Intelligence Act (France)
The French Intelligence Act of 24 July 2015 is a statute passed by the French Parliament. The law creates a new in the Code of Internal Security aimed at regulating the surveillance programs of French intelligence agencies, in particular those of the DGSI and the DGSE.
History
The Intelligence Bill was introduced to the Parliament on 19 March 2015 by French Prime Minister Manuel Valls and presented as the government's reaction to the Charlie Hebdo shooting. Despite widespread mobilization, the Bill was adopted with 438 votes in favor, 86 against and 42 abstentionsat the National Assembly and 252 for, 67 against and 26 abstentions at the Senate. It was made into law on 24 July 2015.
Although framed by the government as a response to the Paris attacks of January 2015, the passage of the Intelligence Act was actually long in the making. The previous law providing a framework for the surveillance programs of French intelligence agencies was the Wiretapping Act of 1991, aimed at regulating telephone wiretaps. Many surveillance programs developed in the 2000s—especially to monitor Internet communications—were rolled out outside of any legal framework. As early as 2008, the French government's White Paper of Defense and National Security stressed that "intelligence activities do not have the benefit of a clear and sufficient legal framework", and said that "legislative adjustments" were necessary.
Main provisions
This section summarizes the main provisions of the Intelligence Act.Scope
Through article L. 811-3, the Act extended the number of objectives that can justify extrajudicial surveillance. These include:- national independence, territorial integrity and national defense;
- major interests in foreign policy, implementation of European and international obligations of France and prevention of all forms of foreign interference;
- major economic, industrial and scientific interests of France;
- prevention of terrorism;
- prevention of: a) attacks on the republican nature of institutions; b) actions towards continuation or reconstitution of groups disbanded collective violence likely to cause serious harm to public peace;
- prevention of organized crime and delinquency;
- prevention of proliferation of weapons of mass destruction.
Oversight
The existing oversight commission, the Commission nationale de contrôle des interceptions de sécurité, was replaced by a new oversight body called the "National Oversight Commission for Intelligence-Gathering Techniques". It is composed of:- four members of Parliament designated by the Presidents of both chambers of Parliament;
- two administrative judges and two judicial judges designated respectively by the Council of State and the Cour de Cassation;
- one technical expert designated by the telecom National Regulatory Authority.
For ex post oversight, the CNCTR has "permanent, comprehensive and direct access to records, logs, collected intelligence, transcripts and extractions" of collected data. It is able to conduct both planned and in the premises where these documents are centralized. If an irregularity is found, it can send to the Prime Minister a "recommendation" so that she can put an end to it. One hugely significant exception to the CNCTR's oversight powers are the bulk of data obtained through data-sharing with foreign intelligence agencies.
Wiretaps and access to metadata
Techniques of communications surveillance covered by the Act include telephone or Internet wiretaps, access to identifying data and other metadata, geotagging and computer network exploitation, all of which are subject to authorization of a renewable duration of 4 months.Black boxes and real-time access to metadata
The Act authorizes the use of scanning device to be installed on the infrastructures of telecom operators and hosting providers. Article L. 851-3 of the Code of Internal Security provides that, "for the sole purpose of preventing terrorism, automated processing techniques may be imposed on the networks of in order to detect, according to selectors specified in the authorisation, communications that are likely to reveal a terrorist threat.Another provision limited to anti-terrorism allows for the real-time collection of metadata. Initially, the provision targeted only individuals "identified as a threat". After the 2016 Nice Attack, it was extended by a Bill of the state of emergency to cover individuals "likely to be related to a threat" or who simply belong to "the entourage" of individuals "likely related to a threat". According to La Quadrature du Net, this means that the provision can now potentially cover "hundreds or even thousands of persons rather than just the 11 700 individuals" reported to be on the French terrorism.
Computer Network Exploitation
The Act authorizes computer network exploitation, or computer hacking, as a method for intelligence gathering. Article L. 853-2 allows for:- access, collection, retention and transmission of computer data stored in a computer system;
- access, collection, retention and transmission of computer data, as it is displayed on a user's computer screen, as it is entered by keystrokes, or as received and transmitted by audiovisual peripheral devices.
The Act also grants blanket immunity to intelligence officers who carry on computer crimes into computer systems located abroad.
International surveillance
The Act also provides chapter on the "surveillance of international communications", particularly relevant for the DGSE's surveillance programs. International communications are defined as "communications emitted from or received abroad". They can be intercepted and exploited in bulk on the French territory with reduced oversight. Safeguards in terms of bulk exploitation and data retention are lessened for foreigners.Data retention periods
For national surveillance measures, once communications data are collected by intelligence agencies, retention periods are the following:- Content : 1 month after collection ;
- Metadata: 4 years.
- Content: 1 year after first exploitation, within the limit of 4 years after collection ;
- Metadata: 6 years
Redress mechanism
The Act reorganizes redress procedures against secret surveillance, establishing the possibility to introduce a legal challenge before the Council of State after having unsuccessfully thought redress before the CNCTR.Criticism and legal challenges
During the Parliamentary debate, the bill faced severe criticism from several organizations including National Commission on Informatics and Liberty, National Digital Council, Mediapart, La Quadrature du Net.The implementation decrees of the French Intelligence Act are currently undergoing a series of legal challenges by French civil society organizations La Quadrature du Net, French Data Network and Fédération FFDN before the Council of State.