
OVH threatens to leave if latest French surveillance law passes - LiamBoogar
http://www.rudebaguette.com/2015/04/15/europes-1-hosting-provider-threatens-leave-latest-french-surveillance-law-passes/
======
linschn
It's not to late for French citizens to call their representatives.

Find who to call here : [http://www.assemblee-
nationale.fr/14/qui/circonscriptions/?h...](http://www.assemblee-
nationale.fr/14/qui/circonscriptions/?hc_location=ufi)

And point them to there : [https://sous-surveillance.fr/#/](https://sous-
surveillance.fr/#/)

and there :
[https://wiki.laquadrature.net/Amender_le_PJL_Renseignement](https://wiki.laquadrature.net/Amender_le_PJL_Renseignement)

Talk about it online and IRL, and once the law inevitably pass, install
Enigmail and TrueCrypt on your relative's computers.

~~~
toxicFork
So, TrueCrypt has been audited[0][1], but abandoned.

Do we use it as it is, or use a fork that will be more up-to-date?

Can we actually fork it? Some comments on [1] mention that it's illegal to
fork it. Others point to existing forks.

I am just confused about what to do, or even what other people are doing.

What are the thoughts of the HN community regarding TrueCrypt?

[0] [http://istruecryptauditedyet.com/](http://istruecryptauditedyet.com/)

[1] [http://blog.cryptographyengineering.com/2015/04/truecrypt-
re...](http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html)

~~~
diyorgasms
If you do a cursory search on the audit, you will find the discussion here
about the second link. Generally, TrueCrypt seems to be trustworthy still.
Forks generally seem permissible, but must not use the TrueCrypt name. While
forks may not technically be allowed, making any sort of claim against a
forked project would require the authors of TrueCrypt to de-anonymize
themselves, which seems unlikely.

That being said, this article is about data in transit, and TrueCrypt protects
data at rest. I'm sure there is a better place to be having this conversation
about TrueCrypt.

------
rtpg
One thing brought up in the article is that currently French surveillance
services are basically working carte blanche, with absolutely no legal checks.

Le Monde had a set of articles about some of this surveillance framework
brought to light by the Snowden leaks, but of course the French press didn't
talk about it, since the NSA stories were somehow "more relevant to the
public".

For all the fingerpointing at the US for the Patriot act and the NSA, France's
surveillance state is pretty ominous and there are basically no rules.

~~~
linschn
There are rules, and the fact that the French government break those all the
time is no excuse when finally somebody ends up being prosecuted :

[http://www.lemonde.fr/societe/article/2014/04/09/squarcini-c...](http://www.lemonde.fr/societe/article/2014/04/09/squarcini-
condamne-a-8000-euros-d-amende-dans-l-affaire-des-fadettes-du-
monde_4398203_3224.html)

[https://fr.wikipedia.org/wiki/Affaire_des_%C3%A9coutes_de_l%...](https://fr.wikipedia.org/wiki/Affaire_des_%C3%A9coutes_de_l%27%C3%89lys%C3%A9e)

~~~
mercurial
In some areas, yes. But I am under the impression that as long as they can say
"Secret Défense", the DGSE people can do whatever they want.

~~~
wlesieutre
That doesn't sound appreciably different from the US's "state secrets" defense

~~~
mercurial
At least, there was an effort to implement some controls over intelligence
agencies following the Church Committee. It is unfortunate that it turned out
to be effective, but at least the intention was there.

The French law only mentions a weak commission with "consultative" powers.

------
motdiem
I've been following the debate in France, and the political response to
concerns about the new surveillance law has been extraordinarily tone-deaf -
the parliament has been very much in a "you're either with us or you're a
terrorist" mode from the start. Hopefully, now that ovh and other French
vendors have started to be vocal about it, some aspects of the law might be
improved. I'm not holding my breath though.

~~~
mercurial
Neither am I. On the other hand, what does difference will it make in
practice? As far as I understand, the law is in a large part about making
legal all the currently unlawful telecommunication interception done by the
intelligence services, and making sure that nobody is accountable for
anything. So in this regard, it does not change the statu quo - intelligence
services will more bound by the law than they were before, and there is zero
political will to introduce even something as ineffective as the FISA secret
courts.

~~~
bigbugbag
There is a difference in practice: first France will become a digital police
state by law, judges will be out of the loop, it may help to dodge the current
prosecutions by the human rights league and international federation of human
rights and lastly it will introduce a global and permanent surveillance with
dpi of the like that France has sold to Myanman, Libya, Syria, Saudi Arabia,
Morocco, Kazakhstan and other places. Additionally part of the IT industry
will relocate itself outside of France to continue to exist.

As France is in the middle of a multi year process of replacing the copper
network with optical fiber, it means that France is on the path for a 50 years
additional delay before the digital world changes its society right when
France was catching up.

Lastly the practical difference is that this law may push the country to the
far right extremist nationalist and racist party Front National at the next
elections, which would inherit of those tools and have everything to turn
France in a totalitarian state.

On a side note, this law has spawned a reboot France movement which aims at
leveraging the Internet and crowndfunding to get change the whole political
system to an actual democracy based on the internet:
[http://rebootlafrance.fr](http://rebootlafrance.fr)

~~~
cm2187
And this is combined with a nasty habit of judges being highly politicized and
justice being used against political oponents. Both sides (conservatives and
socialists) are pretty much equally guilty there. In fact we have even seen
numerous occasions of judges prosecuting a political party, then resign, and
take a high position in the opposite party.

France has a very problematic justice system and giving them more authority is
very unwise.

~~~
fab13n
> nasty habit of judges being highly politicized

I have quite a different perception, that judges do their job of not mixing
law and politics pretty well, whereas politics try very hard and unashamedly
to neutralize judges as counter-powers.

Could you expand on what makes you think that French judges are highly
politicized?

------
bontoJR
I used OVH services for a long time, very good customer support, best
quality/price ratio for Europe and some of their machines are extremely good.
It would be a shame for France to lose them.

France is known to be very interested in mass surveillance, but what scares me
most, it's that the European Union seems completely ignoring the topic,
leaving countries to deal with this topic. I am lucky to live in Europe, but
outside the EU, so we don't have to deal with these strange regulations, but I
am concerned about the impact that this law can have in a short-mid future
with all other countries. I really don't want to see UK, Germany, Italy,
Spain, etc... follow the France's example, starting to roll-out laws in the
name of security and terrorism fight.

This must be stopped at a higher level (EU), because also other countries are
extremely interested on this topic.

~~~
roel_v
It's way outside the mandate of the EU.

~~~
bjelkeman-again
I wouldn't say that it is completely outside what the EU is doing. The data
retention directive was partially about this. The later annulment by the Court
of Justice of the European Union for violating fundamental rights, to me,
shows that some people in the EU actually cares about his.

[http://en.wikipedia.org/wiki/Data_Retention_Directive](http://en.wikipedia.org/wiki/Data_Retention_Directive)

~~~
bontoJR
Yes, exactly. The EU has the power to do something on this. Actually, when US
was facing the Net-Neutrality case, most media questioned about what EU was
doing about the same topic and they all pointed out that, according to many
different lawyers, this is a field where the EU can interfere.

So, I don't have doubts about the fact that EU has the right and the power to
do something.

~~~
roel_v
Net neutrality is (with some imagination - even that was already stretching
it) about inter-member state commerce, i.e. the common market. For
surveillance that point is much harder to make.

"So, I don't have doubts about the fact that EU has the right and the power to
do something."

Based on what knowledge or qualifications? Have you studied the structure and
history of the EU? For example, can you say (without looking it up) what the
difference is between a regulation and a directive, and what the difference is
between the European Council and the Council of Europe? Because if not,
frankly, you're not qualified to have a valid opinion on this.

------
fapjacks
I can't be happy enough that my money is going to a company willing to say and
do these things. Thank you so much, OVH! Mad respect!

~~~
throwaway7767
I once ordered a server from them, they took my money and then asked me to
send a scan of my passport. I told them no and eventually got a refund. Seems
weird that they're fighting for privacy now.

I can understand a hosting provider not wanting to host for just anyone (or at
least charging a premium for unknown customers), but do people actually send
scans of their passports? Seems like asking for identity theft to me.

~~~
fapjacks
That's weird. I'm in the US and have never been asked for this kind of detail
when buying servers from OVH. Maybe it has something to do with payment method
and country of origin?

------
bigbugbag
Here is the original annoucement in french:

[https://www.ovh.com/fr/news/articles/a1743.le-
gouvernement-v...](https://www.ovh.com/fr/news/articles/a1743.le-gouvernement-
veut-il-contraindre-les-hebergeurs-internet-a-l-exil)

~~~
Socketubs
Not only signed by OVH, but AFHADS, Gandi, IDS, Ikoula, Lomaco and Online.

------
pol0nium
Actually the threat was more about investing for the next datacenters outside
of France. It's highly unlikely they'll relocate the current ones.

~~~
pmontra
They can start selling new servers only in data centers outside France, move
the current VPSes and eventually shut down or sell the data center. The
transition can last years but it can be done.

By the way, my bet is that France lawmakers don't even know that OVH exists
(unless they do some lobbying) and don't know it's the third largest in the
world. Now that they know they'll be counting votes gained against votes lost
for every option (and money too). Then they'll decide what to do.

------
atmosx
> The proposed law is meant to curb terrorism and create the first legal
> framework for the government to perform surveillance [...]

That's the only real-life achievement of Charlie Hedbo's 2015 attack. This
attack allowed the French surveillance state to expand. Oh yes, additionally
turned the lives of millions of Muslims throughout Europe a hell overnight.

~~~
rjaco31
Given the previous laws during the last years, it's a fair bet that such a law
could have been proposed even without the Charlie event. And I don't think it
drastically changed anything overnight for the Europeans Muslims, this is a
trend going on from a long time.

------
strooper
When citizens of the world are failing to comprehend the idea of electronic
surveillance, electronics and software pioneers and developers should take the
lead in pushing those ideas to the cliff.

------
fit2rule
Popquiz: where could OVH move to that wouldn't be subject to heinous
government surveillance? There aren't many safe havens left in the world,
beyond the 5-eyes/Euro-clan reach ..

~~~
SG-
There's a lot of places in Europe they could move to that won't be as bad as
what France is trying to do, they also have a nice footprint in Canada
(obviously this wouldn't really help customers in Europe that want to be
close).

The big issue here isn't about NSA style monitoring of "the Internet", it's
about black boxes that would be required to be installed in their network to
do whatever monitoring they wanted.

~~~
fit2rule
You mean legally doing that. They're already illegally doing it in various
trenches, and so on, anyway. And that is sort of the point.

I think this is a tiger vs. paperbag issue, personally. The fact is, if
companies are serious, they'll start setting up their own encrypted links,
actively, and fighting back. Then it won't be an issue where, locality-wise,
you set up the servers.

------
aikah
If UMP/UDI tried to do the same, people would be in the streets protesting and
"socialist" politicians would be protesting at the parliament, like when
HADOPI was voted. But for some reason when "socialists" do it, it's fine.
These crooks that call themself "socialists" are even more dangerous than
their "right wing" equivalent. They didn't remove HADOPI by the way, it's
still there. Anybody who vote right wing might be an idiot, but anybody who
vote "socialist" is a greater dumb fuck.

It sucks for the french economy but many startups or businesses like OVH don't
need to stay in France anymore. Because who can believe in the future of this
country with these assholes in power?

~~~
bigbugbag
You're missing something here, the "socialist party" is and has long been a
right wing party, to the left of the further right ump, itself a bit to the
left of the far right front national.

But the point is that wherever the party falls is irrelevant, political
parties have been mostly puppets pushing corporatist agendas for quite a
while.

~~~
aikah
I'm not missing anything, that's why I put "socialists" in quotes. These
people aren't "socialists" of course they are a fraud.

Frankly I shouldn't even talk about french politics anymore, things are a bit
desperate,it's a race to the bottom.But I guess it's happening everywhere. Or
it has always been like this and it's just more obvious today, I don't know.

~~~
atmosx
Socialism is awful in the EU. See what is happening to Greece? It's been
cornered by virtually every other state in the EU. And no, it's not about
_broken state economics_ , that's fairy tales for little kids, it's mostly
about _not voting what Brussels /Germany wants_. They want to set an example
to everyone else. The only reason Greece is still in, it's because no one is
sure what's gonna happen once it's ousted.

So generally speaking, you either vote for Holande/Sarkozy or you're gonna
face the same kind of treatment. And from what I've seen so far, LePen apart,
you don't have any other politician is likely to go a head to head with
Merkel.

------
Ninn
As a customer, THANK YOU!

------
afandian
I saw the hashtag #ni-pigeons-ni-espions. What does 'pigeons' mean in English
(beyond 'pigeons')?

~~~
mercurial
A pigeon is a naive person being conned. It probably refers to the "pigeons"
movement of French entrepreneurs opposed to taxes on sales of companies.

~~~
rakoo
"pigeon" is widely used, and the movement of entrepreneurs used this word
specifically because of its already-existing meaning.

------
doe88
As crazy as it may sound I think their dream (to French administration,
politics) is to have what NSA has done in the US, against all common sense
they look at it with envy. The only reason it is not there yet is that they
don't have the money to fully implement it. Sadly in this day and age my
country is more prompt to say to others what they should do than to make what
it is required to maintain a real democracy at home. Shameful.

------
Fiahil
> [...] While the law could only apply to French-based servers, this would
> unfairly affect OVH against its competitors, _as the law allows for
> governments to install a ‘black box’ that listens to all communication going
> in and out of the servers, and logs certain pre-ordained types of
> communication_.

This seems so unrealistic on so many levels. And, technical issues/risks
aside, I don't know any reasons that would be worth keeping your servers on
the french territory, if this law is voted. At best, this is hurting
businesses. At worst, well, this is just a back door with root access, nothing
to worry about.

------
blueskin_
Good for them. About time someone stood up to surveillance in a meaningful way
- hit the government where it hurts (in the wallet) is a tactic that should be
used more.

~~~
einrealist
That doesn't help if there is no good safe heaven. The pressure is increasing
for other governments to do the same. And it will get worse when everyone is
using secure communication as default.

------
anon4
My take on this: I am against surveillance, but also equally against
corporations strong-arming government policy changes/non-changes. So I want
the changes to not pass, but I don't want them to not pass because of OVH
threatening to take their business elsewhere. Tomorrow it could be tobacco
manufacturers doing the same thing.

~~~
superbaconman
Corporations aren't inherently bad, especially when they're checking
government abuse. If you've followed the situation in Indiana at all then you
know that corporations destroyed the core intent of the rfra law in under a
week. Corporations may do dirty things to support their own interests, but so
do governments. We shouldn't blindly support either.

------
smoyer
If you want to join Five Eyes, you've got to have some desirable data to
share.

------
bwb
That is so scary, I hope OVH can help get this thing stopped. What a stupid
law.

------
blacktulip
I have a few servers with them and am happy to see they spoke up. I also have
one server with online.net - another FR company. If the law passes I would
probably terminate that server.

~~~
zz1
Online shares the same exact position of OVH

------
kjs3
I'm going to send this article to every client I have (surprisingly many) who
are demanding "our data must _not_ be stored in the US and subject to your
evil NSA...you have to keep it safely in France!".

