After the senators, the deputies approved, by 80 votes against 24, on Wednesday one of the most controversial articles of the new justice programming law. The deputies of the presidential camp, LR and RN voted in favor. Those of Nupes voted against, like the president of the Liot group, Bertrand Pancher. This now only needs to be enacted.

Investigators will now have the ability to remotely activate, without their knowledge, the microphones and cameras of telephones, computers and other electronic devices of persons under investigation relating to organized crime and terrorism, for crimes or misdemeanors punishable by at least ten years in prison.

The geolocation data contained in the electronic devices of any person suspected of a crime or an offense punishable by at least five years in prison may also be recorded and collected. A practice already implemented by the intelligence services, but whose inclusion in the law raises questions, particularly in terms of respect for individual freedom and protection of privacy. Élie Touitou, lawyer at Féral, answered questions from Le Point.

The Point: Does this new law allow any electronic device to be made a “snitch”? What does it introduce new over existing provisions?

Élie Touitou: Until then, it was legally possible for the police to set up surveillance devices such as wiretapping or to obtain connection data on demand. This law now authorizes them, under strict conditions, to remotely activate electronic devices of all kinds, mobile phones and tablets, of course, but also any other connected object, such as a television, a car or a connected camera. The text mentions “electronic devices”, which includes endless possibilities for capturing image and sound and geolocation data.

There is obviously a technological race between the investigation services and organized crime, which tries to thwart surveillance methods by increasing their ingenuity. The legislator believes he can catch up by adding a new weapon to the already existing device. This surveillance method is already widely used by the intelligence services. It now falls under “common law”.

Who can be so “spied on”?

Regarding the capture of sound and image, the investigation must relate to an offense punishable by at least ten years’ imprisonment, and to an offense punishable by at least five years’ imprisonment for the recording of data from geolocation.

We are therefore talking about serious crime, but, in reality, the inflation of the texts makes it possible to include in the device many offenses. Concealment is, for example, punishable by ten years’ imprisonment and many offenses can result in five years’ imprisonment. Undermining a STAD, an automated data processing system, by accessing a computer file without right, for example, is one. We are far from a murder or what one can imagine to be serious crime: however, with this law, being suspected of it could lead to the implementation of this measure, extremely detrimental to individual freedoms.

What is the legal framework? Are there any exceptions?

The liberty and detention judge, seized by the prosecutor or the investigating judge, must authorize this measure beforehand, giving specific reasons for his decision. There is therefore a prior control by an independent judge. In addition, senators, deputies, bailiffs, doctors and journalists (with press cards), and certain places, such as law firms, cannot be targeted by such a surveillance measure. This measure is also time-limited.

What risks does this pose in terms of freedoms and privacy?

The arsenal of repressive laws and surveillance has grown impressively in recent years. This may give rise to legitimate concern, as experience has shown that these texts often end up being diverted from their original purpose. It is here that the lawyer, like the judge, plays a decisive role in combating possible excesses.

This device constitutes a serious violation of the fundamental rights and freedoms of the persons concerned in that it allows entry into their privacy, which is not encouraging. We must also remember that when we are suspected, we are not guilty.

Finally, if someone is wiretapped, everyone they associate with will also be susceptible to being spied on and recorded without their knowledge. It’s not nothing, and it can target a lot of people. In this way, investigators will be able to discover offenses they did not suspect. And, whether the means used to obtain the information is lawful or not, the prosecuting authority will be informed of an offense that they were not looking for, and they can use it. That is problematic.

Nevertheless, the text provides for a certain number of guarantees. And, if we place ourselves on the side of the victims, we can only observe that more and more criminal investigations do not succeed in the face of the growing difficulties encountered by the investigators in collecting evidence, certain offenders having understood how to thwart digital spinnerets. However, this method is not a panacea: there is no doubt that the most nimble users will find workarounds.

Is it technically feasible?

The text provides that the prosecutor or the investigating judge may appoint a legal expert to assist him technically. In practice, our electronic devices are affected by security flaws that investigators will be able to exploit to activate them remotely. This should alert us to the need to be vigilant in terms of cybersecurity and encourage us to adopt good practices. If we do not want the flaws in our devices to be exploited, it is up to us to take IT security measures, such as updating our phones regularly. This is a basic security measure, which makes it possible to guard against intrusion attempts by hackers as well as those by investigators. Finally, it should also be remembered that any electronic device carries a risk of intrusion: installing a camera at home, for example, presents a risk.

Isn’t conversation capture already practiced by some companies? We’ve all had the impression that the targeted ads on our phones reacted to our last conversation…

Indeed, some companies can have access to the microphones of mobile phones, and sometimes even with the agreement of the users! This can be mentioned in the privacy policy, albeit sometimes in language that is difficult to understand and in small print… This makes this collection of data illegal.

We can only encourage users who want to protect their privacy to be attentive to the contracts they sign and that no one reads. It contains very interesting information about what is done with our personal data. And, if that remains unclear, it is always possible to exercise your rights by asking the company concerned to access all the personal data they collect about us!