Does anyone know how this even works? Is the technology for this already in place?

  • bbbhltz@beehaw.org
    link
    fedilink
    English
    arrow-up
    42
    ·
    1 year ago

    Commented on this article in another thread

    https://beehaw.org/comment/586170

    Looks like there are caveats to this law:

    You would need to be a suspect in a crime that has a punishment of 5 or more years in prison in order for the phone to be geolocated.

    For video/audio you need to fall under the definition of organised crime or terrorism.

    • MajesticFlame@lemmy.one
      link
      fedilink
      English
      arrow-up
      47
      ·
      edit-2
      1 year ago

      Sure, the issue is that, with no transparency, cops will use it even if they are just courios what they friends are doing. This is already known to happen in the US, where cops used it to stalk their SOs or even in extreme cases women they were starting to date.

      If they already have the technology in their hands, there is no way to stop them.

        • markstos@lemmy.world
          link
          fedilink
          English
          arrow-up
          23
          ·
          1 year ago

          Once the tech is in place it can and will be abused. Also, non-police can find how to access the backdoor.

        • MajesticFlame@lemmy.one
          link
          fedilink
          English
          arrow-up
          10
          ·
          edit-2
          1 year ago

          They should also need it in the US. The issue is, that if the tool is in the hands of the cops, there is no way to check who they spied on (and therefore if they had warrant).

          At least if it was executed by a comercial entity, they can check the warrants and be liable if they do it without one. But that is very likely not how it will be implemented. The cops will get the tools to do with as they please.

          As an example, one state in the US (forgot which one) put in a law that requires the police to submit every data search warrant into a public database so that they could be audited by the public. After they compared the contents of the database to number of requests in companies transparency reports, it turned out there were over 5 times as many requests in the state then what was reported in the database, despite reporting being required by law.

          • bbbhltz@beehaw.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I really hope the power isn’t abused. The second it is it will lead to more riots and even though I have in no way been directly affected where I live, it is a pain to get messages from friends abroad asking “Why is France on fire again?”

            • MajesticFlame@lemmy.one
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              On one hand, I do want to ask why Frebch people love setting France on fire so much. On the other hand, when shit like this passes as laws, I wonder why we are not setting our countries on fire…

              • bbbhltz@beehaw.org
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                I’ve lived here since 2006 and I haven’t met a single person that participated in any of the riots, which are offshoots of sanctioned strikes and do not represent France as a whole. I’ve had some students that strike for the environment or maybe do walkouts.

                The closest I came to one was a strike about police violence and I happened to be in a café and had to evacuate because of year gas. In that instance, it turned out the person they were striking for lied.

                So, I can’t say why they want to destroy stuff.

        • Arbiter@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          A back door is a security vulnerability, even if the police never abuse such a power.

    • matlag@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      After a terrorist attack, emergency state was declared (nomally used in case a war actually put the survival of the country’s institutions in jeopardy). First use of the extra-powers: assign some targeted pacific climate activist at home so that there would not be a protest during the COP.

      Anti-terrorism bill was passed some time ago. It was used to repress the protests against the retirement bill, literally banning anyone from carrying a saucepan in the street (ban of “noise emitting devices”) during a protest.

      Climate protesters have been labeled “eco-terrorist” even though they never put nor attempted to put anyone’s life in danger.

      France is under requests from the UN for fixing severe issues regarding right to protest, police excessive violence and systematic racism in the police force. France is taking a dire path, joining Hungaria, Turkey in authoritarism, maybe evolving to a clone of Russia, as there were hint of a will to change the constitution to let Macron run again after his second mandate.

      I have 0 trust this bill is intended to be used for severe crimes. It’s another attempt to control and repress.

      • Thorned_Rose@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Yep some of my friends left France in part for that reason - the government and police are becoming increasingly authoritarian and they left not wanting to wait for things to get worse. And they’re just super nice, normal people but they could see the wiring on the wall. 😞

      • sidhant@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Such is the power of federation. Beehaw can choose to do so, and it’ll be interesting to see how the fragmentation issue plays out

        • danc4498@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Yeah, I get it. It just seems like admins making a decision for an entire instance of users that they can’t see the most popular instance anymore.

          It was the first instance I joined too, which is the only reason I think about it. But Lemmy World so far is awesome and doing great things for Lemmy.

    • webghost0101@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Those caveats are just to get the laws passes.

      Online piracy already carries punishment up to 3 years. All it takes them is make a law that technically holds 5 years but gets pardoned in practice.

      Labeling someone a terrorist can be as simple as “collective undertaking with the aim of seriously disturbing public order through intimidation” aka protesting…

      • bbbhltz@beehaw.org
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Ha, I’m sure… They’ll spy the heck out of everyone. At the judge’s discretion, of course 😉

  • markstos@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    I’m not aware that either iOS or Android support this.

    I see two options:

    1. Apple and Google build requested backdoor access, which I don’t think they want to do.

    2. The police get physical access to the phone temporarily to install a hidden app on it. Possibly using an insider.

    3. Bad guys buy pre-backdoored phones from cops. See the ANOM story. https://arstechnica.com/tech-policy/2021/06/fbi-sold-phones-to-organized-crime-and-read-27-million-encrypted-messages/

    I have not read the bill but I’ll guess they are legalizing #2.

    • Hyperreality@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      DROPOUTJEEP … “A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”

      https://en.wikipedia.org/wiki/ANT_catalog

    • NightOwl@lemmy.one
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Yeah, if this can be done remotely then all smartphones by design are very insecure devices that shouldn’t be trusted to doing card transactions or entrusting with password management and two factor authentication…

      I wish they would go into more detail on the how of remote activation is made. Is it a law saying it is okay to do if it becomes possible? Is this through an exploit that was found and requires physical access to the device to initiate, or is it just a setting present on all phones by default.

    • slock@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’ve seen this news published at a few different places, and IIRC they plan to use already existing exploits. You can read a bunch about what could potentially be used on the grapheneos website, specifically on how the modem and cellular network stack is very highly privileged on android at least, and it is very likely that most cellphones are vulnerable to some kind of code injection via a stingray, for example.

  • /home/pineapplelover@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    Ever hear of backdoors and a little spyware called Pegasus? Technology is already in place and NSA has been doing it since 9/11. All this spyware and it isn’t even effective.

    • markstos@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Pegasus uses exploits which are getting discovered and fixed. In theory, it’s getting harder for that model to work. Apple’s Lockdown mode defends against it for example. Very different from a sanctioned backdoor.

      • /home/pineapplelover@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yeah I wouldn’t be surprised if Pegasus was being fixed. It’s been around for years now. But there will still be 0 days. They’re called 0 days because nobody knows about them yet.

  • -J_R-@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    On a related topic: anyone know if there are any cell phones that come with a physical switch to disable the camera and mic

      • themoonisacheese@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Librem 5 and liberty are the same phone and are horribly overpriced. At this point I’m surprised it’s not just a literal grift like the other 'murica phones people tried selling to the American right wing.

    • Heastes@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      People are already pissed, so why not push through a crazy privacy invading law.
      What are the citizens going to do? Riot?

      • DessertStorms@kbin.social
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        What are the citizens going to do? Riot?

        Considering this is France, you’d think those at the top would be more aware than anyone of the risks of pissing off your citizens, but looks like they’ve become too comfortable and are practically begging for a refresher crash course…

  • UnanimousStargazer@feddit.nl
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    The Court of Justice if the EU will very likely disallow the use of this authority in the future, but it often takes time to litigate in court up to a point where an organization can proceed to the EU Court.

    It’s a terrible way of politicians trying to circumvent fundamental rights, even though their goal always is to prevent crime. The simply pass the bill, wait until it becomes law, start doing their business, claim victory and then complain the EU Court disallows it.

    Sigh.

      • Hyperreality@kbin.social
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Snowden.

        A good starting point is here:

        https://en.wikipedia.org/wiki/ANT_catalog

        For example:

        DROPOUTJEEP … “A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”

        And here:

        https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)

      • Minsk_trust@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        The NSA had a program called DROPOUTJEEP according to an article in Der Spiegel. Think it came out with Snowden? Fuzy on details but you can look into it. It did include camera access but i dont think it could be installed remotely. Id be surprised if theres anything the NSA cant intercept but thats obviously what they would want us to think and Im just a guy.

        • markstos@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          There will always be spies working with exploits, which is different from a sanctioned backdoor.

          I doubt the tech used in DROPOUTJEEP works anymore.