INTRODUCTION

The Intelligence Bill introduced before the French Council of Ministers on March, 19th 2015 is presented by its promoters as a text which protects fundamental rights. This technical text would be nothing more than a way to legalise policies and techniques which were up to now common but not regulated, and as such to create better safeguards. Move along, nothing to see here!

This public relations strategy is all the more convenient for the government given that since the beginning of Edward Snowden's disclosures regarding the NSA and GCHQ surveillance practices, the French government has chosen to burry its head in the sand. For nearly two years, it has indeed managed to avoid any meaningful debate on the French services' practices, even though some of Snowden documents shed light on the DGSE (French foreign intelligence agency) partnerships with the NSA and the GCHQ. Instead of a transparent democratic debate, French officials have mostly weathered the storm, simply issuing denials without ever saying anything about its own surveillance practices.

According to its sponsors, this bill would help render the whole scheme as clean as it gets. For Prime Minister Manuel Valls, the text would even forbid mass surveillance! The underlying message being pushed here is that the French system is being defined in opposition to the American and British models.

But the argument doesn't hold once the text is examined in detail. Several provisions are actually directly inspired by the US and British law and the methods used by the NSA and GCHQ. Indeed, the bill legalizes tools of mass surveillance, in particular with automated Internet trafic analysis "black boxes" designed to detect “suspicious behaviour” (art. L. 851-4) or provisions on so-called "international surveillance" (art. L. 854-1) which will authorize bulk data collection. It also sets loose hacking and cyberattacks carried beyond French borders, and in this respect also echoes the recent revelations regarding the British, US and Canadian agencies' practices. Finally, despite what its champions claim, the text is in many ways a step backwards in relation to the existing law and practices: for instance, specific and crucial control processes currently carried out by the CNCIS (National Commission for the Control of Security Interceptions) are being dismantled, whereas the field of intervention of intelligence agencies is widely extended.

The government is now trying to force this bill through. At the National Assembly Valls-Urvoas tandem (Jean-Jacques Urvoas is the Bill's co-author and is also its rapporteur) will enable the government and its majority to join forces during an rushed legislative procedure, while the "post-Charlie" popular mood and the securitarian drift of the opposition conservative party (UMP) will supposedly contribute to stifling the democratic and parliamentary debates.

Only a wide-ranging citizen mobilisation, in France and across the world, can make a change.

The points raised below highlight the dangers of the bill while pointing at possible amendments. To be acceptable and allow intelligence agencies to do their work while respecting the rule of law, the text must indeed be deeply amended.

SCOPE RESTRICTIONS

Evolutions from the French Lower Chamber Protection of personal data in the name of privacy. The 1st Article has been amended to precise that the protection of personal data (and thus connection data) is the second part of the right to privacy with correspondence secrecy (as asked by the CNIL). Amendements 244

Evolution from the Law Commission from the French Upper Chamber Removal of the clarification of correspondence secrecy, protection of data...: the expression "privacy in all its form" would include all of that.

Final version 1st article quotes explicitly the protection of personal data and correspondence secrecy as part of the respect of privacy.

Forbiding massive and predictive surveillance measures (black boxes)

Article L.851-4 provides that the Prime Minister may require that telecom operators and online service providers deploy technical devices (a.k.a black boxes) to detect, via automated means, suspicious patterns of connexion data or online behavior. The Prime Minister could decide, "if a terrorist threat were to be revealed (...) to lift the anonimity of those data". This provision seems to be inspired from the British model, as a similar mechanism was debated as early as 2000 and eventually included in the RIP Act's section 12 (in the UK, the issue of "black boxes" would be raised again in 2008, during a modernisation plan criticised for the extravagant expenses it incurred at the time).

Such devices aimed at the extensive scanning of online communications at the network or server levels amount to a massive processing of personal data. As such, they are contrary to the jurisprudence established by both EU Court of Justice and the European Court of Human Rights (see, e.g., Amann v. Switzerland, February 16th, 2000, §68). The government's argument that such surveillance relates to raw, anonymous data is completely at odds with technical realities, since "raw" metadata can easily be used to reveal someone's identity.

To detect "suspicious behaviors", these black boxes will run algorithms for which no transparency is possible. They are moreover contrary to the French Data Protection Act's article 10, which provides that "no decision which produces legal effects in respect of a person may be taken on the sole basis of the automated processing of data." It must therefore be repealed.

Among the techniques services are authorised by law to use, we find:

• probes (art. L. 851-2)
• "black boxes" (art. L. 851-3)
• geolocalisation of a person, car or object (art. L. 851-5)
• use of IMSI catchers (art. L. 851-6)
• interception of communications (art. L. 852-1)
• sound and image tapping of private places (art. L. 853-1)
• keyloggers (art. L. 853-2)

Évolution Assemblée nationale Aménagement des procédures entourant l'utilisation des IMSI Catcher : L'amendement 357 porte de 30 à 90 jours le délai permettant aux services de renseignement de discriminer les données collectées au moyen d’un dispositif de proximité. Il tient en cela compte des délais proposés par un amendement précédent et de la législation allemande qui prévoit quant à elle un délai de six mois. Amendement 357 et Amendement 351 d'Urvoas : Cet amendement a pour objet de rendre applicables aux paroles captées dans un lieu privé le délai de conservation prévu au a) du I de l’article L. 822-2, tel qu’il résulte de l’article 1er, amendé, du présent projet de loi (destruction à l’issue d’une durée de trente jours à compter de la première exploitation et dans un délai maximum de six mois à compter de leur recueil).

Évolution Assemblée nationale Boites noires à titre expérimental: Avec l'amendement 399, annoncé par Valls en introduction des débats, le dispositif des boîtes noire est institué à titre expérimental pour trois ans et fera l’objet d’une évaluation avant son éventuelle reconduction. Amendement 399

Évolution commission des lois du Sénat Aucune évolution significative du dispositif, le principe de surveillance massive et prédictive reste en place. Seule évolution : réduction de la durée d'autorisation, qui passe de 4 à 2 mois.

Texte définitif Les autorisations sont données pour une durée de 4 mois renouvelables (article 821-4)

Too wide and too blurry purposes

"International commitments"

The French Government argues that the accomplishment of the international commitments of France calls for the use of intelligence techniques to prevent the proliferation of weapons of mass destruction. If this goal is laudable, it is in a too broad and ill-defined legal category. "International commitments" would allow almost indefinite extension of the reasons for the use of information technology. To respect international law, the law must be amended to ensure that French law mentions specific international obligations (treaties, agreements, conventions) that can justify the use of intelligence gathering techniques. Evolution No significant changes neither at the National Assembly (lower chamber) nor at the Senate's Law Committee. Final text Among the objectives, in addition of preventing the proliferation of weapons of mass destruction, it includes:

• "National independence, territorial integrity and national defence"
• "The major interests in foreign policy, enforcement of European and international commitments of France and prevention of all forms of foreign interference"
• "The major economic, industrial and scientific interests of France"
• "Prevention of terrorism"

The French Constitutional Council considered that the 4 finalities give enough safeguards as they call the art. 410-1 of the Penal Code ^[1]

Repealing the "collective violence" public interest

Article L. 811-3. extends the intelligence services' powers to include the "prevention of collective violence likely to cause serious harm to the public peace." The extremely broad wording of this public interest allowing exceptional monitoring techniques poses serious risks of arbitrariness. It could for instance easily be invoked to engage in the surveillance of social movements. Given the serious risks it poses to the most basic political rights, this provision must be deleted.

Repealing the "key scientific and economic interests" public interest

The legalisation of economic and scientific espionage in the country without any judicial oversight results in a disproportionate interference with both the right to privacy and freedom of enterprise. If the information sought after is not directly linked to the fight against industrial espionage, in which case the surveillance can be part of a criminal investigation, then the recourse to exceptional surveillance techniques cannot be justified.

Moreover, such an article would allow the implementation of surveillance practices of individuals, groups (including Unions) who would contest the decisions or practices of companies in sensitive areas like the environment or public health. Let's remind ourselves that Art. 7 of the Charter of the Environment, of constitutional value, provides that "everyone has the right to participate in the development of public decisions affecting the environment".

Evolution of the Lower ChamberAdding the protection of industrial interests of France.

Evolution Law Commission of the Upper Chamebr: withdrawal of industrial interests

Final text: Reintegration of industrial interests to become "major economic, industrial and scientific interests of France"

Limiting by law the number of intelligence agencies

Article L. 811-4 of the bill empowers the government to unilaterally increase the number of executive agencies that fall under the Minister of Defense, the Minister of the Interior as well as the Ministers for the Economy, Budget or Customs and which may use intelligence techniques. In impact assessment, the government is openly considering to give "certain police services" the broad surveillance powers provided in the bill . However, the scope of the competent authorities in regard to preventive and extra-judicial surveillance should remain limited to the minimum necessary, and the government does not provide any justification for the need to expand the already large number of beneficiary services (DGSE, DSPDs, DRM, DGSI, Tracfin and DNRED). Thus, given the fact that the increase in the number of relevant services acquiring and accessing "intelligence" leads to a greater risk for civil liberties, but also in order to ensure the predictability of the law, the number and nature of the beneficiary services must remain limited and must be subject to the law rather than executive decrees. This provision should be repealed.

Limiting the surveillance of the targets' entourage

Article L 852-1 will authorize the interceptions of the communications made by "individuals close to the person who is the object of the authorisation" when they "are likely to act as an intermediary, voluntary or not, or on their behalf or may provide information pursuant to the end result for which the authorisation was granted." This provision may significantly increase the number of people likely to be monitored in a preventive and extra-judicial framework. It must be clarified to ensure that only those who are known to actually act as a direct and voluntary intermediary or who have a direct link with the ongoing intelligence operation may be affected by this provision.

Forgoing the extension of the time during which metadata may be exploited

The bill extends from three to five years the period during which intelligence agencies can keep hold and make use of traffic metadata. This very long duration is not necessary, and the government had failed to provide any evidence justifying the extension. The three-year period currently applied is already an exception to the regime applicable to other collected data, which must be destroyed after a period of 1 to 12 months.

Limiting the retention period for encrypted data and communications

Article L. 822-2 provides that the time limit for the retention of collected information (one to twelve months depending on the type of information) starts from the moment of their decryption. This provision would allow services to retain data or communications (e.g. e-mails) for everal years before deciphering them and using it. For this reason, it is necessary to limit this period to 30 days during which the data will be stored in an encrypted state, giving the agencies enough time to perform a technical analysis. In addition, the article provides that the metadata attached to the encrypted content is subject to the same retention periods. However, such metadata being "in plaintext" (legible by everyone), the provision allows for an unlimited retention period and is thus an unacceptable infringement on the right to privacy. Here, the retention period prescribed for metadata (3 years) should apply.

Others

Evolution Lower House: Aggravation of penalties for informatics piracy. Amendment added by MP Urvoas. It aims to increase software piracy penalties following the TV5 Monde case. Unfavourable opinion of the government for unrelated information. Amendment 389 This amendment was nevertheless adopted and kept in the final text.

INTERNATIONAL SURVEILLANCE AND UNIVERSAL RIGHTS

Limiting the "international surveillance" regime to communications transmitted and received abroad

In Article 854-1, the bill defines "international surveillance measures" as communications "sent or received abroad." Now, in the case of the Internet, most of French residents' communications are obviously "made or received abroad", particularly in the US or in other European countries where the largest service providers' servers are located. It is therefore completely misleading to claim that such surveillance is "international", since these provisions will directly and massively impact French citizens and residents.

This provision must be interpreted as a crude attempt to circumvent the already very weak protections contained in the bill. What is more, this article actually raises walls of secrecy around the "implementation of surveillance rules" in this field, providing that these rules will be defined in an "unpublished" executive decree. In addition, the text does not bring any protection regarding the authorisation collection, retention, destruction or control procedures relating to these operations, merely referring once again to a (public) decree to be adopted at a later stage. Finally, derogatory rules will apply to the collected data: in a move contradicting France's commitment to universal rights protection, the text allows for special guarantees when the data can be 'linked' to the French national territory, and therefore to French citizens (similar to British RIP Act of 2000). These guarantees, however, come rather short of those applied to "national surveillance", since the retention time for intercepted communications starts from "the date of first use," instead of the date of collection.

In sum, the provision will allow the mass collection of communications to or from abroad, which can be stored indefinitely until they are processed, analysed and finally used by the agencies. In fact, the provision seems modelled on section 702 of the US law FISA, which is at the heart of the controversy surrounding Snowden's revelations. The scope of this provision must therefore necessarily be limited, by stressing that international monitoring only affects communications "issued' and received" abroad.

The future of the implementation of the international surveillance remains unclear. Indeed, art. L. 811-2 of the law remains and indicates that specialized services "have missions, in France and abroad, of researching, collecting, exploitation and supplying the Government with information related to geopolitical and strategic issues as well as threats and risks that may affect the life of the Nation." But since all the part on international surveillance of the law is not only not applicable, but declared unconstitutional, we can understand how are implemented the Erreur de référence : Balise fermante </ref> manquante pour la balise <ref>. The agents having committed penal infractions outside the national territory can be sued by the public prosecutor under the relevant minister.

Repealing the criminalization of revelations on surveillance programs

Article 7 revises existing criminal provisions which specifically punish, inter alia, the fact of publicly revealing a program or a given instance of surveillance. Such criminalization prevents disclosures of public interest, including those resulting from journalistic investigations. These provisions must be repealed.

Protecting whistleblowers within intelligence agencies

A procedure must be established to allow whistleblowers to report to the CNCTR or to the special section of the Council of State any practice that violates the legal framework (as proposed by the Council of State in a recent report on fundamental rights and the digital sphere). Findings of illegality must lead to end to such illegal practices, which should also be disclosed in a public report, in a way that is appropriate to the activities of the intelligence services.

Protecting individuals and groups subject to professional secrecy

To comply with the European Court of Justice Digital Rights case law, French law must provide special protections for the communications of persons subject to professional secrecy, such as journalists (including the protection of the confidentiality of sources) or lawyers. The bill should be amended accordingly.

Ensuring transparency on the means for collecting, analyzing and processing data

To ensure predictability of the legal provisions relating to administrative surveillance, the government must disclose certain aspects of the functioning of its technical apparatus (see § 68 of the Liberty v. United Kingdom European Court Human Rights ruling, from July, 1st 2000). This requirement is all the more necessary in the French context as the practices in this field have been ongoing in complete illegality for many years. The CNCTR must report on the means and tools used for surveillance by issuing general information on IT equipment, types of algorithms and other tools of technical analysis of the processed data collected by intelligence services, as well as the data exchange partnerships they may have with foreign agencies, in accordance with legitimate state secrets .

Ensuring control of the files of the intelligence services by the CNIL

The government denied the French Data Protection Authority (CNIL) to repeal existing laws that exclude the control of legality of intelligence files under the personal data protection legal framework. The DPA states in its opinion on the bill that such control "is a fundamental requirement to establish the legitimacy of these files in the rights and freedoms of citizens." The bill should be amended to allow the CNIL to exercise such control, in a manner appropriate to the activities of the intelligence services, and in cooperation with the CNCTR.

Main amendments on the Surveillance Bill

Lower Chamber session

• Internal alert mechanism for the administration: the rapporteur submitted an amendment that applies a proposal from the Council of State (lack of protection for the identity of the agent testifying at the CNCTR ; need for an anonymous channel article on Numerama).

• Protection of personal data in the name of privacy. The 1st Article has been amended to precise that the protection of personal data (and thus connection data) is the second part of the right to privacy with correspondence secrecy (as asked by the CNIL). Amendements 244

• Distinction between absolute emergency and operational emergency: amendment of the government on this system already prepared in commission, which makes a distinction between absolute emergency and operational emergency (the government considers that only the operational emergency must allow a chief of service to authorise the implementation of a surveillance technique without the need of advice of the CNCTR, nor the authorisation of the Prime Minister). In case of absolute emergency (linked with the impossibility for the committee to give a ruling in the given time or an technical impossibility), the authorisation of the Prime Minister remains necessary. Amendement 381

• Exclusion of some profession from emergency procedures: Amendment 410 of the government: if emergency procedure, no penetration or home monitoring of a "sensitive profession" (judge, lawyer, journalist and parliamentary) without prior notice to the CNCTR. Moreover, another government amendment provide that the transcripts of the collected data will be transmitted to the CNCTR, while in normal times it is to the CNCTR to ask for consultation. It will particularly ensure "necessary and proportionate nature to the violations of correspondence secrecy of the exercise of the professional activities" (note: surprising that such controls do not appear proportionality for ordinary citizens). Amendment 410

• Aggravation of penalties for electronic/software piracy. Amendment submitted by MP Urvoas. It aims to increase electronic/software piracy penalties following the TV5 Monde case. Unfavorable opinion of the government for being unrelated to Intelligence. Amendment 389

• Aménagement des procédures entourant l'utilisation des IMSI Catcher: L'amendement 357 porte de 30 à 90 jours le délai permettant aux services de renseignement de discriminer les données collectées au moyen d’un dispositif de proximité. Il tient en cela compte des délais proposés par un amendement précédent et de la législation allemande qui prévoit quant à elle un délai de six mois. Amendement 357 et Amendement 351 d'Urvoas : Cet amendement a pour objet de rendre applicables aux paroles captées dans un lieu privé le délai de conservation prévu au a) du I de l’article L. 822-2, tel qu’il résulte de l’article 1er, amendé, du présent projet de loi (destruction à l’issue d’une durée de trente jours à compter de la première exploitation et dans un délai maximum de six mois à compter de leur recueil).

• Surveillance the environment: The bill provided that people likely to play an intermediary role, even if unintentional, could be subjects to security interceptions. A very large number of people could now be suspected of being involuntary intermediaries. Given the damage to privacy done by security interceptions, an amendment was adopted to clarify the concept and to limit the permissions when there are "serious reasons to believe" that a person plays a role of intermediary, even if unintentional. Amendment 44

• International surveillance: Data retention periods attached to the national territory run from the date of collection and not the first exploitation (this had been submitted to the French Council of State for opinion). http://www.assemblee-nationale.fr/14/amendements/2697/AN/48.asp + possibility for CNCTR to refer to the Council of State if there are irregularities. Amendment 197

• Abrogation of the criminal immunity of agents abroad: the Amendment 207 (adopted) provides that the responsible minister will be firstly consulted by the public prosecutor before any prosecution for criminal offenses committed abroad by agents of intelligence services, as is the case for the military in peacetime. It is thus an additional guarantee for the agents involved but does not prevent prosecution. This is progress for agents, although it will be probably necessary to work again on the subject in the future. Amendment 207

• Black Boxes (experimental): with the amendment 399, announced by PM Valls in the introduction of the debate, the black boxes are set up on a test period of three years and will be evaluated before its possible renewal. Amendment 399

• Composition of the CNCTR (extended): After much debate, the government and MPs agreed on the composition of the CNCTR: so there will be 13 members in the CNCTR (not 9 as in Bill or 5 as suggested by the Council of State):
  • Three MP
  • Three Senators
  • Three judges of the Council of State
  • Three judges of the Supreme Court
  • The representative designated by ARCEP (tbc, copy of the amendment)

Laws Commission of the National Assembly

• Amendments on the scope of surveillance. Removal of "collective violence" for "prevention of violations of the republican form of institutions, collective violence likely to endanger national security or the reconstruction or actions tending to maintain dissolved". Deletion of the adjective essential for economic and scientific interests (requested by Bajolet, director of the DGSE).

• Encadrement du recueil des métadonnées sur sollicitation du réseau : un amendement d'Urvoas souligne que ce recueil fait l'objet d'une procédure d'autorisation, ce qui n'étais pas le cas avant. Elle a également précisé que le recueil d'informations et de documents prévu au nouvel article L. 851-2 s'effectuait sous le contrôle du Premier ministre et qu’il empruntait le processus ordinaire d’autorisation (demande écrite et motivée du ministre concernée soumise à l’avis de la CNCTR et non demande directe des agents auprès de cette dernière). En revanche, le gouvernement a refusé en séance de revenir sur le principe d'un accès direct des services au réseau des opérateurs amendement 23 de Tardy : ), dénoncé en ces termes par la CNIL dans son avis : permet « l’aspiration massive et directe des données par les agents (…), par l’intermédiaire de la pose de sondes. »

• Centralisation of data and information collected: Several amendments strengthen the central role of the Prime Minister and the Interdepartmental Control Group (ICG ), placed beside him. This centralisation, whose absence was criticized by Delarue, is the guarantee of an effective control for the CNCTR. During public discussions, the amendment 189 was adopted which aims to ensure that the means of the centralisation of the interceptions are defined only after CNCTR's opinion. Amendment 189

• Collegiality of the CNCTR extended: Possibility for two members of the CNCTR to convene a committee meeting if they disagree with the opinion of the President or a magistrate. This reinforces the collegiality, necessary condition for the independence and effectiveness of the control according to the European Court of Human Rights .

• Human and financial resources of the CNCTR in : The Committee on Laws supplemented Article L. 832-4 of the Code of Homeland Security to clarify that the CNCTR has the human and technical resources necessary for the accomplishment of its mission, that the corresponding funds as provided by the Finance Act, like other independent administrative authorities (Jean-Marie Delarue considers necessary to increase the number of independent administrative authoritis of five to twenty-five time equivalents -full-time- after the reform).

• Procedure of absolute emergency supervised: In case of emergency related to an imminent threat of or the inability to implement the previous technique, the head of department may authorize *exceptionally* the technique. The head of department shall immediately inform the CNCTR and the Prime Minister, which may immediately suspend the technique. The head of services shall, within 24 hours, explain the reasons of the intervention to the CNCTR which, if it finds it necessary, may refer to the Council of State for a suspension and sue the State. The use of emergency is prohibited to enter a home of a journalist, a lawyer or a parliamentarian or to monitor those professions. The number of uses to the emergency procedures will be specified in the annual report of the CNCTR .

• Permanent access to the records of CNCTR , collected data, transcriptions: The information can not be collected , transcribed or extracts for purposes other than those established by law. These transactions are subject to the control of CNCTR . If CNCTR believes that the collection, transcription , retrieval , retention or destruction of information is carried out in breach of the law, makes recommendations and , where appropriate , seized the Council of State. The exploitation of the information collected is supervised and controlled. Upstream of monitoring, CNCTR receive any " authorization requests " made ​​by ministers supervising services and not only the authorization issued by the Prime Minister, which will allow it to better monitor the requests and authorizations give him more time to make its opinions.

• Permanent control of algorithms: the CNCTR permanently controls the algorithm, and is informed if any modification is done and can refer to the Council of State in case of irregularity.

• Easier referal to the Council of State of the CNCTR: if the CNCTR disagrees with the PM, it give recommendations. If the opinions or recommendations aren't followed by effects, the CNCRT can, through simple majority vote (not absolute), refer to the Council of State in order to stop the technique and sue the State. The capacity of referral of the Council of State by the CNCTR has been extended on few more points in the text (condition of conservation of intelligence, use of the algorithm, in case of irregularity of use of the capitation of data). When an intrusion of a privilege private place or in a automated data processing system is subject to observation and that an unfavourable opinion or recommendation is not followed by the PM, two members are enough.

Law Committee of the Senate

• Deletion of the mention of the secrecy of correspondences, or the protection of personal data and the inviolability of private home because it is considered that this implicitly enters the field of privacy.

• Addition of a precision of the attributions of specialised services which need to be written in the respect of the division of competencies of the judiciary police.

• The concept "public interests" is replaced by the one of "fundamental interest of the Nation", more restrictive.

• Refusal to delete "the major interests of foreign policy and the prevention of all forms of foreign interference" and "collective violence likely to endanger national security" of law enforcement fields. However, *vital* interests (rather than major) of foreign policy should be invoked. Similarly economic and scientific interests of the essential France replace *major* interests.

• The implementation of the European and international commitments of France will also be part of the application fields. This formulation replaces "the prevention of the proliferation of weapons of mass destruction" that enters the field of France's commitments. It is a return to the original formulation of the government.

• Les Sénateurs sont revenus à la formulation initiale du projet de loi concernant la "prévention a) des atteintes à la forme républicaine des institutions, b) des actions tendant au maintien ou à la reconstitution de groupements dissous (...) et c) des violences collectives de nature à porter gravement atteinte à la paix publique". La paix publique est un concept beaucoup trop large qui avait été remplacé par "sécurité nationale". N'importe quel mouvement ou manifestion d'opposition pourrait être considéré comme portant atteinte à la paix publique. Un amendement avait été déposé pour supprimer cette partie sur "les violences collectives", mais a été rejeté.

• Suppression des services du ministère de la Justice de la liste des services pouvant faire appel aux techniques de renseignement. L'Assemblée nationale avait inséré le ministère de la Justice en accord avec le gouvernement mais contre l'avis du ministère concerné. Il est en revanche toujours prévu, selon des modalités définies par décret, que les techniques de renseignement puissent être mise en oeuvre dans les établissements pénitentiaires, ainsi qu'un échange d'information entre l'administration pénitentiaire et les services de renseignement.

• L'identification des personnes pouvant faire l'objet d'une surveillance est un peu restreinte par rapport au texte de l'Assemblée nationale qui autorisait une désignation de ces personnes et leurs véhicules par des descriptions caractéristiques. En outre, seules les personnes de l'entourage pouvant fournir des informations relatives à la finalité poursuivie peuvent désormais faire l'objet d'une surveillance.

• CNCTR : Composition réduite de 13 à 9 membres (2 députés + 2 sénateurs + 2 membres du Conseil d'Etat + 2 membres de la Cour de Cassation + 1 personne nommée par l'ARCEP). Une formation restreinte est ajoutée, et comprend le président, le membre nommé par l'ARCEP, les deux membres du Conseil d'Etat et les deux magistrats de la Cour de Cassation. Les avis peuvent être rendus soit par le président, soit par l'un des quatre membres issus du Conseil d'Etat et de la Cour de Cassation. Cependant, pour les questions "nouvelles ou sérieuses", la formation restreinte (minimum 3 membres présents) ou plénière (minimum 6 membres présents) doivent délibérer et décider à la majorité des membres présents. Une réunion en formation plénière est prévue au moins une fois tous les deux mois pour discuter des avis rendus. Cette nouvelle configuration a l'avantage de réduire autant que possible les délibérations qui pourraient noyer la CNCTR, tout en faisant un point régulier et en mettant en place une sorte de "jurisprudence".

• Tous les amendements visant à rendre conformes (et donc contraignants) les avis de la CNCTR ont été rejetés. La CNCTR conserve donc un avis non contraignant.

• Les demandes de renouvellement de mise en oeuvre de techniques de renseignement doivent désormais exposer les raisons pour lesquelles le renouvellement est demandé (et non plus uniquement les raisons de la mise en oeuvre des techniques de renseignement).

• Un délit d'entrave à la CNCTR a été inséré pour les cas suivants : a) refus de communiquer à la CNCTR les documents et renseignements sollicités, ou destruction desdits documents b) modification des renseignements et transcriptions collectés c) soit en s'opposant à l'accès d'informations classées secret défense utiles à l'exercice de sa fonction.

• Plusieurs amendements adoptés pour réduire les durées de conservation des données de connexion (30j pour correspondances et captations sonores, 6 mois pour les autres renseignements, 3 ans pour les données de connexion). En outre, les durées sont calculées à partir de la date de recueil du renseignement et non sa date d'exploitation.

• Concernant les "boîtes noires" quelques petites modifications ont été apportées : d'une part la durée d'autorisation passe de 4 mois renouvelables à deux mois renouvelables. Il est aussi indiqué que la CNCTR aura un accès direct et permanent aux traitements, informations et données recueillies. La nouvelle formulation tente de circonscrire un peu le traitement qui ne devra pas "recueillir d'autres données que celles qui répondent à leurs paramètres de conception et sans permettre l'identification des personnes auxquelles les informations ou documents se rapportent". Cependant, cela reste trop large et trop flou.

Notes and references

 Portail de la Loi Renseignement