the whole government easily reading your mail. How about the mailman. How would you feel if all of the mail being delivered wasn't in envelopes but open? No? Well how about you can still put it in envelopes but keep a "backdoor", aka no glue to hold it shut. Does that sound ok? That is what these governments are mandating.

    Now lets get to no phone encryption. To better protect you the government is now mandating you are not allowed to have doors on your house. Wait you don't like that suddenly. But it is for YOUR SAFETY to CATCH BAD GUYS! Ok fine you can have doors but the padlocks must open from the outside with a screwdriver. No exceptions or you go to jail.

    Man what a wonderful and free society we live in!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 17 Mar 2015 @ 8:24am

    Automagically

    I like the automagically part. Seems like politicians really like the implied smoke and mirrors. It suits their style of governance. It is so, because we say it is so.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 17 Mar 2015 @ 9:10am

    Yet again, people expect magic. Film at 11.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 9:43am

    Because it is so easy...

    -"Hey Bert I've got some terrorist traffic here!"
    -"Why do you say that Carl?"
    -"look at what it says next to r-o-u-t-i-n-g protocol"
    -"ooooh yes, it says IS-IS. Those god darn terrorists are so busted"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 10:10am

    I don't understand why all these governments are attempting to outlaw privacy. Such attempts are very totalitarian. I envy the olden days when people could have private conversations without worrying about recording devices everywhere they went.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 17 Mar 2015 @ 12:39pm

      Re:

      I don't understand why all these governments are attempting to outlaw privacy. Such attempts are very totalitarian.

      Assuming that wasn't sarcasm(it's so hard to tell these days), you answered your own question there.

      reply to this | link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 17 Mar 2015 @ 10:57am

    Beware!

    Beware of what you ask for! You just might get it!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 11:09am

    This is honestly something I'd expect from the British, not France.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Mar 2015 @ 1:58pm

    Same old same old.

    "Techdirt has been charting for a while France's descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security."

    Which France are you talking about? The one that for the most part gladly gave up it's freedoms to invading Nazis in the illusory hope that licking Nazi boots would provide some security to the established order? That France?

    Yes, there was a French resistance (otherwise known as terrorists), but for the most part they welcomed the Nazi's with open arms.

    reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 17 Mar 2015 @ 6:57pm

      Re: Same old same old.

      After WWI, you begrudge them not having enough cannon fodder left for WWII? Cruel. Victor Hugo weeps in the background, consoled by a stoic Voltaire.

      reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 17 Mar 2015 @ 5:15pm

    of course the government and the wealthy will be exempted from this since everyone knows only the middle class and poor have criminals in their ranks.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Mar 2015 @ 1:47am

    Good luck with that.

    If I hold the keys, the "google, apple or whoever" will not be able to decrypt the information. What then? Force me?

    When I have a Perfect Forward Secrecy, I won't be able to decrypt old transmissions. Ever. What then? Force me to save the keys? And force the hard drives not to break? And software not to have bugs? Put the "calling authorities" feature? But where and how? I can use Open Software and build my own computers from chips - it might be slow, but completely in my control - force the chip manufacturers to put the back door? How?

    And then comes the plausible deniability. "Random data? Must be encrypted - so you have to give us the keys (like in Britain)". And so I will. To the disposable message. The real one will still be there, just not visible - good luck with that.

    It might only work in Eurasia, maybe with Airstrip One.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.