France should not repeat U.S. surveillance mistakes

BY Christian Borggreen
May 7, 2015

Following the recent terrorist attacks in Paris, the French government has put forward a controversial bill aimed at boosting its intelligence services. The proposal is expected to be voted into law by the Senate before Summer. The proposal brings to mind the USA PATRIOT Act and other controversial counterterrorism laws which were all rushed through under fear and later heavily.

The French intelligence bill could have a number of worrisome consequences for online rights. Civil society group La Quadrature du Net and France’s tech industry highlight a number of serious threats, notably that the bill:

  • Will extend the scope of intelligence targets to include political groups, civil society, and economic and scientific organizations.
  • Will introduce new technologies of mass surveillance of electronic communications. This include so-called “black boxes” or source code injected by French intelligence services on Internet service providers’ infrastructure to detect suspicious user behaviour in real time. This would bring all French under surveillance and expand monitoring to include private pictures, company trade secrets, medical records, etc.
  • Will propose a new register for suspected persons and new measures to record phone calls without authorization from a judge thus undermining data privacy protections.
  • Lacks any real and independent supervision to rein in mass surveillance and limit abuse.
  • May not actually improved security as terrorists can utilise circumvention tools or use more traditional means of communication.

The litany of concerns with the French bill bear a striking resemblance to the widely criticized surveillance programs operated by the U.S. National Security Agency, and will undoubtedly lead to similar backlash. The USA PATRIOT Act has been interpreted to allow for the bulk collection of telephone call records, and the Foreign Intelligence Surveillance Act has similarly been used to authorize the bulk collection of international Internet communications and records. By comparison, the French legislation goes further in many ways, particularly through the collection of call content and the real-time algorithmic surveillance of the digital communications of French Internet users.

Just as the revelations about the United States’ mass surveillance authorities resulted in significant adverse consequences for the U.S. government and its economic interests, the French law obviously will lead to distrust amongst users and damage France’s image abroad as a defender of human rights.

Importantly, it will also hurt France’s growing Internet industry. As a first indication of a looming industrial exodus, one French hosting company has already announced that it will leave the country for Norway. Other Internet companies may similarly move their data centres abroad as clients correctly will worry of possible French industrial espionage via the mandated spyware. This self-handicapping of France’s Internet industry will impact other sectors in the Internet ecosystem and result in lost orders, investments, and loss of jobs.

France should look at international attempts at counterterrorism laws before enacting its own Loi de renseignement. The surveillance authorities found in the USA PATRIOT Act lowered global trust in the U.S. government and is now under reform in the U.S. Congress. The EU’s Data Retention Directive, rushed through following terrorist attacks in Madrid and London, was annulled by the European Court of Justice last year. Other national surveillance laws have also been annulled.

Fear is an effective, but troublesome motivator for legislation. France now has the opportunity to learn from other attempts at intelligence laws to enact a framework that truly ensures security, safeguards online rights, and enables digital growth.

Related Articles

CCIA To Testify Before FTC On Privacy Thursday

Sep 8, 2022

Washington –The Computer & Communications Industry Association will testify Thursday during the Federal Trade Commission’s Public Forum on Privacy. CCIA supports baseline federal privacy rules for the Internet ecosystem. CCIA Chief of Staff and Senior Vice President Stephanie Joyce will tell the FTC that federal law should protect sensitive user data that can be linked…

CCIA Submits Comments To California’s Privacy Protection Agency

Aug 18, 2022

Washington – The Computer & Communications Industry Association filed comments ahead of next week’s deadline in response to California’s request for information as it implements the California Privacy Rights Act.  CPRA is the most comprehensive set of enacted guidelines in the country. CCIA offered comments on how to ensure the regulations reflect the mandates in…

CCIA Launches Research Center to Provide a One-Stop-Shop Resource for Data & Analytics on the Connected Economy

Aug 11, 2022

Washington – The Computer & Communications Industry Association is pleased to announce the launch of the CCIA Research Center, the longest-running tech trade association’s newest arm and a source for the most up-to-date data and analytics on the connected economy. CCIA has advocated for empirically-grounded policy that advances competition and innovation for 50 years and…