Skip navigation
French Surveillance Law Implicates Internet Service Providers, Web Hosts
Network interconnection room at an Iliad S.A. data center on the outskirts of Paris (Photo: Yevgeniy Sverdlik)

French Surveillance Law Implicates Internet Service Providers, Web Hosts

Law requires ISPs to install black boxes to analyze users’ metadata, alert authorities of possible terrorist activity


This article originally appeared at The WHIR

Internet service providers in France will have to install black boxes that analyze users’ metadata and alert authorities of possible terrorist activity under the country’s sweeping surveillance bill, which the Constitutional Council approved on Thursday night.

According to a report by the Wall Street Journal, the law overhauls the entire legal framework for France’s surveillance operations for the first time since the 1990s. The overhaul was driven largely by the terrorist attacks in France earlier this year that killed 17 people.

Web hosts and telecoms in France have strongly opposed the bill, threatening to move their infrastructure out of the country if the bill is passed. In a statement in April, French web hosts said the French government is not equipped to handle the technical aspects of the black boxes and could open up the country to security risks.

“Last night’s decision clears the last hurdle for a law that will deal a major blow to human rights in France. The surveillance measures authorized by this law are wildly out of proportion. Large swathes of France’s population could soon find themselves under surveillance on obscure grounds and without prior judicial approval,” said Gauri van Gulik, Amnesty International’s Deputy Director for Europe and Central Asia said in a statement.

“The US and UK security agencies’ mass surveillance was denounced globally, yet French authorities appear to want to mimic their American and British counterparts in allowing the authorities to intercept and access people’s communications at will.”

In the UK, the High Court ruled recently that sections of the Data Retention and Investigatory Powers Act violate articles of the European Convention on Human Rightsand personal data protection afforded to British citizens.

The Constitutional Council approved most of the provisions of the law, save three provisions, including one that would allow emergency surveillance without the approval of the prime minister or another minister in the government, calling it “a disproportionate violation of the right to respect for private life and the confidentiality of communication.”

Under the law intelligence services will be able to work with telecommunications companies to gain real-time access to Internet connection data of suspected terrorists.

Beyond complying with the surveillance law, French ISPs also have to participate in a “three strikes” anti-piracy program. This week that program passed the five million warning mark after five years.

This first ran at

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.