
Google, Facebook take France to court over privacy - NSMeta
http://www.google.com/hostednews/afp/article/ALeqM5gcIROpaIgngw8P1fO7BXywMIhe5Q?docId=CNG.897aaf456d2691082257863ec5125653.311
======
dansingerman
According to this, part of the data that must be kept includes passwords. Does
anyone have the detail on whether this means hashes of passwords, or the
plaintext passwords themselves?

If it's the latter, then the lawmakers clearly have no idea what they are
doing (which is probably true anyway, but that would be the cherry on top of
the incompetence cake)

Edit: And if it's the former, what would they plan to do with them anyway?

~~~
yannickmahe
AFAIK it is the plain text passwords. I'm really not sure how they imagine
it's possible. This feels pretty strange actually: while I don't dispute the
fact that the french legislature has little to no understanding of the
technical issues, they are supposed to have an array of technical advisors,
not to mention the lobbyists of the companies suing today.

~~~
wladimir
This isn't the first time that France doesn't understand digital security.
Their lawmakers seem to have a consistent blind spot for these kinds of
issues.

In the 90's I remember there was a restriction on using >40 bit crypto keys in
France. There was even a "You're in France now" attack to Windows (95?) that
deceived the OS that you were in France, switching to a lower keysize
immediately.

(also France has this crazy three strikes out law for copyright violations)

~~~
lloeki
That was because crypto tools are deemed to be military goods which are
restricted on export from various countries, notably the U.S.A (so this was
not 'Hello from France' but 'Hello from outside the US'):
[http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_U...](http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#PC_era)

~~~
wladimir
I don't think that was the same issue as here in the Netherlands we could use
the full-sized 128 bit keys. So I'm not sure why it was specific to France,
but it was.

------
jdp23
The US government is pushing for stronger data retention laws here as well:
[http://www.insideprivacy.com/united-states/department-of-
jus...](http://www.insideprivacy.com/united-states/department-of-justice-
calls-for-enhanced-data-retention-from-service-providers/)

~~~
jrockway
This is just some unelected goon "inviting" Congress "to consider" stronger
data retention laws. It's a long way from "inviting" to law.

~~~
jdp23
That's a really uninformed statement.

~~~
sorbus
In that case, please explain why it is wrong.

------
samwise
I'm curious as to the benefits of having an actual presence in France.

i highly doubt Google will comply. The only possible out come i see is Google
setting up shop outside France's jurisdiction.

~~~
martin_kirch
Actually, in France many Internet-related companies don't even care about
complying to this. That's why they're firstly sending their lawyers. BTW
Google is not alone in this case, some major french companies are also suing
the state. In the meantime, if the police or justice come asking for
information, many will slow down or block the process by invoking technical
difficulties (it already happened with Hadopi).

Our current government (yep, I'm French) is driven by fear when it comes to
the Internet, it's not the first they try to promote meaningless laws... So
far, fortunately, they're not enforced as the authorities claim.

------
Mikushi
I'm surprised that this went through with the CNIL (a french administration
that takes care of user privacy and liberty), they are usually pretty tight on
user information retention.

Doesn't surprise me though, France has a long story of not knowing what the F
they were doing regarding new technology, this is just another example of how
incompetent they are when in comes to IT...

~~~
Typhon
the CNIL lacks power. All they can do is protest, but they have no real power.

------
Timothee
From the title, I expected the law to be about forbidding companies to keep
too much data about their users. (which would explain Google's and Facebook's
uproar) Consumer rights, or so I thought, tend to be pretty good in France in
that regard.

So, I'm pretty surprised to see the French government calling for _more_
tracking of user data. I'm pretty shocked that this could go through.

Full names, addresses and phone numbers is bad but is somewhat available
information. Keeping passwords (and I imagine plain text, otherwise I don't
see the point) is pretty indefensible. I imagine that if one were to refuse to
give out their password to their computer, the police could just request the
passwords from a bunch of sites and try? (good incentive to use unique
passwords...)

Fucked up.

~~~
anamax
> So, I'm pretty surprised to see the French government calling for more
> tracking of user data.

You clearly don't have much experience with govts.

> Consumer rights, or so I thought, tend to be pretty good in France in that
> regard.

Govts don't see themselves as businesses and don't see people as consumers.

------
csl
Is this specific to France, or a case of the EU data retention directive?
(Which basically requires storing all calls you make, your position, your
surfing history and email headers)

More info:
[http://en.wikipedia.org/wiki/Telecommunications_data_retenti...](http://en.wikipedia.org/wiki/Telecommunications_data_retention)

