eBay, Facebook and Google take France to court

According to AFP, twenty of the world's top Internet companies, including eBay, Dailymotion, Facebook and Google, are filing a complaint with France's highest court against a directive which would make each company keep users' personal data for a year. The collaboration will bring the base before the Conseil d'État, the highest and last-option legal court consisting of high ranking legal bureaucrats.

Benoit Tabaka, from the French Association of Internet Community Services (ASIC), said, "The ASIC is appealing at the State Council against the decree to keep connection data." The directive, published only a few weeks a go (March), orders shopping sites as well as social networking websites involving media, such as Dailymotion, to keep a vast array of information and personal data on their users including full names, usernames, passwords, mail addresses, multiple email addresses and telephone numbers.

Under the directive, the information is to be made available to the police, fraud office, customs and tax bodies, and other security authorities for up to a year after the information has first been entered into any of the sites.

"Several elements are problematic. For instance, there was no consultation with the European Commission," said Tabaka. "This is a shocking measure, this obligation to keep passwords and hand them over to police services." The ASIC will be filing the complaint on Wednesday morning.

Image Credit: Vlad Loteanu

Report a problem with article
Previous Story

iPod touch fifth generation photos surface, skepticism ensues

Next Story

Silverlight 5 beta coming next week at MIX11

15 Comments

Commenting is disabled on this article.

They are trying to not be involved in future litigation problems for everybody that uses their service.

Imagine if somebody commits a crime in France, then they can ask for their Facebook information, Google information, etc. It's a huge legal area that will cost Facebook money to keep itself from being "named" in the suit, or Google or anybody else.

That, and they have the added problem of keeping secure things for a longer time, making the chances of losing it a lot higher. They should not have to do that.

Not to mention if I commit a crime in France, then go to the UK and delete my FB account.. Now FB is between a rock and a hard place.. Even more so if the country I'm in requires personal information to be deleted within x days of the request being made..

"This is a shocking measure, this obligation to keep passwords and hand them over to police services."

It would be considered extremely poor design to store a user's password in any database at any time. Passwords are almost always stored as a one-way hash. There is no need what-so-ever to store them any other way except to neglect your user's privacy and security.

Shadrack said,

It would be considered extremely poor design to store a user's password in any database at any time. Passwords are almost always stored as a one-way hash. There is no need what-so-ever to store them any other way except to neglect your user's privacy and security.

Not to mention a programmers/DBA's nightmare to refactor all the code to deal with this.

gark said,
Facebook caring about user privacy? I was sure this was an April Fools Day story.

there's a difference between keeping personal information for all users and users being too stupid to secure their own profile.

no-sweat said,

there's a difference between keeping personal information for all users and users being too stupid to secure their own profile.


AMEN!
a) Forcing users
b) CHOICE. YOURS.

Thanks, I hate how everyone rants and rants about that ****, that people decide to share.

GS:mac

thealexweb said,
Facebook and Google fighting for privacy = win

They are not fighting for privacy. They are fighting for profits. Keeping the amount of data that this is requiring takes a ridiculously large amount of space.

Also, there is no way for these companies to keep password information without making everyone accounts vulnerable. They don't store passwords on their servers ever. They store encrypted versions of your password so even if the list got leaked, it would be useless. Any site that can email you your password is not very secure. Any site that has to have you reset your password in order to get back into your account has no record of your actual password anywhere in their servers.

ILikeTobacco said,

They are not fighting for privacy. They are fighting for profits. Keeping the amount of data that this is requiring takes a ridiculously large amount of space.

Also, there is no way for these companies to keep password information without making everyone accounts vulnerable. They don't store passwords on their servers ever. They store encrypted versions of your password so even if the list got leaked, it would be useless. Any site that can email you your password is not very secure. Any site that has to have you reset your password in order to get back into your account has no record of your actual password anywhere in their servers.

Hhahahahaha, do you really think they are worrying about storage space? Please tell me you are joking. They do not want to store this data (especially original passwords) because doing so presents a HUGE security risk.

As for storing passwords, they store an irreversible hash, which means someone (including them) cannot get the original password without some kind of password attack (dictionary, brute force, etc).

neodescis said,

Hhahahahaha, do you really think they are worrying about storage space? Please tell me you are joking. They do not want to store this data (especially original passwords) because doing so presents a HUGE security risk.

As for storing passwords, they store an irreversible hash, which means someone (including them) cannot get the original password without some kind of password attack (dictionary, brute force, etc).

You'd be suprised how much of an issue storage space is for companies. I don't even work for an IT/Internet company and we have issues with space and the costs related to that.

The stuff about password hashes, you're literally just rehashing (excuse the pun) what he already said.

neodescis said,
Hhahahahaha, do you really think they are worrying about storage space? Please tell me you are joking. They do not want to store this data (especially original passwords) because doing so presents a HUGE security risk.

this. lawl @ storage argument

neodescis said,

Hhahahahaha, do you really think they are worrying about storage space? Please tell me you are joking. They do not want to store this data (especially original passwords) because doing so presents a HUGE security risk.

As for storing passwords, they store an irreversible hash, which means someone (including them) cannot get the original password without some kind of password attack (dictionary, brute force, etc).

Last time i checked, companies are out to maximize profit margins. An old estimate (2002) states that Google has 25,000 servers for its operations. By now, that number is much higher. For the amount of data that this law is wanting, Google would end up at least have to add half that amount to their current setup. Lets assume that its 12,500 servers. Keeping that amount of servers running costs a large chunk of change. Can Google afford it? Sure. Do they want to? No. Its a company. Primary function: make money.


http://en.wikipedia.org/wiki/Google_platform

ILikeTobacco said,

Last time i checked, companies are out to maximize profit margins. An old estimate (2002) states that Google has 25,000 servers for its operations. By now, that number is much higher. For the amount of data that this law is wanting, Google would end up at least have to add half that amount to their current setup. Lets assume that its 12,500 servers. Keeping that amount of servers running costs a large chunk of change. Can Google afford it? Sure. Do they want to? No. Its a company. Primary function: make money.


http://en.wikipedia.org/wiki/Google_platform

Your statement is hilarious at best!

25k servers are probably not in France only.
How do you think will "account and connection" details sum up that much?
Not that I totally oppose that it does mean lots of data, I don't think that half of what I daily upload etc, so essentially STORE knowingly, is actually connection details and those few bytes of my phone number, etc...

Seriously, your storage argument is void before you mentioned it.
Don't beat a dead horse.

GS:mac

Glassed Silver said,

Your statement is hilarious at best!

25k servers are probably not in France only.
How do you think will "account and connection" details sum up that much?
Not that I totally oppose that it does mean lots of data, I don't think that half of what I daily upload etc, so essentially STORE knowingly, is actually connection details and those few bytes of my phone number, etc...

Seriously, your storage argument is void before you mentioned it.
Don't beat a dead horse.

GS:mac

You are 100% correct. Companies just throw money out the window all the time even if its the millions of dollars that it takes to do what is being forced on them every year. Clearly I know nothing about business since I was assuming companies don't like being told to waste millions of dollars by the government.

Read what they want stored. France wants Google and others to store the everything about anyone around the world who ever connects to anything in France. They are not saying keep a single row of data containing some contact information, they are saying keep every interaction. Every time you click on a link, connection data is sent and has to be stored for a year. We are talking about hundreds of billions of records being stored every year. Not only is that EXTREMELY costly, that information has absolutely not profit generating capabilities beyond what is already being stored. You are really trying to argue that Google doesn't care about millions of dollars getting spent on something they can't turn a profit on? The only thing that is hilarious here is your ignorance on the basics of business and the cost of IT data storage.