From: jt@freenix.fr (Jerome Thorel)
Date: Thu, 13 Jun 1996 22:41:00 +0800
To: thorel@netpress.fr
Subject: lambda bulletin 2.08 / French Telco Act puts the Internet in leash
Message-ID: <v01540b04ade5ac43a3f3@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


netizen's --> Lambda Bulletin 2.08 <-- contents

French Telco Act puts the Internet in leash
+ New rules regulating Internet content
+ First key-escrow encryption rules


As the Communications Decency Act was declared unconstitutional yesterday, June 12, the French Parliament (Senate and Assembly) passed a kind of Telco Act a la francaise last week, June 7. This law, aimed at providing new regulations for the telecommunications market (including the end of telephone monopoly in 1998), stresses two interesting points for Internet users : 1) a kind of CDA amendement was introduced en force in the Senate on Wednesday, June 5, just two days before it was voted Friday, at 3 in the morning. 2) the law establishes the first ever key escrow encryption rules created in industrialised countries. It will create trusted third parties (TTPs), private companies taht would keep encryption keys in custody for law enforcement purposes. It turns out that before the vote of the law, French military circles had already choosen which firms would be well suited to be TTP : Alcatel, Sagem and Bertin. All of them are well connected to the French military complex, and !
are all big defense contractors.

The amendment number 200 in the Loi sur la Reglementation des Telecommunications (LRT) was sponsored by French Senator Larcher and introduced by French telmecom minister Francois Fillon. At first glance, it depenalizes Internet Access Providers for the content of text, images and documents that they are transmitted. But there is an IF. The condition stresses on that they must conform to future recommendations that will be establish by a French government's council : the Comite Superieur de la Telematique. Created in February 1993, the CST has a mission of regulation of Minitel services (text and voice based services), through a professional code of ethics. The CST will no longer depends upon the French telecom ministry, but will be placed under the tutelage of another famous regulation watchdog : the CSA (A for audiovisuel - a kind of French FCC), aimed at regulating radio and TV broadcasts.

The law makes clear that if IAPs don't respond to "black" lists of Internet sites or newsgroups (in case where these sites may be in opposition to French law), the IAP will be held responsible for what it is carrying. These lists will be set up by the CST. Internet organisations and professionnals are scheduled to be members of the new CST -- today, in its "Minitel" form, it has 20 members, magistrates, ministry officials, France Telecom reprsentatives, Minitel providers, family and consumer organisations...  

So, the French amendment smells like the CDA, with the introduction of a so-called reprentative body. In the U.S. the IAP or ISP must control its content. In France this is a centralised body that will do the job. It feels that the French succeeded in what some in the US dreamt : to give the FCC the power to rate sites or content on the Internet. The French State, once again, plays the Big Mother (mother = the Republic) game with a huge sense of precipitation. 

Furthermore, the law broke in great haste -- and mess. Because before the amendment 200, telecom minister Fillon established an interministerial commission to work on guidlines and recommendations to enforce French law on the Internet. It came after a Jewish organisation sued IAPs for transmitting neo-nazi propaganda; and early in May, when 2 IAP directors were arrested for one day, and convicted, for transmission of pedophile pictures. 

The mess comes about because that Fillon didn't wait for the Commission : it was scheduled to publish a report on its work around June 15. Another mess concerns French pro-users organizations. The newly created French Chapter of the Internet Society (ISOC-France) decided, apparently with the government commission's consent, to organize a mailing list consultation on the issue. Another group, the AUI (Association of Internet users), published a report this week about ethics, Internet content selection, and so on. Both organizations were openly ignored by Fillon. He did this even after saying during various interviews that the problem of IAP legal responsability on the Internet will be the result of a "broad consensus".

It turns out, however, that a small pressure group of IAPs (the AFPI) were consulted Monday, June 2, and had the opportunity to read the amendment before its final review in the Senate. The IAPs are quite satisfied now, because they didn't want to be treated as "pedophiles" and "neo-nazi" anymore. But they will have to adopt the CST guidelines.

During my personnal inquiry of the CST last year, I found some clues to understanding how the CST has been working at regulating Minitel services. The CST has a surveillance assignment on the Minitel market (to ensure that each provider follows deontology principles written in his contract with France Télécom). But surveillance operations are not organized by the CST, but by a small army of France Telecom spook agents in Bordeaux: they are 5 to 8 people regulating hundreds of thousands of services! It is no surprise to learn that France Telecom regularly intervenes in this choice, and that France Telecom itself is a big Minitel provider, through a lot of business affiliates. It turns out that theses spook agents are infiltrating private discussions in adult-oriented forums to check for indecent speech (which may be sanctionned by the CST). Here is what here in France we have inherited to regulate the Internet!

The second important point of this Telco Act concerns encryption. France was already the first country in the OECD to forbid an individual to use any crypto system not approved by the French authorities (ie, the military). Thus, PGP-like software were, de facto, forbidden. The new law introduces the first key-escrow regulation. It frees cryptography use ONLY for digital signature; but to ensure privacy of email messages, however, the liberation of use is under condition : to give encryption keys to a so-called TTP. Some confidential reports in the press said that one or three private companies are already on the list to serve as TTPs for the French government. The first is Bertin & Co., an engineering company that has some competence in cryptography, and the others seem to be Alcatel-Alsthom (a big industrial conglomerate in telecommunications, defense and public-works engineering), and Sagem, another telecom conglomerate. It seems clear that all of these companies were choose!
n according to their defense expertise and good relations with the French military. The mess is that these choices, if confirmed, have been made before the vote on the law, and even before "applications decrees" were published (they may be prepared this summer).
 
France has no NSA. But some big ideas. (During the oil crisis in the 70's, a government commercial stated : "In France we have no oil. But we have good ideas".)