For the instant fourth dimension nosotros select an article written inwards cooperation with the French weblog nearly tidings together with defence Zone d'Intérêt:
Introduction
Over the in conclusion year, The French parliament passed novel laws granting additional powers to tidings services regarding interception of communications together with information requests. This is business office of a broader reform aimed at creating a legal framework for tidings practices which were non formally authorized yesteryear law earlier 2015. In the press, it was said that these laws allowed sweeping novel surveillance powers, legalizing highly intrusive methods without guarantees for private liberty together with privacy.
This article volition focus on the provisions related to communications tidings (COMINT), including targeted telephone tapping (lawful interception or LI), metadata collection together with information requests to cyberspace service providers (ISPs). Targeted interception of the content of cyberspace communications is non regulated yesteryear these novel laws, but solely yesteryear older decrees which are nevertheless a chip unclear. The novel laws are solely nearly collection the metadata of cyberspace communications.
In France, communications interception is authorized nether 2 distinct frameworks:
- Judicial interceptions ordered yesteryear a gauge of research (juge d'instruction) during a criminal investigation. These interceptions tin hold upwards done yesteryear the police, the gendarmerie (a military machine forcefulness charged with police clitoris duties) together with yesteryear the safety service DGSI.
- Administrative interceptions, also known every bit safety interceptions, which are requested yesteryear both the domestic safety together with the unusual tidings services.
Administrative interceptions are approved yesteryear the Prime Minister for diverse motives, such every bit defending together with supporting major national interests including national defense, unusual policy interests, economical together with industrial interests, or preventing terrorism together with organized crime. Whereas the Unites States strongly denies conducting commercial espionage inwards the feel of stealing merchandise secrets for the do goodness of private companies, French Republic is known for beingness less strict on this.
Diagram of the diverse interception capabilities of French intelligence
(Diagram: ZonedInteret.net - Click to enlarge)
The main French safety together with tidings services are:
Direction Générale de la Sécurité Intérieure (DGSI), which reports to the Interior Ministry together with is responsible for domestic security. It has around 3500 employees together with an annual budget of 300 ane chiliad k euros. DGSI was formed inwards 2008 through the merger of the Direction Centrale des Renseignements Généraux (RG) together with the Direction de la Surveillance du Territoire (DST) of the French National Police.
Direction Générale de la Sécurité Extérieure (DGSE), which reports to the Minister of Defence together with is responsible for collecting unusual tidings on civilian issues together with also performs paramilitary together with counterintelligence operations abroad. DGSE is responsible for both HUMINT together with SIGINT.
Direction du Renseignement Militaire (DRM), which reports straight to the Chief of Staff together with to the President of French Republic every bit supreme commander of the French military. DRM is responsible for collecting military machine tidings inwards back upwards of the French armed forces.
Direction de la Protection et de la Sécurité de la Défense (DPSD), which is also business office of the Ministry of Defence. DPSD is responsible for the safety of information, personnel, cloth together with facilities of the armed forces every bit good every bit the defence industry.
Headquarters of the French unusual tidings agency DGSE inwards Paris
(Click to enlarge)
A special advisory committee on tidings activities
The French laws, such every bit Loi n° 2015-912 together with Loi n° 2015-1556, from July together with Nov 2015, grant the Prime Minister total ascendancy to lodge together with approve tidings activities both domestic together with foreign. Each collection asking is sent yesteryear the tidings service manager to its raise ministry building together with to the Prime Minister, who gives in conclusion approval. An advisory committee known every bit the CNCTR (Commission Nationale de Contrôle des Techniques de Renseignement, or National Commission for the Control of Intelligence Techniques) is kept informed of all requests for oversight purposes.
In most cases, earlier the Prime Minister tin approve a request, this command committee must have information related to its approval, including the asking justification, the identity together with location of the targeted individual, or whatever other identifying information (occupation, username, etc.) when his identity is unknown.
The CNCTR consists of nine members: 4 from the Parliament, 2 from the Council of State, 2 from the Court of Cassation, together with ane appointed telecommunication expert. This committee is considered an "Independent administrative authority": it is neither business office of the Parliament fifty-fifty though members of Parliament are alongside its members, nor business office of the judicial branch, fifty-fifty though around its members are magistrates.
The CNCTR solely holds advisory ability every bit it tin non halt whatever determination from the Prime Minister regarding information requests or tidings collection. The committee tin limited disapproval of a collection request, but the Prime Minister tin overrule this advice together with nevertheless authorize tidings collection.
The CNCTR tin access all transcripts together with logs from tidings collected nether the Prime Minister's authority, but it tin non compel whatever tidings service for documents or information, together with it tin non investigate whatever irregularity on its own. However, it tin limited recommendations regarding tidings procedures together with convey whatever irregularity to the Council of State. All debates within the commission, every bit good every bit all its communications with the Prime Minister together with tidings services are classified.
Influenza A virus subtype H5N1 special condition has been granted to journalists, lawyers together with members of parliament, every bit when tidings requests apply to them, the CNCTR must hold upwards informed simply earlier collection starts thus it tin nation whether the collection is necessary together with proportionate. The CNCTR must also have transcripts of the intercepted communications afterwards. The departure with regard to eavesdropping operations against regular citizens is that for them, CNCTR can access the transcripts if it asks for them, piece for the privileged professions, CNCTR must have together with review them.
In theory, whatever private living inwards French Republic or abroad tin enquire the CNCTR to depository fiscal establishment check if he has been placed nether surveillance next proper procedure. The command committee must depository fiscal establishment check for whatever irregularity, but tin neither confirm nor deny to the private that he has been placed nether such surveillance. The committee solely states that proper verification has been made, together with if whatever irregularity is detected it tin study it to the Council of State.
Headquarters of the French domestic safety service DGSI inwards Paris
(Photo: Bertrand Guay/AFP - Click to enlarge)
New provisions for domestic tidings collection
This department applies to all main tidings services such every bit DGSI, DGSE together with DRM. DGSE is a unusual tidings service, which is non supposed to operate on French territory, but it is authorized to asking information together with intercept domestic communications. DGSE holds most technical capabilities for decryption together with high-end communications collection together with provides other agencies, such every bit DGSI or DRM, with technical agency together with expertise inwards this regard.
Influenza A virus subtype H5N1 recent Five Eyes partnership. After ECHELON, this French network was dubbed FRENCHELON.
If information is collected nether the unusual communications status, but is together with thus traced dorsum to domestic communications (call number or subscription located inwards France), it tin hold upwards processed solely if approved nether the domestic communications framework, or it must hold upwards destroyed nether half-dozen months.
The DGSE satellite intercept station close Kourou inwards French Guyana,
which was built inwards cooperation with High German BND
(Image: Google Maps)
Outside French territory
Intelligence collection conducted yesteryear French tidings services exterior of French Republic is non restricted yesteryear law. Because the overseas satellite stations are considered to hold upwards on French territory, this province of affairs solely applies to for representative covert eavesdropping operations inwards unusual countries, every bit good every bit to tactical SIGINT collected through land, body of body of water together with airborne platforms during military machine operations abroad. French armed forcefulness are based inwards countries such every bit Mali, Gabon, Republic of Djibouti together with UAE. This volition mainly resultant inwards communications for military machine purposes.
While this form of collection is non regulated yesteryear law, it volition hold upwards limited yesteryear the available resources together with the specific goals laid yesteryear the authorities inwards the annual PNOR (Plan National d’Orientation du Renseignement or National tidings orientation plan), a classified document sent to the chiefs of tidings services together with to the parliamentary delegation for tidings (DPR - Délégation Parlementaire au Renseignement), which solely receives a redacted version of this document.
Influenza A virus subtype H5N1 French regular army vehicle for collecting tactical SIGINT together with ELINT inwards Afghanistan
(Photo: ageat.asso.fr - Click to enlarge)
Automated mass metadata collection
In July 2015, a law introduced a novel automated mass metadata collection organisation against terrorism. The Prime Minister tin lodge French cyberspace service providers to add together specified metadata collection together with filtering systems to their networks. He tin number such orders for 2 months, together with they tin hold upwards renewed without restriction. Data collected on ISPs networks tin hold upwards stored upwards to sixty days, together with would hold upwards filtered together with processed yesteryear authorities issued algorithms to expose terrorism related threats. If such a threat is detected, the Prime Minister tin compel ISPs to position related users.
The evolution of threat-detection algorithms, together with their so-called "black boxes", should hold upwards done nether supervision from the CNCTR. However, providing oversight at the hardware together with software marking could hold upwards rattling tricky together with difficult, specially every bit algorithms would hold upwards updated together with modified rattling regularly together with it would also require specialized cognition of such cyberspace filter systems.
The reach together with role of this metadata provision is largely a mystery. At start sight it may hold off similar to what NSA did yesteryear collecting domestic telephone records inwards lodge to expose unknown terrorist associates yesteryear contact chaining. But if that was the role of this French law too, together with thus it would select been much easier to lodge the ISPs to paw over their metadata inwards bulk, simply similar it happened inwards the US.
Actually, French telecommunication together with cyberspace service providers already select to shop their customer's metadata for at to the lowest degree ane yr nether the European Union data retentivity directive. Moreover, a French legal decree fifty-fifty requires spider web hosting companies, similar Facebook, Google together with Amazon, to shop their user information for at to the lowest degree ane yr together with supply it to authorities authorities at their request. However, these metadata may solely hold upwards used for targeted investigations, every bit tidings services must supply specific requests to ISPs & spider web hosting companies with either the total mention of a target, its user name, IP address or other identifying information.
It seems that installing "black boxes" at internet service provider networks serves the mass collection of smaller sets of data: they filter traffic using specific threat-detection algorithms, thus they volition probable solely clitoris inwards those metadata that tally for sure communication patterns together with routines, based on digital forensics from counterterrorism investigations. The metadata would together with thus hold upwards used to position the users showing such patterns.
Given the rattling high information rates of traffic passing cyberspace service providers, such filter systems are rattling expensive together with internet service provider to a greater extent than oft than non don’t similar external systems to hold upwards plugged into their networks. That makes it surprising that the orders for installing them are valid for simply 2 months, together with although they are renewable without whatever limitations, it’s non clear whether these "black boxes" would hold upwards removed from ISPs networks at the terminate of each order, or if they would solely hold upwards turned off until farther notice.
Cyber defense
Interestingly, filtering cyberspace traffic using threat-detection algorithms sounds rattling much similar detecting together with preventing malware together with cyber attacks. But mayhap except for a instance when a terrorists grouping would bear cyber attacks, the law exactly states that this "black box" metadata filtering together with collection organisation tin solely hold upwards used to expose terrorist threats. It tin non hold upwards used for whatever other purpose, including cybersecurity, counterintelligence or criminal investigations.
Nonetheless, the cyber domain did have special attending from French lawmakers inwards the latest regulations on intelligence. All collected tidings which is related to cyber attacks tin hold upwards stored indefinitely for technical analysis. In addition, all penalties for reckoner hacking together with cyber-related crimes select been doubled every bit business office of the novel Law on Intelligence passed inwards July 2015. This fits a full general shift of tidings agencies towards "cyber", every bit for representative inwards the US, cyber threats replaced terrorism every bit top priority for the tidings community since 2013.
Links together with Sources
- New York Times: French Inquiry Urges Changes to Intelligence Services inwards Light of Failures
- The Guardian: France passes novel surveillance law inwards wake of Charlie Hebdo attack
- Matthew Aid: French SIGINT: Part II
- Overview of French intercept sites: Comment on peut, en trois clics, découvrir la bill of fare des stations d'écoute des espions de la DGSE
Tidak ada komentar:
Posting Komentar