BY JÉRÔME HOURDEAUX AND LOUISE FESSARD.
ARTICLE PUBLISHED ON WEDNESDAY, 11 DECEMBER 2013 with their kind permission
MEDIAPART: When the French Digital Council (CNNum) was established it was meant to « permeate » all government decisions in the digital sphere. But concerning the Military Programming Law (LPM) and in particular Article 13 on communication networks, you have had to act on your own initiative. Doesn’t this raise issues about method?
Benoît Thieulin.- The CNNum can decide to examine a matter on its own initiative (which must be an exception rather than the rule) and any member of government can also refer a matter to it. This, as you are right to point out, did not happen in the case of the LPM. Moreover, Article 13, as you know, originated in parliament. This is another reason why the CNIL, as French data protection and privacy authority, was not consulted on this article; its views were simply heard. It has expressed its regret in this regard.
The legislation goes off in opposite directions which, given the subject matter, is not unusual: in matters that are both strategically important for a country and fundamental for individual rights, a balance must be struck between protecting individuals (civil liberties) and overall protection (defending our country’s economic and scientific interests, but also its security and sovereignty).
The thinking behind the LPM was probably to put into law certain practices of France’s intelligence services which Mediapart helped to expose. Frankly, it is difficult not to be happy about this, not simply as a matter of principle but because it is the only way the CNIL can intervene; otherwise it has to provide evidence of these practices, which makes it very unlikely unless it further protects the whistleblowers. We will come back to this.
On the other hand, we welcome what we see as a desire to catch up technologically. An economic intelligence war is being fought: after all, our country’s competitiveness is not just about taxation! It is also and above all about its capacity for innovation, the way it manages big data, etc. We cannot on the one hand lament the erosion of the country’s competitiveness and race to pack our bags for the UK (before this it was Germany) while on the other hand bemoaning the catch-up taking place in our armed forces: don’t forget the role played in this digital revolution by the Pentagon’s gigantic investment fifty years ago. The same happened in France, except in the recent past.
Finally, it is worth stressing that this law adds procedures and brings together provisions that were previously split between various different pieces of legislation. It can’t be said that it does not attempt to further regulate certain practices.
But the legal stakes and highly technological dimension make it very difficult to understand the real impact of Article 13. I’m not the only one saying this:
– last week’s article in Le Canard Enchaîné and the remarkable report by Arrêt sur Images have also highlighted it;
– even Jean-Marc Manach, who we can scarcely accuse of Orwellian leanings, acknowledges on his blog, with great intellectual honesty, that he still cannot really decide whether Article 13 will, as affirmed by Jean-Jacques Urvoas, lead to « better regulated services » and « provide the best guarantee for our citizens of their fundamental freedoms while at the same time creating intrusive capacities »;
– finally, a report Manach has recently brought my attention to ( https://ifrei.org/tiki-download_file.php?fileId=59 ) also makes the point: « The wording of L 246-1 does not seem intelligible, even for specialists: this is precisely what makes it possible for ASIC, the French association of Internet Services Communities,) to interpret the proposed legislation at its own discretion. Above all, this makes the text vulnerable, insofar as the understandability of legislation is a constitutional objective: if L 246-1 is removed, this would undoubtedly lead to the Article 13 being null and void ».
MEDIAPART: Nevertheless, does the method chosen by the government not pose certain problems, notably with regard to the haste with which the law was voted, and the lack of debate?
Yes, of course. This is what we stressed in both the preamble of our opinion on the subject and our decision to address this major issue of liberties and rights in the digital age on our own initiative: in matters that are as serious and multifaceted as these, we must take the time to discuss them, and to reach agreement with all stakeholders (services, businesses, civil society, etc.).
But also, we cannot address all these fragmented issues in different bills as and when they are placed before parliament! This is the French Digital Council’s third consultation (two of which were self-instigated) on matters concerning digital liberties. In this case, the ongoing debate is wider than the Military Programming Law itself.
We have reached a major turning point, both in practice (the mechanisms that could push us towards a total surveillance society are potentially there) and in our hearts and minds (digital distrust is starting to emerge).
In practice, the explosion of monitoring and control technology in a society that has become completely digitised, and the sharp fall in its cost, have completely changed the order of things. Even Stalin in his wildest dreams did not have the equipment to spy on the postal mail of 200 million soviet citizens. The NSA can potentially spy on more than one billion individuals not on its own, but by using the incredible accumulation of data left by all of us every day on big data platforms. These platforms are highly innovative and provide us with services that have changed our lives so that we can no longer do without them! But the fact of the matter is that we could shift into a society where total surveillance is the rule rather than an exception. This is unprecedented in the history of humanity. Don’t you think it warrants a real debate? And not just in France…
In the hearts and minds of the public, the Snowden affair has seriously rocked the digital sphere, the impact of which has yet to be fully measured: the risk of mass distrust is high. And it is growing. Since the affair, there has been a huge surge in the use of search engines that do not track users, software such as TOR that allow users to browse anonymously, and e-mail encryption applications. Certain analysts even see the recent slump in online shopping as a first clear sign of this distrust!
MEDIAPART: Precisely, in the midst of the Snowden affair, is it not paradoxical that we are choosing this moment to reinforce our own surveillance apparatus?
You’re right, we cannot be happy about this development. We must do everything to curtail this growing distrust and restore the public’s confidence in a society and an economy that is heading towards full digitisation. This means consulting all stakeholders, taking the time to discuss issues, and integrating all dimensions in a far-reaching law on digital liberties. In 1978, in the wake of the SAFARI database scandal (the infamous honest citizens database) unveiled by Philippe Lemoine, our first whistleblower, France became a pioneer when it decided to introduce a law protecting citizens’ rights at a time when information technology was still its in infancy. This law needs to be adapted. This is why the CNNum is launching a consultation aimed at contributing to the important law announced by Fleur Pellerin for 2014, which we fully support.
MEDIAPART: Some within the government accuse companies opposed to the law of attempting to restore a tarnished reputation whereas they are major « internet players making billions out of data and cooperating with the NSA ». Are certain players really being hypocritical or ambivalent?
I’m not paranoid: I don’t by any means believe there is a premeditated collusion between these businesses and the intelligence services, even if tie-ups have been a frequent occurrence between « telcos and services »… What I do believe is that the internet giants are extremely embarrassed: I have engineer friends at Google who tell me they are uneasy with this situation, that such practices are against their ethics and their vision of the internet since its origin (very free, very Californian), and are even compromising the corporate vision of Google’s founders. Proof of this are the recent proposals by large US platforms to reform US intelligence laws: they know they have a lot to lose and they are right.
Yet, I do not think we should use the debate on the LPM to divert attention away from the serious questions raised by the Snowden affair. This would be the last straw: the DGSE (Directorate General for External Security) knows less about any of us, French citizens, than Facebook or Google, and no use by the DCRI (Central Directorate for Internal Security) of data from Deezer or Dailymotion could reach the peaks of scandal caused by the PRISM affair! But it is clear that a balanced and calm debate is not easy in the immediate aftermath. Especially in this Twitter age. Hence our call for wide consultation, taking the time necessary.
We should not forget how all of this started: the extremely hard line approach to security legislation introduced by George W. Bush post September 11, the epitome of which was probably the Patriot Act. David Cameron was one of the few Western leaders to invoke the need to review these laws and provisions. Combined with big data and the digitisation of our daily lives, this hardened stance has become an explosive issue. It’s time to discuss it and take action. Because, and we should not forget this, until now the digital revolution has been a remarkable means of empowerment for individuals and society. This, incidentally, was the political rationale of the internet’s founding fathers. We must not derail this fabulous project of empowerment which is changing the world.
Benoit Thieulin is also CEO of digital agency La Netscouade. He played a key role in the creation of Mediapart, notably on the interactive side of things. His company created the site and has overhauled it on several occasions.
Link to article: