Military programming bill: strengthening of Anssi approved
On June 7, 2023, the French national assembly passed the 2024-2030 military programming bill, which includes four articles that strengthen Anssi (French cybersecurity agency) prerogatives
The military programming bill (LPM) for 2024-2030 was approved on June 7, 2023, in the national assembly, with 408 votes for and 87 against. The bill, which provides for a 413 billion euro investment over this period, will now be debated in the Senate. In particular it intends to better prepare the French military for “new fields of potential conflict”: space, deep ocean and cyberspace.
The law should thus make it possible to respond to severe cyber threats by “developing a leading cyber defense”, thanks to 4 billion in funding. On June 1, 2023, MPs debated Articles 32 to 35 of the bill, dedicated to strengthening Anssi’s authority. The national assembly approved all of them, with slight changes to limit the scope of certain measures.
The new bill thus grants Anssi emergency powers to act on domain names in lieu of their owners, for example by blocking them or redirecting traffic to secure servers. The bill also specifies that Anssi can collect “non-identifying technical data” and use “technical marker measures” to “guarantee defense and national security.”
The agency will now be able to copy fifty or so servers and capture around twenty data packets a year, in their hunt for potential cybercriminals. As of now, the Anssi can only access “very limited” data from traffic on suspicious devices.
The bill will also mandate cooperation between telecoms to track suspicious IP addresses. Previous legislation already authorized such collaboration, but “only one provider had initiated cooperation with Anssi,” according to the minister delegate in charge of Digital Affairs, Jean-Noël Barrot.
Several leftwing MPs expressed concern over these measures. “Copying entire servers, even in relatively limited numbers, constitutes a clear invasion of privacy since this is personal data,” criticized MP Jérémie Jordanoff (Green Party).
The rapporteur for this section of the bill, Sabine Thillaye (Center), replied that these measures were only intended for instances involving defense or national security. Moreover, an amendment reduces the copied data storage period from ten to five years.