You are here

France seeks new international mass surveillance powers

Today Privacy International together with other international human rights organisations call on the French parliament [PDF] to reject a bill on international surveillance, which, as it is currently worded, fails to protect and respect the right to privacy of individuals worldwide.

In June this year, the French parliament passed a law regulating the work of the intelligence services that will greatly undermine the privacy of French residents. Soon after, the French Constitutional Council struck down provisions of that legislation related to international surveillance. Now the French government is back with a new piece of legislation aimed at “completing” its expansion of powers to intercept communications: this time it is international surveillance the parliament will have to debate.

Unregulated surveillance powers need to be put under a legal framework. However, we have grave concerns about the bill proposed, which will affect the right to privacy of anyone outside of France. The bill sanctions mass surveillance of everyone outside of the France. The Prime Minister authorises all interceptions, undermining the principle that such intrusive surveillance must be authorised by an independent judicial authority. The bill contains many more worrying elements from the duration of compelled data retention (up to six years) to a discriminatory double standard based on nationality or residence. As it stands the bill falls short of France's obligations under international human rights law.

Mass surveillance by default

The bill sets a precedent by allowing the Prime Minister to order interceptions not on a case-by-case basis but by designating entire geographic zones, companies, organisations or groups of people as targets. The bill sets no limit for those authorisations: an entire country or even an entire continent – Africa for instance – could be placed under surveillance. The authorisations for interception are granted for 4 months (a year for metadata interception) but can be renewed indefinitely. No detail is given as to the types of technologies that will be used to intercept and analyse the data.

The bill draws a distinction between “French communications” - which will be deleted if intercepted under this bill – and foreign ones. A French phone number is defined as being “tied to the national territory”, like any number starting with 0033. This distinction is inherently discriminatory on prohibited grounds of nationality. It will also lead to a double standard for French citizens, those living in France on the one hand, and the estimated 2.5 million living abroad on the other hand, who will risk being affected by this mass surveillance if they live in a targeted zone.

All powers to the prime minister... again

Back in March this year, we alerted the French members of parliament about the risks involved in granting the Prime Minister complete power in terms of authorising interceptions, with only a weak post-facto oversight. Once again, this bill grants the Prime Minister the power to authorise interceptions based on requests coming from ministers. The National Commission for the Control of Intelligence Techniques – created this year under the previously-passed surveillance law – will only be empowered to verify the compliance of the interception measures with the law. Its recommendations are not binding to the Prime Minister, although the Commission can refer the case to the Council of State if the recommendations are not accepted. Moreover the Prime Minister will be in charge of planning the type of surveillance infrastructure chosen to intercept and store the data, as well as the way the data collected will be centralised.

Data retention for up to 6 years

The duration of data retention is substantially extended compared to the domestic standard. Communications content can be stored for up to a year once the content has been accessed for the first time, with a limit of fours years from the moment the content has been collected. For domestic interception content can only be retained for 30 days once it has been accessed for the first time. International metadata can be stored for six years, instead of four for domestic metadata.

UN human rights independent expert bodies have recognised that States are legally obliged to afford the same privacy protection for nationals and non-nationals and for those within and outside their jurisdiction. Asymmetrical privacy protection regimes are a clear violation of the requirements of international human rights law. The bill, as it stands, is a blatant example of the such a discriminatory double standard.

The bill will be debated at the French parliament on October 1st 2015. Privacy International calls every member of parliament to take into account the highly concerning aspects of this bill and to stand against it. The UN Human Rights Committee has already censored France's previously-passed surveillance legislation on the grounds that it was not in compliance with Article 17 of the International Covenant on Civil and Political Rights. The Committee recommended that any interference with the right to privacy as a result of surveillance activities, both internal and external, complies with the principles of legality, necessity and proportionality. It is up to the parliament to ensure that this bill is amended to meet these internationally recognised standards.