In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.

While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.

  • bbbhltz@beehaw.org
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    Interesting share. Thanks.

    I live in France and we are more interested in the part of this law that wants to put age restrictions on pornographic websites, so this is the first I’ve heard of it.

    Jean-Noël Barrot, a business school graduate, is Minister for Digital Transition and Telecommunications. He is the leader on this project.

    As noted by Mozilla, it comes down to 2 paragraphs, but I’ve included the paragraphs before and after below. This law overlaps with European regulation too:

    Article 6

    1. Article 12 of the aforementioned law no. 2004-575 of June 21, 2004 reads as follows:

    2. "Art. 12 - I. - When one of its specially designated and empowered agents observes that an online public communication service is clearly carrying out operations constituting the offences referred to in articles 226-4-1, 226-18 and 323-1 of the French Penal Code and article L. 163-4 of the Monetary and Financial Code, the administrative authority shall give formal notice to the person whose activity is to publish the online public communication service in question, provided that it has made available the information referred to in article 1-1 of the present law, to cease the operations constituting the offence observed. It also informs the offender of the precautionary measure referred to in the second paragraph of paragraph I of this article, and invites the offender to submit his or her observations within five days.

    3. "At the same time, the administrative authority notifies the electronic address of the service concerned to Internet browser providers within the meaning of Article 2, paragraph 11 of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on fair and competitive contracts in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828, for the purposes of implementing precautionary measures.

    4. "As a precautionary measure, the recipient of a notification shall immediately take all necessary steps to display a message warning the user of the risk of prejudice incurred in the event of access to this address. This message is clear, legible, unique and comprehensible, and enables users to access the official website of the public interest grouping for the national system to assist victims of cyber-malicious acts.

    source

    • jarfil@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      display a message warning the user

      Do I understand correctly, that browsers would NOT BLOCK the access, but just have to display a warning?

      If that’s the case, then Mozilla’s defense of using Google’s services to decide when to display such warning, instead of allowing France to create non-Google mechanisms to achieve the same, seems like a mistake.

      • bbbhltz@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I read through the entire thing, in French, and it references several other laws and European regulations. The browser part is only in those paragraphs of the bill, but those paragraphs are referenced throughout the bill so there might be more to it. The whole bill is 91 pages long.

        It was adopted on 5 July, by the way…

        The blog post from Mozilla does say, “France’s browser-based website blocking proposal will set a disastrous precedent for the open internet,” so the precedent here is what they’re worried about.