Bernard Cazeneuve, our ministre de l'Intérieur (Tasked with internal security, i.e. police etc.) has also declared the right to private life to not be a freedom. (https://www.youtube.com/watch?v=WODKfxtJQbE)
This law was voted by 30 delegates. From a total of 577. This is what we can expect of our National Assembly. I expected a bit more of them considering they were 40 (!) to debate it. And they were granted a whole two minutes to explain themselves. To debate a law that allows bypassing judges, installing black boxes (read: DPI tools) anywhere without needing a judge, and quite a few more fun things.
To any french reader here (or any reader in a country whose laws explicitly allow this type of mass surveilance) :
* Use LetsEncrypt to get an SSL certificate for your website (or selfsign one with the proper configuration). Not that this will matter much because this law will allow them to ask you to hand over your private keys
* Use TrueCrypt v 7.1a, the latest and audited version for you hard drive, or use LUKS if you're on Linux.
* Use TextSecure and RedPhone. While I'm not aware of any recent audits, it's a hundred times better than going through regular channels.
* Use Pidgin+OffTheRecord for your private chats.
I am so fucking mad. And have no doubts, the senate will pass this. The worst (best) that could happend to this law is a few minor changes, but the key points will stay. And I doubt our constitutional council will reject it.
Since neither of those 3 things is something they want to discuss openly, no debate will happen between those who decide and the public.
But, I wonder if we can make these systems completely inefficient by flooding them with false positives. Assuming we can figure out the patterns they are looking for in our communications, could this be a possible solution to force them to withdraw they "black boxes"?
Here's why.
Scenario 1) It works. You get arrested on some arbitrary basis for impeding their system. Or they otherwise make it illegal to do so, and begin cracking down on that.
Scenario 2) You throw a vast amount of interference at their system, and it has an effect. They spend more of your money to constantly stay head of the collective efforts. Most likely a relatively small number of people will never be able to overwhelm it long-term.
Scenario 3) It doesn't work in any meaningful way at all.
Focus on strong encryption.
Encryption is in a similar position, but it is a far easier sell to business and the general public, and so the chances of reaching critical mass of communications is much greater.
1/ They're after the meta data. Whether you have plaintext or encrypted communication, they still know to whom you talk. Unless you use TOR or VPN yourself out of the country, it's not going to help...
2/ Strict key disclosure laws. You can be thrown to jail, if you cannot decrypt some information when requested by a judge. That's true even in the case where you can prove the key is no longer in your possession...
Maybe i'll make my personnal server connect to random IP on port 80 to send data with such keywords.
This is how democracy dies. Now the 95% other members of the National Assembly will say "that it's not their fault, because they didn't even vote for it!", if some major abuses happen due to this in the future. Despicable.
We need a system of government that allows scientists and thinkers to have a weighted power balancing politicians. POliticians cannot be trusted by definition
It's insane!
A false sense of security can be more risky business than weak security, as pertains to what gets exposed.
It does have the very useful property of granting plausible deniability, though, by making it possible to forge messages after the fact.
That said, TC has been audited by what I hear is a reputable group of people, who say there's no evidence of severe crypto vulnerabilities.
Which means that the french people are socialists in their hearts.
The 2009 reform was passed while Nicolas Sarkozy was still president, and he took great care of consolidating the power of the president while lowering the National Assembly's.
There's definitely a coordinated effort to pass these laws together now, to make it seem like it's the "sensible" thing to do after the terrorist attacks. FBI chief Backdoor-Comey has also been making rounds in European countries to push for total surveillance laws "or else it might hurt their relationship with the US". This may especially work in weaker countries where a partnership with the US is regarded as a god-send and they'll try not to do anything to hurt that partnership. In other words they'll do anything the US government tells them to do.
How the heck is this supposed to work when TLS supports Diffe-Hellman?
something like 'hidden volumes' in TrueCrypt.
That will be hard first amendment case in US ... very hard.
Naturally, that still doesn't solve any other problems...
Ireland is an example of this: for there to be a quorum in either house, at least twenty members have to be present. This means at least 1/3 of the Seanad (upper house, 60 seats) or 12% of the Dáil (lower house, 166 seats) must be present for either to form a quorum. That's not written in the constitution, but a standing order of the Oireachtas (parliament).
Even if France has no such requirement in its constitution, it's ridiculous that there isn't at least a parliamentary rule of order requiring it.
The movement M6R's got ~85K signatures, and a grass-roots assembly with ~180 members, transparent auto-financing, but it still need to get much bigger in order to make the change of constitution the big main issue in the next presidential race in 2017. After 2017 I don't know, but changing the constitution, getting back democracy has to be in "every mouth" from now on.
French political life is characterized by a complete lack of impetus for change.
In any case, there's huge red letters saying "TrueCrypt is not secure" right next to their download links: http://truecrypt.sourceforge.net/
> The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances. Your argument is just so wrong :/
Yeah, software freedom is a very good thing, but - in the context of security - it's the source code availability that matters, and that doesn't necessarily require a FOSS license.
It's more efficient to have delegation systems. The problem is that both politicians and the press are corrupted delegation systems.
"It has been said that democracy is the worst form of government except all the others that have been tried." - Winston Churchill.
Have you considered any noblesse oblige-style colonization and rule of third-world nations? Sounds like a good match.
I dare say that with enough media backing, I could get dihydrogen monoxide banned. It does kill a lot of children. It has been shown to be very important to terrorist. Companies like to put it in food unregulated because it lets them add mass for cheap.
Probably true elsewhere, but I only know the US.
There has to be something resembling meritocracy in any functioning organization, and that includes a government.
Postscript. You'd think a little geographic diversity and a federal system would let people let each other live in peace but instead we have national culture wars.
I'd normally take your side on this, but then there's the fact that the Southern United States still exists and is a major reason why U.S. law borders on jingoistic theocracy.
I am a client at OVH and Gandi and I hope they send a big FU to the French government and relocate. I am willing to pay a premium for that.
I'm assuming it's largely strategic. "Everybody" wanted to pass the bill, but no one wanted it on their voting record since they knew it was controversial. So everybody got together and selected a small number of martyrs to go sully themselves while everybody else could keep their hands clean.
And launched a big initiative to federate tech actors against the bill: http://ni-pigeons-ni-espions.fr/
######## Breaking ########
Octave Klaba finally declares that the bill doesn't compromise the trust chain. https://twitter.com/olesovhcom/status/588666965755092993
Of course OVH already have several data centers outside of France, in Canada for example.
That doesn't help us french people, as our traffic will be inspected from where ever it is coming and going, as long as it originate here.
This is largely disputed: http://www.numerama.com/magazine/32806-boites-noires-le-gouv...
Black boxes are still there. Some light safeguards are added, notably approval of Prime Minister, but it still remains quite vague.
(Google Translate link: https://translate.google.com/translate?sl=fr&tl=en&u=https%3... )
It is usually not that bad, though. I think the low number is due to allegiance to a party. Socialists felt like they had to vote in agreement to their party leaders to advance their careers, but to avoid backslash from the press and the public, many didn't show up. Their opposition, the right wing, always was big on tighter consumer control and surveillance. The previous president famously had speeches where he described his ambition to wash out undesirables with Kärcher, and he made some waves during his mandate as Minister of the Interior when he talked about his intention to track immigrants. Since he is still considered important in their party, I suppose many had the same dilemma and didn't come.
I'd expect that law to be distorted into a weird red tape system with virtually no power, but that will still get passed just so the politicians can say they have passed some law.
> In response, the government proposed a few hours before the vote a new amendment supposed to appease the hosting providers. If adopted, it lets them to define the separation between "metadata and content."
I'd expect most providers would say that they don't have any metadata, and that they would designate /dev/null as their black box.
I doubt it. They already have a well-oiled surveillance machine, they do not want to make it harder to operate while legalizing it. I do not expect the senate to alter the law significantly.
Parties then decide on a party line for the vote.
Thus, most often the result would not be different if everybody was there.
Edit: Also, because of limited time, commitee meetings may actually be held while there are votes. So it does make sense.
NB: The German parliament however can technically not decide anything if not enough members are present. However, usually attendees are not counted. Parties can demand a named vote though, which is counted. One party demanded that once, and it was almost universially called 'unfair' [1]. ¯\_(ツ)_/¯
[1] (in German) http://www.spiegel.de/politik/deutschland/posse-um-hammelspr...
It doesn't really work that way today, but in an ideal world I would find it good that the 30 people who understand computers vote while the 337 others abstain.
Also, I'm not sure how it works in other countries, but in France deputies usually have another job, you can't expect them to go to Paris on every wednesday to vote on things they don't even really know about.
The French democracy has been completely broken for a long time and a few relics from the past are still working now. The times when the country was called "the land of the human rights" are long gone. I see a few people trying to contact their representative but it's already too late, the democracy is gone, forget about it, it will just slow things down a bit but that's all, the politicians in power are too corrupted and the system too broken for that to work.
The best solution now for us now is the technical one, to prevent them to do it. But even that solution is temporary, one day or an other, when they will start to attack random citizens, things will have to change... as the quote is saying, "Those who make peaceful revolution impossible will make violent revolution inevitable.".
I'm not sure if it's a problem of democracy. Most people don't care. I've been discussing with a few French friends about this, and most them just don't see any problem (after all, "they have nothing to hide").
Allegedly to protect the people, the object of that law is rather to decriminalize and widen the PM's surveillance capabilities.
The law just exempted french agents for any illegal data acquisition done on foreign targets. One of the seven goals the law encompasses is "major scientific and economic interests". Don't deal with France, starting from may 6th.
Kudos to the couple deputies that show concern and bear with the long hours and kafkaesque atmosphere.
Mandatory handling of encryption keys on request is also part of the package. Hosters and ISPs like it.
"DPI algorithms shall remain secret, for they'll lose their effectiveness otherwise." Such StO.
Oversight over it all will be restricted to a 7-ish member court.
We must not remain silent as France openly turns into a police state.
The low number of delegates during the vote whows how archaic the French politic system is: they are against their own party so they prefer to be missing. There is little discussion. And there is no way to make a petition in France that would go to the parliament or provoke a referendum.
France just shows how current institutions are overwhelmed by new technologies.
Sadly still so true. The attacks from January 2015 have led to this horrible secondary damage.
Also had VOIP phone to contact députés. Many were and avoided questions or said they would toe the party line. Evidence here: https://pad.lqdn.fr/p/PJLdeputes
It's actually worse. Listening to all communications in the hope of catching something suspect is the exact thing that make this law extremely dangerous.
It's very bad.
But laws are not really discussed in the main chamber. The way it works is that laws are really discussed, debated and modified in commissions, and the main vote is only for the TV, and for MPs to demonstrate publicly their opposition.
They're overpriced, and in my experience, their customer service is disgusting. I would never recommend them.
Namecheap are cheaper, better, and have done more for HN-related causes than Gandi ever will.
---
It was in a nearly empty senate that around thirty deupties
cast their votes [...] on the installation of "black boxes",
a controversial device designed to monitor internet traffic.
[It was] approved by 25 deupties to 5 following heated debates.
The plan: to force ISPs to "detect, through automated
processing, a suspect succession of connection data" that
appear to match patterns typically used by terrorists. In
practice, this would involve installing a "black box" at ISPs
to monitor traffic. The content of the communications would
not be monitored, but only the metadata: the sender or
receiver of a message, the IP address of a visited site...
[...]
"The black box is the Pandora's box of this draft law," said
socialist Aurélie Filippetti in the senate. "They say that the
masses of data that will flow through it will only contain
metadata. But they contain even more information about the
private lives of our fellow citizens! [...] And there is a
paradox in saying that these data will be anonymous when they
are to be used to identify terrorists".
An accusation that was then defended by the government in the
house, "The automated processing marks out suspect behaviour,
not pre-identified persons," emphasized the Defence Minister,
Jean-Yves Le Drian, "It is after that the services are able to
access the identity of the persons."
[...]
Some deputies also pointed out the "economically damaging"
consequences of these black boxes, such as the ecologist
Isabelle Attard, for whom "French IT companies will see their
foreign clients start to desert them as they lose their trust".
Last week, seven large French hosts made their opposition to the
draft clear, stating that it would push them "into exile" so as
not to lose their clients.
[...]
The government nevertheless eluded the more technical questions
throughout the debate, asked, several times, by a few deputies,
among those was Laure de la Raudière (UMP), "Where are you going
to install your probe on the communication networks?", "How will
you optimize the algorithms?", "Will you use deep packet
inspection?".
Bernard Cazeneuve ended up replying to this last question,
repeated several times by the deputy, "We will not use this
technique at all", a technique that involves the deep inspection
[translation of a translation...] of all passing communications
data.
Several deputies have also demanded a precise list of the type of
metadata collected by the black boxes to be clearly defined.
In vain.
---Germany/Hetzner?
Literally is there no one else you can get cheap dedicated servers and avoid this kind of surveillance directly inside the DC? :/
In this case, it's going to be kept secret and covered by some kind of "security clearance". That would make it a criminal offense to divulge these details. The law explicitly limit this to the "meta data" of the communication, and not the content.
And finally, publishing these details would defeat the whole purpose of the enterprise. The NSA does not publish details about the meta-data they collect in the PRISM database, and they charged the Snowden for the little that he revealed about the program.
The French are essentially doing the same thing. The NSA has some limitations about when US citizens meta data can be collected domestically. The French law has no such provision.
https://translate.google.co.uk/translate?sl=auto&tl=en&js=y&...
(Sorry for long link)
Moreover, that would also have a strong symbolical value. I find it a bit weird you're being more like "don't be lazy, couldn't you find a bad level translation yourself and be happy with it?". No. I'm not happy because you're not giving it the appropriate coverage this way. But oh well.
Do they teach schoolchildren about the Comité de salut public or anything?
Do you have a source for that? I'm genuinely curious.
Basically, our Defense Minister's twitter account posted a quote of Christiane Taubira (the Defense Minister) saying "It is obvious that the methods of retrieval [of data] are potentially endangering private life".
It was quickly removed.
Take everything, analyse later, break crypto even later.
If encrypted or not, doesn't matter to these folks. Their buddies at GCHQ do the same, remember?
Does France have a Constitutional Court at least?
We do not have a Constitutional Court. The Fifth Republic was explicitly created to give more power to the government and as such abstained from creating such courts.
I'm not familar with France, but whenever that happens in Germany, they ensure that the correct proportions (regardingthe parties/fractions) are maintained.
He is, in fact, the current head of the main conservative party, and will no doubt be presidential candidate in 2017.
> I suppose many had the same dilemma and didn't come.
I suspect the dilemma was more about avoiding to support the current majority too openly. As you said, nobody will mistake the UMP for a bastion of privacy and individual freedoms.
The way to get informed votes on technical laws is to carefully and transparently construct councils or committees whose members are technically competent. Give those councils the power to vote on technical laws, binding the main legislature to the result of such votes.
You can't have a voting body without a quorum rule and say it's to allow the subset of the representatives who understand the subject matter to vote. That's unenforceable and will be abused for political purposes far more often than it's used because the few representatives voting are the ones who genuinely understand the proposed law.
Quorum rules are critical for basic sanity in operation of a governmental body charged with voting.
It's a pathetic excuse that they have other jobs, and they can't show up most of the time. A few U.S. States had that sentiment, and what they do is have the legislature meet only a few months every year or two.
There's no reason they couldn't have an online voting system for representatives, either. The intelligence agencies of France and FVEY can't skew the votes by breaking the cryptosystem used for online voting if the voting record is published and the representatives verify that their votes were counted correctly. One barrier to doing this is probably that on some issues, representatives don't want their votes recorded; they want voice votes. (I'm guessing France does that most of the time; the U.S. certainly does.)
That might work in a US state that only has a few million inhabitants, but I can't see how an entire country could work this way.
As for the rest, I think you are very much assuming that your legislation system is the one and only way to go, even though looking at it from faraway it's not entirely obvious that it works better than the system we have, which seems to lack basic sanity, uses unenforceable principles and will be abused more often than it's used according to you.
I honestly think quorum rules have no positive impact on democracy, at worst allowing minorities to obstruct legislation by simply not showing up, and at best making clueless members or parliament show up just to vote what they were told to.
And if not, well, cynical as it might be, the people's majority will have gotten what they deserved, without having a good excuse (not knowing) and only the few that cared will be the real victims.
Side note: I have not noticed that the NSA got dismantled or that representatives supporting this kind of surveillance faced huge backlash in the polls... Unfortunately, lawmakers on both sides of the Atlantic appear to be ready to do anything for "security", and their voters are too apathetic to react.
"Socialism" as is commonly found in Western Europe (for instance, in the country we are talking about), is concerned with building a society where (in theory) as few people as possible are left on the side of the road. This is often correlated with high taxes (think Scandinavia), and may be linked to strong protections for workers (think France). Conservative parties are traditionally more authoritarian, and often campaign with themes of "fighting insecurity"/"limiting immigration".
In practice, "socialist" parties have been steadily sliding to the right, especially in term of economic policy. The French socialist party is a dying pachyderm, devoid of ideas and divorced from its traditional voters. It is very hard to distinguish its policies from the conservative block's. Indeed, there was a remarkable consensus regarding this particular law.
I am not aware of any ideology (not even Marxism) for which "increasing state control over the peoples lives" is a goal in itself. One thing that may confuse you is that you sound like a libertarian, and there isn't really much of a libertarian bend in Europe (even if a party like the Liberal party in Denmark is somewhat libertarian). Nobody really thinks in terms of "big government is bad", and the fact that this argument is readily used in US politics is a never-ending source of bewilderment (and amusement) here.