Internet companies dismayed by French law allowing warrantless access to live user data
The French Senate has passed a law giving government officials warrantless access to live login and user location data from ISPs and websites, angering Internet companies and human rights groups.
Section 13 of the 2014-2019 defense appropriation act, approved by the Senate late Tuesday, requires ISPs and content hosting companies to provide government officials with access to real-time information about their users’ activity without judicial oversight.
The law will allow civil servants including tax officials and police to access any of a person’s online documents without control by a judge, Guillaume Buffet, president of French think tank Renaissance Numérique, said Thursday. In a question and answer session at Le Web, a conference about the Internet, he challenged Arnaud Montebourg, minister for economic recovery, to explain why that was necessary.
Law enforcement officials can already ask a judge for an order to access such data in the context of a criminal investigation, but the new law means it is no longer necessary to go via the courts to obtain such access. A team led by an appointee of the Prime Minister will have the power to grant access to the data for periods of up to 30 days, renewable on demand. Requests for access can be made by designated officials of the Ministries of Defense, the Interior or Finance, and will be reviewed after the fact by an existing committee responsible for auditing wiretapping orders. The process by which the committee might revoke approval is slow, however.
Montebourg defended the act, saying it was modelled on a 2006 law on wiretapping that had already been challenged—and approved—by the French supreme court, the Constitutional Council. The audit committee created by the law earlier law will review requests for phone wiretaps and the new Internet interception orders. While judicial approval was appropriate in the context of ongoing investigations of criminal acts, the state also needed the means to intercept the communications of those it believed might be planning to commit illegal acts in the future, such as suspected terrorists, he said.
Buffet is not the only objector to the new measures. Renaissance Numérique’s open letter criticizing Section 13 of the law was cosigned on Thursday by the International Federation for Human Rights, the Human Rights League, the association of French lawyers, the magistrates’ union, and other human rights groups.
The Association of Internet Community Services (ASIC) also slammed the law, which it said threatened public confidence in all online services. ASIC’s members include AOL, eBay, Facebook, Google, Microsoft, Spotify and Yahoo. They had called on legislators to exclude interception of documents from the law and restrict interception to data about communications—who contacted who and when, rather than what was said.
ASIC said it hoped senators and deputies would call on the Constitutional Council to strike down the law, and if they didn’t, threatened to file suit itself.