French lawmakers approve new sweeping spying powers

French lawmakers have overwhelmingly approved a new law granting the state sweeping powers to spy on its citizens despite criticism from rights groups that the Bill is vague and intrusive.

The law has been in the works for some time, but gained additional support after a killing spree in January that left 17 dead.

The Bill was passed by 438 votes to 86 in the French lower house, Assemblée Nationale, on Tuesday, with broad support from both main parties. Only the far-left and greens parties were strongly opposed.

It will go before the upper house Senate later this month. Amnesty International has protested the legislation, warning it will take France "a step closer to a surveillance state".

"This Bill is too vague, too far-reaching and leaves too many unanswered questions. Parliament should ensure that measures meant to protect people from terror should not violate their basic rights," said Amnesty's Europe director Gauri van Gulik.

The new law will set out exactly how agencies can gather intelligence, and sets up a new supervisory body known as the National Commission for Control of Intelligence Techniques to oversee access to data.

The new law will allow authorities to spy on the digital and mobile communications of anyone linked to a "terrorist" inquiry without prior authorisation from a judge, and forces internet service providers and phone companies to give up data upon request.

Intelligence services will have the right to place cameras and recording devices in private dwellings and install "keylogger" devices that record every key stroke on a targeted computer in real time.

One main criticism of the law is that authorities will be able to keep recordings for a month, and will be able to collect metadata for five years.

Prime Minister Manuel Valls has fiercely defended the Bill, pointing out that the previous law on wiretapping dates back to 1991, "when there were no mobile phones or internet", which makes the new Bill crucial in the face of extremist threats.

Perhaps the most controversial of the Bill's proposals are so-called "black boxes" -- or complex algorithms -- that internet providers will be forced to install to flag a pattern of suspicious behaviour online, such as what keywords someone types, what sites they consult, and who they contact and when.

In Australia, the government used the French terror attacks to argue why communications data needs to be retained for two years, despite France already having mandatory data-retention laws at the time.

This week, the Communications Alliance has said that a ruling by Australian Privacy Commissioner Timothy Pilgrim to force Telstra to hand over a large volume of metadata to a customer could potentially result in law-enforcement agencies requesting even more data than they have been allowed to obtain under the new legislation.

Although the data-retention legislation is designed to exclude URLs visited by customers, they were handed over to the customer as deemed to be "metadata".

During the Australian debate over the passage of its mandatory data-retention laws, Communications Minister Malcolm Turnbull admitted that the vast majority of metadata queries made by police are to determine who owns a phone.

"So the vast majority of these checks are just designed to find out who actually owns a phone, who is using it," Turnbull said.

In February, ASIO director-general Duncan Lewis told Senate Estimates that it needs telcos and service providers to retain metadata on all customers, even though upwards of 95 percent of it will be of no interest to authorities.

"95 percent, 99 percent, whatever the figure is, which will be of no particular relevance to the investigation," Lewis said.

With AAP