France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand
from the going-from-bad-to-worse dept
Techdirt has been charting for a while France’s descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security. According to a story in Le Figaro, even worse is to come in the shape of a new law (original in French, found via @gchampeau):
[the proposed law] wants to force intermediaries to “detect, using automatic processing, suspicious flows of connection data”. Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.
As well as being extremely vague, none of this “automatic detection” will require a warrant, which means that the scope for abuse and errors will be huge. And then there’s this:
The Intelligence bill also addresses the obligations placed on operators and platforms “concerning the decryption of data.” More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.
As we’ve noted before, there is a global push to demonize encryption by presenting it as a “dark place” where bad people can safely hide. What’s particularly worrying is that the measures proposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: encryption, france, free speech, internet companies, liability, suspicious behavior
Companies: apple, facebook, google, twitter
Comments on “France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand”
“detect, using automatic processing, suspicious flows of connection data”
I saw some data flowing suspiciously just the other day. It was like ‘I’m gonna go here.’ and then totally changed it’s mind at the last minute and went to a site about bomb making instead.
Re: Re:
That happens to me all the time too. Here I am reading blog comments about some intelligence agency overreach, and the next minute, somebody posts a recipe for an explosive (?) in answer to another comment. I think it mentioned liquid Dawn soap and styrofoam.
What are we to do?
That is because the government want everything, as using the Internet is a suspicious activity.
People deserve it.
They are the leaders they support.
And of course, those leaders will deserve it when the people get fed up and protest or rebel.
The cost going into protecting a nation from every last racist comment or terrorist threat on the interwebs is going to bankrupt the nations.
And this is what happens when you have technological retards in charge of policy making.
Just Get to it
Why don’t they pass a law making RFC 3514 mandatory? All packets with the appropriate bit set could be routed straight to the local police. After all, that’s what they want and it shouldn’t be to hard to implement since there is already an RFC about it. For that matter, they could require setting the bit to 1 on any packets where there is any doubt.
Re: Just Get to it
why not just send ALL packets to the cops. Start with the assumption that everyone is suspicious, and then let the each and every citizen prove their innocence.
Re: Re: Just Get to it
That’s right!
Guilty until proven innocent! The way every politician wants it.
The Electorate(or whatever passes for one) in every nation has pretty much failed their own nation.
Politicians should be never trusted! The moment you do, is the moment they will prove why they can’t be.
Re: Re: Just Get to it
What you have satirized is the very basis of Neapolitan law.
If the police arrest you it is up to you to prove your innocence not for the police to prove you are guilty as in English and American law.
So what I want to know is how France is planning on getting a these encryption keys or how they expect the IPSs to. That’s going to be really cute when everyone goes to encrypted VPNs to maintain privacy.
Re: Re:
How to get them? Simple they send in the cops.
Anything associated with Tor-valds
is automatically suspicious.
The French have cracked the "halting problem"
Good to know.
so, as was the case with the ‘poison dwarf, France is going to ignore what it wants from the EU and follow down the road the UK is treading, trying to spy on all citizens and, i’ll bet, be in league with the USA, handing over whatever data they can. privacy and freedom have, yet again, been thrown out the window, under the excuses of protecting against pornography and terrorism, when the real reasons are simply to keep a ‘BIG BROTHER’ eye on it’s own people and expecting them to not use, be allowed to use encryption or give the government the ability, at the drop of a hat, to break that encryption!
bearing in mind that, like other countries worldwide, France was condemning China, N.Korea, Tehran and other countries for the lack of freedom, privacy and human rights. strange how those particular countries now have better records in these departments than the so-called ‘top of the crop’ countries!!
The trouble with satire is that it so often comes true.
The obvious solution to this issue
The obvious solution on how to deal with france is to simply pull out. If most major US internet companies like Google or Facebook IP block france, it would absolutely gut the mainstream internet for them. You make the citizens pissed off enough that they go straight to the government to fix this. It’s something that would work on a lot of companies, about the only thing they couldn’t do is pull out of the US.
Re: The obvious solution to this issue
and the fun thing, US companies choosing not to do business with france to change the law would be terrorism.
Re: The obvious solution to this issue
I don’t agree with blocking any nation because they pass stupid laws. I think the better way to approach this is for non-French companies to simply remove all physical presence from the country and to ignore French law entirely.
The only way a nation could deal with that is to block those sites, so it would result either in the laws being revised to something more reasonable or France doing the blocking. French citizens would then be mad at their government rather than the companies.
Re: Re: The obvious solution to this issue
I don’t agree with blocking any nation because they pass stupid laws. I think the better way to approach this is for non-French companies to simply remove all physical presence from the country and to ignore French law entirely.
The problem with that idea is that all these big tech companies are apparently completely ignorant of how the internet works. They all believe that it’s mandatory to have an office in every country in the world, or those people won’t be able to access their service.
Re: The obvious solution to this issue
“The obvious solution on how to deal with france is to simply pull out.”
Yeah, you wish. Nobody would even notice. France has its very own island off the internet – they don’t read and bloody surely don’t produce any pages in any other filthy language. You could have the best pro-class freeware app in the world – if you host it on a French site, nobody will ever know about it outside France because it will never get indexed in English. Oh, you think I’m kidding…?
blog
I support that pulling out is best solution on dealing with france in this issue.
Apply everything to the real world
None of these people “get it” because they somehow treat the digital world different than the “real” world. How about when we are talking about these things we interpret them in “real” world sense.
Banning end-to-end Encryption. Forget the whole government easily reading your mail. How about the mailman. How would you feel if all of the mail being delivered wasn’t in envelopes but open? No? Well how about you can still put it in envelopes but keep a “backdoor”, aka no glue to hold it shut. Does that sound ok? That is what these governments are mandating.
Now lets get to no phone encryption. To better protect you the government is now mandating you are not allowed to have doors on your house. Wait you don’t like that suddenly. But it is for YOUR SAFETY to CATCH BAD GUYS! Ok fine you can have doors but the padlocks must open from the outside with a screwdriver. No exceptions or you go to jail.
Man what a wonderful and free society we live in!
Automagically
I like the automagically part. Seems like politicians really like the implied smoke and mirrors. It suits their style of governance. It is so, because we say it is so.
Yet again, people expect magic. Film at 11.
Because it is so easy...
-“Hey Bert I’ve got some terrorist traffic here!”
-“Why do you say that Carl?”
-“look at what it says next to r-o-u-t-i-n-g protocol”
-“ooooh yes, it says IS-IS. Those god darn terrorists are so busted”
I don’t understand why all these governments are attempting to outlaw privacy. Such attempts are very totalitarian. I envy the olden days when people could have private conversations without worrying about recording devices everywhere they went.
Re: Re:
I don’t understand why all these governments are attempting to outlaw privacy. Such attempts are very totalitarian.
Assuming that wasn’t sarcasm(it’s so hard to tell these days), you answered your own question there.
Beware!
Beware of what you ask for! You just might get it!
This is honestly something I’d expect from the British, not France.
Same old same old.
“Techdirt has been charting for a while France’s descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security.”
Which France are you talking about? The one that for the most part gladly gave up it’s freedoms to invading Nazis in the illusory hope that licking Nazi boots would provide some security to the established order? That France?
Yes, there was a French resistance (otherwise known as terrorists), but for the most part they welcomed the Nazi’s with open arms.
Re: Same old same old.
After WWI, you begrudge them not having enough cannon fodder left for WWII? Cruel. Victor Hugo weeps in the background, consoled by a stoic Voltaire.
of course the government and the wealthy will be exempted from this since everyone knows only the middle class and poor have criminals in their ranks.
Good luck with that.
If I hold the keys, the “google, apple or whoever” will not be able to decrypt the information. What then? Force me?
When I have a Perfect Forward Secrecy, I won’t be able to decrypt old transmissions. Ever. What then? Force me to save the keys? And force the hard drives not to break? And software not to have bugs? Put the “calling authorities” feature? But where and how? I can use Open Software and build my own computers from chips – it might be slow, but completely in my control – force the chip manufacturers to put the back door? How?
And then comes the plausible deniability. “Random data? Must be encrypted – so you have to give us the keys (like in Britain)”. And so I will. To the disposable message. The real one will still be there, just not visible – good luck with that.
It might only work in Eurasia, maybe with Airstrip One.