This law just got approved in France. 438 votes in favor, 86 against, 42 abstained.
The original, French, version is here: ASSEMBLÉE NATIONALE 2669.
A google translated version reads as follows.
Article 6 […]
It is also stated that operators and service providers will, if necessary, be able to observe the provisions governing the secrecy of national defense.
Finally, Article L. 871-4 provides that CNCTR the members and agents can penetrate, for control purposes, on the premises of operators and service providers.
Article 7 also moves, adapting in the new Book VIII of the Code of internal security of existing criminal provisions, including the fact that repress from revealing that information technology is implemented or refusal to transmit login data whose collection has been authorized.
Every ISP or hosting provider in France should be worried. OVH, one of the biggest hosting providers in the world, was already threatening to leave France. If they’re looking to store their servers physically nearby, maybe we can partner up.
But all kidding aside, I’m curious what they’ll do now, since the law has been approved.
A translated post on OVH’s statement shows some of the real dangerous of this law.
… Requiring French hosts to accept real-time capture of connection data and the establishment of “black boxes” with blurred in infrastructure, means giving French intelligence services access and visibility into all data traveling over networks. This unlimited access insinuate doubt among customers of hosting providers on the use of these “black boxes” and the protection of their personal data.
We can all argue in favor of end-to-end encryption, SSL everywhere, … but that doesn’t change the fact that your government is forcing the internet providers in your country to install and maintain a backdoor, so French law enforcement can intervene and spy at their own choosing.
It’s a sad day for France and a sad day for ISPs and hosting providers in general.
Hat tip to @FredericJacobs for bringing this to my attention.