[the proposed law] wants to force intermediaries to “detect, using automatic processing, suspicious flows of connection data”. Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.
As well as being extremely vague, none of this “automatic detection” will require a warrant, which means that the scope for abuse and errors will be huge. And then there’s this:
the Intelligence bill also addresses the obligations placed on operators and platforms “concerning the decryption of data.” More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.
As we’ve noted before, there is a global push to demonize encryption by presenting it as a “dark place” where bad people can safely hide. What’s particularly worrying is that the measures propposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.