Hacker News new | past | comments | ask | show | jobs | submit login
French National Assembly approved Internet traffic monitoring system (French) (lemonde.fr)
375 points by woogle on April 16, 2015 | hide | past | favorite | 211 comments

French National Assembly has 577 delegates. According to Le Monde article, 25 voted for and 5 against. The rest, I suppose, didn't care to show up. This is beyond WTF.

I am a client at OVH and Gandi and I hope they send a big FU to the French government and relocate. I am willing to pay a premium for that.

The rest, I suppose, didn't care to show up.

I'm assuming it's largely strategic. "Everybody" wanted to pass the bill, but no one wanted it on their voting record since they knew it was controversial. So everybody got together and selected a small number of martyrs to go sully themselves while everybody else could keep their hands clean.

In all fairness no one really watches voting records in France like people do in the US. Most of the time most French MP don't bother showing up, even for important votes. Particularly if they are late at night.

Why would they want it to pass? What benefit are they reaping from such a thing?

It is a law against TERROR: you cannot oppose it!

Or the simpler explanation is true - most of them didn't bother to vote because they don't give a shit.

By dodging the vote, they effectively voted for it. Cowards.

Does that make it easier to reverse later?

They announced that they are going to relocate, indeed: https://eu.ovh.com/fr/news/articles/a1743.le-gouvernement-ve...

And launched a big initiative to federate tech actors against the bill: http://ni-pigeons-ni-espions.fr/

######## Breaking ########

Octave Klaba finally declares that the bill doesn't compromise the trust chain. https://twitter.com/olesovhcom/status/588666965755092993

They are not really saying they will relocate, and obviously OVH invested dozens, maybe hundreds, of millions in new data centers and fibers. Their business is based on real locations, in real buildings and you can't change that easily. They are saying that it will most likely alter their growth and ability to attracts new customers. They may freeze new data center projects in France, but even that might be unlikely as they have a massive customer base in France.

Of course OVH already have several data centers outside of France, in Canada for example.

That doesn't help us french people, as our traffic will be inspected from where ever it is coming and going, as long as it originate here.

They are indeed, and Octave told they are chaning their business plan.

OVH seems to be turning back on their threats. In his Twitter, Octave Klaba modestly announced that everything is OK now after an amendment 437 was added.

This is largely disputed: http://www.numerama.com/magazine/32806-boites-noires-le-gouv...

Black boxes are still there. Some light safeguards are added, notably approval of Prime Minister, but it still remains quite vague.

It is hard to take their threat seriously. It must be horribly expensive to move a huge datacentre without disrupting the service. The most they could have done is to move their headquarters, which wouldn't protect them from this law, and make all their growth outside of France, which is what pretty much all major French corporations do already anyway.

Did they release an English translation of that?

(Google Translate link: https://translate.google.com/translate?sl=fr&tl=en&u=https%3... )

Not that I am aware of.

They have two data centers in France and one in Canada. Canada is too many ms away so I probably have to relocate my services to another company. Too bad because the price was good even if customer service is abysmal (for VPSes). Anybody here knows about another company selling VPSes with similar prices and features? Thanks.

From machine translation of his tweets, he seems to be saying that an amendment (#437) was added last night, before the bill was passed, that makes things not so bad for datacenters. Can anyone with better French than me say what the amendment was?

The amendment is, as Tristan Nitot said, "A lot of promises, very few facts". And even after saying that the amendment improves the situation, Octave still says that the law is bad:


You know exactly how much you can trust the promises of politicians in general and the current administration in particular...

Rofl they surrender quickly.

How the fuck does 25/577 make quorum? Do they not have this concept?

There always was an issue of people being absent at the Assembly, so that concept was hard to enforce.

It is usually not that bad, though. I think the low number is due to allegiance to a party. Socialists felt like they had to vote in agreement to their party leaders to advance their careers, but to avoid backslash from the press and the public, many didn't show up. Their opposition, the right wing, always was big on tighter consumer control and surveillance. The previous president famously had speeches where he described his ambition to wash out undesirables with Kärcher, and he made some waves during his mandate as Minister of the Interior when he talked about his intention to track immigrants. Since he is still considered important in their party, I suppose many had the same dilemma and didn't come.

That's unacceptable. In most other countries if a certain number of members is not reached, then you can't vote on the law. What kind of democracy is that where only 5% of the representatives vote on a certain law?

Does France have a Constitutional Court at least?

We have a Consitutional Council, and they're somewhat useful. They censored the "graduated riposte" part of the HADOPI law a few years back.

We do not have a Constitutional Court. The Fifth Republic was explicitly created to give more power to the government and as such abstained from creating such courts.

> What kind of democracy is that where only 5% of the representatives vote on a certain law

I'm not familar with France, but whenever that happens in Germany, they ensure that the correct proportions (regardingthe parties/fractions) are maintained.

> Since he is still considered important in their party

He is, in fact, the current head of the main conservative party, and will no doubt be presidential candidate in 2017.

> I suppose many had the same dilemma and didn't come.

I suspect the dilemma was more about avoiding to support the current majority too openly. As you said, nobody will mistake the UMP for a bastion of privacy and individual freedoms.

Nope, it was the same thing with Hadopi.


I believe this still has to be approved by the Senate, right?

I'd expect that law to be distorted into a weird red tape system with virtually no power, but that will still get passed just so the politicians can say they have passed some law.

> In response, the government proposed a few hours before the vote a new amendment supposed to appease the hosting providers. If adopted, it lets them to define the separation between "metadata and content."

I'd expect most providers would say that they don't have any metadata, and that they would designate /dev/null as their black box.

> I'd expect that law to be distorted into a weird red tape system with virtually no power, but that will still get passed just so the politicians can say they have passed some law.

I doubt it. They already have a well-oiled surveillance machine, they do not want to make it harder to operate while legalizing it. I do not expect the senate to alter the law significantly.

I've never understood this - why is it allowed that they don't show up for these votes? (Not just in france)

In Germany, ususally bills are discussed by smaller subsets of the parliament in committees.

Parties then decide on a party line for the vote.

Thus, most often the result would not be different if everybody was there.

Edit: Also, because of limited time, commitee meetings may actually be held while there are votes. So it does make sense.

NB: The German parliament however can technically not decide anything if not enough members are present. However, usually attendees are not counted. Parties can demand a named vote though, which is counted. One party demanded that once, and it was almost universially called 'unfair' [1]. ¯\_(ツ)_/¯

[1] (in German) http://www.spiegel.de/politik/deutschland/posse-um-hammelspr...

People do not have to have an opinion on everything, do they?

It doesn't really work that way today, but in an ideal world I would find it good that the 30 people who understand computers vote while the 337 others abstain.

Also, I'm not sure how it works in other countries, but in France deputies usually have another job, you can't expect them to go to Paris on every wednesday to vote on things they don't even really know about.

It might also be 30 people who know nothing about computers but have an agenda.

The way to get informed votes on technical laws is to carefully and transparently construct councils or committees whose members are technically competent. Give those councils the power to vote on technical laws, binding the main legislature to the result of such votes.

You can't have a voting body without a quorum rule and say it's to allow the subset of the representatives who understand the subject matter to vote. That's unenforceable and will be abused for political purposes far more often than it's used because the few representatives voting are the ones who genuinely understand the proposed law.

Quorum rules are critical for basic sanity in operation of a governmental body charged with voting.

It's a pathetic excuse that they have other jobs, and they can't show up most of the time. A few U.S. States had that sentiment, and what they do is have the legislature meet only a few months every year or two.

There's no reason they couldn't have an online voting system for representatives, either. The intelligence agencies of France and FVEY can't skew the votes by breaking the cryptosystem used for online voting if the voting record is published and the representatives verify that their votes were counted correctly. One barrier to doing this is probably that on some issues, representatives don't want their votes recorded; they want voice votes. (I'm guessing France does that most of the time; the U.S. certainly does.)

> A few U.S. States had that sentiment, and what they do is have the legislature meet only a few months every year or two.

That might work in a US state that only has a few million inhabitants, but I can't see how an entire country could work this way.

As for the rest, I think you are very much assuming that your legislation system is the one and only way to go, even though looking at it from faraway it's not entirely obvious that it works better than the system we have, which seems to lack basic sanity, uses unenforceable principles and will be abused more often than it's used according to you.

I honestly think quorum rules have no positive impact on democracy, at worst allowing minorities to obstruct legislation by simply not showing up, and at best making clueless members or parliament show up just to vote what they were told to.

My take is that they won't relocate due to customers needing very low latency to the french eyeball providers.

Does the French legislature not have Quorum requirements? That seems like a poor design.

(French here). This was quite expected, the government slowly adopted more and more laws to restrict freedom and to watch everyone during the past ten years, this is not the first nor the last law, this is just another step for the next law which will be even worse. The government is even censoring comments on social media about the law when it's not going in their direction (I'm not even joking).

The French democracy has been completely broken for a long time and a few relics from the past are still working now. The times when the country was called "the land of the human rights" are long gone. I see a few people trying to contact their representative but it's already too late, the democracy is gone, forget about it, it will just slow things down a bit but that's all, the politicians in power are too corrupted and the system too broken for that to work.

The best solution now for us now is the technical one, to prevent them to do it. But even that solution is temporary, one day or an other, when they will start to attack random citizens, things will have to change... as the quote is saying, "Those who make peaceful revolution impossible will make violent revolution inevitable.".

> The French democracy has been completely broken for a long time

I'm not sure if it's a problem of democracy. Most people don't care. I've been discussing with a few French friends about this, and most them just don't see any problem (after all, "they have nothing to hide").

Reading about the French revolution is a bit of a hobby of mine, but it's really all I know about France. Reading this article is surreal when viewed from that context.

Do they teach schoolchildren about the Comité de salut public or anything?

> The government is even censoring comments on social media about the law when it's not going in their direction

Do you have a source for that? I'm genuinely curious.

OP is going a bit far, but I believe he's referring to http://www.numerama.com/magazine/32780-loi-renseignement-qua...

Basically, our Defense Minister's twitter account posted a quote of Christiane Taubira (the Defense Minister) saying "It is obvious that the methods of retrieval [of data] are potentially endangering private life".

It was quickly removed.

Here it is (in French, but with screen captures): http://www.numerama.com/magazine/32802-loi-renseignement-le-...

French president Hollande is visiting Lausanne, Switzerland this afternoon. His trains supposedly arrives at 3:20 at Prilly-Malley station. He will then proceed to the EPFL (Polytechnic school). [Full schedule http://files.newsnetz.ch/story/3/0/0/30072626/11/topelement.... ]

Allegedly to protect the people, the object of that law is rather to decriminalize and widen the PM's surveillance capabilities.

The law just exempted french agents for any illegal data acquisition done on foreign targets. One of the seven goals the law encompasses is "major scientific and economic interests". Don't deal with France, starting from may 6th.

Kudos to the couple deputies that show concern and bear with the long hours and kafkaesque atmosphere.

Mandatory handling of encryption keys on request is also part of the package. Hosters and ISPs like it.

"DPI algorithms shall remain secret, for they'll lose their effectiveness otherwise." Such StO.

Oversight over it all will be restricted to a 7-ish member court.

We must not remain silent as France openly turns into a police state.

Forgive my ignorance, but what is StO? I couldn't find anything in my searches.

It is not a hasard to have this kind of laws in France. France hasn't known dictatorship for long. French representatives don't know what a Stasi-like security state would look like. It would be harder to have such a law in Germany.

The low number of delegates during the vote whows how archaic the French politic system is: they are against their own party so they prefer to be missing. There is little discussion. And there is no way to make a petition in France that would go to the parliament or provoke a referendum.

France just shows how current institutions are overwhelmed by new technologies.

>It would be harder to have such a law in Germany. No, we already have this law. Companies with over 10k users need to install a black box to make easy access for the state. There is also a proposal to save communication for 8 weeks, of course just to protect against terrorists.

Is that so? How are the 10k users defined? Where can one read more about this?

Do you have a source for the black box law in Germany (can be in german)?

You probably meant "Its not by chance that France get this kind of law". Because "Not a hasard" (hazard) means "not dangerous", making your whole post confusing.

He meant it's not a hazard to the politicians careers to introduce such a law as the public don't really know what it means in reality unlike Germany say who have such direct experience, I think.

I think the OP you respond to is right. It is a common mistake for french persons.

If you read enough French history you realize how paranoid governments there are about anything that might damage the power of the government, whether it be royal, republican or communist. You have enough coups and the like over time you tend to do anything to keep it from happening again. Though of course it does anyway...

Richard Stallman wrote https://stallman.org/millions.html a few days after the 9/11 attacks.

Sadly still so true. The attacks from January 2015 have led to this horrible secondary damage.

La Quadrature du Net (French EFF equivalent) posted a campaign website with a rundown of which députés (congresspeople) are in favor or against the bill: https://sous-surveillance.fr

Also had VOIP phone to contact députés. Many were and avoided questions or said they would toe the party line. Evidence here: https://pad.lqdn.fr/p/PJLdeputes

> Les traitements automatisés repèrent des comportements suspects, non pas des personnes pré-identifiées

It's actually worse. Listening to all communications in the hope of catching something suspect is the exact thing that make this law extremely dangerous.

Yep, it's called anomaly hunting: http://theness.com/neurologicablog/index.php/anomaly-hunting...

It's very bad.

THIRTY FUCKING ASSHOLES. There are 577 deputies in France and only 30 of them are present to vote Big Brother. Fortunately, there are several steps to go: it has to be approved by the Senate and then the Conseil Constitutionnel (in charge of the Constitution) might still reject it. Nevertheless, this proves how much our political leaders DO NOT understand the Internet.

Actually, five voted against, so you may want to revise that number of assholes :)

So, will the National Surveillance Agency file a patent suit or copyright infringement? After all, the French clearly stole the U.S.'s recipe of destroying civil rights & democracy.

Suggested improvement to the French political system: if < 50% of the delegates are present there is no quorum and no laws can be passed.

government has a majority in the French assembly. The result would have been the same with more deputies: law would have passed. Each deputy seems specialized in a few fields and does not attend discussions to have time to work on other things (mayor, meetings,...) So, not sure if quorum > 50% would be useful.

...to work or not. Some of them never show up at the parliement.

But laws are not really discussed in the main chamber. The way it works is that laws are really discussed, debated and modified in commissions, and the main vote is only for the TV, and for MPs to demonstrate publicly their opposition.

Aren't most European democracies 'particracies' nowadays? Delegates vote as they are told by the party leadership.

Yes, but it would at least hamstring their ability to make law 'in absence', they'd have to show up and formally register assent, dissent or not vote. That way they would not be able to pretend they had nothing to do with it.

Can anyone point to an alternative to Gandhi.net for domains / SSL? Works well, good service, not godaddy.

I've never understood the cult of Gandi on HN.

They're overpriced, and in my experience, their customer service is disgusting. I would never recommend them.

Namecheap are cheaper, better, and have done more for HN-related causes than Gandi ever will.

I use and recommend namecheap for SSL certs. Very easy, very cost effective. Haven't had a problem with them in the last few years of use.

namecheap is pretty good

Most of what the law is allowing, was already done before. It's more about legalizing some illicit methods, even if methods are debatable...

Widely adopted behaviours can't be legalized simply because of their widespread. Do that with murder…

Sure they can. For most of history murder was broadly legal (that's the beauty of really small government). ;)

The problem is when the government quickly passes such a law with no debate. Worse than that, when only 5% of the representatives pass such a law...

Here is the amendment if anyone is interested: http://www.assemblee-nationale.fr/14/amendements/2697/AN/437...

Just curious, is this different from what the nsa is doing in the US?

Well, the NSA was really pissed when Snowden revealed they did it secretly but France is passing a law to do it officially.

I don't know if being open and going through the legal means is better than secretly spying.

If that's the only two alternatives, it's absolutely preferably to it being in the open. This at least allows to have an open discussion like it's worthy of democracy.

I agree but there's always a tiny 'ignorance is bliss' ring in my head while I'm thinking about it.

I think it is better, in the way that if enough people care about it, there will be strong reactions which will pressure the senate to not sign it and the parliament to withdraw it.

And if not, well, cynical as it might be, the people's majority will have gotten what they deserved, without having a good excuse (not knowing) and only the few that cared will be the real victims.

That only means the french people are more socialist and open to oppressive government acts than US people are.

It's funny how "US people" (I assume you are one) tend to equate "socialist" and "oppressive", conveniently forgetting the state-sponsored torture and murders of the right-wing regimes they propped up during their history. Authoritarian regimes are authoritarian regimes, whatever block they align themselves with.

Side note: I have not noticed that the NSA got dismantled or that representatives supporting this kind of surveillance faced huge backlash in the polls... Unfortunately, lawmakers on both sides of the Atlantic appear to be ready to do anything for "security", and their voters are too apathetic to react.

If not by "increasing State control over the peoples lives", how would you define socialism?

I will suspend my disbelief and assume that it is a honest question and not an attempt to troll.

"Socialism" as is commonly found in Western Europe (for instance, in the country we are talking about), is concerned with building a society where (in theory) as few people as possible are left on the side of the road. This is often correlated with high taxes (think Scandinavia), and may be linked to strong protections for workers (think France). Conservative parties are traditionally more authoritarian, and often campaign with themes of "fighting insecurity"/"limiting immigration".

In practice, "socialist" parties have been steadily sliding to the right, especially in term of economic policy. The French socialist party is a dying pachyderm, devoid of ideas and divorced from its traditional voters. It is very hard to distinguish its policies from the conservative block's. Indeed, there was a remarkable consensus regarding this particular law.

I am not aware of any ideology (not even Marxism) for which "increasing state control over the peoples lives" is a goal in itself. One thing that may confuse you is that you sound like a libertarian, and there isn't really much of a libertarian bend in Europe (even if a party like the Liberal party in Denmark is somewhat libertarian). Nobody really thinks in terms of "big government is bad", and the fact that this argument is readily used in US politics is a never-ending source of bewilderment (and amusement) here.

Not really.

A sad day for privacy once again, governments need to fuck off and stop spying and realize some bad things are going to happen, but not at the cost of sacrificing our personal privacy.

Some key points from the article, translated...


  It was in a nearly empty senate that around thirty deupties
  cast their votes [...] on the installation of "black boxes",
  a controversial device designed to monitor internet traffic.
  [It was] approved by 25 deupties to 5 following heated debates.

  The plan: to force ISPs to "detect, through automated
  processing, a suspect succession of connection data" that
  appear to match patterns typically used by terrorists. In 
  practice, this would involve installing a "black box" at ISPs
  to monitor traffic. The content of the communications would
  not be monitored, but only the metadata: the sender or
  receiver of a message, the IP address of a visited site...


  "The black box is the Pandora's box of this draft law," said
  socialist Aurélie Filippetti in the senate. "They say that the
  masses of data that will flow through it will only contain
  metadata. But they contain even more information about the
  private lives of our fellow citizens! [...] And there is a
  paradox in saying that these data will be anonymous when they
  are to be used to identify terrorists".

  An accusation that was then defended by the government in the
  house, "The automated processing marks out suspect behaviour,
  not pre-identified persons," emphasized the Defence Minister,
  Jean-Yves Le Drian, "It is after that the services are able to
  access the identity of the persons."


  Some deputies also pointed out the "economically damaging"
  consequences of these black boxes, such as the ecologist
  Isabelle Attard, for whom "French IT companies will see their
  foreign clients start to desert them as they lose their trust".
  Last week, seven large French hosts made their opposition to the
  draft clear, stating that it would push them "into exile" so as
  not to lose their clients.


  The government nevertheless eluded the more technical questions
  throughout the debate, asked, several times, by a few deputies,
  among those was Laure de la Raudière (UMP), "Where are you going
  to install your probe on the communication networks?", "How will
  you optimize the algorithms?", "Will you use deep packet

  Bernard Cazeneuve ended up replying to this last question,
  repeated several times by the deputy, "We will not use this
  technique at all", a technique that involves the deep inspection
  [translation of a translation...] of all passing communications

  Several deputies have also demanded a precise list of the type of
  metadata collected by the black boxes to be clearly defined.
  In vain.

As sad as it is, how many countries with low cost hosting providers [e.g. OVH] don't have these sorts of laws [or might as well have them in the case of the US]?


Literally is there no one else you can get cheap dedicated servers and avoid this kind of surveillance directly inside the DC? :/

Good Luck catching Terrorists, who are, no doubt, using VPN, Tor and Face-to-Face communication.

If they're all conveniently using the same tools, their system will work.

Is there anyone here believes we need open government and liquid democracy?

Does anyone know what kind of metadata they will be logging? Are they logging every HTTP request that comes out of my computer for instance? (Including my user agent, the specific page I visited etc.)

In general, this kind of details would not be part of the "law" but would be published in a "decree" cooked up by the executive branch when they decide to "apply" the law.

In this case, it's going to be kept secret and covered by some kind of "security clearance". That would make it a criminal offense to divulge these details. The law explicitly limit this to the "meta data" of the communication, and not the content.

And finally, publishing these details would defeat the whole purpose of the enterprise. The NSA does not publish details about the meta-data they collect in the PRISM database, and they charged the Snowden for the little that he revealed about the program.

The French are essentially doing the same thing. The NSA has some limitations about when US citizens meta data can be collected domestically. The French law has no such provision.

If the law is so permissive as described, I bet someone will go for the full take.

What do you mean by full take precisely?

As said, everything.

Take everything, analyse later, break crypto even later.

If encrypted or not, doesn't matter to these folks. Their buddies at GCHQ do the same, remember?


There is a theory that says that the terrorist attacks, and the rise of violence and crime are caused (at least allowed) by decision makers and governors. There is a lot of money at stake...

Oh, la merde =/

"Oh, merde"

"Et merde!"

Non, non, c'est bien "la merde" que je voulais dire... :-)

No one of you Frenchs using HN has traslated the article to English yet? This does not help!

Really? You couldn't be bothered to put the article into google translate?


(Sorry for long link)

I could be bothered, but I was talking about a human made, good and clear translation. Had it happened in my country first thing I would have done is translate it to English and probably involve someone else to do that for other languages too, so to spread the news as much as possible.

Moreover, that would also have a strong symbolical value. I find it a bit weird you're being more like "don't be lazy, couldn't you find a bad level translation yourself and be happy with it?". No. I'm not happy because you're not giving it the appropriate coverage this way. But oh well.

First step in the wrong direction.

La Quadrature du Net has also affirmed that while they were demonstrating in front of the National Assembly, there were two IMSI Catchers. And the law wasn't even passed yet. Great example of what will happen. (http://www.franceinfo.fr/actu/politique/article/des-appareil... link in french, can provide a translation if needed)

Bernard Cazeneuve, our ministre de l'Intérieur (Tasked with internal security, i.e. police etc.) has also declared the right to private life to not be a freedom. (https://www.youtube.com/watch?v=WODKfxtJQbE)

This law was voted by 30 delegates. From a total of 577. This is what we can expect of our National Assembly. I expected a bit more of them considering they were 40 (!) to debate it. And they were granted a whole two minutes to explain themselves. To debate a law that allows bypassing judges, installing black boxes (read: DPI tools) anywhere without needing a judge, and quite a few more fun things.

To any french reader here (or any reader in a country whose laws explicitly allow this type of mass surveilance) :

* Use LetsEncrypt to get an SSL certificate for your website (or selfsign one with the proper configuration). Not that this will matter much because this law will allow them to ask you to hand over your private keys

* Use TrueCrypt v 7.1a, the latest and audited version for you hard drive, or use LUKS if you're on Linux.

* Use TextSecure and RedPhone. While I'm not aware of any recent audits, it's a hundred times better than going through regular channels.

* Use Pidgin+OffTheRecord for your private chats.

I am so fucking mad. And have no doubts, the senate will pass this. The worst (best) that could happend to this law is a few minor changes, but the key points will stay. And I doubt our constitutional council will reject it.

Looks to be a very similar law as the one created in Sweden, and I suspect the arguments will be quite similar too. Publicly, its to hunt terrorists. Internally, its to give police and tax departments more power. Secretly, it is so spies has something to trade with other spies on the international level.

Since neither of those 3 things is something they want to discuss openly, no debate will happen between those who decide and the public.

Encrypting all communications is certainly the way to go.

But, I wonder if we can make these systems completely inefficient by flooding them with false positives. Assuming we can figure out the patterns they are looking for in our communications, could this be a possible solution to force them to withdraw they "black boxes"?

This was a premise considered a very long time ago when it came to the NSA's snooping. People were (still are?) putting keywords in every email, etc. It didn't make any difference, and inherently can't.

Here's why.

Scenario 1) It works. You get arrested on some arbitrary basis for impeding their system. Or they otherwise make it illegal to do so, and begin cracking down on that.

Scenario 2) You throw a vast amount of interference at their system, and it has an effect. They spend more of your money to constantly stay head of the collective efforts. Most likely a relatively small number of people will never be able to overwhelm it long-term.

Scenario 3) It doesn't work in any meaningful way at all.

Focus on strong encryption.

>Scenario 1) It works. You get arrested on some arbitrary basis for impeding their system. Or they otherwise make it illegal to do so, and begin cracking down on that.

That will be hard first amendment case in US ... very hard.

Secret courts care little for the constitution.

Flooding the system can only work if the group that floods the system is large enough that it isn't simply expedient for the surveillance organisations to decide you're a potential risk and put you under additional surveillance.

Encryption is in a similar position, but it is a far easier sell to business and the general public, and so the chances of reaching critical mass of communications is much greater.

The interesting bit is that the general public increasing their adoption of better security practices to make them invisible will benefit the pedophiles and terrorist already in hiding because their choice to hide/encrypt will no longer result in them sticking out from the masses.

Most criminals are caught because their groups are targeted and OPSEC (operational security) is really, really hard. They catch the people who didn't maintain strict discipline and get them to flip on the rest. This is an age-old recipe which is resistant to technological change because, again, OPSEC is really, really hard.

But what groups are targeted? The new recipe is scanning everyone's online communication to decide who to target.

I think the idea was to use a DDoS-like farm of hacked machined to constantly send random messages and packets meant to trip their detection systems to random other IPs, thereby increasing the sheer amount of noise surveillance authorities have to deal with and false-positive "suspects" (the owners of all those hacked machines).

Naturally, that still doesn't solve any other problems...

Encryption won't solve the problem.

1/ They're after the meta data. Whether you have plaintext or encrypted communication, they still know to whom you talk. Unless you use TOR or VPN yourself out of the country, it's not going to help...

2/ Strict key disclosure laws. You can be thrown to jail, if you cannot decrypt some information when requested by a judge. That's true even in the case where you can prove the key is no longer in your possession...

Who knew Tor wasn't going to be useful only for people in countries like China, Iran or Saudi Arabia...but also France, Spain, UK, US, Australia, Canada...you know, the "most freedom-loving democratic countries" in the world.

There's definitely a coordinated effort to pass these laws together now, to make it seem like it's the "sensible" thing to do after the terrorist attacks. FBI chief Backdoor-Comey has also been making rounds in European countries to push for total surveillance laws "or else it might hurt their relationship with the US". This may especially work in weaker countries where a partnership with the US is regarded as a god-send and they'll try not to do anything to hurt that partnership. In other words they'll do anything the US government tells them to do.

> 2/ Strict key disclosure laws. You can be thrown to jail, if you cannot decrypt some information when requested by a judge. That's true even in the case where you can prove the key is no longer in your possession...

How the heck is this supposed to work when TLS supports Diffe-Hellman?

It makes about as much sense as putting a poor person into debtors prison until they pay off their debt. Anyone who supports this is unethical.

Are there encryption algorithm such that we could decrypt the payload with more than one key, but only with one key, the real one, it will return the true result, and other keys will return fake, but plausible result ?

something like 'hidden volumes' in TrueCrypt.

people already did this with Echelon a decade ago. I remember people crafting sentences with specifics keywords such as 'bomb', 'explode', etc. that are totally inocuous in context, but were designed to trigger the algorithm.

Maybe i'll make my personnal server connect to random IP on port 80 to send data with such keywords.

> This law was voted by 30 delegates. From a total of 577

This is how democracy dies. Now the 95% other members of the National Assembly will say "that it's not their fault, because they didn't even vote for it!", if some major abuses happen due to this in the future. Despicable.

> This is how democracy dies.

We need a system of government that allows scientists and thinkers to have a weighted power balancing politicians. POliticians cannot be trusted by definition

No, you need direct democracy. With modern communications, there is no reason to organize frequent elections on key issues, like in Switzerland.

Direct democracy only works if most of the voters have: 1) sufficient general education; 2) sufficient domain education; 3) time to read the law; 4) time to reflect on the law; 5) peers to discuss at length and with depth the law; etc.

It's more efficient to have delegation systems. The problem is that both politicians and the press are corrupted delegation systems.

Well, you can have delegates that are not actual politicians. Agora Voting [0] (a secure direct democracy platform) allows this kind of political systems... Seriously, there's soft out there that can solve this problem. Thing is nobody gives a shit about these issues and people is brainwashed in such massive scale that horrendous laws are passed w/o proper public scrutiny...

[0] https://agoravoting.com/


I'm optimistic on this, but we need to have these new systems tested on a small scale - villages, small regions and countries - first. A big country won't push for it... and I think that most of the problems of it might be less relevant on small groups. Think diversity of origin, opinions, detachment from the end result, who pays for it... these are problems for a big country that don't exist in, say, a condominium!

Do you happen to have a link to an overview on how Agora Voting actually works? Their homepage is way too vague for me to actually get any useful information out of it, and I'm not sure where exactly to look in the GitHub org/repos.

So true. But..

"It has been said that democracy is the worst form of government except all the others that have been tried." - Winston Churchill.

Why is why we are proposing a new one

I agree. Important decisions shouldn't be left to easily manipulated masses. It shouldn't be left to politicians either. Most of these issues are so complicated that it should be handled by actual experts in that field. I'm always baffled to see politicians take offices/positions throughout their career that couldn't be more different - from agriculture to technology to foreign affairs. Are you telling me they can do it all? And even if so, wouldn't we be better off with actual experts?

I wish I could delegate my vote to a committee of my choosing, composed of people I respect, trust, and admire for their intelligence, integrity, and values. I would expect such a group to debate issues openly, and invite commentary from the voters. Something like a jury, but for a parliament.

Alternatives like direct democracy and demarchy only have to work better, not perfectly, to be preferable.

There is no reason to go from one extreme to the other. People, who wants, can have direct democracy and the rest can choose anyone to represent them. Do you see any weak points in such organization?

I'm not even sure elected politicians have all that. They're paid plants, might as well get rid of the middle-men here.

Not a silver bullet. With this we'd still have the death penalty; or voted for populists measures like banning minarets.

Completely agree, pseudoscience and fear mongering will rule the world if this happens...

Ooh, what a delightfully aristocratic objection. We can't give the lesser peoples self-rule, they'd rule themselves wrong!!

Have you considered any noblesse oblige-style colonization and rule of third-world nations? Sounds like a good match.

You can be as snarky as you want, but the fact is, I don't want the average dumbass on the street to have that much power over my life, and neither, I suspect, do you.

There has to be something resembling meritocracy in any functioning organization, and that includes a government.

The hard part is finding incentives not to get corrupted once you're in place.

I'm aware of the ethical implications, and I haven't made my mind on the matter (probably never will). I just said that it's not a silver bullet, and presented cases where it could go wrong.

That looks like the author is not saying "they'd rule themselves wrong", they're saying "they'd rule me against my wishes by voting conservative reactionary and ineffective laws into my life"

The feeling is probably mutual, for what that's worth -- as evidenced by the first amendment and a wave of religious-freedom restoration acts.

Postscript. You'd think a little geographic diversity and a federal system would let people let each other live in peace but instead we have national culture wars.

> We can't give the lesser peoples self-rule, they'd rule themselves wrong!!

I'd normally take your side on this, but then there's the fact that the Southern United States still exists and is a major reason why U.S. law borders on jingoistic theocracy.

So you are saying uninformed populist opinions should be made policy

Then you don't really believe in democracy, and I have to disagree.

Please take a look at what happened in Athens a few thousand years ago. You'll see that even then people were susceptible to fear mongering and manipulation, so in effect the real power was in the hands of a few. People has always been stupid, there's no way around that, sorry.

The Melian dialogue is what the poster is referring to here for those that did not any classics at school

Today I learned that the Athenians were assholes, at least for awhile. Who knew?

No, you have to understand how human nature works. Unfortunately, it is much easier to get people worked up about populist issues than about something that matters. I think the record speaks for itself.

I did for a while, but I have to admit the charm is wearing off.

Nope, and neither should you.

You might as well put those who control the media in charge and just skip the middleman then. News runs story "Tor is how pedophiles get access to your children, here is a line of a dozen different 'experts' explaining how." Tor is then made illegal.

I dare say that with enough media backing, I could get dihydrogen monoxide banned. It does kill a lot of children. It has been shown to be very important to terrorist. Companies like to put it in food unregulated because it lets them add mass for cheap.

Direct democracy is what gave us lovely things like California's three-strikes law that puts people in prison for life for their third non-violent felony (voted in by public referendum 72-28).

No, we just need to establish Neil deGrasse Tyson and Bill Nye as co-dictators of Earth. Democracy is overrated.

The bad effects of direct democracy can be seen in elected judges in the US.

In the US, many scientists are government vassals. They are not to be trusted, either.

Probably true elsewhere, but I only know the US.

Nobody dared to oppose because of the recent Charlie Hebdo attacks. The opposition had a deal with the government to let the law be passed.

I didn't realize there wasn't a quorum rule

In the constitution of the 5th republic, there is no quorum rule nor a "recall" referendum at mid-term nor a prohibition of multi tenures. That's why we need to change to basic rules of the institutions. We need rules to avoid such democratic thefts in the future, rules written by the people, not the politics professionals. This is what citizen groups like "Mouvement pour la 6eme République" advocates for (http://www.m6r.fr).

Even where there's no constitutional requirement to have a quorum for votes, it's still possible to have a rule of order requiring a quorum before a vote can take place.

Ireland is an example of this: for there to be a quorum in either house, at least twenty members have to be present. This means at least 1/3 of the Seanad (upper house, 60 seats) or 12% of the Dáil (lower house, 166 seats) must be present for either to form a quorum. That's not written in the constitution, but a standing order of the Oireachtas (parliament).

Even if France has no such requirement in its constitution, it's ridiculous that there isn't at least a parliamentary rule of order requiring it.

How's the constitution for the 6th one coming along?

Many ideas are gaining traction with these events : prohibiton of pultiple-tenure, quorum rule everywhere, "recall" referendum for every elected, a constition elected by non professional politics and prohibited to participate to any further election, etc...

The movement M6R's got ~85K signatures, and a grass-roots assembly with ~180 members, transparent auto-financing, but it still need to get much bigger in order to make the change of constitution the big main issue in the next presidential race in 2017. After 2017 I don't know, but changing the constitution, getting back democracy has to be in "every mouth" from now on.

It's not. There is some talk of a Sixth Republic during the presidential campaigns, generally from far-right or far-left parties, but the two main moderate parties do not want to hear about it.

French political life is characterized by a complete lack of impetus for change.

Typically in most systems, you need a quorum to hold a vote of any kind. I'm really not sure why you can only vote with 30 out of 577 in the French Assembly.

In the French system, a quorum has to be requested, but if it can't be assembled in 15mins, the vote goes ahead anyway: http://www2.assemblee-nationale.fr/decouvrir-l-assemblee/rol...

30 out of 577?! Is there no limit on a quorum in the Assembly? Might as well have a king.

Apparently, you have to request a quorum, and even then the quorum has to be assembled in 15mins, or else it's ignored and the vote goes ahead anyway to prevent 'obstruction': http://www2.assemblee-nationale.fr/decouvrir-l-assemblee/rol...

It's insane!

To be fair, we DID have a huge problem with obstruction. The laws regarding quorum were so large that even if very few people were missing, you could delay the law once again.

The 2009 reform was passed while Nicolas Sarkozy was still president, and he took great care of consolidating the power of the president while lowering the National Assembly's.

Just a word of caution. Sometimes I read "OffTheRecord" chatlogs that have been posted on Cryptome.

A false sense of security can be more risky business than weak security, as pertains to what gets exposed.

Obviously no tool like that can prevent the exposure of the contents of the chat, and hopefully nobody believes that.

It does have the very useful property of granting plausible deniability, though, by making it possible to forge messages after the fact.

If you want to use encrypted communication tools, but don't know if you can convince enough people in your network to join you, use this tool to activate your friends & family (to build critical mass): https://www.iWouldDo.it

Re IMSI Catchers: tear them down when you see them.

Except that you can't do that when they're in small suitcases held by security officials. Which it was, because the DGSE and CRS were in plain sight near the National Assembly, and there were no signs of IMSI catchers before this demonstration.

A small suitcase might get lost...

Not Pidgin! Jitsi.

Or Gajim.

Same here. I have written to my MP, try to call a few others. This is a sad show of incompetence and political irresponsibility.

TextSecure is either Text (SMS, which are not encrypted), OR secure (data). Not both simultaneously.

Yeah, I'm referring to the part where they use data. That said, didn't WhisperSystems remove the SMS part recently ? Or was it just SMS encryption ?

Just SMS encryption, which went to http://smssecure.org/, but having both installed leads to bugs.

Why would you recommend TrueCrypt? That's a terrible suggestion.

A lot of people seem who recommend TC seem to think the same about BitLocker. To be fair, TrueCrypt has been audited and the code is freely available; BitLocker is proprietary, and the code is only available to a select few under NDA.

TCs developers told you to stop using it, BitLocker's didn't. Even the people responsible for the audit recommend that people not use TC

As always, one must consider their own threat model and make an informed decision. I personally would use BitLocker over TrueCrypt, but LUKS over BitLocker.

I wouldn't consider TrueCrypt's license to be the best example of "freely available".

In this context, what's important is source-code availability to the general public. A program which has publicly-available source code but is released under a nonfree (or at least potentially nonfree) license is leaps and bounds better than one which doesn't even provide the source code.

Yeah, software freedom is a very good thing, but - in the context of security - it's the source code availability that matters, and that doesn't necessarily require a FOSS license.

Besides the knee-jerk reaction, it all depends on what you're defending against. If the NSA went around opening Truecrypt containers for every criminal case, their cover would be blown. So if you're keeping stuff from the local PD or thieves breaking into your house, even a supposedly backdoored app is better than cleartext.

That said, TC has been audited by what I hear is a reputable group of people, who say there's no evidence of severe crypto vulnerabilities.

You're missing the bigger issues related to TC, for example the fact that it doesn't even run on new windows versions (and never will)...

Thanks for the insightful comment explaining why.


I don't know the full story, but word 'round the campfire is that it's been compromised by a certain TLA.

In any case, there's huge red letters saying "TrueCrypt is not secure" right next to their download links: http://truecrypt.sourceforge.net/


> The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances. Your argument is just so wrong :/

Are you seriously implying that there's never any security issues discovered after audits?


Irish here (to give a context for a long time this place was synonymous with terrorism)

Quite a lot of Europeans scoffed at Americans in early 00s pointing (rightly) at the overreaction that followed such as {invading Iraq|Patriot Act|TSA crap|Further rise of the military industrial complex} for highly questionable reasons was.

It took much smaller (yet equally as appalling attacks as 9/11) in Spain, UK and France for most of European countries to go down similar paths as US when it comes to surveillance and the rise of the police states.

It seems to me that Islamic Extremism (while highly dangerous to everyone including Muslims themselves as ISIS have illustrated) is being used by politicians as:

1. A way to grab more power over the population

2. Not to appear as "weak"

So nutcase authoritarians following middle age teachings and stupidity are leading to rise of police/surveillance states which could be easily co-opted once the infrastructure is in place to result in what essentially is fascist / Orwellian places to live.

Ouch :(

An analogy would be a virus leading to an overreaction from white cells weakening/killing the host.

edit: What solution might I present to Islamism? Given an educated population the choice between living in prosperous and free countries and medieval backwater is a nobrainer. So the answer lies with education, economics and freedom. Quite alot of Muslims already go to great lengths to live in Europe/USA tho unfortunately the extremists pray on segregation and race and economic inequalities to drive their wedge and spread their virus.

Essentially we have this http://i.imgur.com/ALIbtVi.jpg

I doubt it has nothing to do with Islam. The real problem is that this is power for "free". They can do this because the population (except a few hackers, pirates and other freaks) doesn't care..

And I can't think in any way to change that. In fact, it's easy to see how it's going to grow worse.

"False Flag" is quite an assertion to be making.

Do you have proof..?

Not the person you're replying to but I'll answer anyway. The theory that the Charlie Hebdo attacks was a false flag attack was raised by Paul Craig Roberts of the Reagan administration.[1]

I find it a pretty incredible claim, but it's coming from a somewhat credible source regardless. Coupled with the fact that we do know false flag operations have been used and planned for use in the past, it's not hard to see why it's a theory given weight to.


The point raised in your link about "Why would Muslims be more outraged by cartoons in a Paris magazine than by hundreds of thousands of Muslims killed by Washington and its French and NATO vassals in seven countries during the past 14 years?" doesn't make sense considering the recent attack in Copenhagen, a planned assault against Jylland-Posten from a few years back, and the murder attempt of one of the Danish cartoonist. Unless you want to believe they were all false flag operations, but that's really going far.

I'll also point out that the Hyper Casher gunman was linked to the Kouachi (and even gave a TV interview).

The timing of the suicide, on the other hand, is certainly odd.

The claim would be a little more credible if there wasn't already a history of street demonstrations around the world calling for this type of attack (to say nothing of the celebrations afterward) and multiple threats of violence against the staff... also if he didn't drag a few 9/11-truther allusions into the matter.

Citation needed

> the French people

by French people you mean a few representatives?

The fact that only 30 of them bothered to show up tells you everything you need to know about the rest, really.

Get VPN and secure online traffic monitoring by anonymous this tools are perfect for online privacy and security: http://www.bestvpnservice.com/blog/personal-vpn-service/

The algorithm considers someone using Tor or VPNs as "suspect"

At least there the Congress approved the changes, while in the US everything is hidden from the citizens.

Which means that the french people are socialists in their hearts.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact