
French National Assembly approved Internet traffic monitoring system (French) - woogle
http://www.lemonde.fr/pixels/article/2015/04/16/les-deputes-approuvent-un-systeme-de-surveillance-du-trafic-sur-internet_4616652_4408996.html
======
pikzen
La Quadrature du Net has also affirmed that while they were demonstrating in
front of the National Assembly, there were two IMSI Catchers. And the law
wasn't even passed yet. Great example of what will happen.
([http://www.franceinfo.fr/actu/politique/article/des-
appareil...](http://www.franceinfo.fr/actu/politique/article/des-appareils-
pour-espionner-les-conversations-pres-d-une-manifestation-contre-la-loi-sur-
le-668469) link in french, can provide a translation if needed)

Bernard Cazeneuve, our ministre de l'Intérieur (Tasked with internal security,
i.e. police etc.) has also declared the right to private life to not be a
freedom.
([https://www.youtube.com/watch?v=WODKfxtJQbE](https://www.youtube.com/watch?v=WODKfxtJQbE))

This law was voted by 30 delegates. From a total of 577. This is what we can
expect of our National Assembly. I expected a bit more of them considering
they were 40 (!) to debate it. And they were granted a whole two minutes to
explain themselves. To debate a law that allows bypassing judges, installing
black boxes (read: DPI tools) anywhere without needing a judge, and quite a
few more fun things.

To any french reader here (or any reader in a country whose laws explicitly
allow this type of mass surveilance) :

* Use LetsEncrypt to get an SSL certificate for your website (or selfsign one with the proper configuration). Not that this will matter much because this law will allow them to ask you to hand over your private keys

* Use TrueCrypt v 7.1a, the latest and audited version for you hard drive, or use LUKS if you're on Linux.

* Use TextSecure and RedPhone. While I'm not aware of any recent audits, it's a hundred times better than going through regular channels.

* Use Pidgin+OffTheRecord for your private chats.

I am so fucking mad. And have no doubts, the senate will pass this. The worst
(best) that could happend to this law is a few minor changes, but the key
points will stay. And I doubt our constitutional council will reject it.

~~~
Fiahil
Encrypting all communications is certainly the way to go.

But, I wonder if we can make these systems completely inefficient by flooding
them with false positives. Assuming we can figure out the patterns they are
looking for in our communications, could this be a possible solution to force
them to withdraw they "black boxes"?

~~~
jackjeff
Encryption won't solve the problem.

1/ They're after the meta data. Whether you have plaintext or encrypted
communication, they still know to whom you talk. Unless you use TOR or VPN
yourself out of the country, it's not going to help...

2/ Strict key disclosure laws. You can be thrown to jail, if you cannot
decrypt some information when requested by a judge. That's true even in the
case where you can prove the key is no longer in your possession...

~~~
MidnighToker
> 2/ Strict key disclosure laws. You can be thrown to jail, if you cannot
> decrypt some information when requested by a judge. That's true even in the
> case where you can prove the key is no longer in your possession...

How the heck is this supposed to work when TLS supports Diffe-Hellman?

~~~
Lawtonfogle
It makes about as much sense as putting a poor person into debtors prison
until they pay off their debt. Anyone who supports this is unethical.

------
gerty
French National Assembly has 577 delegates. According to Le Monde article, 25
voted for and 5 against. The rest, I suppose, didn't care to show up. This is
beyond WTF.

I am a client at OVH and Gandi and I hope they send a big FU to the French
government and relocate. I am willing to pay a premium for that.

~~~
dagw
_The rest, I suppose, didn 't care to show up._

I'm assuming it's largely strategic. "Everybody" wanted to pass the bill, but
no one wanted it on their voting record since they knew it was controversial.
So everybody got together and selected a small number of martyrs to go sully
themselves while everybody else could keep their hands clean.

~~~
ddoolin
Why would they want it to pass? What benefit are they reaping from such a
thing?

~~~
pfortuny
It is a law against TERROR: you cannot oppose it!

------
realusername
(French here). This was quite expected, the government slowly adopted more and
more laws to restrict freedom and to watch everyone during the past ten years,
this is not the first nor the last law, this is just another step for the next
law which will be even worse. The government is even censoring comments on
social media about the law when it's not going in their direction (I'm not
even joking).

The French democracy has been completely broken for a long time and a few
relics from the past are still working now. The times when the country was
called "the land of the human rights" are long gone. I see a few people trying
to contact their representative but it's already too late, the democracy is
gone, forget about it, it will just slow things down a bit but that's all, the
politicians in power are too corrupted and the system too broken for that to
work.

The best solution now for us now is the technical one, to prevent them to do
it. But even that solution is temporary, one day or an other, when they will
start to attack random citizens, things will have to change... as the quote is
saying, "Those who make peaceful revolution impossible will make violent
revolution inevitable.".

~~~
throwafrenchman
> The government is even censoring comments on social media about the law when
> it's not going in their direction

Do you have a source for that? I'm genuinely curious.

~~~
pikzen
OP is going a bit far, but I believe he's referring to
[http://www.numerama.com/magazine/32780-loi-renseignement-
qua...](http://www.numerama.com/magazine/32780-loi-renseignement-quand-le-
ministere-de-justice-trahit-la-pensee-de-taubira.html)

Basically, our Defense Minister's twitter account posted a quote of Christiane
Taubira (the Defense Minister) saying "It is obvious that the methods of
retrieval [of data] are potentially endangering private life".

It was quickly removed.

------
fzn
French president Hollande is visiting Lausanne, Switzerland this afternoon.
His trains supposedly arrives at 3:20 at Prilly-Malley station. He will then
proceed to the EPFL (Polytechnic school). [Full schedule
[http://files.newsnetz.ch/story/3/0/0/30072626/11/topelement....](http://files.newsnetz.ch/story/3/0/0/30072626/11/topelement.jpg)
]

Allegedly to protect the people, the object of that law is rather to
decriminalize and widen the PM's surveillance capabilities.

The law just exempted french agents for any illegal data acquisition done on
foreign targets. One of the seven goals the law encompasses is "major
scientific and economic interests". Don't deal with France, starting from may
6th.

Kudos to the couple deputies that show concern and bear with the long hours
and kafkaesque atmosphere.

Mandatory handling of encryption keys on request is also part of the package.
Hosters and ISPs like it.

"DPI algorithms shall remain secret, for they'll lose their effectiveness
otherwise." Such StO.

Oversight over it all will be restricted to a 7-ish member court.

We must not remain silent as France openly turns into a police state.

~~~
Forbo
Forgive my ignorance, but what is StO? I couldn't find anything in my
searches.

------
RBO2
It is not a hasard to have this kind of laws in France. France hasn't known
dictatorship for long. French representatives don't know what a Stasi-like
security state would look like. It would be harder to have such a law in
Germany.

The low number of delegates during the vote whows how archaic the French
politic system is: they are against their own party so they prefer to be
missing. There is little discussion. And there is no way to make a petition in
France that would go to the parliament or provoke a referendum.

France just shows how current institutions are overwhelmed by new
technologies.

~~~
thesimon
>It would be harder to have such a law in Germany. No, we already have this
law. Companies with over 10k users need to install a black box to make easy
access for the state. There is also a proposal to save communication for 8
weeks, of course just to protect against terrorists.

~~~
javaes
Do you have a source for the black box law in Germany (can be in german)?

~~~
_up
[http://de.wikipedia.org/wiki/Telekommunikations-%C3%9Cberwac...](http://de.wikipedia.org/wiki/Telekommunikations-%C3%9Cberwachungsverordnung)

------
Smrchy
Richard Stallman wrote
[https://stallman.org/millions.html](https://stallman.org/millions.html) a few
days after the 9/11 attacks.

Sadly still so true. The attacks from January 2015 have led to this horrible
secondary damage.

------
olivierlacan
La Quadrature du Net (French EFF equivalent) posted a campaign website with a
rundown of which députés (congresspeople) are in favor or against the bill:
[https://sous-surveillance.fr](https://sous-surveillance.fr)

Also had VOIP phone to contact députés. Many were and avoided questions or
said they would toe the party line. Evidence here:
[https://pad.lqdn.fr/p/PJLdeputes](https://pad.lqdn.fr/p/PJLdeputes)

------
Fiahil
> _Les traitements automatisés repèrent des comportements suspects, non pas
> des personnes pré-identifiées_

It's actually worse. Listening to all communications in the hope of catching
something suspect is the exact thing that make this law extremely dangerous.

~~~
olivierlacan
Yep, it's called anomaly hunting:
[http://theness.com/neurologicablog/index.php/anomaly-
hunting...](http://theness.com/neurologicablog/index.php/anomaly-hunting/)

It's very bad.

------
c2prods
THIRTY FUCKING ASSHOLES. There are 577 deputies in France and only 30 of them
are present to vote Big Brother. Fortunately, there are several steps to go:
it has to be approved by the Senate and then the Conseil Constitutionnel (in
charge of the Constitution) might still reject it. Nevertheless, this proves
how much our political leaders DO NOT understand the Internet.

~~~
Ragnarork
Actually, five voted against, so you may want to revise that number of
assholes :)

------
tempodox
So, will the National Surveillance Agency file a patent suit or copyright
infringement? After all, the French clearly stole the U.S.'s recipe of
destroying civil rights & democracy.

------
jacquesm
Suggested improvement to the French political system: if < 50% of the
delegates are present there is no quorum and no laws can be passed.

~~~
dest
government has a majority in the French assembly. The result would have been
the same with more deputies: law would have passed. Each deputy seems
specialized in a few fields and does not attend discussions to have time to
work on other things (mayor, meetings,...) So, not sure if quorum > 50% would
be useful.

~~~
cm2187
...to work or not. Some of them never show up at the parliement.

But laws are not really discussed in the main chamber. The way it works is
that laws are really discussed, debated and modified in commissions, and the
main vote is only for the TV, and for MPs to demonstrate publicly their
opposition.

------
mtanski
Can anyone point to an alternative to Gandhi.net for domains / SSL? Works
well, good service, not godaddy.

~~~
UVB-76
I've never understood the cult of Gandi on HN.

They're overpriced, and in my experience, their customer service is
disgusting. I would never recommend them.

Namecheap are cheaper, better, and have done more for HN-related causes than
Gandi ever will.

------
UserRights
[https://en.wikipedia.org/wiki/Guillotine](https://en.wikipedia.org/wiki/Guillotine)

------
AdrienChey
Most of what the law is allowing, was already done before. It's more about
legalizing some illicit methods, even if methods are debatable...

~~~
zz1
Widely adopted behaviours can't be legalized simply because of their
widespread. Do that with murder…

~~~
thaumasiotes
Sure they can. For most of history murder was broadly legal (that's the beauty
of really small government). ;)

------
rihegher
the law draft in english
[http://wiki.laquadrature.net/Patching_the_French_Intelligenc...](http://wiki.laquadrature.net/Patching_the_French_Intelligence_Bill)

------
kaiz0ku
Here is the amendment if anyone is interested: [http://www.assemblee-
nationale.fr/14/amendements/2697/AN/437...](http://www.assemblee-
nationale.fr/14/amendements/2697/AN/437.asp)

------
koalaman
Just curious, is this different from what the nsa is doing in the US?

~~~
eloisant
Well, the NSA was really pissed when Snowden revealed they did it secretly but
France is passing a law to do it officially.

~~~
agumonkey
I don't know if being open and going through the legal means is better than
secretly spying.

~~~
realityking
If that's the only two alternatives, it's absolutely preferably to it being in
the open. This at least allows to have an open discussion like it's worthy of
democracy.

~~~
agumonkey
I agree but there's always a tiny 'ignorance is bliss' ring in my head while
I'm thinking about it.

------
bwb
A sad day for privacy once again, governments need to fuck off and stop spying
and realize some bad things are going to happen, but not at the cost of
sacrificing our personal privacy.

------
luxpir
Some key points from the article, translated...

\---

    
    
      It was in a nearly empty senate that around thirty deupties
      cast their votes [...] on the installation of "black boxes",
      a controversial device designed to monitor internet traffic.
      [It was] approved by 25 deupties to 5 following heated debates.
    
      The plan: to force ISPs to "detect, through automated
      processing, a suspect succession of connection data" that
      appear to match patterns typically used by terrorists. In 
      practice, this would involve installing a "black box" at ISPs
      to monitor traffic. The content of the communications would
      not be monitored, but only the metadata: the sender or
      receiver of a message, the IP address of a visited site...
    
      [...]
    
      "The black box is the Pandora's box of this draft law," said
      socialist Aurélie Filippetti in the senate. "They say that the
      masses of data that will flow through it will only contain
      metadata. But they contain even more information about the
      private lives of our fellow citizens! [...] And there is a
      paradox in saying that these data will be anonymous when they
      are to be used to identify terrorists".
    
      An accusation that was then defended by the government in the
      house, "The automated processing marks out suspect behaviour,
      not pre-identified persons," emphasized the Defence Minister,
      Jean-Yves Le Drian, "It is after that the services are able to
      access the identity of the persons."
    
      [...]
    
      Some deputies also pointed out the "economically damaging"
      consequences of these black boxes, such as the ecologist
      Isabelle Attard, for whom "French IT companies will see their
      foreign clients start to desert them as they lose their trust".
      Last week, seven large French hosts made their opposition to the
      draft clear, stating that it would push them "into exile" so as
      not to lose their clients.
    
      [...]
    
      The government nevertheless eluded the more technical questions
      throughout the debate, asked, several times, by a few deputies,
      among those was Laure de la Raudière (UMP), "Where are you going
      to install your probe on the communication networks?", "How will
      you optimize the algorithms?", "Will you use deep packet
      inspection?".
    
      Bernard Cazeneuve ended up replying to this last question,
      repeated several times by the deputy, "We will not use this
      technique at all", a technique that involves the deep inspection
      [translation of a translation...] of all passing communications
      data.
    
      Several deputies have also demanded a precise list of the type of
      metadata collected by the black boxes to be clearly defined.
      In vain.
    

\---

------
fweespeech
As sad as it is, how many countries with low cost hosting providers [e.g. OVH]
don't have these sorts of laws [or might as well have them in the case of the
US]?

Germany/Hetzner?

Literally is there no one else you can get cheap dedicated servers and avoid
this kind of surveillance directly inside the DC? :/

------
maze-le
Good Luck catching Terrorists, who are, no doubt, using VPN, Tor and Face-to-
Face communication.

~~~
fabulist
If they're all conveniently using the same tools, their system will work.

------
anoplus
Is there anyone here believes we need open government and liquid democracy?

------
Messiah_
Does anyone know what kind of metadata they will be logging? Are they logging
every HTTP request that comes out of my computer for instance? (Including my
user agent, the specific page I visited etc.)

~~~
chinathrow
If the law is so permissive as described, I bet someone will go for the full
take.

~~~
Messiah_
What do you mean by full take precisely?

~~~
chinathrow
As said, everything.

Take everything, analyse later, break crypto even later.

If encrypted or not, doesn't matter to these folks. Their buddies at GCHQ do
the same, remember?

------
D3_4dl1N3
There is a theory that says that the terrorist attacks, and the rise of
violence and crime are caused (at least allowed) by decision makers and
governors. There is a lot of money at stake...

------
elros
Oh, la merde =/

~~~
mercurial
"Oh, merde"

~~~
fermigier
"Et merde!"

~~~
elros
Non, non, c'est bien "la merde" que je voulais dire... :-)

------
MrBra
No one of you Frenchs using HN has traslated the article to English yet? This
does not help!

~~~
maccard
Really? You couldn't be bothered to put the article into google translate?

[https://translate.google.co.uk/translate?sl=auto&tl=en&js=y&...](https://translate.google.co.uk/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.lemonde.fr%2Fpixels%2Farticle%2F2015%2F04%2F16%2Fles-
deputes-approuvent-un-systeme-de-surveillance-du-trafic-sur-
internet_4616652_4408996.html&edit-text=&act=url)

(Sorry for long link)

~~~
MrBra
I could be bothered, but I was talking about a human made, good and clear
translation. Had it happened in my country first thing I would have done is
translate it to English and probably involve someone else to do that for other
languages too, so to spread the news as much as possible.

Moreover, that would also have a strong symbolical value. I find it a bit
weird you're being more like "don't be lazy, couldn't you find a bad level
translation yourself and be happy with it?". No. I'm not happy because you're
not giving it the appropriate coverage this way. But oh well.

------
bontoJR
First step in the wrong direction.

------
tracyleon
Get VPN and secure online traffic monitoring by anonymous this tools are
perfect for online privacy and security:
[http://www.bestvpnservice.com/blog/personal-vpn-
service/](http://www.bestvpnservice.com/blog/personal-vpn-service/)

~~~
louisrochal
The algorithm considers someone using Tor or VPNs as "suspect"

------
fiatjaf
At least there the Congress approved the changes, while in the US everything
is hidden from the citizens.

Which means that the french people are socialists in their hearts.

