France Surveillance Bill


#1

As many in the Mozilla community in France and around the world have noticed, the French government is debating a bill that would, reportedly, vastly increase its surveillance capabilities on Internet users.

The news is causing outcry among civil liberties groups and tech industry leaders in France.

This bill is very concerning. As Mozilla formulates how best to empower our community to take a stand on the issue, we are interested in understanding:
Who is working on and/or tracking the French Surveillance bill?
What is your point of view?
And, most importantly, how should this community work together to safeguard privacy and trust in the open Internet as it faces policy challenges in France?


Hello, French Mozilla employee, open source supporter
#2

Here are some links for more information in both French and English:

In French:

In English:


#3

Hi everyone!

Thank you Stacy for pointing me to this conversation, I hope I can help answering questions you may have.

There are tons of things to say about the France surveillance bill.

It’s being discussed this week at the French Parliament (which has 2 chambers).

The biggest issue with this bill is that it would allow “black boxes” (“boites noires” in French), in fact computers running classified software, within data-centers (Internet Service Providers, Web hosting companies, Internet services, telecommunication operators) that would monitor the traffic in order to “detect suspicious behavior”. The definition of what is suspicious behavior is classified and changes over time.

Note that this surveillance is only to fight terrorism (for now) and relies on meta-data (and we know how much meta-data can reveal).

So, with a few other people, I have created a Website, http://ni-pigeons-ni-espions.fr/ (means “not dumb birds nor spies”), in order to list “Internet makers” – mostly companies, but also non-profit or organizations from the academic world, while trying to avoid random individual users – who are against these “black boxes” because they are bad for the growth and health of the Internet. The declaration explains that these black boxes and Internet surveillance is bad for business. France is having a severe economic downturn, and it badly needs the economic activity that digital businesses can bring to the table.

This business angle has been chosen because it seems that it’s the only one that can be heard by politicians.

Explaining that it’s a matter of liberty unfortunately has zero impact. One thing to know is that this whole thing is taking place 3 months after the “Charlie Hebdo” attacks, where 2 terrorists killed 12 people, mostly journalists, while another attack killed 4 additional people.

Therefore, I decided to chose the business angle, which seems to be the only one that could work.

Large organizations are already signed and the list is growing:

  • OVH, Gandi and Online.net are large Domain registrars and hosting companies.
  • Linagora, XWiki, Open Wide and several other established open-source companies
  • Highly visible startups like Criteo, Captain Dash, Capitaine Train, JoliCloud
  • Non-profits such as Videolan/VLC, DotClear, WordPress Francophone…
  • Medias such as Mediapart
  • Orgs that represent parts of the IT industry: Syntec NumĂ©rique, France Digitale, etc.
  • Academic orgs such as INRIA.

I think that it would be really nice for Mozilla to sign this declaration. It’s very well aligned with Mozilla values and recent declarations regarding privacy. It would also show that Mozilla is taking position in markets other than the US. It would show support to local communities in causes that they care about.

I’m happy to answer questions you may have!

–Tristan Nitot
Mozilla Europe co-founder


#4

Here is the final law that will be voted:

http://www.assemblee-nationale.fr/14/ta-pdf/2697-p.pdf

Vote date is May 5, we have 2 weeks to raise awareness about the law in the population so as that they can contact their deputy member of the Assemblée Nationale to raise their concerns and ask them to vote no.

Pascal


#5

Another recent post in English about this issue:
http://www.theverge.com/2015/4/17/8439465/france-surveillance-law-anti-terrorism-charlie-hebdo?


#6

I read the post on Mozilla’s blog and I object to one sentence:

Secrecy and closed door discussions rarely create strong legislation.

The discussions are not secret and closed door. They happen in the open in the French National Assembly “Assemblée Nationale”. The issue we have here is that they don’t listen to the civil society (associations, organizations). But everything is perfectly visible and open, including live video of the debate happening in the Assembly.

The rest of the post is really perfect and I’m glad Mozilla takes a stance against this.


#7

Thanks, @julienw.

Including the full blog post here:

https://blog.mozilla.org/netpolicy/2015/04/22/mozilla-speaks-out-on-french-intelligence-bill/

Mozilla speaks out on French intelligence bill

Since Snowden, we have seen increasing government
conversations about the appropriate limits of surveillance; Some states
have sought to restrict their own access to information and others have
focused on restricting access from other governments. Generally, we like
this focus and support these kinds of efforts.

However, we are deeply concerned about recent reports about an
intelligence bill currently being negotiated in France. The French
government is rushing this proposal through Parliament, with little to
no consultation of key stakeholders, and the actual provisions under
discussion seem to be changing often.

The proposals that have been made public — including those allowing
for bulk collection of metadata, automated algorithmic analysis of user
communications, and efforts to weaken encryption — threaten Internet
infrastructure, user privacy, and data security. Not only are we
concerned about the content of these proposals, but given our own
commitment to openness, we are equally concerned by the manner in which
this legislation is being developed. Secrecy and closed door discussions
rarely create strong legislation.

While the specific provisions continue to change in this fast-moving
political environment, Mozilla joins numerous French institutions,
businesses, and civil society organizations in expressing deep concern
about the proposals being put forward by the French government. In
particular, we would oppose any law that:

  • Allows for pervasive monitoring of user communications, metadata,
    and Web activity. We believe that this is an inherently disproportionate
    violation of user privacy and fractures the trust that underlies the
    open Internet;
  • Undermines the strength of or the ability to use encryption. The
    world depends on encryption to ensure the security and privacy of
    communications and commerce;
  • Fails to include adequate privacy, due process, transparency, and
    judicial oversight safeguards or permits unnecessary data retention.

We are particularly concerned about proposals to place so-called
black boxes in the infrastructure of communications providers to conduct
algorithmic surveillance. This proposal effectively forces companies to
permit government monitoring of all of their users’ online activity for
a secret set of “suspicious” patterns of behavior.

Mozilla urges the French government to have a fully informed debate
around this proposed bill. In particular, we urge consideration of the
technical impacts on Internet infrastructure and user security. At a
time when privacy and security are increasingly recognized as mutually
reinforcing, the French government seems to be pitting these values
against each other, at the risk of diminishing both.


#8

FYI, the law will be voted tomorrow.
A few deputies are trying to ask the “conseil constitutionnel”, the highest juridiction in France, to give their opinion on the compatibility of the law with the constitution. In case they declare it unconstitutional, the government will have to change their copy and propose a new bill for voting.

Mozilla stance on the subject was remarked, with about 200 retweets of the French tweet and high-profile newspapers republishing our translation of the post in French or commenting our position. Ex:
Mainstream newspapers;

Tech newspapers:


#9

The bill was voted with a large majority at the Assemblée Nationale, which is the first chamber. Now it has to be accepted at the Senate, usually for most laws this is a formality.

Mozilla wrote a post urging senators to reject/amend the law and citizens to remain mobilized through the website https://sous-surveillance.fr/#/

Here is the original post in English:
https://blog.mozilla.org/netpolicy/2015/05/12/french-national-assembly-advances-dangerous-mass-surveillance-law/

With the help of the Mozilla community and other local FLOSS-related communities (April and Quadrature du Net), we translated the post and put it online on the French press blog:
https://blog.mozilla.org/press-fr/2015/05/12/lassemblee-nationale-vote-une-loi-dangereuse-sur-la-surveillance-de-masse/

We tweeted it on our community account and got 120 retweets so far:

That’s all for our status report on the issue.