The French Constitutional Council has taken another look at a new security law it waved through in July 2015, and found it wanting.
A key clause of last year's Surveillance Law essentially allowed security agencies to monitor and control wireless communications without the usual oversight applied to wiretapping operations.
This is unconstitutional as the lack of oversight is likely to result in a disproportionate invasion of privacy, the council ruled Friday. It was responding to a complaint filed by La Quadrature du Net (LQDN), an association campaigning for online rights, the ISP French Data Network (FDN) and the Federation of Non-Profit ISPs.
The complainants welcomed the decision, saying it "deprived intelligence services of a legal cover unleashing all kinds of illegal surveillance measures," and showed how precise and persistent work can still change the law even after an unfortunate vote. "This is an encouragement to keep fighting for the protection of freedoms and the rule of law," they said.
The spies needn't worry just yet, however: Rather than strike out the offending clause immediately and put an end to the bulk collection of radio communications, the council has given the government over a year in which to pass new legislation making their operations legal. In the meantime, the spies will have to keep the National Commission for the Control of Surveillance Measures informed of the scope and nature of any surveillance operations conducted under the offending clause.
LQDN said it regretted the extended time given to the legislator to conform to the decision.
In reaching its decision, the Constitutional Council was concerned that the bulk collection of data would allow the unauthorized identification of individual conversations or communications. In addition, the council noted that although the law gave the spies new powers "necessary to protect the fundamental interests of the country," it did not prohibit them from using those powers for other purposes. Finally, the council objected to the way the law granting the new powers contained no definitions of the surveillance and control measures allowed, nor any means for monitoring or challenging their application.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.