" Amnesia is very common in our human organisations. This is called cindynical repression. This cindynical repression results from arrangements, from 'collusive transactions' which lead to a community of notables who seem not to see what is obvious and can no longer hear the whistleblowers who, faced with a blatant but repressed risk, denounce their ‘deafening silence’ ".
Georges-Yves Kervern1

In times of crisis, it would be ideal for the public to trust the government. The debates on the French bill relating to the pandemic management, which must among other things establish a health pass, hihghlights that this confidence is long gone. Is this distrust specific to pandemic management, or does it result from a progressive destruction of trust by a way of drafting legislation which is characterised by an endemic cycle: exception/amnesia/norm?

How would you expect citizens to trust you, when to impose a bill you explain to them that it will be exceptional and provisional, and that subsequently, not only the scope of this measure is widened, but in addition it is made permanent? This systematic way of drafting acts has one outcome: the construction of distrust.

A quintessential example of such a process of distrust construction is the implementation of mandatory data retention in France. Many people don't even know what data retention is. Simply put, e.g. in the case of France, this means that all French Internet connection activities are preventively recorded and stored (logged), for the entire population. These are connection logs.

Moreover, identification logs are mandatory too: whenever someone in France posts a message or content on the Internet, this action must be stored so that they are identified. Access, services and web hosting providers must retain this data for one year.

Such a mass surveillance may at least come as a surprise in a country deemed to be democratic, but we must understand how it has been gradually implemented.

In the aftermath of the 9/11 attacks, the French loi sur la sécurité quotidienne made the retention of connection logs mandatory, for all French people, purportedly provisionally, as part of the fight against terrorism. Only the judicial authority was empowered to request access to the data. This exceptional measure was to be abrogated at the end of 2003.

But in March 2003, the French loi sur la sécurité  intérieure made this measure perennial, after the adoption of an amendment tabled by Christian Estrosi.

In june 2004, taking advantage of the focus of opponents on the issue of web hosting providers liability and freedom of speech,  the French act for confidence (sic) in digital economy made identification logs mandatory. Only the judicial authority was empowered to request access to these logs.

Then in 2004 and 2005 terrorists attacks hit Madrid and London. Following theses attacks, in 2006, the French loi contre le terrorisme created an "experimental extrajudicial block" which consists in granting direct access to connection logs and identification logs to the police and the gendarmerie, for the fight against terrorism. This exceptional extrajudicial anti-terrorist measure was to be abrogated at the end of 2008.

In 2008, a French finance act authorised tax officials to access connection logs and identification logs: this measure is perennial, and access to these logs is extrajudicial.

At the end of 2008, the experimental extrajudicial block which was to be abrogated at the end of 2008 was extended until the end of 2012.

In 2009, after years of lobbying exerted by recording and film industry, extrajudicial access to connection logs for the entire population was granted to an authority known as hadopi, responsible for cancelling Internet connection of any French household from which films or music were downloaded. This measure is perennial.

At the end of 2012, the experimental extrajudicial block which was to be abrogated at the end of 2012 was extended until the end of 2015.

In 2013, the Autorité des marchés financiers was authorised to access connection logs and identification logs. This access is extrajudicial, and the measure is perennial.

In 2013, a French military programming act transferred the "experimental extrajudicial block" to the Code de la sécurité intérieure: since then, this extrajudicial access to connection logs and identification logs, initially allegedly provisional, and twice extended, is perennial.

In 2016, prison staff were authorised to access connection logs and identification logs. The measure is extrajudicial and perennial.

In September 2018, the right to access connection logs and identification logs was granted to labour inspection officials. The measure is extrajudicial and perennial.

In October 2018 extrajudicial access to connection logs and identification logs was permanently authorised for the investigation of market abuse.

In October 2018, extrajudicial access to connection logs and identification logs was permanently granted to customs officials.

In 2019, extrajudicial access to connection logs and identification logs was permanently granted to Competition Authority officers.

It all started with a measure that was initially sold to the French people as anti-terrorist, exceptional and provisional, which the legislator seems to have long forgotten. But not necessarily the public. How to reconstruct trust after 20 years of accumulation of acts which have gradually and systematically constructed distrust?

 

 

1 KERVERN, Georges-Yves. Entre mémoire et anticipation. In: Colloque L’action publique face aux risques. Vaulx-en-Velin : Conseil Général des Ponts et Chaussées, 23 septembre 2004, p. 21‑23