Any views expressed in this article are those of the author and not of Thomson Reuters Foundation.
Reporters Without Borders is alarmed by the extensive provisions for electronic snooping in the Military Programming Law that was passed by the French Senate on 10 December after previously being approved by the National Assembly.
A proposed amendment would have suppressed article 13 allowing government agencies to obtain personal data and spy on phone and Internet communications in real time. But the amendment was not adopted and article has been retained in the final version of the law, now as article 20.
Reporters Without Borders regards this article as a grave violation of fundamental civil rights, including the rights to privacy, freedom of information and the confidentiality of journalists' sources.
Like the National Digital Council (CNN), Reporters Without Borders regrets that there was no consultation with all the sectors concerned, and that the CNN and the National Commission on Information Technology and Freedoms (CNIL) were not asked to make recommendations.
This dereliction of the government's democratic obligations came just days after the international community reiterated its commitment to stop this kind of snooping in the form of a UN General Assembly resolution on "The right to privacy in the digital age," adopted on 20 November.
The resolution said: "Unlawful or arbitrary surveillance and/or interception of communications, as well as unlawful or arbitrary collection of personal data, as highly intrusive acts, violate the rights to privacy and freedom of expression and may contradict the tenets of a democratic society."
As regards legal interception of communications, Reporters Without Borders reiterates the need for an international treaty espousing the "International Principles on the Application of Human Rights to Communications Surveillance" recommended by around 100 civil society organizations.
Reporters Without Borders has three main areas of concern about the Military Programming Law, mostly related to article 20.
1 - Judge's permission not required
Requests for permission to obtain personal data and conduct real-time surveillance can be made by officials in the ministries responsible for internal security, defence, economy and budget. Permission is given by the prime minister's office, that is to say, a part of the administration that is at the very centre of the executive.
There is no provision for any independent supervision, because the National Commission for the Supervision of Security Interception (CNIS), which can assemble a panel to rule on the legality of a real-time surveillance initiative, does not have the power to stop any telecommunications interception.
The lack of any judicial supervision in the process of authorizing access to personal data poses a serious threat to fundamental rights. The prime minister's office has no legitimacy as regards ruling on the necessary balance between respect for privacy and the importance of the administration's need for information. The need for judicial supervision was stressed by UN special rapporteur Frank La Rue in his June 2013 report on surveillance.
2 - Overly broad grounds for surveillance
Under this law, the goal of requests for permission to obtain personal data and carry out surveillance must be "intelligence that concerns national security, the protection of the essential elements of France's economic potential, or the prevention of terrorism, criminality and organized crime and the reconstitution or maintenance of disbanded groups."
The extent of the range of objectives covered by this provision is very disturbing, especially as regards how "national security" and "prevention" are interpreted. In the absence of judicial supervision, this provision is doubly dangerous as it does not allow for any independent assessment as to whether the proposed measures are proportionate and consistent with the objectives set by the law.
3- Overly broad range of data gathered
Article 20 allows the authorities to gather a very large amount of information. It does not just include a target's metadata and the geolocation of the equipment he or she is using. The government is also be able to request an individual's "content and files" from Internet Service providers, telephone service operators and companies that provide online services including email and e-commerce. The government could obtain everything they have on someone within hours.
Finally, when "real-time" surveillance is carried out, the government will have access to "a subscriber's communications," which suggests that it will be able to listen to telephone and VoIP calls.<br/>