|
ArthurMERLEBERALFirstPaper 3 - 29 Apr 2015 - Main.ArthurMERLEBERAL
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
| |
<
< | Data protection in France following the terrorist attacks in Paris: Nothing new under the sun | >
> | Surveillance in France following the terrorist attacks in Paris: Nothing new under the sun | | |
Introduction | |
<
< | The terrorist attacks that occurred in Paris between the 7th and the 9th of January 2015 have been called the “France’s 9/11” by certain international and French newspaper. If, from an operational point of view, these attacks largely differ from what happened in the United States in 2001, from a legal standpoint, however, they may trigger the same consequences, especially with regard to data protection. | | | | |
<
< |
"Data protection" doesn't mean surveillance. The essay is confusing for its determination to confuse the two subjects. If the point is that French law is a confusing mass of pretences masking an out-of-control listening system, which is true, why don't you write about those facts instead of the ridiculous and irrelevant formalities?
| >
> | The terrorist attacks that occurred in Paris between the 7th and the 9th of January 2015 have been called the “France’s 9/11” by certain international and French newspaper. If, from an operational point of view, these attacks largely differ from what happened in the United States in 2001, from a legal standpoint, however, similar consequences could be expected, especially with regard to surveillance. It is at least what arose out of the speech of the French Prime Minister, where he mentioned the Patriot Act enacted by the United States after 9/11.
The French government has indeed undertaken to reform several aspects of its national legislation in relation to surveillance. A new law should be enacted within the next few weeks. Despite the deceiving name of its title – “Law on Intelligence” – the government’s intent is univocal. Its purpose is to put in place a system of mass surveillance. However, the current fuzziness in the area of surveillance (1) leads to wonder what genuine impact, if any, the new legislation will have on French citizens (2).
1. Fuzzy Surveillance in France | | | | |
>
> | Following the terrorist attacks in Paris, the French Prime Minister had contemplated the potential enactment of a French “Passenger Name Record” (“PNR”) system, designed to broaden the possibilities to collect, process and transfer personal data. Five months later, whereas a bill is currently discussed before the national Parliament, there are no traces of such system. The reason might be because it already exists. | | | | |
<
< | Indeed, the French government, as it has already mentioned, intends to reform several aspects of its national legislation in relation to data protection and has called for the European Union to act similarly. Listening at the speech of the French Prime Minister, one could not miss the references made to the Patriot Act enacted by the United States after 9/11. Although no legislative step has been undertaken yet, I believe that this situation deserves an overview. Therefore, I will consecutively address (i) the current French law on data protection and (ii) the purported reforms announced by the French government. | >
> | Furthermore, the Prime Minister also mentioned that France was envisioning the adoption of a “French Patriot Act”. Will France go as far as the US? Or isn’t it already the case? After all, when authorized by the Prime Minister, police officers are currently allowed to collect any electronic data and to intercept any electronic communications for the purpose of identifying and preventing – in real time – potential threats to the national security. This legislative arsenal, which entered into force on 1st January 2015, did not prevent terrorist attacks to occur in Paris. Thus, although the reinforcement of surveillance did not work in the first place, further legislative steps are being taken in this direction. | | | | |
<
< | i. The current French law on data protection | >
> | 2. From Surveillance to Mass Surveillance: A Real Impact? | | | | |
<
< | On 6th January 1978, France enacted the Law on Information Technology, Data Files and Civil Liberty. France was thus one of the first countries that adopted a law dealing with computers and freedoms. This law established the Commission Nationale de l’Informatique et des Libertés (“CNIL”), an independent administrative authority whose main goal is to ensure the protection of personal data. Since then, the Law of 1978 has been modified by the Law of 6th August 2004, which transposed the 95/46/EC Directive into national legislation.
The CNIL is one of the leading European authorities fighting for the protection of data protection. For instance, in its highly publicized decision against Google Spain on 13th May 2014, the European Court of Justice took up the economic approach adopted by the CNIL in its decision against Google on 3rd January of 2014.
Moreover, the French legal regime of data protection is of a criminal nature. Indeed, violation of the Law of 1978, as modified, may trigger fines up to ¤1,5 million for legal persons and up to ¤300,000 for natural persons as well as up to 5 years of imprisonment.
In addition, regarding the transfer of personal data outside the European Union, the CNIL, pursuant to the 95/46/EC Directive, has set out different procedures depending on the country to which personal data are transferred. Transfers of personal data to countries whose level of data protection are deemed to be equivalent to the European Union are easily accomplished by filing a form with the CNIL. However, it is strictly forbidden to transfer such data to countries where the level of protection is considered insufficient, unless the company undertaking a data transfer within its own structure has adopted Binding Corporate Rules or if the two companies that are parties to a data transfer have signed standard contractual clauses adopted by the European Commission.
The terrorist attacks in Paris have not called into question the missions or the existence of the CNIL. However, one could believe that the potential enactment of a purported French “Passenger Name Record” (“PNR”) system, as announced by the Prime Minister, would broaden the possibilities to collect, process and transfer personal data. | >
> | By and large, the Law on Intelligence is aimed at protecting the major interests of French foreign policy, as well as the economic, industrial and scientific major interests of France, and the safety of the Republic. This catchall phrasing may explain the presence of the adjective “mass” before “surveillance”. But, further than that, it is hard to see any change. | | | | |
>
> | Beware! One might say. The National Commission controlling intelligence techniques will replace the Commission controlling interception of telecommunications. This new body will process all intelligence requests except, of course, in emergency and “absolute” emergency situations. Then, one may wonder what will be its actual role, if any?
In addition, citizens will be able to seize the French Administrative Supreme Court if they consider to be unjustly spied on. Well thought! But, how will citizens know that they are being spied on? I have no idea. | | | | |
<
< | ii. The purported reforms announced by the French government | >
> | On top of that, the use of IMSI-Catchers (a telephony eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users) by authorities will be lawful. However, the latter already use this tool outside any legal frame. | | | | |
>
> | So, what’s new? The Law on Intelligence should enable the automatic process of metadata through an algorithm designed to detect suspicious behaviors on the Internet. Those metadata are supposed to be anonymous. But, paradoxically, they should also enable the identification of suspects by the authorities. How is it possible? Again, I have no idea. | | | | |
<
< | In fact, the purported adoption of a PNR system by France would be nothing more than a scam since this system is already in place. Not surprisingly, the speech given by the Prime Minister following the terrorist attacks was merely political. Indeed, Article 7 of the Law on the fight against terrorism of 23rd January 2006 expressly authorized the collect and process of PNR data even though “sensitive” data, as defined by the Law of 6th January 1978, could not be used. Thus, for instance, the use of data revealing what meals passengers ordered was forbidden. Although this article has been abrogated, an equivalent provision remains in force in France. Moreover, for a long time, the French Code of Customs has enabled customs officers to “require the submission of papers and documents of any kind, relating to operations of interest for their services, regardless of the medium”. Consequently, customs officers are authorized to collect PNR data.
Furthermore, the Prime Minister also mentioned that France was contemplating the adoption of a “French Patriot Act”. Considering the domestic and European obstacles that the government would have to surmount, the transposition into French law of a US inspired Patriot Act is not really on the agenda.
Nevertheless, a controversial step towards the reinforcement of mass surveillance has already been made through the enactment of the Law on military programming of 18th December 2013. Accordingly, where authorized by the Prime Minister, police officers are allowed to collect any electronic data and to intercept any electronic communications for the purpose of identifying and preventing – in real time – potential threats to the national security. Despite the apparent violation of both the right to liberty and security and the right to privacy enshrined in the European Convention on Human Rights and whose constitutional value has been established by the Conseil Constitutionnel (French Supreme Court), the latter has upheld the preventive aspect of the Law, as described above. This Law entered into force on 1st January 2015. Yet, this legislative arsenal did not prevent terrorist attacks. Stiffening mass surveillance did not work in the first place but it makes no doubt that further legislative steps in this direction will be taken. | >
> | Beyond the fact that Internet service providers will have leeway to identify what constitutes metadata and what is part of communication contents, I find hard to believe that this algorithm was specifically created for the purpose of this Law. Put another way, it is probable that the Law will merely make lawful an instrument that was unlawfully relied on by authorities. In this respect, the explanatory memorandum of the Law on Intelligence acknowledges the current legislative loopholes, thus implying the de facto existence of the mechanisms it purports to put in place. Therefore, it is doubtful that the Law on Intelligence will actually have any impact on citizens’ surveillance. It will, however, legitimize procedures and techniques that already existed. This is what French media reveals by denouncing a false transparency campaign led by the government through the enactment of the Law on Intelligence. | | |
Conclusion | |
<
< | Surveillance has certainly been strengthened since the terrorist attacks but French law on data protection has not been formally impacted yet. However, it would be naïve to believe that the assault on privacy is over. Here is the paradox: rather than reinforcing our liberties whose scope has been temporarily reduced by the terrorist attacks, the legislative reforms will follow the same path. | >
> | The Law on Intelligence will not clarify the area of surveillance in France. It will remain as obscure as it was. At first glance, I was thinking that this reform would at least make citizens aware of the fact that each of their clicks is being watched. But, on further examination, it appears that 27% of French nationals have not heard anything about this Law. And 40%, if they have heard about it, are incapable to describe its objectives and contents. It is in fact not surprising since the vocabulary used in this Law remains largely unknown and unexplained to the population. The question is then whether it is on purpose? | | | | |
<
< |
This draft doesn't talk about facts. It talks only about a tiny number of largely irrelevant legal formalities. The way to improve the draft is to describe what actually happens, or to admit that you don't know and can't find out.
| | | |
|
|
ArthurMERLEBERALFirstPaper 2 - 26 Apr 2015 - Main.EbenMoglen
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
Data protection in France following the terrorist attacks in Paris: Nothing new under the sun | | | Introduction | |
<
< | The terrorist attacks that occurred in Paris between the 7th and the 9th of January 2015 have been called the “France’s 9/11” by certain international and French newspaper. If, from an operational point of view, these attacks largely differ from what happened in the United States in 2001, from a legal standpoint, however, they may trigger the same consequences, especially with regard to data protection. Indeed, the French government, as it has already mentioned, intends to reform several aspects of its national legislation in relation to data protection and has called for the European Union to act similarly. Listening at the speech of the French Prime Minister, one could not miss the references made to the Patriot Act enacted by the United States after 9/11. Although no legislative step has been undertaken yet, I believe that this situation deserves an overview. Therefore, I will consecutively address (i) the current French law on data protection and (ii) the purported reforms announced by the French government. | >
> | The terrorist attacks that occurred in Paris between the 7th and the 9th of January 2015 have been called the “France’s 9/11” by certain international and French newspaper. If, from an operational point of view, these attacks largely differ from what happened in the United States in 2001, from a legal standpoint, however, they may trigger the same consequences, especially with regard to data protection.
"Data protection" doesn't mean surveillance. The essay is confusing for its determination to confuse the two subjects. If the point is that French law is a confusing mass of pretences masking an out-of-control listening system, which is true, why don't you write about those facts instead of the ridiculous and irrelevant formalities?
Indeed, the French government, as it has already mentioned, intends to reform several aspects of its national legislation in relation to data protection and has called for the European Union to act similarly. Listening at the speech of the French Prime Minister, one could not miss the references made to the Patriot Act enacted by the United States after 9/11. Although no legislative step has been undertaken yet, I believe that this situation deserves an overview. Therefore, I will consecutively address (i) the current French law on data protection and (ii) the purported reforms announced by the French government. | | |
i. The current French law on data protection | | | Surveillance has certainly been strengthened since the terrorist attacks but French law on data protection has not been formally impacted yet. However, it would be naïve to believe that the assault on privacy is over. Here is the paradox: rather than reinforcing our liberties whose scope has been temporarily reduced by the terrorist attacks, the legislative reforms will follow the same path. | |
>
> |
This draft doesn't talk about facts. It talks only about a tiny number of largely irrelevant legal formalities. The way to improve the draft is to describe what actually happens, or to admit that you don't know and can't find out.
| | | -- By ArthurMERLEBERAL - 05 Mar 2015 |
|
|
ArthurMERLEBERALFirstPaper 1 - 05 Mar 2015 - Main.ArthurMERLEBERAL
|
|
>
> |
| META TOPICPARENT | name="FirstPaper" |
|---|
Data protection in France following the terrorist attacks in Paris: Nothing new under the sun
Introduction
The terrorist attacks that occurred in Paris between the 7th and the 9th of January 2015 have been called the “France’s 9/11” by certain international and French newspaper. If, from an operational point of view, these attacks largely differ from what happened in the United States in 2001, from a legal standpoint, however, they may trigger the same consequences, especially with regard to data protection. Indeed, the French government, as it has already mentioned, intends to reform several aspects of its national legislation in relation to data protection and has called for the European Union to act similarly. Listening at the speech of the French Prime Minister, one could not miss the references made to the Patriot Act enacted by the United States after 9/11. Although no legislative step has been undertaken yet, I believe that this situation deserves an overview. Therefore, I will consecutively address (i) the current French law on data protection and (ii) the purported reforms announced by the French government.
i. The current French law on data protection
On 6th January 1978, France enacted the Law on Information Technology, Data Files and Civil Liberty. France was thus one of the first countries that adopted a law dealing with computers and freedoms. This law established the Commission Nationale de l’Informatique et des Libertés (“CNIL”), an independent administrative authority whose main goal is to ensure the protection of personal data. Since then, the Law of 1978 has been modified by the Law of 6th August 2004, which transposed the 95/46/EC Directive into national legislation.
The CNIL is one of the leading European authorities fighting for the protection of data protection. For instance, in its highly publicized decision against Google Spain on 13th May 2014, the European Court of Justice took up the economic approach adopted by the CNIL in its decision against Google on 3rd January of 2014.
Moreover, the French legal regime of data protection is of a criminal nature. Indeed, violation of the Law of 1978, as modified, may trigger fines up to ¤1,5 million for legal persons and up to ¤300,000 for natural persons as well as up to 5 years of imprisonment.
In addition, regarding the transfer of personal data outside the European Union, the CNIL, pursuant to the 95/46/EC Directive, has set out different procedures depending on the country to which personal data are transferred. Transfers of personal data to countries whose level of data protection are deemed to be equivalent to the European Union are easily accomplished by filing a form with the CNIL. However, it is strictly forbidden to transfer such data to countries where the level of protection is considered insufficient, unless the company undertaking a data transfer within its own structure has adopted Binding Corporate Rules or if the two companies that are parties to a data transfer have signed standard contractual clauses adopted by the European Commission.
The terrorist attacks in Paris have not called into question the missions or the existence of the CNIL. However, one could believe that the potential enactment of a purported French “Passenger Name Record” (“PNR”) system, as announced by the Prime Minister, would broaden the possibilities to collect, process and transfer personal data.
ii. The purported reforms announced by the French government
In fact, the purported adoption of a PNR system by France would be nothing more than a scam since this system is already in place. Not surprisingly, the speech given by the Prime Minister following the terrorist attacks was merely political. Indeed, Article 7 of the Law on the fight against terrorism of 23rd January 2006 expressly authorized the collect and process of PNR data even though “sensitive” data, as defined by the Law of 6th January 1978, could not be used. Thus, for instance, the use of data revealing what meals passengers ordered was forbidden. Although this article has been abrogated, an equivalent provision remains in force in France. Moreover, for a long time, the French Code of Customs has enabled customs officers to “require the submission of papers and documents of any kind, relating to operations of interest for their services, regardless of the medium”. Consequently, customs officers are authorized to collect PNR data.
Furthermore, the Prime Minister also mentioned that France was contemplating the adoption of a “French Patriot Act”. Considering the domestic and European obstacles that the government would have to surmount, the transposition into French law of a US inspired Patriot Act is not really on the agenda.
Nevertheless, a controversial step towards the reinforcement of mass surveillance has already been made through the enactment of the Law on military programming of 18th December 2013. Accordingly, where authorized by the Prime Minister, police officers are allowed to collect any electronic data and to intercept any electronic communications for the purpose of identifying and preventing – in real time – potential threats to the national security. Despite the apparent violation of both the right to liberty and security and the right to privacy enshrined in the European Convention on Human Rights and whose constitutional value has been established by the Conseil Constitutionnel (French Supreme Court), the latter has upheld the preventive aspect of the Law, as described above. This Law entered into force on 1st January 2015. Yet, this legislative arsenal did not prevent terrorist attacks. Stiffening mass surveillance did not work in the first place but it makes no doubt that further legislative steps in this direction will be taken.
Conclusion
Surveillance has certainly been strengthened since the terrorist attacks but French law on data protection has not been formally impacted yet. However, it would be naïve to believe that the assault on privacy is over. Here is the paradox: rather than reinforcing our liberties whose scope has been temporarily reduced by the terrorist attacks, the legislative reforms will follow the same path.
-- By ArthurMERLEBERAL - 05 Mar 2015 |
|
|