France's bizarre laws around Wi-Fi tracking are a threat to us all

Despite GDPR stipulations, French law forces ISPs — and bar owners — to keep logs of internet usage. The dangers outweigh the benefits.

Two girls hold up their glasses of rosé during a Friendsgiving dinner.

French laws around internet privacy and national security are snaked into each other in a way that often ensnares everyday civilians and small business owners. In the most recent incident showcasing the problem with France's anti-terrorism law from 2006, Techdirt reports five bar owners in the French city of Grenoble were arrested because they had been offering Wi-Fi at their establishments without maintaining logs of patron's usage for a minimum of a year.

According to the 2006 law, business owners have to provide logs of internet use as they are classified as internet service providers (ISPs). The bar owners argue they weren't even aware of the law, but of course, even when laws are absurd, ignorance is no defense. It's hard to imagine how this piece of legislation makes France safe against terrorists, though, which is its stated purpose.

The background — In efforts to thwart terrorist activities, France passed counter-terrorism legislation in 2006 which gave the government a stunning amount of surveillance power. Sound familiar? A government using fear of terrorists to pass draconian, police-state-style laws?

Following the legislation's ratification, the French government is able to observe the communications and data handled not just by ISPs, but by anyone offering public internet access. Not only does that have huge privacy implications, but with businesses being required to retain records, it potentially makes them targets for hackers.

The consequences of this law are far-reaching and have little to no judicial oversight. It's such controversial legislation that human rights observers like Human Rights Watch have labeled it a threat to privacy and national security both on and off the internet.

With this kind of access to content and metadata, the French authorities wield enormous power over businesses and citizens alike. And, although the French authorities have insisted that independent analysts are responsible for handling the data harvesting and retention, questions around misuse remain.

What the bar owners say — According to the arrested bar owners, the Hospitality Section Union failed to inform them about this 2006 legal requisite. They said that they attended conferences and seminars, yet they learned nothing about the need to provide year-long logs of Wi-Fi usage in their establishments. In response to that, the union said the owners seemed to have neglected a newsletter that mentioned this requirement. In other words, they didn't read their junk mail... which sounds like normal human practice and not the sort of thing anyone ought to be arrested for.