I am a client at OVH and Gandi and I hope they send a big FU to the French government and relocate. I am willing to pay a premium for that.
I'm assuming it's largely strategic. "Everybody" wanted to pass the bill, but no one wanted it on their voting record since they knew it was controversial. So everybody got together and selected a small number of martyrs to go sully themselves while everybody else could keep their hands clean.
And launched a big initiative to federate tech actors against the bill: http://ni-pigeons-ni-espions.fr/
######## Breaking ########
Octave Klaba finally declares that the bill doesn't compromise the trust chain. https://twitter.com/olesovhcom/status/588666965755092993
Of course OVH already have several data centers outside of France, in Canada for example.
That doesn't help us french people, as our traffic will be inspected from where ever it is coming and going, as long as it originate here.
This is largely disputed: http://www.numerama.com/magazine/32806-boites-noires-le-gouv...
Black boxes are still there. Some light safeguards are added, notably approval of Prime Minister, but it still remains quite vague.
(Google Translate link: https://translate.google.com/translate?sl=fr&tl=en&u=https%3... )
It is usually not that bad, though. I think the low number is due to allegiance to a party. Socialists felt like they had to vote in agreement to their party leaders to advance their careers, but to avoid backslash from the press and the public, many didn't show up. Their opposition, the right wing, always was big on tighter consumer control and surveillance. The previous president famously had speeches where he described his ambition to wash out undesirables with Kärcher, and he made some waves during his mandate as Minister of the Interior when he talked about his intention to track immigrants. Since he is still considered important in their party, I suppose many had the same dilemma and didn't come.
I'd expect that law to be distorted into a weird red tape system with virtually no power, but that will still get passed just so the politicians can say they have passed some law.
> In response, the government proposed a few hours before the vote a new amendment supposed to appease the hosting providers. If adopted, it lets them to define the separation between "metadata and content."
I'd expect most providers would say that they don't have any metadata, and that they would designate /dev/null as their black box.
I doubt it. They already have a well-oiled surveillance machine, they do not want to make it harder to operate while legalizing it. I do not expect the senate to alter the law significantly.
Parties then decide on a party line for the vote.
Thus, most often the result would not be different if everybody was there.
Edit: Also, because of limited time, commitee meetings may actually be held while there are votes. So it does make sense.
NB: The German parliament however can technically not decide anything if not enough members are present. However, usually attendees are not counted. Parties can demand a named vote though, which is counted. One party demanded that once, and it was almost universially called 'unfair' [1]. ¯\_(ツ)_/¯
[1] (in German) http://www.spiegel.de/politik/deutschland/posse-um-hammelspr...
It doesn't really work that way today, but in an ideal world I would find it good that the 30 people who understand computers vote while the 337 others abstain.
Also, I'm not sure how it works in other countries, but in France deputies usually have another job, you can't expect them to go to Paris on every wednesday to vote on things they don't even really know about.
The French democracy has been completely broken for a long time and a few relics from the past are still working now. The times when the country was called "the land of the human rights" are long gone. I see a few people trying to contact their representative but it's already too late, the democracy is gone, forget about it, it will just slow things down a bit but that's all, the politicians in power are too corrupted and the system too broken for that to work.
The best solution now for us now is the technical one, to prevent them to do it. But even that solution is temporary, one day or an other, when they will start to attack random citizens, things will have to change... as the quote is saying, "Those who make peaceful revolution impossible will make violent revolution inevitable.".
I'm not sure if it's a problem of democracy. Most people don't care. I've been discussing with a few French friends about this, and most them just don't see any problem (after all, "they have nothing to hide").
Do they teach schoolchildren about the Comité de salut public or anything?
Do you have a source for that? I'm genuinely curious.
Basically, our Defense Minister's twitter account posted a quote of Christiane Taubira (the Defense Minister) saying "It is obvious that the methods of retrieval [of data] are potentially endangering private life".
It was quickly removed.
Allegedly to protect the people, the object of that law is rather to decriminalize and widen the PM's surveillance capabilities.
The law just exempted french agents for any illegal data acquisition done on foreign targets. One of the seven goals the law encompasses is "major scientific and economic interests". Don't deal with France, starting from may 6th.
Kudos to the couple deputies that show concern and bear with the long hours and kafkaesque atmosphere.
Mandatory handling of encryption keys on request is also part of the package. Hosters and ISPs like it.
"DPI algorithms shall remain secret, for they'll lose their effectiveness otherwise." Such StO.
Oversight over it all will be restricted to a 7-ish member court.
We must not remain silent as France openly turns into a police state.
The low number of delegates during the vote whows how archaic the French politic system is: they are against their own party so they prefer to be missing. There is little discussion. And there is no way to make a petition in France that would go to the parliament or provoke a referendum.
France just shows how current institutions are overwhelmed by new technologies.
Sadly still so true. The attacks from January 2015 have led to this horrible secondary damage.
Also had VOIP phone to contact députés. Many were and avoided questions or said they would toe the party line. Evidence here: https://pad.lqdn.fr/p/PJLdeputes
It's actually worse. Listening to all communications in the hope of catching something suspect is the exact thing that make this law extremely dangerous.
It's very bad.
But laws are not really discussed in the main chamber. The way it works is that laws are really discussed, debated and modified in commissions, and the main vote is only for the TV, and for MPs to demonstrate publicly their opposition.
They're overpriced, and in my experience, their customer service is disgusting. I would never recommend them.
Namecheap are cheaper, better, and have done more for HN-related causes than Gandi ever will.
---
It was in a nearly empty senate that around thirty deupties
cast their votes [...] on the installation of "black boxes",
a controversial device designed to monitor internet traffic.
[It was] approved by 25 deupties to 5 following heated debates.
The plan: to force ISPs to "detect, through automated
processing, a suspect succession of connection data" that
appear to match patterns typically used by terrorists. In
practice, this would involve installing a "black box" at ISPs
to monitor traffic. The content of the communications would
not be monitored, but only the metadata: the sender or
receiver of a message, the IP address of a visited site...
[...]
"The black box is the Pandora's box of this draft law," said
socialist Aurélie Filippetti in the senate. "They say that the
masses of data that will flow through it will only contain
metadata. But they contain even more information about the
private lives of our fellow citizens! [...] And there is a
paradox in saying that these data will be anonymous when they
are to be used to identify terrorists".
An accusation that was then defended by the government in the
house, "The automated processing marks out suspect behaviour,
not pre-identified persons," emphasized the Defence Minister,
Jean-Yves Le Drian, "It is after that the services are able to
access the identity of the persons."
[...]
Some deputies also pointed out the "economically damaging"
consequences of these black boxes, such as the ecologist
Isabelle Attard, for whom "French IT companies will see their
foreign clients start to desert them as they lose their trust".
Last week, seven large French hosts made their opposition to the
draft clear, stating that it would push them "into exile" so as
not to lose their clients.
[...]
The government nevertheless eluded the more technical questions
throughout the debate, asked, several times, by a few deputies,
among those was Laure de la Raudière (UMP), "Where are you going
to install your probe on the communication networks?", "How will
you optimize the algorithms?", "Will you use deep packet
inspection?".
Bernard Cazeneuve ended up replying to this last question,
repeated several times by the deputy, "We will not use this
technique at all", a technique that involves the deep inspection
[translation of a translation...] of all passing communications
data.
Several deputies have also demanded a precise list of the type of
metadata collected by the black boxes to be clearly defined.
In vain.
Germany/Hetzner?
Literally is there no one else you can get cheap dedicated servers and avoid this kind of surveillance directly inside the DC? :/
In this case, it's going to be kept secret and covered by some kind of "security clearance". That would make it a criminal offense to divulge these details. The law explicitly limit this to the "meta data" of the communication, and not the content.
And finally, publishing these details would defeat the whole purpose of the enterprise. The NSA does not publish details about the meta-data they collect in the PRISM database, and they charged the Snowden for the little that he revealed about the program.
The French are essentially doing the same thing. The NSA has some limitations about when US citizens meta data can be collected domestically. The French law has no such provision.
https://translate.google.co.uk/translate?sl=auto&tl=en&js=y&...
(Sorry for long link)
Moreover, that would also have a strong symbolical value. I find it a bit weird you're being more like "don't be lazy, couldn't you find a bad level translation yourself and be happy with it?". No. I'm not happy because you're not giving it the appropriate coverage this way. But oh well.
Bernard Cazeneuve, our ministre de l'Intérieur (Tasked with internal security, i.e. police etc.) has also declared the right to private life to not be a freedom. (https://www.youtube.com/watch?v=WODKfxtJQbE)
This law was voted by 30 delegates. From a total of 577. This is what we can expect of our National Assembly. I expected a bit more of them considering they were 40 (!) to debate it. And they were granted a whole two minutes to explain themselves. To debate a law that allows bypassing judges, installing black boxes (read: DPI tools) anywhere without needing a judge, and quite a few more fun things.
To any french reader here (or any reader in a country whose laws explicitly allow this type of mass surveilance) :
* Use LetsEncrypt to get an SSL certificate for your website (or selfsign one with the proper configuration). Not that this will matter much because this law will allow them to ask you to hand over your private keys
* Use TrueCrypt v 7.1a, the latest and audited version for you hard drive, or use LUKS if you're on Linux.
* Use TextSecure and RedPhone. While I'm not aware of any recent audits, it's a hundred times better than going through regular channels.
* Use Pidgin+OffTheRecord for your private chats.
I am so fucking mad. And have no doubts, the senate will pass this. The worst (best) that could happend to this law is a few minor changes, but the key points will stay. And I doubt our constitutional council will reject it.
Since neither of those 3 things is something they want to discuss openly, no debate will happen between those who decide and the public.
But, I wonder if we can make these systems completely inefficient by flooding them with false positives. Assuming we can figure out the patterns they are looking for in our communications, could this be a possible solution to force them to withdraw they "black boxes"?
Here's why.
Scenario 1) It works. You get arrested on some arbitrary basis for impeding their system. Or they otherwise make it illegal to do so, and begin cracking down on that.
Scenario 2) You throw a vast amount of interference at their system, and it has an effect. They spend more of your money to constantly stay head of the collective efforts. Most likely a relatively small number of people will never be able to overwhelm it long-term.
Scenario 3) It doesn't work in any meaningful way at all.
Focus on strong encryption.
Encryption is in a similar position, but it is a far easier sell to business and the general public, and so the chances of reaching critical mass of communications is much greater.
1/ They're after the meta data. Whether you have plaintext or encrypted communication, they still know to whom you talk. Unless you use TOR or VPN yourself out of the country, it's not going to help...
2/ Strict key disclosure laws. You can be thrown to jail, if you cannot decrypt some information when requested by a judge. That's true even in the case where you can prove the key is no longer in your possession...
Maybe i'll make my personnal server connect to random IP on port 80 to send data with such keywords.
This is how democracy dies. Now the 95% other members of the National Assembly will say "that it's not their fault, because they didn't even vote for it!", if some major abuses happen due to this in the future. Despicable.
We need a system of government that allows scientists and thinkers to have a weighted power balancing politicians. POliticians cannot be trusted by definition
It's insane!
A false sense of security can be more risky business than weak security, as pertains to what gets exposed.
It does have the very useful property of granting plausible deniability, though, by making it possible to forge messages after the fact.
That said, TC has been audited by what I hear is a reputable group of people, who say there's no evidence of severe crypto vulnerabilities.
Which means that the french people are socialists in their hearts.