DATA MINING AND COUNTER - TERRORISM

Salli Anne Swartz Artus Wise Partners

sswartz@artuswise.comParis, France

On December 21, 2012 : The French Parliment enacted the (NAME IN FRENCH) or the Security and Counter Terrorism Law.

This Law extends (extends what? Existing legislation? If so, please state which legislation) and specifies the preventive (why

preventative?)legislation about data mining.

• July 24? 2015 : Enactment of the Intelligence Act

• The French government implemented (? What does this mean in this context) this Act but not the Section on data mining because the effective date has been delayed to the nomination of the President of the Commission nationale de contrôle des techniques de renseignements”, (CNCTR)

• The CNCRT, “is an organ in charge to advise the Prime Minister on the opportunities to use, or not, a data-mining devices

TOPICS

• I – METHODS OF DATA MINING AND COLLECTED INFORMATION

• II – ACCESS TO PRIVATE INFORMATION BY GOVERNMENTAL ENTITIES

• III – ENTITY RELAYING INFORMATION (what is this? I don’t understand)

• IV – PERMITTED DATA RETENTION PERIOD

• V – (TENDENCY?) Do you mean the possibilitiy? TO EXPAND DATA MINING BEYOND COUNTER- TERRORISM

• VI – CRIMINAL SANCTIONS

I - METHODS OF DATA MINING AND COLLECTED INFORMATIONS

1) Methods of data mining

a) Technical means to capture images and words

b) Technical means to capture computer science… I don’t understand what this means…

2) Information collected

a) All type of information b) Intercepted correspondence(isn’t this covered by a)? How is it different?

METHODS OF DATA MINING

Technical means to capture images and words

Article L 853-1- I of the Internal Security Code provides for the use of technical means for the « captation, fixation, the transmission, and the record of private or confidential statements or the pictures in a private places »

Authorization for 2 months (to do what?)

Destruction of the information within 30 days

METHODS OF DATA MINING

Device to capture computer science ????

Article L853-2-I of the Internal Security Code provide for the possibility to access, record and transfer data mining stored in a computer systems with a technical means which provides covers?:

• the information as it appears on the computer monitor of the utilizator of data processing treatment ?? NOT CLEAR, Such as ????

• the information received and emitted by audiovisual peripherals NOT CLEAR such a????

• GIVE EXAMPLES

COLLECTED INFORMATION

All type of information

Article L851-1 of the Internal Security Code : Information or documents can be collected , processed and/or stored by the computer network or the electronic communication services : what is this?

COLLECTED INFORMATIONS

Intercepted correspondence :

Article 852-1 of the Internal Security Code

Intercepted correspondence issued by a electronic communication may also be controlled and collected

The authorization of interception gives also the authorization of collection

The authorization may be extended to the entourage of the target if there is serious grounds to believe that they can provide some informations

Destruction of the informations after 30 days if it appears that there is no connexion with the delivery authorization

II – ACCESS TO PRIVATE INFORMATIONS BY GOVERNMENTAL ENTITIES, A PROCEDURAL UNDER AUTHORIZATION

• 1 – Who can acces to the informations ?

• 2 – For what goal ?

• 3 – Who gives the authorization ?

ACCESS TO PRIVATE INFORMATIONS BY GOVERNMENTAL ENTITIES, A PROCEDURAL UNDER AUTHORIZATION

Who can acces to the informations ?

The intelligence agencies (Article L811-2 of the Internal Security Code)

The « intelligence community » (L811-4 o the Internal Security Code)

MOST IMPORTANT INTELLIGENCEAGENCIES AND COMMUNITIESIN FRANCE

Ministry of Interior

DGSI - Direction générale de la sécurité intérieureDirectorate General forInternal Security

UCLAT – Unité de coordination de la lutte anti-terroristeThe Co-ordination unit of the fight against terrorism(Intelligence community)

Ministry of Defense

DRM – Direction du Renseignement militaire

Directorate of Military Intelligence

DGSE - Direction Générale de la Sécurité Extérieure

Directorate General for External Security

MOST IMPORTANT INTELLIGENCEAGENCIES AND COMMUNITIESIN FRANCE

Ministry of economy and finances

DNRED – Direction Nationale duRenseignement et des Enquêtes Douanières - National Directorate of the Intelligence and Customs Investigations

TRACFIN - Traitement du renseignement et action contre les circuits financiers clandestins Since its foundation in 1990 its aim is to fight

against illegal financial operations, money laundering and terrorism financing

ACCESS TO PRIVATE INFORMATIONS BY GOVERNMENTAL ENTITIES, A PROCEDURAL UNDER AUTHORIZATIONWhat are the goals ?

National independence and defense

Major interest of the foreign policy, execution of he

european and inernational settlements and foreign

meddling prevention

Proliferation of WMD

prevention

Major economic, scientific and

industrial interest

Prevention against the collective violence

infrindging the « Public peace »

Prevention of the action leading of the continuation

or reconstitution of abolished groups

Prevention against the subvertion of the

Institution’s republican form

Crime and organized delinquency prevention

Terrorism prevention

ACCESS TO PRIVATE INFORMATIONS BY GOVERNMENTAL ENTITIES, A PROCEDURAL UNDER AUTHORIZATION

Who gives the authorization ?

The Prime Minister gives the authorization

This authorization is given after obtaining the opinion of the CNCTR

THE CNCTR

• National commission of Intelligence methods« Commission nationale des techniques de renseignements »

• Independent administrative authority

• Replace the CNCIS (National Commission of security interceptions supervision – « Commission nationale de contrôle des interceptions de sécurité »)

• 9 members : 2 deputies, 2 senators, 2 members of the Council of State, 2 magistrates of Court of cassation, 1 representative of the ARCEP (the French telecommunications and postal regulatory body)

MINISTER authorization request (L821-2 CSI)

CNCTR gives an opinion within 24hrs (L821-3 CSI)

PRIME MINISTER authorizes implementation for 4 months or refuses

Implementation of the measure

PRELIMINARY OPINIONOF THE CNCTR Ordinary procedure

PRELIMINARY OPINIONOF THE CNCTREmergency procedure

MINISTER authorization request (L821-2 CSI)

PRIME MINISTER authorizes implementation for 4 months (L821-1 .

L821-4 CSI)

Implementation of the measure

III – ENTITY RELAYING INFORMATIONS (Art. L 851-1 CSI)

• Operators of Telecom and network communication (are include the service providers like skype, viber..)

• Internet acces providers, hosting compagnies…

IV - DATA RETENTION PERIOD(L822-2-I CSI)

30 days for the intercepted correspondences and words capted

6 years for the informations or documents which are encrypted

V – TENDENCY TO EXPAND DATA MINING BEYOND COUNTER-TERRORISM

• The law provides some specific derogations for the terrorism prevention

• The operators and Intelligence agencies could be obligated to install an automated data processing system on their network

• This system will detect the « sensitive » connexions (which represents an terrorist threat)

• France has 13 Internet Exchange Points where we can install this system.

VI – SPECIFIC CRIMINAL SANCTIONS

What’s happen when someone decides to reveal the implementation of an intelligence process ?

What’s happen when someone refuses to deliver the information to the Intelligence agencies ?

What’s happen when someone decides to reveal the implementationof an intelligence process ?

Revealing an implementation of an intelligence process is punished by 1 year’ imprisonment and a fine from 15 000 to 45 000 euros (when it’s committed in bad faith), Article 881-1 of the Internal Security Code

What’s happen when someone refuses to deliver the informationto the Intelligence agencies ?

The opposition to deliver informations is punished by 2 years’ imprisonment and a fine of 150 000 euros, Article 881-2 and -3 of the Internal Security Code