FRANCE: Surveillance of SMS, phones and Internet
19 January 2015
The French Military Programming Law, including its very controversial article on telecommunications surveillance (SMS, phone conversations, Internet), entered into force on 1 January 2015. The law was adopted and published in the Official Journal on 19 December 2013, despite the strong criticism by civil liberties and digitial rights organisations. A year later, the French government gave the green light to the implementation of this law through a decree on 24 December 2014.
Article 20 (formerly Article 13) on "administration's access to connection data" gives the State greater access to Internet users' data which is stored and exchanged online, based on a larger spectrum of grounds than previously. Beyond the classic " national security", " prevention of terrorism ", fight against "organised criminality" and cases where a group that has been "dissolved intends to maintain or start over its activites", data may be access based on the need to "safeguard the French scientific or economic potential" (fight against industrial or scientific spying) and to fight against "organised criminality and deliquency".
Access will not be restricted to the usual national security or law enforcement authorities but will now include the Ministry of Finance, of Defence and of Economy.
Finally, access to online data will be granted or denied based on the assessment by a "qualified individual" appointed by the Prime Minister. The decision to access and use online data will therefore not be subject to any judicial oversight to ensure that it is necessary, proportionate, and in accordance with data protection requirements.
Such a procedure is already in place in cases of terrorism, and is thereby extended to other situations as described above.
As explained by the digital rights watchdog La Quadrature du Net :
"Although the control of the Internet is the competence of the State's services in charge of Interior Security, the military programming law, through its [article 20], introduces a number of significant changes which we are afraid might lead to systematic surveillance of [online] networks."
("i le contrôle d'Internet entre dans les compétences des services d'Etat chargés de la sécurité intérieure, la loi de programmation militaire, via son article 13, introduit plusieurs changements majeurs qui font craindre une surveilllance généralisée des réseaux.")
Despite the deep concerns underlying the implementation of this article expressed by the National Digital Rights watchdog CNIL and numerous civil society organisations, many MPs ready to send an official request for assessment to the the Constitutional Council eventually stepped back and withdrew their consent to the text. This last-minute decision, which some journalists allege was politcally motivated, resulted in the Constitutional Counsil not being asked its opinion.
The December 2014 implementation decree lists a non-exhaustive list of data that may be access under Article 20 of the law: information or documents processed or stored by e-communications network or services, including technical data enabling the identification through the regustration or connection numbers of a designated person, as well as the location of the equipment used and the communications data of a subscriber such as the numbers called, entry calls received, how long and when.
Sources
1. Guerric Poncet, 'Le cadeau de Noël du gouvernement aux internautes : la surveillance', Le Point, 26 December 2014
2. Frédéric Bergé, 'Surveillance du Net : en quoi la loi de programmation militaire pose problème', 01net.com, 9 December 2013
3. Philippe Vion-Dury, 'Loi de programmation militaire: le scandale qui fait sploutch', L'Obs, 19 December 2013