How will new internet surveillance measures affect business in France?

A shared digital space requires trust, so why has the French government introduced stricter online surveillance laws and how will it affect enterprises online behaviour?
Written by Frances Marcellin, Contributor

Since the tragic attack on satirical newspaper Charlie Hebdo's editorial team in Paris in January, the French government has been seeking greater support from technology firms to for increased online surveillance. During his speech in the wake of the attacks, the French prime minister Manuel Valls declared that the country was "at war with terrorism" and stated that "strengthening measures" would soon be introduced "relating to the internet and social networks".

Social media - a propaganda battleground

A joint statement from European ministers the following week called for EU member states to make full use of the Syria Strategic Communication Advisory Team (SSCAT), which is being established with European funding to help support anti-terrorist messages. It also calls for backing from "major internet providers" to aid the "swift reporting of material that aims to incite hatred and terror and the condition of its removing".

Sites such as Twitter and Facebook have become a battleground for propaganda, and there is no doubt that the success of ISIS in raising funds, recruiting fighters, and radicalising individuals is partly due to its sophisticated marketing tactics both off and online. Its strategies, magazines, and films, particularly those focused on recruitment, even caused the French government to release its own anti-Jihadist film in reaction.

With the US National Counter-Terrorism Center (NCTC) reporting that foreign fighters are flocking to Syria at an "unprecedented rate" and the number of people under surveillance in France for involvement in terrorist networks having increased by 130 percent in one year, Valls announced that the government has been forced to take "exceptional measures".

Exceptional measures

Since then a €425m anti-terrorism programme has been introduced, involves the creation of 2,680 jobs, a "substantial part" of which will be "assigned to cyber patrols" and to "investigating offences committed online". A further €60m will be allocated to the "prevention of radicalisation".

Earlier this month, the government announced a new decree implementing the Loppsi Act and the 'Terrorism' Act, allowing officials to block access to websites containing content related to child abuse or terrorism within 24 hours and without a court order.

The president has also said that France is putting together a draft law that will make online companies such as Google and Twitter accountable for any content containing extremist messages.

Critics say that the new decree limits freedom of speech and La Quadrature du Net, a French organisation opposed to internet censorship, has labelled it a "liberty-infringing scheme".

"Website blocking is ineffective since it is easily circumvented," says Felix Tréguer, founding member of La Quadrature du Net. "It is also disproportionate because of the risk of over-blocking perfectly lawful content, especially with the blocking technique used by the government. The [decree] just gives the illusion that the state is acting in the interests of our safety, while going one step further in undermining fundamental rights online."

The dark side of the net

Colin Tankard, managing director at data security company Digital Pathways, believes that circumvention is also a problem and while this kind of government reaction is good publicity, that it won't reach the desired targets.

"Social media is a vehicle for people to communicate, but the sophisticated communications will be going on via the dark side of the web, such as Silk Road through the Tor browser," he said.

"The downside of monitoring is that it drives things further down," he added. "The NSA, GCHQ, and no doubt the French government too are monitoring these areas, gathering tonnes of information, sifting through keywords and trying to track down individuals almost to sniper level - and I think that is the only way it can be done."

Digital space requires trust

The fact remains that trust is fundamental to the effective use of our shared digital space. "This is the reason why the authorities are right to set a national strategy on this topic, aiming to reinforce our defences in the face of various threats and to fight hatred propaganda," Loïc Rivière, secretary general for AFDEL, the French Association of Software Vendors, said, adding that the difficulty lies in finding the "balance between the capabilities given to security forces and respecting rights".

Yet the French government "seems to be willing to go further without waiting for the European regulation on network and information security", he said.

"The European Commission has made it clear that its actions will not be steered by fear, but by reason," a European Commission spokesperson said. "The right balance needs to be found between security, data protection, and freedom of speech."

While the EC says that ensuring network and information security is vital to boost trust and to the smooth functioning of the EU, it also confirms that when it comes to illegal content the ground work is already provided under the eCommerce Directive. "Internet service providers, when they are made aware of illegal activities, have to quickly act to remove or disable access to the information," the EC spokesman said.

The European Commission is also supporting the SSCAT , and works with internet providers to counter radicalisation online through the Radicalisation Awareness Network.

How are businesses affected?

With heightened online surveillance coming into play and as online hacking incidents increase - from the Sony hack to the iCloud celebrity photo leaks and the hacking of ISIS accounts - how will businesses be affected? Will these threats and increased online surveillance provoke distrust towards online technologies and cloud computing?

"Yes they will," says Digital Pathways' Tankard, "because the best protection you have is when you hold the data yourself. As soon as it is with a third party questions open up such as who can access it where does it get backed up."

He likens the situation to the Patriot Act in the US. "The French move is the same, so that same distrust will happen in France," he says. "We always tell clients to keep the services separate - go to one company to store your data and one to handle the encryption. That way the owner is the only one who can access the data."

But as US president Barack Obama and UK prime minister David Cameron continue to alarm tech companies and the public with potential anti-encryption measures, Tankard says he thinks the industry will start to see more technology being used that can hide servers, rendering the user invisible from the internet.

"This stealth technology has been around for a while and is used in military and high-level security environments," he says. "It hasn't really filtered into the general commercial setting, but I think that's the sort of technology companies will start employing."

Rivière says that while new rules will have an impact on the business world, the climate must be one of trust which relies on a clear understanding of the regulatory environment.

"If French operators, or those based in France, are victims of a particular set of regulations, customers will go elsewhere," he says. "This is a legitimate worry for operators. If it's well defined, a more secure regulation framework can be attractive, but, again, a balance is not easy to find."

Read more on this story

Editorial standards