Hosting Companies Threaten To Leave France Over (Yet Another) Surveillance Law. But Where Could They Go?
from the black-box dept
Back in December, we reported on how France sneakily enacted a controversial surveillance law on Christmas Eve, obviously hoping nobody would notice. Now the French government is quite brazenly saying last year’s law didn’t go far enough, and that it must bring in yet another surveillance law that is even more intrusive, and do it quickly with only minimal scrutiny. Here are just some of the problems with the new bill according to Human Rights Watch:
Serious flaws include expansive powers for the prime minister to authorize surveillance for purposes far beyond those recognized in international human rights law; lack of meaningful judicial oversight; requirements for private service providers to monitor and analyze user data and report suspicious patterns; prolonged retention periods for some captured data; and little public transparency.
That requirement for ISPs to install “black boxes” for algorithmic surveillance of “suspicious patterns” is particularly troubling:
The bill’s requirement for service providers to install secret, unspecified, state-provided means of analyzing suspicious patterns — for example, visits to websites advocating terrorism, or contacts with persons under investigation — could potentially be applied to a virtually unlimited set of indicators, Human Rights Watch said.
Once these black boxes are in place, it can only be a matter of time before the copyright industry starts pushing to use them to detect copyright infringement. After all, it will doubtless point out, since the equipment will already be there, it wouldn’t impose any further costs on service providers to carry out such scans. Who could possible object? Leading French Internet companies certainly do. As ZDNet reports, some are threatening to leave the country if the law is passed in its present form when it comes to the final vote on 5 May:
Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto “exile” if the French government goes ahead with the “real-time capture of data” by its intelligence agencies.
The companies argued that being required by the law to install “black boxes” on their networks will “destroy a major segment of the economy,” and if passed it will force them to “move our infrastructure, investments, and employees where our customers will want to work with us.”
The companies say that between 30 to 40% of their turnover comes from customers outside France, attracted by the current framework’s strong protection for online privacy (original in French.) It’s a great gesture, but the question is: could the companies carry out their threat? After all, given the rush to introduce far-reaching surveillance laws in many other European countries, it’s not clear where exactly those companies could go. Even Switzerland, that old standby, has its surveillance programs, and the risk is that it, too, will bring in measures like those of its neighbors.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: black box, france, hosting, surveillance
Companies: gandi, ids, ovh
Comments on “Hosting Companies Threaten To Leave France Over (Yet Another) Surveillance Law. But Where Could They Go?”
My guess would be Iceland, after the PP has won the elections…
Aren’t they already tapping the main cables like everyone else?
'Might' vs 'Is'
Even Switzerland, that old standby, has its surveillance programs, and the risk is that it, too, will bring in measures like those of its neighbors.
Other countries might introduce similar measures in the future, but the French government is introducing them now.
Entire companies pulling out will serve dual purposes, both as a means of very visible protest, and a large boost to the reputations of those companies, quite possibly making up for the costs of pulling out of France in the long term.
Re: 'Might' vs 'Is'
I’m sure the UK is already in the process of trying to get such a law passed into the UK by think or the children/terrorists PM Cameron.
Well, as you said, it’s been years since they’ve been doing that, they’re not stoping anytime soon and they don’t really care if companies leave…
tbh, it would be better if they did it.
If they back out nothing will happen. If they start blackboxing, poland will start rioting again and the idea will be shelved for another decade.
Surveillance == back doors and security holes
Once these black boxes are in place, it can only be a matter of time before the copyright industry starts pushing to use them to detect copyright infringement.
Bad as that is, it’s not the worst part. The presence of those boxes on a provider’s network means that it’s already compromised AND equipped with data exfiltration capabilities. This lowers the bar for attackers considerably, since now all they have to do is compromise those boxes — at which point they can leverage them against the provider, its customers and its users.
If the companies really wanted to kill this law, it would be incredibly easy. How? Just shut down until the government agrees to back off.
What would happen if all the ISPs and other internet companies in France just shut down? The government’s not in a position to take over providing internet access to the entire country. I doubt there’s any law that says the government can force a company to continue operating, or that they’re allowed to just take over a company and run it themselves.
So if faced with a mass shutdown of the internet in France, would the government still go ahead with a law that they would have nothing to apply it to?
Re: Re:
Except you just shut down the main way to fight government propaganda. Sure, the internet’s dead, but where will people go to find out why? TV, newspapers, their local government/send a letter to a politician, really the internet shutting down would play right into their hands.
Not to mention pull this off and you’ve just proven there is an effective monopoly, which enables France to take legal action against you.
@7
that is what they want no internet
unless they control it so no , ovh and such should come to canada
it already has a presence in north america and it should move to the swiss in europe
stay clear a australia and britain and hte usa they as bad as france or worse
The information is a bit outdated. Big hosting providers such as OVH, Online or Gandi already backed from their threats to leave France, arguing that some promises made by the government are satisfying. (Source: http://www.numerama.com/magazine/32818-loi-renseignement-finalement-les-gros-hebergeurs-restent-en-france.html)
Numerama reports that Altern.org and Eu.org, resp. a small hosting association and a free DNS provider (also small-ish) committed to their threat to leave, and are currently leaving France. But that is just two small service providers leaving, nothing that really threatens the law project. (Sources: http://www.numerama.com/magazine/32836-loi-renseignement-le-service-euorg-va-migrer-ses-serveurs-a-l-etranger.html and http://www.numerama.com/magazine/32833-loi-renseignement-l-hebergeur-alternorg-demenage-a-l-etranger.html)
Re: Re:
Seriously, I would find it very hard for OVH to completely move out of France in a short period of time. Currently they have 3 of their primary Data Centers there. On their website, it states there are 566K servers for end users at those sites. The amount of time to build a new DC, dig in infrastructure to their current fiber network and deal with local ordinances would last a few years at the least.
I wonder though since OVH also has a major presence in Canada, how will they deal with black boxes placed in the BHS center or will that violate Canadian privacy laws?
Seriously? They’re going to remove the cables they’ve laid and take them off to another country?
Re: Re:
More likely they would sell it. Maybe some meaning is lost in translation…
At least france doesnt let private companies access this data yet, so they can argue that things could be worse.
But then it doesnt really matter since the US still has Google on a leash which is pretty much the same thing.
The bill’s requirement for service providers to install secret, unspecified, state-provided means of analyzing suspicious patterns — for example, visits to websites advocating terrorism, or contacts with persons under investigation — could potentially be applied to a virtually unlimited set of indicators, Human Rights Watch said.
Democracy!
Lots of Places
Well, let’s see, in Europe, apart from Switzerland, there are: Ireland, Iceland, Andorra, Monaco, San Marino, Liechtenstein, Luxembourg, the UK Channel Islands, the Isle of Man (UK), and Gibraltar. The Baltic Republics (Lithuania, Latvia, Estonia) might very well inherit the historic propensities of the old Hansa city-states (Bremen, Hamburg, Lubeck, etc.) before the unification of Germany. In the Western Hemisphere, there are: Bermuda, the Bahamas, Barbados, Jamaica, The Caymans, Aruba, Curacao, Antigua, Greenland, Dominica, Grenada, Panama, and St. Lucia. Of twenty-some countries with a historical propensity to engage in offshore banking, etc., one or the other will choose to make some money in internet hosting.
Web-hosting is a much less demanding business than banking, insurance, and stockbroking. The various financial businesses tend to involve multiplicities of experts who can value various kinds of assets (*), and that requires a town of a certain size, eg. Zurich or Geneva. This constraint does not operate on web-hosting.
(*) For example, on what terms should a prima ballerina be allowed to insure her legs?
Re: Lots of Places
In fact, Gandi has already started migrating their users to a Luxembourg LLC. Last time I renewed a domain I was told my contract would be transferred unless I opted out (which would let me stay with the French company):
good and i hope it is the start of a trend! governments are taking this spying business to ridiculous levels now where absolutely nothing is as important as spying on ordinary citizens just so the info can be passed on to the entertainment industries because this is exactly why it’s being done! people seem to ignore what has happened during the last 20 years and the steps those industries have not only taken but how successful they have been, mostly because judges are as thick as fuck over the subjects (exactly why there have been only certain ones selected to sit on cases involving those industries!) of copyright and downloading/prosecution of citizens for that. every government is fully aware that the laws they are bringing in are useless as far as preventing terrorism but are the dogs danglies for catching out unsuspecting fathers and making them ripe for law suits!!
Who's behind this?
First the sharp rightward swing in the political landscape of many western-type democracies.
Now all of this surveillance crap. Not just what Snowden revealed, but Canada’s Bill C-51, this thing in France, and the article implies there are several more like it in western Europe now.
Are we to believe that all of these countries are suddenly and simultaneously going surveillance-happy independently of each other, and that the timing coincidence is due to sheer chance?
There must be some shadowy international organization behind this, which is pushing for these anti-freedom and anti-privacy changes throughout the world, probably by flooding the electoral processes with dark money to buy elections and put their own figureheads in high offices around the world.
Perhaps that Bilderberg group?
Clearly fighting these bad laws in one place at a time is a losing battle. Time to directly address the root of the problem: identify the conspirators ultimately backing all of this garbage, slap the cuffs on them, and try them for treason in their various nations … or perhaps try them at the Hague as war criminals, especially if they can be linked to any violent acts. But I think that buying elections and then undermining the freedoms specified in the UN Declaration of Human Rights really ought to suffice to face war crimes trials, even if they never fired a shot.
Re: Who's behind this?
It might be even simpler than some conspiratorial group. It might be that every government has an inherent desire to implement total surveillance, but fulfilling their dreams hasn’t been possible until recently for two reasons. First, the technology now exists to make ubiquitous surveillance economically possible, and second, the US decided to go for it, giving political cover and a kind of permission to the rest of the world to do the same.
Re: Re: Who's behind this?
While I generally agree with you on principle, John, I can’t help noticing the revolving door between government employees, politicians, and military-surveillance-security-industrial complex corporations.
Follow the money. Where do these corporations have contracts with the governments of the countries involved?
There’s your answer.
Re: Re: Re: Who's behind this?
Oh yes, I agree. I was using a bit of shorthand. In my opinion, “the government” in the US includes large corporations, especially military-surveillance-security-industrial complex corporations.
Re: Re: Re:2 Who's behind this?
That’s funny. I don’t recall anywhere in the Constitution where it says that if a private enterprise gets big enough it gets to unilaterally add itself as an additional branch of the federal government.
That terrorist attack really turned out to be a blessing for those currently in power. Gave the means and the public support to slowly remove the rights of average citizens while making those at the top more like royalty than elected public officials in terms of wealth and personal power.
Re: Re:
Governments love terrorrism.