Intelligence Act (France)

Last updated April 17, 2024

The French Intelligence Act of 24 July 2015^[1] (French: loi relative au renseignement) is a statute passed by the French Parliament. The law creates a new chapter in the Code of Internal Security aimed at regulating the surveillance programs of French intelligence agencies, in particular those of the DGSI (domestic intelligence) and the DGSE (foreign intelligence).

History

The Intelligence Bill was introduced to the Parliament on 19 March 2015 by French Prime Minister Manuel Valls and presented as the government's reaction to the Charlie Hebdo shooting.^[2] Despite widespread mobilization, the Bill was adopted with 438 votes in favor, 86 against and 42 abstentions at the National Assembly ^[3] and 252 for, 67 against and 26 abstentions at the Senate.^[4] It was made into law on 24 July 2015.

Although framed by the government as a response to the Paris attacks of January 2015, the passage of the Intelligence Act was actually long in the making. The previous law providing a framework for the surveillance programs of French intelligence agencies was the Wiretapping Act of 1991, aimed at regulating telephone wiretaps. Many surveillance programs developed in the 2000s—especially to monitor Internet communications—were rolled out outside of any legal framework.^[5] As early as 2008, the French government's White Paper of Defense and National Security stressed that "intelligence activities do not have the benefit of a clear and sufficient legal framework", and said that "legislative adjustments" were necessary.^[6]

Main provisions

This section summarizes the main provisions of the Intelligence Act.^[7]

Scope

Through article L. 811-3, the Act extended the number of objectives that can justify extrajudicial surveillance. These include:

national independence, territorial integrity and national defense;
major interests in foreign policy, implementation of European and international obligations of France and prevention of all forms of foreign interference;
major economic, industrial and scientific interests of France;
prevention of terrorism;
prevention of: a) attacks on the republican nature of institutions; b) actions towards continuation or reconstitution of groups disbanded (article L. 212-1 of criminal code); c) collective violence likely to cause serious harm to public peace;
prevention of organized crime and delinquency;
prevention of proliferation of weapons of mass destruction.

These surveillance powers can also be used by law enforcement agencies that are not part of the official "intelligence community" and whose combined staff is well over 45,000.

Oversight

The existing oversight commission, the Commission nationale de contrôle des interceptions de sécurité, was replaced by a new oversight body called the "National Oversight Commission for Intelligence-Gathering Techniques" (Commission nationale de contrôle des techniques de renseignement, or CNCTR). It is composed of:

four members of Parliament designated by the Presidents of both chambers of Parliament;
two administrative judges and two judicial judges designated respectively by the Council of State and the Cour de Cassation;
one technical expert designated by the telecom National Regulatory Authority (the addition of a commissioner with technical expertise was the main innovation).

The CNCTR has 24 hours to issue its ex ante non-binding opinion regarding the surveillance authorizations delivered by the Prime Minister before surveillance begins, except in cases of "absolute emergency" where it is simply notified of the surveillance measure within 24 hours upon deliverance (article L. 821-3).

For ex post oversight, the CNCTR has "permanent, comprehensive and direct access to records, logs, collected intelligence, transcripts and extractions" of collected data. It is able to conduct both planned and in the premises where these documents are centralized (article L. 833-2-2). If an irregularity is found, it can send to the Prime Minister a "recommendation" so that she can put an end to it. One hugely significant exception to the CNCTR's oversight powers are the bulk of data obtained through data-sharing with foreign intelligence agencies (article L. 833-2-3).

Wiretaps and access to metadata

Techniques of communications surveillance covered by the Act include telephone or Internet wiretaps (L. 852-1), access to identifying data and other metadata (L. 851-1), geotagging (L. 851-4) and computer network exploitation (L. 853-2), all of which are subject to authorization of a renewable duration of 4 months.

Black boxes and real-time access to metadata

The Act authorizes the use of scanning device (nicknamed "black boxes") to be installed on the infrastructures of telecom operators and hosting providers. Article L. 851-3 of the Code of Internal Security provides that, "for the sole purpose of preventing terrorism, automated processing techniques may be imposed on the networks of [telecom operators and hosting providers] in order to detect, according to selectors specified in the authorisation, communications that are likely to reveal a terrorist threat.

Another provision limited to anti-terrorism allows for the real-time collection of metadata (article L. 851-3, for terrorism only and for a 4 months period). Initially, the provision targeted only individuals "identified as a [terrorist] threat". After the 2016 Nice Attack, it was extended by a Bill of the state of emergency to cover individuals "likely to be related to a threat" or who simply belong to "the entourage" of individuals "likely related to a threat". According to La Quadrature du Net, this means that the provision can now potentially cover "hundreds or even thousands of persons (...) rather than just the 11 700 individuals" reported to be on the French terrorism watchlist.^[8]

Computer Network Exploitation

The Act authorizes computer network exploitation, or computer hacking, as a method for intelligence gathering. Article L. 853-2 allows for:

access, collection, retention and transmission of computer data stored in a computer system;
access, collection, retention and transmission of computer data, as it is displayed on a user's computer screen, as it is entered by keystrokes, or as received and transmitted by audiovisual peripheral devices.

Considering the intrusiveness of computer hacking, the law provides that these techniques are authorized for a duration of 30 days, and only "when intelligence cannot be collected by any other legally authorized mean."

The Act also grants blanket immunity to intelligence officers who carry on computer crimes into computer systems located abroad (article 323-8 of the Criminal Code).

International surveillance

The Act also provides chapter on the "surveillance of international communications", particularly relevant for the DGSE's surveillance programs. International communications are defined as "communications emitted from or received abroad" (article L. 854-1 and following). They can be intercepted and exploited in bulk on the French territory with reduced oversight. Safeguards in terms of bulk exploitation and data retention are lessened for foreigners (though the definition of foreigners is technical, i.e. people using non-French "technical identifiers").

Data retention periods

For national surveillance measures, once communications data are collected by intelligence agencies, retention periods are the following:

Content (correspondances): 1 month after collection (for encrypted content, period starts after decryption, within the limit of 6 years after initial collection);
Metadata: 4 years (compared to a 3-year period before the adoption of the Act).

For international surveillance, retention periods depend on whether one end of the communication uses a "technical identifiers traceable to the national territory" or not, in which case the "national" retention periods are applicable, but they start after the first exploitation and no later than six months after collection (article L. 854-8). If both ends of the communication are foreign, the following periods apply:

Content: 1 year after first exploitation, within the limit of 4 years after collection (for encrypted content, periods starts after decryption, within the limit of 8 years after collection);
Metadata: 6 years

The law fails to provide any framework to limit staff access to collected intelligence once it is stored by intelligence and law enforcement agencies.

Redress mechanism

The Act reorganizes redress procedures against secret surveillance, establishing the possibility to introduce a legal challenge before the Council of State after having unsuccessfully thought redress before the CNCTR.

Criticism and legal challenges

During the Parliamentary debate, the bill faced severe criticism from several organizations including National Commission on Informatics and Liberty (CNIL), National Digital Council,^[9] Mediapart,^[10] La Quadrature du Net.^[11]

The implementation decrees of the French Intelligence Act are currently undergoing a series of legal challenges by French civil society organizations La Quadrature du Net, French Data Network and Fédération FFDN before the Council of State.^[12]

Related Research Articles

The Communications Security Establishment, formerly called the Communications Security Establishment Canada (CSEC), is the Government of Canada's national cryptologic agency. It is responsible for foreign signals intelligence (SIGINT) and communications security (COMSEC), protecting federal government electronic information and communication networks, and is the technical authority for cyber security and information assurance.

$<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population$

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.

The Foreign Intelligence Surveillance Act of 1978 is a United States federal law that establishes procedures for the surveillance and collection of foreign intelligence on domestic soil.

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.

Source protection, sometimes also referred to as source confidentiality or in the U.S. as the reporter's privilege, is a right accorded to journalists under the laws of many countries, as well as under international law. It prohibits authorities, including the courts, from compelling a journalist to reveal the identity of an anonymous source for a story. The right is based on a recognition that without a strong guarantee of anonymity, many would be deterred from coming forward and sharing information of public interests with journalists.

A government database collects information for various reasons, including climate monitoring, securities law compliance, geological surveys, patent applications and grants, surveillance, national security, border control, law enforcement, public health, voter registration, vehicle registration, social security, and statistics.

The General Directorate for Internal Security is a French security agency. It is charged with counter-espionage, counter-terrorism, countering cybercrime and surveillance of potentially threatening groups, organisations and social phenomena.

There is no absolute right to privacy in Australian law and there is no clearly recognised tort of invasion of privacy or similar remedy available to people who feel their privacy has been violated. Privacy is, however, affected and protected in limited ways by common law in Australia and a range of federal, state and territorial laws, as well as administrative arrangements.

The practice of mass surveillance in the United States dates back to wartime monitoring and censorship of international communications from, to, or which passed through the United States. After the First and Second World Wars, mass surveillance continued throughout the Cold War period, via programs such as the Black Chamber and Project SHAMROCK. The formation and growth of federal law-enforcement and intelligence agencies such as the FBI, CIA, and NSA institutionalized surveillance used to also silence political dissent, as evidenced by COINTELPRO projects which targeted various organizations and individuals. During the Civil Rights Movement era, many individuals put under surveillance orders were first labelled as integrationists, then deemed subversive, and sometimes suspected to be supportive of the communist model of the United States' rival at the time, the Soviet Union. Other targeted individuals and groups included Native American activists, African American and Chicano liberation movement activists, and anti-war protesters.

<span class="mw-page-title-main">Mass surveillance in the United Kingdom</span> Overview of mass surveillance in the United Kingdom

The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed and participated in programmes such as the Five Eyes collaboration of English-speaking nations. This focused on intercepting electronic communications, with substantial increases in surveillance capabilities over time. A series of media reports in 2013 revealed bulk collection and surveillance capabilities, including collection and sharing collaborations between GCHQ and the United States' National Security Agency. These were commonly described by the media and civil liberties groups as mass surveillance. Similar capabilities exist in other countries, including western European countries.

During the 2010s, international media news reports revealed new operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly relate to top secret documents leaked by ex-NSA contractor Edward Snowden. The documents consist of intelligence files relating to the U.S. and other Five Eyes countries. In June 2013, the first of Snowden's documents were published, with further selected documents released to various news outlets through the year.

This is a category of disclosures related to global surveillance.

The FISA Improvements Act is a proposed act by Senator Dianne Feinstein, Chair of the Senate Intelligence Committee. Prompted by the disclosure of NSA surveillance by Edward Snowden, it would establish the surveillance program as legal, but impose some limitations on availability of the data. Opponents say the bill would codify warrantless access to many communications of American citizens for use by domestic law enforcement.

Klayman v. Obama, 957 F.Supp.2d 1, was a decision by the United States District Court for District of Columbia finding that the National Security Agency's (NSA) bulk phone metadata collection program was unconstitutional under the Fourth Amendment. The ruling was later overturned on jurisdictional grounds, leaving the constitutional implications of NSA surveillance unaddressed.

Mass surveillance in Australia takes place in several network media, including telephone, internet, and other communications networks, financial systems, vehicle and transit networks, international travel, utilities, and government schemes and services including those asking citizens to report on themselves or other citizens.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015(Cth) is an Act of the Parliament of Australia that amends the Telecommunications (Interception and Access) Act 1979 (original Act) and the Telecommunications Act 1997 to introduce a statutory obligation for Australian telecommunication service providers (TSPs) to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the original Act.

The Law on the fight against terrorism, abbreviated LCT, is a 2006 French counter-terrorism legislation designed to improve state security and strengthen border control. The legislation was passed on 23 January 2006 under the leadership of Nicolas Sarkozy, then the Minister of the Interior. Notably the law increased punitive measures for criminal association and gave the government more power to access personal information online.

The Investigatory Powers Act 2016 is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016. Its different parts came into force on various dates from 30 December 2016. The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police. It also claims to improve the safeguards on the exercise of those powers.

The Edward Snowden revelation that the Communications Security Establishment (CSE), without a warrant, used free airport Wi-Fi service to gather the communications of all travellers using the service and to track them after they had left the airport sparked an ongoing unfounded concern about mass surveillance in Canada. It was reported but unverified that the number of Canadians affected by this surveillance is unknown apparently even to the Canadian Security Intelligence Service.

References

↑ "Loi n° 2015-912 du 24 juillet 2015 relative au renseignement".
↑ Robert, Aline (15 April 2015). "Outcry over French Intelligence Bill". EurActiv. Retrieved 3 May 2015.
↑ "Analyse du scrutin n° 1109 - Deuxième séance du 05/05/2015 - Assemblé…". Archived from the original on 2015-05-06.
↑ "Scrutin n° 200 - séance du 9 juin 2015". Archived from the original on 2015-06-10.
↑ Tréguer, Félix. "From Deep State Illegality to Law of the Land: The Case of Internet Surveillance in France," April 2016. https://halshs.archives-ouvertes.fr/halshs-01306332/document.
↑ French government (June 2008). Livre blanc sur la Défense et la Sécurité nationale (Report). p. 142.
↑ A rough translation of the Act is available at: https://wiki.laquadrature.net/French_Intelligence_Laws
↑ La Quadrature du Net, "French State of Emergency: Overbidding Mass Surveillance", 21 July 2016. Available at: https://www.laquadrature.net/en/french-state-of-emergency-overbidding-mass-surveillance.
↑ Rees, Marc (19 March 2015). "Bill on Intelligence: all black spots denounced by the CNIL". Next Impact. Retrieved 4 May 2015.
↑ "4 mai : Mediapart organise les "Six heures contre la surveillance"". 4 May 2015.
↑ "press release | La Quadrature du Net". www.laquadrature.net. Archived from the original on 2012-08-19.
↑ La Quadrature du Net, 11 May 2016, "Legal Action against the French Surveillance Law". Available at: https://www.laquadrature.net/en/surveillance-law-before-french-council-of-state

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Loi n° 2015-912 du 24 juillet 2015 relative au renseignement".

[2] Robert, Aline (15 April 2015). "Outcry over French Intelligence Bill". EurActiv. Retrieved 3 May 2015.

[3] "Analyse du scrutin n° 1109 - Deuxième séance du 05/05/2015 - Assemblé…". Archived from the original on 2015-05-06.

[4] "Scrutin n° 200 - séance du 9 juin 2015". Archived from the original on 2015-06-10.

[5] Tréguer, Félix. "From Deep State Illegality to Law of the Land: The Case of Internet Surveillance in France," April 2016. https://halshs.archives-ouvertes.fr/halshs-01306332/document.

[6] French government (June 2008). Livre blanc sur la Défense et la Sécurité nationale (Report). p. 142.

[7] A rough translation of the Act is available at: https://wiki.laquadrature.net/French_Intelligence_Laws

[8] La Quadrature du Net, "French State of Emergency: Overbidding Mass Surveillance", 21 July 2016. Available at: https://www.laquadrature.net/en/french-state-of-emergency-overbidding-mass-surveillance.

[9] Rees, Marc (19 March 2015). "Bill on Intelligence: all black spots denounced by the CNIL". Next Impact. Retrieved 4 May 2015.

[10] "4 mai : Mediapart organise les "Six heures contre la surveillance"". 4 May 2015.

[11] "press release | La Quadrature du Net". www.laquadrature.net. Archived from the original on 2012-08-19.

[12] La Quadrature du Net, 11 May 2016, "Legal Action against the French Surveillance Law". Available at: https://www.laquadrature.net/en/surveillance-law-before-french-council-of-state

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]