The EFF is complaining that we are lowering what amounts to be the Human Rights, and they are right. However the EFF hasn't succeeded in taming the US standard.
What may be happening here is pressure for an international agreement. We'll only have leverage to make a deal with the US if we (the rest of the world) practice the same disrespectful spy acts against innocent American citizen. Then we can agree on stopping our activities in a bilateral or UN agreement.
Of course what is funny about threats from my country is that we are quite powerless. We don't have the world's Facebook records, neither do we manage the world's largest email. With this kind of law, chances are we won't. I, for one, host my email neither in France nor in US.
For this threat to be leveraged against US, a lot of other countries have to do the same, until there's a major uprising against surveillance methods.
The world has changed. 20 years ago, the right to not be searched when traveling within a country was enough to protect most citizen. Now all citizen cross boarders once a year or use remote Internet websites, which in both cases dismisses their rights as citizen. We need a global protection against unwarranted searches.
Hi, I'm the author of the piece. What you describe, while astute, isn't what's going on here, because at the level these agreements are being made, the French intelligence services don't care that the NSA is spying on French nationals. There's no negotiation to be made: they simply want to maintain their existing capacity, but have been required to give it legal cover by the greater recent visibility of mass surveillance. In fact, among intelligence services of putative allies, having another friendly nation spy on your nationals grants you a potential advantage, since it means you can bypass domestic restrictions by simply trading intel with them. (It's also one of the reasons why bilateral agreements would be undermined, and difficult to initiate. They would also preserve the idea that some classes of innocent users are fair game for mass surveillance, while others deserve protection.)
France's surveillance advantage comes from its access to submarine cables rather than local servers. That's the information it will be collecting, and potentially trading with others.
Much of the problem here, I'd note, comes from not separating the defensive and offensive components of the intelligence services. Whatever you belief is the proportionate level of surveillance of a population, it's clear that an institution whose job was to protect the assets and personal data of a nation's population would have a very different attitude to letting others spy on its comma traffic than one which was primarily concerned with aggressively investigating other nations. Politicians are therefore hearing policy proposals from only one side of a debate. That's why they think that backdoors would help and not harm national security, and why they think spying on the rest of the world without oversight won't erode their own citizens' privacy.
I agree. The NSA/US gov could care less that France will spy on its citizens. For all we know they may already have a deal to do exactly that to bypass some of NSA's own restrictions of spying on Americans.
I think it's already known they do that with the GCHQ. And they make European countries spy on each other, too, while they promise them not to spy on them themselves, but then get the data from others. Sweden spies on Germany, Germany spies on Sweden - and NSA gets all of that data.
From everything they've said and done so far, it's also clear the NSA would rather maintain the status quo of an insecure Internet and insecure computers, backdoored encryption and whatnot, even if the US has the "most" to lose, as long as they can use that insecurity to spy on others, too. They much rather prefer this scenario than if say 99% of the global population were all using end-to-end encryption and let's say Qubes OS.
This seems exactly backwards for a national "security" agency, especially with all of their recent calls for increased "cybersecurity", but there you go.
The NSA makes the Swedes spy on the Germans? Is there any way they can get control of their country back? And why would they even need to when Germany is littered with US military bases?
In part I agree fully with the notion that nation trade intel in order to bypass domestic restrictions, but state sponsored industry espionage has also recently seen an increase (if you go by number of news article). In that race you need your own system to hack, grab and steal, as it would not make sense for the US to sell information if they already got a national actor that wants it.
First Chinese start doing something that goes against human rights.
Then US notices it and thinks, well the Chinese are getting away with it, perhaps if we keep it really well in secret, we can also do this on larger scale.
Then Russia will also start doing it in more open and receives the blame but does not care.
Then it hits the fan for the US and Russians start pointing that see, Americans are also doing it.
Now everyone wants to do it (well, most of them are doing it already).
I dunno, if France (or any country) was interested in tactics for curtailing NSA spying on French citizens, there are other, more effective options.
For example, they could make it illegal for a company to make available the private communications of French residents to any third party, explicitly sovereign intelligence agencies.
I think this would put Facebook, Google and such into a catch 22 and pressure for an agreement would come from companies like these. Imagine Facebook being prosecuted in France for complying with an NSA directive. It would be especially effective if done as part of a big case/effort where sovereign intelligence agencies included rivalrous countries (Russia, US, China) that don't like to be compared to one another.
> For example, they could make it illegal for a company to make available the private communications of French residents to any third party, explicitly sovereign intelligence agencies.
You mean like Ireland? That's working really well so far.
I think it is fair that any company lives by the rules of a country it wishes to make business in. I don't like the idea that companies whether they be foreign or not set the rules of the game. This is up to politics whether companies like this or not. Therefore, as a European I would welcome any ruling which forbids transfer of personal data outside the realm of the jurisdiction I am living under. This might be uncomfortable for Google or Facebook but I think especially the handling of personal data is more important as whether it is convenient for them to do business here.
The problem is that the internet has muddied what it means to do business in a country. If a Frenchman does a Google search, is that really Google doing business in France? Or even more ridiculously, what if I, who am not French, search for information about a French business or citizen? France seems to think it should have some power in these situations. That's not a reasonable demand.
I sincerely hope Google refuses to bend just to see if France has the balls to try and enforce their dumb laws. Maybe they will set up their own national search engine "froogle" that will refuse to perform searches for 12 hours every week because it's on strike.
I think he means that the French are insisting that Google not only censor the search results for Frenchmen, but also for Americans. That is never going to fly.
Well, you seem to have got some pieces that you didn't assembly.
International treaties are toothless. It's not only France that is powerless, everybody is. So, it does not matter what a treaty you get out of this, the US will keep spying on your people.
What France loses with this law is the credibility to create companies that offer "no spying" as a feature. That may be important on the future, or may not. In exchange for that, France is getting the capacity to spy on its own people by entering in agreements with other countries.
Not sure why the downvotes.
allow me to add some context: the woman is axelle lemaire[1] current Minister for Digital Affairs, the man is Benjamin Bayart[2] was president of the oldest french isp still active today, french data network, for 15 years, now president of ffdn the federation of non profit grass root french ISPs, member of la quadrature du net[3] and active defender of internet freedom who fought against the stupid laws. They're both invited to discuss the not yet passed at the time law "loi renseignement" that created the legal frame for this spying.
In the video the minister states that every other "significant democracies" are doing it (passing or discussing spying laws) and asks why is it happening now to which Benjamin Bayart offers an explanation: as the USofA is backpedaling on the patriot act and spying, the countries that profited from swapping info with the US got afraid they's risk losing their source of info and launched an effort to do it themselves (or more likely give a legal framing to a practice already in place).
> The United States makes an improper division between surveillance conducted on residents of the United States, and the surveillance that is conducted with almost no restraint upon the rest of the world.
> Treating two sets of innocent targets differently is already a violation of international human rights law.
It was bothering me for quite a while. I'm not an American. So what? I have lesser privacy rights?! Am I lesser human? Is spying okay as long as it's not spying on you?
Biggest problem from my point of view is that the US also happens to be the steward of the Internet. This public screwup represents the perfect opportunity for governments of the world to balkanize the Internet, as in further splintering it in geographic and commercial boundaries. Countries like China now have valid arguments in the eyes of the Chinese for blocking foreign websites and services. And more and more national firewalls will happen, firewalls that will crush freedom of speech and that will end the free trade.
I'm not sure if the age of the free Internet we've been enjoying is coming to an end, but you can bet your ass that governments are trying to end it. And the US government doesn't even seem to comprehend how big their screwup is.
>"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." //
This does not put a geographic limit, so all citizens (I think "the people" here is clearly a reference in context to citizens) should be excluded from having their data seized without warrant. That's got to be hard with USA citizens appearing in most populations and internet data not being clearly from any particular citizen or other person [they'll need an "isCitizen" bit so that all data packets from USA citizens can be dropped before inspection!].
Moreover the 14th Amendment to the USA Constitution appears to extend protections to all "persons", viz:
>"No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws." //
If the internet is under USA jurisdiction then persons there should be extended the "equal protection of the laws". One such law being that you need a warrant to search their "papers, and effects" [which clearly purposes to protect private correspondences].
Not sure how it works in the USA - to bypass this Federal operations could be considered to be outwith the jurisdiction of any state?? That would seem to require the people involved to not be citizens of the USA though, as they would then fall under the requirements for their State of residence to ensure the protection of the laws extends to people [everywhere].
"People" in the 5th Amendment means "people", not citizens; 5th Amendment protections are not limited to citizens.
But note that it has no explicit warrant requirement; just a reasonableness requirement and a limit on when warrants shall issue. It's read as implicitly requiring warrants in most cases for reasonableness, but there are plenty of exceptions.
For many (all?) situations the federal government considers itself the district of columbia which is not a state and is a federal territory. The Fed is thus not a state but a supra-state entity that operates outside what states would consider acceptable. They routinely trample individual and states rights. It is ironic considering the history of why the U.S. was founded that we have given in to a domestic version of the same tyranny.
This a structural problem; even if the language of the Constitution confers protection on foreign citizens (which I believe it does, to some extent), there are only certain situations in which foreign citizens have standing in U.S. courts.
If they don't reside in the U.S. they basically have no venue to ask for relief. Even if the parent is right that it is a violation of international law, enforcement of international law is essentially voluntary.
All countries should create their own facebooks and invite Americans to join theirs. It's sort of stupid to allow Facebook into any country unless all of its business operations and servers are based in the said country with proper controls. Even then that does not preclude the US government forcing Facebook to turn over data on Non-US citizens to itself.
Facebook is the #1 vector of US government's indiscriminate spying on everybody's else's citizens. Google comes a close second, but you don't generally give Google as many personal details as you give to Facebook. At least not by your own free will.
And that's really the problem that France has, everyone uses American services so America can basically create a dossier on everyone. No one uses French services other than French citizens, and perhaps a few other souls.
Next week's EU data protection "safe harbour" decision may require exactly that: Facebook may no longer be allowed to export personal data from the EU.
Edit: data protection would also have a huge effect on the "peeple" app, discussion of which seems to be banned on HN.
Nobody should be allowed to export personal data from such jurisdictions except for the owners of that data themselves. A U.S.-ian should be allowed to decide to trust their personal data to a company inside E.U. jurisdiction but that company shouldn't be allowed to trade that data anywhere else (especially, back to the U.S.). Of course, that's a complete pipe dream, and I'm just hallucinating.
I imagine that would only apply to sites which store PII[1]. The database should be located under the same jurisdiction (which doesn't mean every country, since some will have treaties to allow exporting to certain places (EU for example)) as the person whose data it is, and the data should not be transferred through other jurisdictions.
Well, pretty much any website stores an email, name and password. Every startup would need to look at all the bilateral treaties between every major country in the world. This is simply impractical.
Already in proposal stage in many places. My current home, Thailand, just announced plans for their own version. I am not amused.
However, hilarity has already ensued. The gov here is so incompetent that they couldn't even make an annoucement without having a bunch of gov websites taken down by a manual DDOS attack yesterday [1]. A few thousand people coordinated via social media to repeatedly visit the gov's ICT website which brought it to a standstill. Yet the gov thinks they can manage a single internet gateway to facilitate surveillance and it won't be ruinous.
The alternative is that Microsoft, Apple, Facebook, etc build their own Great Firewalls and become countries. I'd prefer that but many people have a strong sentimental attachment to countries based on geography.
Better solution, don't allow governments to spy in the first place.
Facebook and Google don't want to give up data, they are effectively being coerced into handing over data.
> Facebook and Google don't want to give up data, they are effectively being coerced into handing over data.
How do you know this? They get paid for the data and selling it to the government guarantees that they will be allowed to keep collecting it in the future. It's clearly a mutually beneficial agreement.
You misunderstand the word 'choice'. You have a choice to go on sites with Google Analytics, you are not being coerced into using their products. You have a choice to not give out your number to those whom have Android phones, you have a choice not to use Facebook.
You have a lot of choice, you are just choosing not to use the alternatives.
Whereas Google and Apple are being threatened by force to hand over data, they do not have a choice.
On your last point, you want the same people who demand and coerce data from Google and Apple, also be the same people who make the rules for Google and Apple?
I love the EFF, but honestly, I'm not sure what they can do about this, other than educate and inform.
The US, the rest of the Five Eyes, France, China, Russia, along with every state that has the ability has been, and will continue to spy illegally on the rest of the world.
Passing laws to either allow or prohibit this activity is nothing but political posing so long as the laws have no determination on the penalties applied to breaking said laws.
Did Clapper get imprisoned for lying to congress?
Did Litvinenko get a fair trial for "exceeding the authority of his position"?
Does anyone believe that Snowden would get fair treatment from an unbiased jury?
This is the theater of international espionage. Without transparency, honesty and consistency, complaining about the laws, or lack thereof, is pretty much a waste of time.
Or maybe I'm just overly cynical and we'll eventually get an Erin Brokovich of international espionage to blow the lid off the whole deal and hold the bastards accountable.
I've been a web developper for more than 15 years now and I try to follow what's going on with digital laws in France and Europe thanks to "la quadrature du net". I try to inform people around me but most people don't have any interest in digital laws, because 1) most medias don't talk about it or in a caricatural way. 2) People and most member of parliament don't undestand these laws. 3) Lobbys knows 1) and 2)
The results is that any digital law bills can be passed along easily as long as it doesn't disturb any strong lobbys in place as media won't talk about it and people and member of parliament won't speak up anyway.
Those who understand why these laws could turn very bad are a really small minority, and small minority without lobby means can be very badly represented in a democracy. Honestly I lack imagination to think of something more to do that could make significant change here.
At least somebody is charging the windmills and making a fuzz even though it quite probably will lead to nothing. Not quietly follow the hearder into the darkness like most of us do.
In fact, even if it is virtually hopeless we need to at least try. Otherwise we have truly lost. So all cudos and support to EFF, journalists and others that keep up the work despite all odds.
The bill is simply aimed at "legalizing" practices that have been going on for years. Also, since the Snowden leaks, some actors have started to question the legality of some practices, and this bill would address those concerns.
For instance, French secret services used to be able to get phone records for someone by simply calling the phone company; now, phone companies are feeling uneasy about the lack of legal frame for these practices.
I think it's pretty safe to presume that all countries are doing it already, within their technical capabilities. I'm also pretty sure they will continue to do it, regardless of any local or international laws, simply because today information means power, and I can't imagine that any government would be ready to just let it slip out of their hands.
The important point: is it the police or the military?
If only military gathers data and everything is arranged in civilided manner, then there is no way civillian could go to jail for writing the wrong sentence on facebook.
I know it's easy, but i can't help remember that every single terrorist that striked in the last years in france were already identified by security services, and for a very long time.
For what i know, the problem in France seems to be much further down the data pipe, aka not enough (competent) humans analysing the threat data. I very much doubt flooding those services with an even bigger stream of information will help in any way.
Hell, why shouldn't they. The USA has already done it, why not them too. Maybe there is actually even some sort of kind of MAD principle in that concept. I don't really see how it would end up well, but it at least has a chance of a positive outcome relative to the USA dominating and spying on the world unilaterally.
I guess the ideal situation would be a transglobal civil intelligence corp that hacks and publicly publishes the secrets of governments their officials and corporations. A crowd-sourced intelligence organization that tracks public figures and agents and activities across the globe.
> The original surveillance law included limits on data retention when spying on French nationals (30 days for the content of communications, four years for metadata, six years for encrypted data). The new international limits are much longer—one year, six years, and eight years respectively.
I can't imagine any of that will be allowed by the EU Justice Court. Now who's going to sue the French government?
The EUCJ is also going to rule on Europe vs Facebook case next week, which will affect the EU-US Safe Harbor agreement as well, and possibly some of these new spying laws in the EU. I can't wait (I think it will be a positive ruling).
The EFF is complaining that we are lowering what amounts to be the Human Rights, and they are right. However the EFF hasn't succeeded in taming the US standard.
What may be happening here is pressure for an international agreement. We'll only have leverage to make a deal with the US if we (the rest of the world) practice the same disrespectful spy acts against innocent American citizen. Then we can agree on stopping our activities in a bilateral or UN agreement.
Of course what is funny about threats from my country is that we are quite powerless. We don't have the world's Facebook records, neither do we manage the world's largest email. With this kind of law, chances are we won't. I, for one, host my email neither in France nor in US.
For this threat to be leveraged against US, a lot of other countries have to do the same, until there's a major uprising against surveillance methods.
The world has changed. 20 years ago, the right to not be searched when traveling within a country was enough to protect most citizen. Now all citizen cross boarders once a year or use remote Internet websites, which in both cases dismisses their rights as citizen. We need a global protection against unwarranted searches.