Révélations sur le Big Brother PRISM français
By Jacques Follorou and Franck Johannès
Translated by by: Daniel Shadmy
The revelations of the controversial U.S. domestic surveillance program PRISM have provoked massive indignation through much of Europe, but France has been rather quiet. There are two simple explanations: Paris was already aware -- and does exactly the same.
Le Monde has confirmed that the “Direction Générale de la Securité Extérieure” (DGSE, the French secret service) systematically collects the electromagnetic signals transmitted by computers and phones in France, as well as the digital streams going back-and-forth between the French and abroad. All communications are being spied on: emails, SMS messages, phone records, Facebook and Twitter updates, which are all then stored for years.
If this massive database was used only by the DGSE, which works only outside France’s borders, the practice would already be illegal. But the six others intelligence French services are also making daily use of the data they need, very discreetly, without any legal authorization or any type of serious control. Certain politicians are very much aware of what is done, but secrecy is the rule.
This French Big Brother, of course, is meant to be kept clandestine. However, its existence is mentioned briefly in parliamentary documents. The eight senators and members of Parliament who handle intelligence oversight note in their April 30 report that “since 2008, progress has been made in matters of mutualization of capacities, especially concerning electromagnetic originated intelligence […]”.
The legislators even propose going further, to “reinforce the capacities exploited by the DGSE” and to “consolidate the access to other services to the mutualised capacities of the DGSE.”
Not the what, but the who
Intelligence services are not looking into the content of messages, but their source. It is more interesting to know who is talking to whom rather than collect what people actually say. It is the technical data, the metadata that is of more interest.
The DGSE collects the phone records of millions of subscribers, the identity of the caller and recipient, place, date, length, and size of the message. Same goes for emails (with the possibility of reading the subject of the message), SMSs, faxes… and more generally, any activity on the Internet that goes through Google, Facebook, Microsoft, Apple, Yahoo!...
This is what the parliamentary delegation calls the “renseignement d’origine electromagnetique” (ROEM), a perfect translation of the NSA’s Sigint (signal intelligence).
This metadata allows for the drawing of huge graphics that draw links between people based on their numeric activity, over the course of several years. One can thus establish a kind of intimate diary for anyone, culled from their phone or computer communications. Then, when a certain interesting subject has been identified, more intrusive techniques -- such as placing phone taps or monitoring their movements -- can be implemented.
This massive collection system is of course invaluable in matters of counter-terrorism. But it also allows for the spying on anybody, at anytime. The DGSE collects this way, billions of billions of data, which is then compressed and stored in three floors below its Paris headquarters. France's intelligence operations are among the five leaders in the world in matters of information technology capacity, behind the U.S., UK, Israel and China.
Bernard Barbier, the technical director of the DGSE since 2006, has spoken publicly two times about the existence of this surveillance program. “Today, our targets are the general public networks, because they are used by terrorists,” Barbier was quoted as saying in front of a group of military information specialists in 2010.
"A procedure like PRISM"
The system is completely illegal, but is utilized by a vast array of French intelligence and law enforcement services -- from local police departments to the customs and military intelligence services, and is dubbed the “mutualized infrastructure.”
According to the French Senate, 80% of the data collected by the DGSE is being used by other services. Each service then indicates a target to a contact in the DGSE who answers either “hit” or “no hit,” if the target is present in the database or not.
One of the directors of these services refers to the system as non-legal. “The legal regime of security interceptions forbids the actions of the Intelligence services, those resembling a procedure like PRISM," says a source at the CNIL (the French national commission of informational technology and freedom).
The CNIL can neither deny nor confirm the existence of this French system, and does not have access to the DGSE’s files.
Legal decisions have been made that relate only to specific security interceptions authorized by the Prime Minister, based on the legal notice of the national commission, but has not ruled on massive storage of technical data by the secret services. “For years we have been operating under a virtual authorization," says a former secret service chief. "And every agency is satisfied with the freedom permitted by the blurred legal regime surrounding the metadata.”
A member of Parliament confirms that “a large part of electronic connections in France are in fact, intercepted and stored by the DGSE”. However, officially “the mutualized infrastructure” does not exist.