French Surveillance Programs Eerily Echo The NSA's, Right Down To Codifying Unconstitutional Collections
from the take-all-you-can,-give-nothing-back dept
As the NSA leaks have expanded to detail spying activities in other countries, those governments affected have had a variety of reactions. In some cases, legitimately questionable tactics were exposed (potential economic espionage in Brazil, tapping German chancellor Angela Merkel's phone) and the responses were genuinely outraged. In other cases, the outrage was temporary and somewhat muted, suggesting these countries were allowing the NSA to take the heat for their own questionable surveillance programs aimed at their citizens.
When news broke of the NSA acquiring millions of metadata records from French phone companies, the response from the French government seemed like little more than an attempt to shift the focus off its own PRISM-esque collection programs. In response, the ODNI delivered a statement that rebutted the word salad created by an algorithmic translation of the original French article. Plausible deniability via translation tech. The NSA couldn't have asked for a better setup.
But the story swiftly faded into the background. The minimal outrage failed to sustain itself and was soon swept away by the exposure of more NSA documents. One French telco, Orange, has declared its intentions to sue the NSA for tapping its undersea cables, but further reaction from the government has remained almost nonexistent.
That the heat failed to stay on the NSA may prove to be a problem as more details have surfaced suggesting the French government respects its citizens no more than the US government does. Making things a bit messier is the fact that the French intelligence agencies' actions aren't subject to judicial control but rather answer solely to the executive branch (as it were) directly. While our judicial oversight may be more "rubber stamp" than "check and balance," it at least helps prevent agencies from operating completely under the cover of executive decisions.
But the limits, or lack thereof, are nearly identical to those of the NSA. According to its 2006 anti-terrorist law, agencies do not need warrants to access data or perform investigations that fall under the scope of the anti-terrorism legislation. Needless to say, the law has since expanded to cover even more data and content.
In this context, the new legislation was supposed to extend the intelligence services powers, including new warrantless access to criminal indices and ID databases. They can also receive the PNR (Personal Name Records) of all passengers boarding an international flight, even if the PNR EU Directive is not yet adopted. It also changed the warrantless access by intelligence agents to the data retained by electronic communication providers, Internet access providers, Internet services providers and hosting providers (article 20, former article 13 of the Bill), including geolocation in real time.If this all sounds very familiar, it's because intelligence agencies worldwide have roughly the same capabilities when it comes to data harvesting. The data they seek is already compiled by the companies themselves. All the intelligence agencies have to do is route it to their servers. And much like our current situation in the US, these collections were aided greatly by an outdated law with a misleading name.
The interceptions of electronic communications framework have legally existed since the 1991 Secrecy of Correspondence Act. Despite its name, this act allows intelligence agencies to tap telephone call traffics and, by extension, cellphone call traffics and Internet traffics.These interceptions are authorized by the French prime minister for rolling four-month periods (ours run three months, but have basically been approved for several years in a row now, barring a one-time stoppage in 2009). The 2006 law allowed these agencies to gather data from providers, something that wasn't allowed under the 1991 law. (Another coincidence? The NSA's bulk metadata collections were authorized in 2006 as well.)
However, the new legislation extends the roles, allowing the intelligence agencies to access the data retained by communication, Internet and hosting providers. With the new law, they can access the data to protect national security, to preserve France’s strategic (scientific and economical) elements, and to fight against terrorism, organized crimes and groups constituting threats to the national security.Like the NSA, the French agencies' access to the database is controlled by a small number of supervisors who approve searches of the records. These records are handed over by service providers to French intelligence, which presumably retains them for an extended period of time.
The bottom line is virtually identical: these programs are, for all intents and purposes, legal. What may have seemed to skirt the protections of the French constitution have been codified into law. It may seem illegal to surveill your own citizens, but if legislation is passed making the previously illegal legal, then the legality issue vanishes. Unlike what's currently happening in the US, the French government has yet to ask the French constitutional court to review the constitutionality of these collections. And if it hasn't done it yet, it seems unlikely to do in the future unless prompted by multiple lawsuits by surveilled citizens and entities.
At this point, the French government needs to ask itself a few questions, much like ours did recently. (Unfortunately, it ignored nearly all of the answers it received…) Because sooner or later, the public will start demanding answers.
French people have to think about what they want for their intelligence agencies, which is acting under government supervision.That's the crux of the matter. We're at the point where the constitutionality of these programs is being challenged by a federal judge, which is a welcome development. Without the leaks, it's highly doubtful federal courts would have entertained these cases, much less looked into the underlying framework of the collection programs. If French citizens are going to have any luck rolling back these programs, they may need to take another page from the US surveillance book and find a Snowden of their own.
Filed Under: france, nsa, privacy, surveillance