French Conservatives Push Law To Ban Strong Encryption

Patrick O'Neill writes: The French parliament this week will examine a bill that would require tech manufacturers of computers, phones, and tablets to build backdoors into any encryption on the device. The anti-encryption bill is being presented by 18 conservative members of the National Assembly as part of a large "Digital Republic" bill. According to the article, The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces. "France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices," the legislation reads, according to a translation by Khalil Sehnaoui, a Middle-East security specialist and founder of Krypton Security. "The goal is to avoid that individual encryption systems delay the advancement of an investigation."

That is Le Pew

I can pretty much see the stench fuming off it.

Re:That is Le Pew

The co-signers of this bill are Republicans. But the difference is mostly moot.

Re:That is Le Pew

[PopeRatzo]

That is Le Pew

Oui, my little cabbage. It is ze love at sight first.

https://youtu.be/JEdBndu0YUM

Re: That is Le Pew

[guruevi]

The point is moot because the French president obtained special powers after the attack in Paris until February to enact pretty much any anti-terrorism legislation.

This is France's patriot act and soon a terrorist attack in the us won't be foiled so they can enact the same here.

Re: That is Le Pew

[Eunuchswear]

The point is moot because the French president obtained special powers after the attack in Paris until February to enact pretty much any anti-terrorism legislation.

No he didn't.

The state of emergency allows a certain number of police actions to be done on order of a "prefet" (an administrator) rather than a judge:

1. Banning of public gatherings.
2. Search warrants.
3. House arrest.

It lasts 3 months (so its nearly over).

Thats it. Nothing more, no power to pass legislation.

Re:That is Le Pew

Since the Libs insist on importing people that are likely to blow you up or shoot you up, it's only common sens that the Conservative will take steps to try and figure out when and where that will happen and perhaps prevent it.

Re: That is Le Pew

[N1AK]

Grandparent falsely claims the French President has been given powers due to a terrorist attack and is modded +4 informative.

Parent explains how that is not the case, with sufficient information for anyone to check it and is left at +1.

User moderation at its finest :( it's only informative if it's what you want to hear...

Re:That is Le Pew

[Curunir_wolf]

Appropriate quote from Politico on the US presidential campaign candidate:

"So Rubio's foreign policy and national security strategy is to invade Middle Eastern countries, create power vacuums for terrorist organizations, allow their people to come to America unvetted, give them legal status and citizenship, then impose a massive surveillance state to monitor the problem,” ... “I'm trying to figure out if it is more incoherent than dangerous or vice versa.”

Re: That is Le Pew

[Eunuchswear]

And some buthurt moderator mods N1AK offtopic for pointing that out.

Re: That is Le Pew

[Grishnakh]

The only problem with your analysis is that currently, the false grandparent is at +1 Informative, and the correcting parent is at +4 Informative.

Slashdot definitely has big problems with its moderation system, but this doesn't look like one of them. Of course, we could also argue that your post pointing out this stupidity is what shined light on this particular instance and it got corrected quickly as a result.

But I'll say it again, as I've complained countless times before: the "feature" where you can't post in any discussion where you moderate is utterly stupid, and as a result, I simply never moderate at all.

Re:That is Le Pew

[MightyMartian]

Because France has never faced terrorists acts before today...

Re:That is Le Pew

Then yesterday's immigrants become tomorrow's "small government" Cons and pass laws to limit freedoms.

Re: That is Le Pew

[cyberchondriac]

Patience is a virtue.

Re:That is Le Pew

You mean like Campus Speech Codes, Microagressions, etc?

Maybe the Campus President can walk around with Security Guards holding ropes around him to keep the nasty students away.

Re: That is Le Pew

[TsuruchiBrian]

And now grandparent doesn't exist, and parent is +5 informative in response to a nonexistent comment. This is bullshit.

Re: That is Le Pew

[ewibble]

I agree moderating a reply to you or yourself should not be allowed, or possibly someone you replied to. But just because made post in a story shouldn't stop you moderating I generally read post in articles that I am interested in so it severely limits the moderation I can do. Also I think you should be able to change a moderation, I you read a post and think it is valid and then good counter argument is presented you should be able to change your mind.

Re: That is Le Pew

All of that is secondary to the reality that one-for-one encryption which is widely available on third party apps is literally unbreakable. I am a computer scientist so I do NOT use that word lightly I promise...

I really wish these idiots would stop telling themselves can stomp their feet and pout and it will somehow change basic information theory...

Re: That is Le Pew

[Grishnakh]

The problem is that it's not fine-grained enough. You shouldn't be able to down-mod a reply to your post, but you should be able to moderate posts in completely different threads for the same article. SoylentNews allows this (and uses Slashcode, so it's not like it can't be done here).

Re: That is Le Pew

Sorry, but that is *clearly* obama's position.

Re:That is Le Pew

[FreedomFirstThenPeac]

Generalization. This American Republican thinks that strong encryption is a right, and that backdoors for anyone's use violate basic principles. There is a reasonably large faction within the MN GOP that certainly agrees with me, but Slashdot might not hear from them.

Security is only as strong as its weakest door

[Elfich47]

It doesn't matter if the wall you build is thirty feet high and six men can walk abreast if you can kick in a door. The weakest part of a wall is always the gates and these kinds of bills are trying to require extra doors with standardized locks are used. No way this can be abused.

Re:Security is only as strong as its weakest door

[Racemaniac]

I was thinking: sounds like a fair law, if then the state/police is fully responsible if their backdoor becomes public, and can be abused by others :). But then i think they'd not risk it, because they know the won't be able to keep their backdoor secret, and don't want to face the consequences :).

Re:Security is only as strong as its weakest door

[Elfich47]

Sounds about right. Painting the door the same color as the wall works as camouflage right up until someone gets up and touches it.

Re:Security is only as strong as its weakest door

[U2xhc2hkb3QgU3Vja3M]

https://www.youtube.com/watch?...

Re: Security is only as strong as its weakest door

[Z00L00K]

Just make it clear to anyone not willing to reveal the content of their device that they will face 25 years in prison if they don't cooperate and give the password. I think that would be a lot more effective.

Re:Security is only as strong as its weakest door

[Big+Hairy+Ian]

Up until 1999 encryption was illegal in France. Looks like they are stepping backwards

Re:Security is only as strong as its weakest door

[Eunuchswear]

No it doesn't. The Republicans are a minority in parliament, this idiocy will never pass.

Re: Security is only as strong as its weakest door

This exactly line of authoritarian thinking is why plausible deniability in encryption exists.

The device will have two passwords. The decoy password decrypts the decoy portion (which of course appears to take up the entire storage size). The real password decrypts the hidden portion. The suspect merely gives up the decoy password, the police investigate the totally legal contents of the decoy portion and can't make any charges stick.

Re:Security is only as strong as its weakest door

Don't you think it is more likely that the backdoor would have to be maintained by each vendor for their access only? Then the authorities would require a warrant to be serviced by the vendor for specific records. Then the responsibility for the hole would remain with each vendor. I suspect the real purpose for the proposal is to remove the vendor's ability to "side step" warrant request.

Re:Security is only as strong as its weakest door

[Golddess]

It doesn't matter if the wall you build is thirty feet high and six men can walk abreast if you can kick in a door.

Or, y'know, just walk around it.

Re:Security is only as strong as its weakest door

[TheGratefulNet]

I thought of this immediately. france was one of the few modern countries to make encryption illegal for users, for a LONG time.

they dropped that rule.

now they want to go back to the bad old days.

look, france, do we REALLY have to start the old and tired 'france surrenders!' jokes all over again? we're all tired of that old joke, but maybe you citizens need to tell your government that you don't want to go backwards and hide in fear any more.

good luck with that, though; our own people (US) won't do this either and we'll probably follow you down this rathole ;(

sad that terrorists can scare us into giving away all our rights and freedoms. this is exactly what they wanted all along! and our own governments are happily playing right into their hands!!!

Re:Security is only as strong as its weakest door

sad that terrorists can scare us into giving away all our rights and freedoms. this is exactly what they wanted all along! and our own governments are happily playing right into their hands!!!

And they even managed to get you to blame someone else for what they did!

Re:Security is only as strong as its weakest door

[Mr.+Shotgun]

Painting the door the same color as the wall works as camouflage right up until someone gets up and touches it.

On the other hand panting the wall the same as a door has fooled many wily coyotes.

Re:Security is only as strong as its weakest door

[penguinoid]

Painting the door the same color as the wall works as camouflage right up until someone gets up and touches it.

On the other hand panting the wall the same as a door has fooled many wily coyotes.

It's never fooled a roadrunner though.

Will likely not pass

[Kilobug]

Please note that the conservatives don't have a majority in the Assemblée Nationale, so this law will likely not pass, at least under its current form. But it's also true that PS hasn't been the strongest defender of privacy and personal freedom, they did a few nasty things in the wake of the terror attacks of last year, so who knows exactly what will happen...

Re:Will likely not pass

[DaMattster]

Even if it did pass it would be likely difficult to enforce and its detractors would simply turn to open source solutions that exist outside of the borders of France. A citizen could start using an OS like OpenBSD, and because it is a freely available product, there would be no way for French authorities to force the project to weaken the encryption. Imagine the French government asking Theo de Raadt to weaken OpenBSD's encryption. First Theo would laugh and then cuss up a storm. The bottom line is that any tool can be used for doing good and bad in the world. A wrench is only a wrench when used to loosen or tighten a nut. The moment it is thrown at someone for the intent of harm, it's a weapon. We obviously do not ban the use of wrenches over the possibility that they can be weaponized. Encryption prevents rogue government agents from interfering with freedom but, in the wrong hands it also facilitates those that would seek to do harm.

Re:Will likely not pass

Then the French government outlaws the use of OpenBSD and the like. If during an investigation they find the offending software on your machines, you get an automated 10 years sentence. You can avoid this by revealing the encryption keys, with cumulative 5 years sentences for every key and every time you refuse. Is Theo de Raadt living anywhere in the EU? Then he can be arrested and brought to France to stand trial for aiding and abetting terrorists. You cannot solve a political issue through technology because the overwhelming power of the State wins every time.

Re:Will likely not pass

America will be the last stand for freedom. It will be won or lost here.

Re:Will likely not pass

[NatasRevol]

How fucking delusional are you?

How many gov't backdoors already exist in products that you use, either directly or indirectly?

OS/modems/telecom/internet/BIOS/etc,etc,etc

Re:Will likely not pass

[interval1066]

Agreed, judging by past actions I wouldn't look to America to be the "last bastion" of digital freedom either. The thing I find interesting is every time these clowns call for back doors into digital encryption the call isn't really based on an solid evidence the terrorists used encryption to communicate. As if "If only we could read your personal data the terrorists would be stopped."

Re:Will likely not pass

this sort of thing seems to be an increasingly attractive idea among politicians. Hillary mentioning it on her campaign in the us and now this in france.

If they were listening to technical advisors this sort of thing wouldn't even be mentioned. I think the only people who stand a chance at stopping it is the financial sector. They have a lot of money, and I imagine they are rather afraid of it all suddenly disappearing due to government mandated flawed security.

Re:Will likely not pass

[hey!]

Laws like this aren't proposed to make people safer; they're proposed to make people feel like someone is doing something to make them safer. So the consequences of this proposal depend on the degree to which the French people feel vulnerable at this point in time. At a minimum it's bound reinforce the Conservatives' standing with their xenophobic base. It might gain them supporters. Depending on how future events play out, something like it may even pass, even though it demonstrably won't make anyone safer and arguably makes them more vulnerable.

Re:Will likely not pass

[fustakrakich]

the overwhelming power of the State wins every time.

It is nothing compared to the power of the vote. Let's all remember that these politicians were elected. Kinda makes all the complaints sound a little silly, don't you think?

Re:Will likely not pass

Laws like this aren't proposed to make people safer; they're proposed to make people feel like someone is doing something to make them safer.

Big Brother is looking out for you.

And remember, Oceana has always been at war with EastAsia.

Re:Will likely not pass

[sudon't]

Well, unless they start censoring the internet within their borders, these laws are as useless as, say, anti-pirating laws. If people want strong encryption, they'll get it. This only affects the non-technical/lazy.

Re:Will likely not pass

The those few people will be singled out and harassed. Encryption doesn't work as "you can't read my stuff", it only works if a vast majority uses it because you cannot arrest that many people. It's not about protecting your secrets but about civil disobedience. If tens of thousands of people march in the streets and ask for changing things, the government can't bomb them. If they are a few hundreds, they send the police to beat them up. If they are a dozen, they are arrested. Encryption only works if the majority uses it because there's safety in numbers. It's the only way it can work. As for vote... What do you do when they're all on the same side?

Re:Will likely not pass

[Opportunist]

You are aware that the Frenchies actually used the US as the blueprint here, yes?

I mean, did you really expect them to come up with such a masterplan all by themselves?

Re:Will likely not pass

[spire3661]

It doesnt matter who is using encryption for what, its a complete red herring. The burning question is "Do The People have the right to hold a secret from the government?". The inherent right to have private ideas in fixed form is what is at stake. If I encrypt my diary, does the government have the absolute right to read it? This position of the government agasint encryption is already producing a massive chilling effect.

Re:Will likely not pass

Under what rock have you been living for the past two decades?

Re:laws are for Cows

Been away from Slashdot for awhile, since the "fuck beta" business actually.

What's this amateurish Cows/Moo stuff? Is this all we have left around here? Sad. Very sad.

Funny, phoney war on encryption

You know who else don't like strong encryption? The terrorists.

You have to admit that the terrorists have already won. They've pwn your asses so completely that you're stabbing your own liberty like crazy.

Re:Funny, phoney war on encryption

[interval1066]

I agree. Every reaction to terrorism by all governments is to simply shrink the freedom of their own citizens. Ineffective, but at least they con come back to their people and say "We did this for you."

Re:Funny, phoney war on encryption

Who wants freedom anyway? What's continuing this "war on terror" when Saddam Hussein and Osama bin Laden have already been killed?

Re:Funny, phoney war on encryption

Osama outsmarted the empire lol!

Re:Funny, phoney war on encryption

[Dread_ed]

1) Stir up trouble with terrorism
2) Watch governments implement increasingly harsh restrictions on their own citizens because governments do that and people are too stupid to say no.
3) Move to said country as a refugee with 100,000 of your closest relatives.
4) Breed the indigenous people out of office and institute Sharia.
5) Prophet.

How can this be enforced?

Anybody can encrypt anything. There are hundreds of open source encryption libraries out there.

Preventing hardware manufacturers from building strong encryption into their products accomplishes nothing. Anyone can still encrypt whatever they want.

What this does is expose normal users to security risks, while *doing nothing to prevent any determined user to encrypt whatever the hell they want*

Re:How can this be enforced?

Anybody can buy a gun anywhere. There are millions of unregistered firearms out there.

Preventing law-abiding citizens from easily purchasing arms and ammunition accomplishes nothing. Anyone can still shoot whatever they want.

What this does is expose normal citizens to security risks, while *doing nothing to prevent any determined criminal to murder/rape/rob whatever the hell they want*

Re:How can this be enforced?

You're wrong. Once the hardware is backdoored, you simply can't trust the software running on it, especially if the software is an encryption utility.

Re:How can this be enforced?

[bobbied]

So just 3D print your next firearm.... Don't think the ammo is coming off the printer, but the bullets sure could...

Re:How can this be enforced?

[interval1066]

Anybody can buy a gun anywhere.

So the reaction here in the states is to restrict guns in various ways. Watch for this and other countries to start restricting encryption.

Re:How can this be enforced?

[vux984]

Preventing hardware manufacturers from building strong encryption into their products accomplishes nothing.

False. It makes strong encryption off by default. So that instead just working out of the box, people have to decide to encrypt something, and go out of there way to locate and use tools to encrypt something; and deal with the hoops and hassles because its not baked in.

That accomplishes *something* pretty significant.

What this does is expose normal users to security risks, while *doing nothing to prevent any determined user to encrypt whatever the hell they want*

Swing and a miss. You are absolutely right to say that normal users are vulnerable and that determined savvy users will encrypt whatever they want.

Your unspoken assumption that terrorists and criminals are in the "determined users" category, however, is false.

Criminals and terrorists ARE mostly so-called "normal users". The vast majority of them aren't tech savvy super villains. Many of them (most of them!) aren't going to take the extra step of encrypting their communications. The recent attacks in france are a case in point -- they used good old fashioned un-encrypted SMS messages to coordinate.

Re:How can this be enforced?

Swing and a critical miss. How much of a tech-savvy super villain do you think you need to be to flip an option in device settings, choose a password and wait a while until it reboots?

Re:How can this be enforced?

[vux984]

Swing and a critical miss. How much of a tech-savvy super villain do you think you need to be to flip an option in device settings, choose a password and wait a while until it reboots?

What you gibbering about? That doesn't help you if that built in encryption is backdoored, which is precisely the scenario in question here.

If the built in encryption is backdoored, Then you have to add your own encryption layers. And that isn't something the average crook is going to try do, or get right even if he tries.

Re:How can this be enforced?

Other countries, especially EU countries, are populated by people who follow the directives of the governments. If they are ordered not to use encryption, they will not use encryption. If it comes to outlawing FOSS, then FOSS won't be used by the majority of the populace. Hell, they could order people to give up their computers and get nice tablets in return and they would comply immediately, before the door-to-door confiscations could occur. Europeans as a whole follow orders and obey their leaders.

Re:How can this be enforced?

Thank you for correctly pointing out why all these unconstitutional gun control measures are ineffective.

Re:How can this be enforced?

[JesseMcDonald]

If the built in encryption is backdoored, Then you have to add your own encryption layers. And that isn't something the average crook is going to try do, or get right even if he tries.

No, the crook just installs an alternative OS (like CyanogenMod) developed in another country which doesn't have the backdoor, then enable full-device encryption as usual. It's not as if you have to be an expert in programming and cryptography just to install and use secure software which someone else wrote.

Re:How can this be enforced?

[vux984]

No, the crook just installs an alternative OS (like CyanogenMod) developed in another country which doesn't have the backdoor, then enable full-device encryption as usual.

LMAO.

*I* have yet to install an alternative OS on my phone. And I'm *IN* the demographic that does that sort of thing. And in the demographic that likes to do that sort of thing.

It's not as if you have to be an expert in programming and cryptography just to install and use secure software which someone else wrote.

Gotcha, so lets say we believed Windows was beholden to government masters and spooks... (wait we DO already beleive that don't we? If not as a certainty, than as a likelihood).

So criminals obviously being risk-averse must all be using something like Tails linux right? Nope... they still use windows.

'Normal' don't install alternative OSes on anything. Criminals and Terrorists... are mostly drawn from normal people. They drive cars with OnStar enabled, they use Androids and iphones and computers and tablets all with stock OSes, they sign up for xbox live with their real names. They take the same route to work every day. They pay with credit and debit cards. They don't throw away the shoes and clothes they wore when committing a crime. They don't vacuum every stray bit of hair, lint, and dead skin out of a rental car before returning it. Etc.

There are lots of things they could do to further avoid detection and capture that they don't do, because they are mostly normal.

Re:How can this be enforced?

[Altrag]

*I* have yet to install an alternative OS on my phone.

But do you have any reason to? Are you sounding out terrorist plots or other illegal activities? Hopefully not.

Criminals and Terrorists... are mostly drawn from normal people.

One of the above posters mentioned this as well.. and that's true for your rank and file foot soldier. The higher ups will be more akin to the higher ups in a normal organization -- probably don't understand the shit either (and will fuck it up occasionally no matter what) but will also employ people to handle it for them.

Of course, also as others have already pointed out, the French attackers weren't bothering to encrypt things anyway, so the whole argument is chasing a red herring and failing to even address the national security issues its supposed to be "solving."

Because

[JasterBobaMereel]

The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

Re:Because

[sociocapitalist]

The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

This has nothing to do with terrorism. Terrorism is a fear keyword the politicians will use to get what they want in place.

Re:Because

Obviously the terrorists' level of success in not being detected while using unencrypted communications only emphasizes how much worse things would be if they had used encryption!

On a sincere note, yeah, nothing those attackers did was obstructed at all with all the self-spying that France has legislated. Rather than put any effort into determining why their massive civilian-watch dragnet was completely useless toward its stated goal, they're just trying to get a wider net.

Re:Because

[stealth_finger]

The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

That's true but do you not remember the kneejerk claims of communication via encrypted ps4 chat. That's the line they're running with and be damned if a little thing like the truth stands in the way.

Re:Because

[Cro+Magnon]

So, why don't they ban ps4s?

Re: Because

The claim will be likely be that the terrorists will use it ''next time'' completely missing the point that one-for-one encryption is widely available on third party apps. The only way they could spy is essentially install keyloggers in all smartphones and there is no way any manufacturer will risk the scandal and issues that arise from producing any devices that are that invasive. France is nowhere near enough of a share of the world market to justify such expense and PR issues.

Re:Because

[nytes]

Obviously, the solution is to ban communication.

They know not what they do

[stinerman]

The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces.

While water is great at quenching thirst, it also can kill a person if drawn into their lungs. Therefore, we demand that bottled water manufacturers make their water such that it can no longer drown someone.

Re:They know not what they do

They know exactly what they do. Nobody can claim ignorance after the first crypto wars. This is willful and wanton sabotage of digital communication.

Re:They know not what they do

[GabeGhearing]

You should read about the horrors of Dihydrogen Monoxide http://www.dhmo.org/facts.html

Re:They know not what they do

So... only sell ice lollies instead?

Re:They know not what they do

[fustakrakich]

Put it in a referendum, and considering the kind of people that win elections already, it just might pass.

Re:They know not what they do

[kheldan]

Oh, yes, you're absolutely right! And while we're at it, everybody knows that large bodies of water can drown a person in a few seconds, so we'll need a ban on those, too! No more lakes or rivers allowed, they all have to be dried up and blocked off. Put up a 30 foot high wall separating France from the Atlantic, too, since the ocean is nothing but death waiting to happen! Everyone will have to have special permits and safety training/certification for the taps in their homes, showers are frowned upon, and posession of a bathtub marks you as a terrorist since it's nothing but a murder weapon! Meanwhile let's get our scientists working on a way to prevent death-from-above, otherwise known as rain..

Re:laws are for Cows

When today's dumbfuck generation tries trolling and all you can do is facepalm...

Innocent until proven Guilty

It is not incumbent on the accused to provide evidence for a mere investigation into the possibility of their guilt. Telling someone that they aren't allowed to have encryption because they might be investigated at some point for something that they may or may not have done is telling them that they are guilty first and must allow the investigators to judge whether they are innocent.

Re:Innocent until proven Guilty

[EzInKy]

No, you are exactly wrong. Hindering prosecution is already against the law. By inhibiting the State's ability to examine encrypted evidence you are preventing them from proving your innocence.

Re:Innocent until proven Guilty

Nope, quite the opposite in fact. The charge you're thinking of involves actively interfering with an investigation. You cannot be charged for passive methods that you use to protect yourself. For instance, it's not a crime to use a locked suitcase to prevent anyone, including investigators with a warrant, from looking through your luggage, and you are under no obligation to provide the unlock code or to mention the hidden compartment.

A magistrate judge held that producing the passphrase would constitute self-incrimination. In its submission on appeal to the District Court, the Government stated that it does not seek the password for the encrypted hard drive, but only sought to force Boucher to produce the contents of his encrypted hard drive in an unencrypted format by opening the drive before the grand jury. A District Court judge agreed with the government, holding that, given Boucher's initial cooperation in showing some of the content of his computer to border agents, producing the complete contents would not constitute self-incrimination.

If you were to open the suitcase for investigators to show them that you have nothing but then close and lock it again right as they notice and ask about the hidden compartment, then you're interfering and can be compelled to give them another look.

Re:Innocent until proven Guilty

Except that this is France, so the same laws & rulings don't apply

Re:Innocent until proven Guilty

For instance, it's not a crime to use a locked suitcase to prevent anyone, including investigators with a warrant, from looking through your luggage, and you are under no obligation to provide the unlock code or to mention the hidden compartment.

Tell them that next time you go to the airport.

Then assert your Second Amendment right to carry a loaded gun on the plane.

Re:Innocent until proven Guilty

Being that I'm not part of a well-trained militia, neither called forth by Congress nor under the command of the POTUS (article 1204), the Second Amendment does not apply to me. Therefore, it is perfectly reasonable for there to be laws against carrying a loaded gun on an airplane, even while there are no laws about locked luggage. By the way, you, uh, probably should've quoted the "protect yourself" statement, not the locked suitcase example that explains what I meant by "protect yourself". However, since this is in regards to the discussion of encryption, I'll admit that "protect your personal papers and privacy" would have been a better statement.

Re:Innocent until proven Guilty

"In France, article 9 of the Declaration of the Rights of Man and of the Citizen 1789, which has force as constitutional law, begins: "Any man being presumed innocent until he has been declared guilty ...". The Code of Criminal Procedure states in its preliminary article that "any person suspected or prosecuted is presumed innocent for as long as their guilt has not been established"[14] and the jurors' oath repeats this assertion (article 304).[26]" says yes they do.

Re:Innocent until proven Guilty

[netwiz]

It's "well-regulated militia", and SCOTUS has already ruled that it's the second part that's more important, and of particular interest in firearms ownership and carry. Consider this: would that there were actual armed citizens present, with appropriate training, would 9/11 have been able to happen?

Mods: kill both this and parent, we're off-topic.

What about one-time pads?

[ickleberry]

WIll those be banned?

Re:What about one-time pads?

Of course they will, since they are strong encryption.

Re:What about one-time pads?

[Jason+Levine]

Also, strong passwords have been shown to hinder law enforcement from entering someone's account - which they promise they'd only do when approved by a judge and no they aren't crossing their fingers behind their back. Therefore, all passwords must now be "12345". As a bonus, nobody will ever be locked out of their luggage ever again!

Re:What about one-time pads?

Remember that selfie you shared with your buddy last summer? Could be used as a one-time pad. Can't be allowed...

Stupid politicians. Always looking for something to paint black.

Re:What about one-time pads?

Will those be banned?

Of course not.

You will, of course, be required to submit a copy of each one-time pad that you have to the government.

Re:What about one-time pads?

[Sparowl]

Hey, how did you know the password to my luggage?

Re:What about one-time pads?

Yes. No more internet banking services for us! In the related news, the conservatives push a law to reinstate electric torture, 1950's French secret service style, as the most reliable way of getting the one, objective truth out of anyone caught for petty theft and up.

Re:What about one-time pads?

[AHuxley]

France can detect the use of a one time pad message on any of its digital networks as it has had expert GCHQ telco upgrade help since the 1970's.
No anonymity but the message still kept its privacy. In a five eye nation that communications network would be tasked for special collection and digital files created on everyone with 3 connection hops of that code use.
France can do the digital tracking too but has something the Signals intelligence fixated 5 eye nations do not.
A vast network of real human informants exist in every French community going back generations. They will get tasked on the origin of that one time pad message.
The French officials will get all the digital data and have a small human team on the ground to report on that location.
Unlike teams of contractors or special forces trying to blend in as often attempted in other nations, the informants will be part of the local community and not be spotted.
Informants are very easy to create when the legal system historically starts with a presumption of guilt and then offers a very good deal.
Rows of one time pad use can stand out in a collect it all database that expects and sorts everyday readable language use.

Re:What about one-time pads?

No, because one-time pads are insecure to a government.
They can simply make the encrypted message say anything they want it to say; then you go to jail.

Re:What about one-time pads?

If you outlaw encryption, then only outlaws c4a39f312205f59bbb691429549872ba

Yeah

[no-body]

The crooks can't crack "weak" encryption left for the common user. What is the intention of folks making those laws - religiously motivated?

Re:Yeah

[vikingpower]

No, populism. Currently, conservatives ( and also neo-liberals ) thrive on it, here in Europe. Poland even has a conservative-populist government. So does Denmark.

Re:Yeah

[Jason+Levine]

The purpose is running scared of the terrorists they imagine lurking within every shadow. They see things in the world only under the context of "Could a terrorist use this against us in any way, shape, or form no matter how unlikely?" If the answer is yes, then the thing must be banned or, at least, highly secured.

For example, the shoe bomber tried unsuccessfully to blow up an airplane with a bomb hidden in his shoe. They are scared that another one might succeed so now we need to remove all shoes when going through airport security. All because one guy tried something and now the guys in charge think someone else might try it too. (Thank goodness they didn't follow the Underwear Bomber with a "get naked in the TSA line" requirement.)

So encryption might be used by businesses and individuals to secure their private transactions in a completely law-abiding fashion, but the people making these laws think one or two people might use encryption for terrorism purposes so the only way to protect us to to ban encryption and weaken us.

Re:Yeah

(Thank goodness they didn't follow the Underwear Bomber with a "get naked in the TSA line" requirement.)

Thank goodness terrorists didn't send "Anal Mule Bomber" yet. Sooner or later, it will all just become pointless, or unbearable. There have to be other ways to prevent terrorism. I don't know, perhaps by wide dispersal and relaxations of each and every society's "choke points". Perhaps we all need to stay away from any crowd ... permanently, air travel in formation flocks of separate aircraft or propulsion-less, towed, glider coupé cabins, have every space inside every mass transport space crossed with blast-retarding walls ... make possible targets of terrorism hard to hit, and then we will not need to punish the innocent any more!

Re:Yeah

[Altrag]

or, at least, highly secured.

Or in this case, made so insecure as to be useless!

With the bonus of completely ignoring the fundamental fact that anybody with a bit of skill can write their own encryption software. Its not that hard if you have a good book on the subject and some programming knowledge -- at least not to make a simple chat app or whatever. Integrating your personal encryption scheme with popular websites/apps/devices is another question of course, but if all you're looking for is purely the ability to pass secure commands to your subordinates.. its pretty easy.

Re:laws are for Cows

[U2xhc2hkb3QgU3Vja3M]

We used to have these very informative posts about HOSTS files, sometimes more than once per thread.

Banning strong encryption is like

[bennebw]

Banning strong encryption is like banning strong seat belts.

Re:Banning strong encryption is like

Do you know who else uses seat belts?

TERRORISTS!!!!

This only deals with hardware-based encryption

[vikingpower]

With software encryption, you'll still be able to do what you want.

Re:This only deals with hardware-based encryption

Backdoored hardware invalidates the functioning of software.

Re: This only deals with hardware-based encryption

[Z00L00K]

And with a pre-arranged language like the Navaho Codetalkers it doesn't matter if someone listens in, it's futile to decode for someone not knowing the language and context.

Re: This only deals with hardware-based encryption

I'm pretty sure that with modern computing power and theoretical linguistics advances available, a Navajo Codetalkers copycat operation could be cracked in a few weeks' time, if not days. Even the nazis knew those funny guys weren't talking about goat husbandry or pattern-painting kimonos over the radio, but military and logistics topics. That's a fairly shallow and well-regulated semantic space, which can be easily depleted using powerful computers.

If we knew the Phaistos Disc describes an advanced fee fraud or advices on how to run a gambling den, it would be deciphered yesterday.

Re: This only deals with hardware-based encryption

Though I wonder, if the communications in such a language were stored in a database, would linguists be able to decode it over time? Some languages, such as Egyptian hieroglyphics, resisted such efforts until the Rosetta Stone was found, but would modern computers have been able to crack the problem?

If not, then that's the type of language to use for such purposes.

Re: This only deals with hardware-based encryption

False. Encryption need not involve any hardware

Re:This only deals with hardware-based encryption

Mods, please don't vote this idiot up! You can't run trusted software on untrusted hardware.

Re: This only deals with hardware-based encryption

[Opportunist]

It is kinda tedious to do AES in your head...

Re: This only deals with hardware-based encryption

[Opportunist]

Knowing in 3 days that your main bridge is going to be bombed in an hour isn't really going to help you a lot, ya know...

Re:This only deals with hardware-based encryption

[AHuxley]

Software sits on hardware so the weak junk hardware will just allow France to get any "software" layer plain text, voice, data before OS application level encryption.
The hardware will always report your ip, and log, collect or allow a trap door, back door. Any software allowed on top is just bait to make a user think they have something creative and useful.

Re:This only deals with hardware-based encryption

[Altrag]

Uhhh what? Unless they're requiring a keylogger or similar to be installed, software encryption works just as well as hardware encryption (or possibly better, if you write it yourself and know 100% that you can trust it.)

The part you should have put in quotes is "plain text." If the hardware is only seeing encrypted garble itself, its not going to be able to pass plaintext to the government.

always report your ip

Well yeah, that's pretty much a requirement for IP-based networking.

and log, collect or allow a trap door, back door

Uhhh no. Generally speaking those don't exist unless the manufacturer is either forced to implement it or they're trying to do something underhanded (wasn't there a story about Chinese routers a couple years ago?)

Implementing logging and back doors and whatnot is both more work for the manufacturer and less secure for the user -- its a lose-lose situation and nobody would do that without some external influence. (Well maybe a certain amount of logging in the context of telemetry type things where the external influence is "potential advertising income," which generally falls into the underhanded category even if its pretty much universal these days.)

Re:This only deals with hardware-based encryption

[AHuxley]

re "Well yeah, that's pretty much a requirement for IP-based networking."
Thats the idea that the security services can build on, the phone network by default knows a lot about the users cell phone for billing or just to make the connections.
The only extra is to get to the plain text keyboard press or touch screen use before it is encoded by the high level user application layer.
The ability to remote turn on the mic and listen in :)
A user can encrypt all the want just before the message or voice is sent but the device as sold is not secure at a hardware or OS level.

Re:This only deals with hardware-based encryption

[Altrag]

the device as sold is not secure at a hardware or OS level.

Well they are currently -- that's what France and other governments around the world are attempting to change: Apple and Google and other mobile OS developers have been enabling un-backdoored encryption out of the box for the past year or two (and its been included but disabled by default for years before that.)

If you mean by "not secure" that "Apple can push an iOS update that breaks security" well yes, that's true: While your data is secure, the device itself and the software on it is still controlled by Apple.

However that would also intrinsically destroy all of your data so you'd find out right away that something's amiss. I suppose they could try to do some trickery in the background where it decrypts existing secure data and re-encrypts it with the new broken scheme using your same password (that you give it because this is still while the device is in your possession..)

But something like that should be fairly obvious for people with large amounts of data such as you'd see at say watchdog firms who are looking out for exactly that kind of BS.. so we'd know about it pretty quickly in that case as well (though perhaps for only a smaller definition of "we" since most average people don't follow tech blogs and wouldn't see those kind of notices.)

Re:This only deals with hardware-based encryption

[AHuxley]

The brand has its own update root or firmware so no easy user land software would be aware of a request to update.
Police, contractors, ex staff, former staff and mil have used that option for many years over generations of cell products to push down keystroke logging, to get results pushed out or soft power on, mic turn on requests.
Brands have have to allow that since the early 1980's product lines or they do not get gov permission to sell their products in that nation.
No un-backdoored encryption has ever been sold, is been sold or will be allowed to be sold on any nations network that will not allow access to images, text, voice, mic on, power on, beacon like gps tracking.
Designed in, as sold. The brands own messaging service might be "secure" as sent but only until its national or global databases.
Again its own root access is a given as it is an in house product. Advertising has to look for keywords :) For that any brand needs back to plain text within its own networks.
Secure networking sounds like a fancy term for selling privacy but its all on internal networks designed in house by the brand. Secure from the press, media, random user street level interception but fully reversible in real time by the network owners who created the network been offered to users.

Re:This only deals with hardware-based encryption

Indeed. And hardware encryption is not to be trusted anyway, so no big deal.

Re: This only deals with hardware-based encryption

[vikingpower]

Hieroglyphs are not a language, they are a notation system. Egyptian evolved into what is now known as Coptic, and nowadays written in a variant of the Greek alphabet. Language != notation.

Re:This only deals with hardware-based encryption

[Altrag]

The hell are you talking about? Of course if you send a plain text email then its going to get sent in plain text. That's kind of obvious.

The "encrypted by default" that governments are currently pissy about isn't the communications -- its the storage (internal, SD card, whatever.)

Nothing of course will stop a keylogger (unless you can type encrypted bytes by hand!) but its pretty obvious to anyone who knows how to snoop network traffic if your device is sending unexpected things to places it shouldn't be, including keylogged data. That is: someone will find it, in very short order, and it'll be all over the (techie) news within days.

Aside from a keylogger.. if you're paranoid about any encryption being backdoored then _write it yourself_. It definitely requires some knowledge of computation and cryptographic methods obviously, but its not particularly _difficult_ if you have the appropriate skills and some reference material (which is easy to find -- grab the coursebook from any university-level cryptography class.)

Sure you probably won't make a 100% secure encryption scheme right off the bat, but as long as its non-standard, you've got a layer of obscurity on top of whatever real security you did manage to put together.

Unless you somehow think that the government has secret fast algorithms for prime factoring and elliptic curve analysis and whatever other commonly used one-way functions that are only assumed (but not proven) intractable (or even more unlikely, you think they've somehow managed to inject a back door into the very concept of factoring prime numbers.. In which case you should probably find yourself a nice padded room cause you're way off the top of the conspiracy meter.)

Dear France:

[seven+of+five]

Yes, please be the guinea pig and backdoor your encryption. Then when your banking system collapses because some idiot leaked the keys, maybe it'll light a lightbulb in governments elsewhere.

Re:Dear France:

[GlennC]

Yes, please be the guinea pig and backdoor your encryption. Then when your banking system collapses because some idiot leaked the keys, maybe it'll light a lightbulb in governments elsewhere.

I'm afraid that you're giving other governments too much credit.

They'd look at France's failure as one of implementation, not of concept.

Re:Dear France:

Depends on how it's exposed.

Or perhaps how the media writes the exposure.

Re:Dear France:

[fustakrakich]

Guess you haven't heard. The customers will directly "bail out" the banks now. It's all covered.

Re:Dear France:

[Opportunist]

They'll arrest those that expose the idiocy in the implementation and the harebrained concept and consider the whole deal safe again.

Why should It be different this time?

Re:Dear France:

[Hotawa+Hawk-eye]

Who would be responsible if someone suffers financial harm due to their phone being compromised by criminals using the government-mandated "backdoor"? Could the French government itself be sued for damages in that case?

Re:Dear France:

[zwarte+piet]

The backdoors will also be shared to a number of selected marketing professionals who will contact you shortly.

Clever.

[rickb928]

- Convince one large-ish nation to ban effective cryptography.

- Monitor incoming and outgoing communications

- Compare the weakly encrypted (decrypted therefore) with the strongly encrypted data.

- Improve your systems to be able to break the strongly encrypted data.

- Government!

Re:Clever.

[johanw]

This is called a known-plaintext attack and does not work against decent crypto algorithms.

Re:laws are for Cows

Ah, but these cows run Linux!

ROT13...

[hawleyg]

...anyone?

Just how easy to crack do these monkeys want it to be so that it won't hamper their investigations?

But it might help the marketplace find room for more open-source devices that can be more easily (less technically) loaded with secure open-source OSs than we have today.

Re:ROT13...

[NatasRevol]

ROT-14.

It's one better!

Re:ROT13...

Only if you're talking about encrypting. If you consider the whole cycle, it's just as good. ROT-14 is one better, sure, but then you need to ROT-12 to decrypt, which is one worse. 1-1 = 0.

Re:ROT13...

Unfortunately ROT-14 would be asymmetric and would not be usable. Given D(a) = E(a) then a != D(E(a))
 

Re:ROT13...

Rot-14(a) = b
Rot-12(b) = a

http://www.somefunsite.com/rotx/rotx.php#result

All your French secret are belong to us

So the French version of the product will be back-doored, and all French commercial, industrial and political secrets will be available worldwide.

You have to admire the insane stupidity of crippling your own security, and then imagining that only France would be able to make use of this crippling of security!
And your enemies and allies somehow don't use it, not because its *secure*, but because of wishful thinking??

I wonder what happens when terrorists gets French backdoor keys, how they will explain that away?! "Home goal" doesn't quite cover it.

UK is to pass a bill so it can demand access to ANY data (its unlimited and unbounded and can include foreign data held by British subsidiaries). So they'll get all these backdoor keys. Finally! France will be UK's bitch! Bend over and suck it France!

Oh and so will every other country that demands the same access, or can spy to get the same access.

Dumb neocons.

Re:All your French secret are belong to us

> So the French version of the product will be back-doored, and all French commercial, industrial and political secrets will be available worldwide.

The proposed law doesn't mean that Dassault-SNECMA will have to use weak crypto to store the CATIA designs of their upcoming Rafale 2020 hypersonic jetfighter. The critical infrastructure, banking sector and military-industrial complex is always exempt everywhere. Restrictions concern only the sans-culotte.

Anyhow, much of continental Europe has long been working on an un-stated assumption that the Five Eyes Alliance (~USA, Blighty, zionists, maples and the kiwi waltzing with Matilda) are watching everything they write or do, in real-time. Airbus employees regularly fax sophisticated faux designs between their german, french and spanish factories just to keep Boeing collegues entertained. Allegedly the giant A-380 project only came to fruitition after HUMINT reported that Boeing itself was highly impressed with the farcical "superjumbo" concept drawings the NSA intercepted.

The same is true for other industries, like space, cars and railway vehicles, although US-UK often strong-arms continental Europe into submission eventually due to weak politicians who don't dare to say no, unlike Putin.

Re:All your French secret are belong to us

[zwarte+piet]

yay for this post. Wel written.

"any encryption" - general processors

How do you build a backdoor into a general compute device capable of running software and performing any encryption algorithm that can be described?
They are asking for a backdoor for everything that runs a processor.

Re:"any encryption" - general processors

And probably also banning the sale and use of processors with built-in AES (or other crypto) primitives.

Just for the sake of argument...

Just for the sake of argument, let's say we're really as vulnerable to all these boogeymen as our Glorious Leaders clearly want want us to believe we are. Well, okay, I suppose the first thing we need to do is immediately rebuid the Internet with lots of backdoors (i.e. tons of known, deliberate exploits), then connect everything from our [soon to be self-driving] cars to our security systems to our pacemakers to it and then wait for the sparks to fly. All I can say is, bet long on YouTube...

Yeah, defeating terrorists

[Blaskowicz]

You know what, if you want to defeat terrorists, try to not provide them with weapons and political support for a start.
We got these blow back attacks because France has supported terrorism as a geopolitical weapon against Syria, among other state sponsors of terrorism such as Saudi Arabia, Qatar, Turkey and the US.
So don't support terrorism and let Syria defend itself if you don't want terrorism.

Re:Yeah, defeating terrorists

[johanw]

Most terrorists in the west are 3rd generation muslim immigrants. Lets not create a new generation of 3rd generation muslims and kick out all new ones who want to enter.

Re:Yeah, defeating terrorists

But that would hurt some of the SJW's fee fees, shitlord.

Re:Yeah, defeating terrorists

[unixisc]

Very true!!! Too bad we can't send them all to Raqqa or Gaza, so that they can teach SJW to ISIL and Hamas

Re:laws are for Cows

Have we forgotten the difference between "Crapflooding" and good ole' "Trolling?"

I'd argue that HOSTS file and Natalie Portman (even GNAA and PenisBird) were just CrapFloods.

Were they better CrapFloods than the "MOO MOO MOO?" I'd say "Yes," but maybe that's all a matter of opinion.

Re:I'd rather have weak encryption..

[evilRhino]

Conservatives are for weak borders also, but they call it "free trade". The global economy requires money and services to cross borders in order to function, it is only fair that people can freely move to where the jobs land.

Re:laws are for Cows

What's this amateurish Cows/Moo stuff?

Sometimes, it's the only thing that's entertaining. Lighten up.

Pointless Law

Since it is aimed at foreigners mostly, wouldn't they be bring their devices from another nation where encryption was not banned?

Further, unbreakable encryption is not hard and its not feasible to backdoor all forms of encryption given their nature of operation. So, whilst the intention is probably correct, it is simply impossible to implement and attempts to draft bills like this show a complete failure to comprehend the issue.

Re:Pointless Law

[zwarte+piet]

But then you can just built automatic analyzers and flag anyone using the strong stuff.

if all men were Anonymous, would you let your sist

[Thud457]

French Conservatives Push Law to Promote Society-Wide Identity Theft

No trust whatsoever

[stongef]

This is the same state that sunk the Rainbow Warrior in the port of Auckland in 1985 because they didn't like Greenpeace opposing their nuclear tests. And they want a backdoor on all devices for strong encryption? Lemme think ... no, I'll pass, merci.

Re:No trust whatsoever

Jean, Tu est les Terrorists.

Re:No trust whatsoever

Jean, Tu est les Terrorists.

Second person singular subject, third person singular verb, plural object.

Re:No trust whatsoever

[stongef]

Meaning?

Possibilities:

1- Jean, tu es un terroriste : John, you are a terrorist
2- Jean, tu hais les terroristes : John, you hate terrorists

French is a very precise language. Screw up too many things, and you run the risk of saying the exact opposite of what you meant.

So, which is it?

Re:No trust whatsoever

[zwarte+piet]

That risc is far lower than in Finnish

Re:laws are for Cows

I'm really curious.. Do you think that there is actually one guy who spends time on Slashdot every day and post one message per thread with a variation of this message ? ? If it was me, I would probably written some kind of script to do this semi automatically.. there is still a captcha do decrypt.

Re:laws are for Cows

Sometimes, it's the only thing that's entertaining. Lighten up.

I'm sorry. I guess I'm having a bad day.

Re: Security is only as strong as its weakest doo

[Corwyn_123]

Might as well bring back Nazi Germany too.

The Future

[koan]

If you only study the single grain of sand you never see the beach.

All of the things occurring in the MSM you see day to day are not separate isolated incidents that arose organically.
They are parts of the terrifying whole.

When you make strong encrytion criminal..

[kheldan]

..then only criminals will have strong encryption. Why can't idiot politicians see this!? Legislation like this will do ABSOULUTELY NOTHING to prevent terrorism, it will only curb freedom of speech and the real security of honest, law-abiding, non-terrorist citizens!

Re:When you make strong encrytion criminal..

It will definitely do something: it will give terrorists a backdoor to everybody's device, including the politicians'

I applaud their courage. Getting exposed like that to draw the terrorists out so they can be discovered... ...because I hope that's their intention. Otherwise it's a very dumb move.

Re:When you make strong encrytion criminal..

[kheldan]

it will give terrorists a backdoor to everybody's device

That goes without saying -- as will the fact that every cyber-criminal in the world will have access within a few weeks. At that point you may as well just post your driver's license, social security number, bank account numbers, and credit card numbers on Facebook, Twitter, and anywhere else the general public can get them -- because they won't be safe anymore. It'll ruin the Internet completely because there will be NO security for anyone.

Re:When you make strong encrytion criminal..

[gsslay]

You are working under a mistaken belief of the purpose of the legislation. Terrorism prevention is just the flag of convenience it's currently sailing under.

Re:When you make strong encrytion criminal..

[kheldan]

That also goes without saying.. but the average citizen won't listen to that, all they'll hear if you try is 'conspiracy theory nutjob', so we have to point out how stupid it all is and wake their sheep brains up so they'll complain and maybe we can stop asshole politicians from destroying everything.

Re:I'd rather have weak encryption..

A significant number of ./ posters should be right at home with all that...

Re:laws are for Cows

[U2xhc2hkb3QgU3Vja3M]

The moo cow posts are usually right on topic, sometimes using knowledge that's inferred from the topic.

My guess is that someone wrote a script to warn him when new threads are making it to the front page. If that person has a desk job it's easy to always post in every thread.

Re: Security is only as strong as its weakest doo

[Z00L00K]

From some perspectives it's worse now.

They (and other countries) should pass these laws

[shdowhawk]

I'm serious. The countries should pass the laws

We live in a society that is ruled by money first. These countries should pass the laws, and the major players in the system (Apple, Google, Samsung, Sony, etc), should simply pull the products out of the country. They would take a hit to the wallet for a VERY short while, but would give those major players a HUGE advertising campaign to run on - "We won't give up your privacy".

Top tier products disappearing alone would piss off the populations in most countries, let alone a giant push to show that the top tier companies are "better" than those countries governments.

The amount of times that SOPA, PIPA, CISPA, ACTA, and OTHER type scenarios keep showing up is silly. If all the major brands left, and we (citizens of any country where the top tier companies would end up leaving) were left with the cheapy, crappy, prone-to-fail other products, the consumers would very quickly notice and take action. Can you imagine if xboxes and ps4's were taken away from stores, if iProducts and samsung products were taken away? Hell, DISABLE the apple, android, xbox, and playstation stores (only in those countries) while your add it - put up a message saying "We won't give up your privacy like your government is requiring us to do. If you want this turned back on, contact your government officials".

The top tier companies are having to pay/waste time/give up advertising space (let alone do their own advertising) against these idiotic laws anyways. Might as well band together under a common good, solidify their positions in the populations minds, and come out as heros in the end.

Software

[John+Allsup]

How can you you make hardware that will automatically backdoor an arbitrary software crypto implementation that has no backdoors. Sure this would make it harder to use conversations in games on PS4 and XBOX1 as a means of talking in secret, but that is about it.

Re:Software

Some hardware are pretty specialized and is easy to backdoor.

Re:Software

[AHuxley]

Back in the old days, say the 1950's?
Look back at telco crypto system sold in the 1850-90's in the West. The NSA and GCHQ ensured the design was weak ad developed and they always got plain text.
A nation would select a system to test and find the connection over a long distance was secure against any reversal, the maths was correct as sold.
The hardware would be installed at say an embassy and vast amounts of data sent back to the home nation with a complex telco and new device upgrade.
Every message could then be decrypted at the end point. The US and UK got all of Frances embassy hardware communication in the 1950's by ensuring France was happy with its junk level of hardware encryption and felt safe using it for years and with vast amounts of communications.
Only in the early 1960's did France finally understand what it gad done and try to fix the hardware issues.
Some more info is at:
"How embassy eavesdropping works" http://www.duncancampbell.org/...
Special Collection Service
http://www.duncancampbell.org/...

OOPS

[JimSadler]

So companies would face two paths. One path is that their products must meet French laws or maybe it would be better simply to not offer the products for sale in France. It is obvious that individual nations, usually, must not be in a position of regulating foreign- made devices. Obviously some nations are off the wall, mad dog, crazy. Would you like Somalia determining how your cell phone is built?

NSA on line 1; China on Line 2...

[Registered+Coward+v2]

They're happy to build in backdoors to all equipment supplied to France.

Seriously, hardware manufacturers could simply put backdoors into equipment destined from France, and depending on the laws where the device is made be obliged to provide access to other governments when required by law. Meanwhile, anyone buying a device elsewhere would still have no backdoor and bring it into France if they want secure communications. Software services would be harder to localize given the ability to use VPNs and the need to use a breakable form of encryption of messages originating outside of France being sent to France. I guess you could decrypt it in France and re-encrypt it with French law complaint cryptology, as well as store a French copy while sending a strong encryption version outside of France; otherwise you need to build into the software a way to recognize messages that originate in France and use the proper tool to decrypt it. That assumes a company wants to maintain strong encryption outside of France.

Genesis

[Impy+the+Impiuos+Imp]

There are people still alive in France who remember European governments that would have used this to spy on political opponents, and track and kill them. One still exists, reborn from a brief democratic interlude.

One should look in the long term and deny government certain powers out of principle. We have lots of evidence of historical democracies disappearing because they needed to have emergency powers (Rome, Greece, 1930s Germany) and zero evidence for long-term survival of them.

Re:Genesis

[tnk1]

Actually *France* has a long history of losing their government to emergency powers and the like. They don't appear to have learned their lesson, or they don't actually care. Starting to think its #2.

Terrorists Won't Care

[BoRegardless]

Then only terrorists will have secure communication capabilities.

It is easy to hide messages in large photo images and not be able to tell whether there is actually any hidden data in the photo.

Governments think organized criminals & terrorists are stupid.

Re:Terrorists Won't Care

[Guybrush_T]

Agreed. A long time ago (15 years ?), encryption in France was limited to a certain number of bits. This was a real annoyance for any government / educational / company because they had to use specially-weak software (remember ssj instead of ssh ?) while everyone else did not care.

That was the stupidest thing to do.

France must take the initiative

[l0n3s0m3phr34k]

to help identity thieves gain access to everyone's phones. Because there aren't any criminal organizations that will EVER find these back doors as well, and everyone on the planet is far too moral to exploit mandatory security holes.

Yet more prooff...

[Jawnn]

...that the set "conservatives" has a relatively small intersection with the set "smart people". How else does one explain the fact that anyone who knows anything at all about encryption and information security (almost exclusively "smart people") knows that back doors such as those being proposed are a colossally bad idea?

Jumped the Shark

[bravecanadian]

Why is it that "conservatives" in so many countries have completely lost their minds?

Re:Jumped the Shark

[H0p313ss]

It's the human condition, 90% of us are barking mad.

Woof

Re:Jumped the Shark

[tnk1]

They haven't lost their minds. Playing to fear is a standard political tactic. It gets votes. Why wouldn't they use it? They'd be stupid not to.

Oh, you mean that it is counterproductive and causes more problems than it solves? Well I'm sure that they believe that once they are in power, it will be temporary.

Re:Jumped the Shark

[mjwx]

Why is it that "conservatives" in so many countries have completely lost their minds?

That's part and parcel of being a conservative.

These are people who live in a bubble based around rose tinted memories of their childhood, pretending that the problems of 40-60 years ago didn't exist. This means that when reality breaks their bubble, they go mad trying to rebuild a society that never really existed.

French and the yellow flag

Why are the French such fucking cowards?

Re:French and the yellow flag

As opposed to, say, Americans?

Re: French and the yellow flag

Prove we are cowards. There is a long list of things France has done to prove they are cowards. Like acting like pussies in world war 2. We saved your fucking asses. Let's not forget how long it took for you to help us against the British.

Re:laws are for Cows

All that remains are men's rights activists; people that irrationally hate Microsoft and still base their criticisms of Windows on Windows 95; that mentally ill HOSTS guy; some non-sequitur cow poster; and know-it-alls that criticize without providing any meaningful contribution to the discussion.

Re: Security is only as strong as its weakest doo

[N1AK]

You can, and I would, argue against doing this, but it's still 100x better than what government's are actually asking for and likely going to get.

The government wants to be able to decrypt anything immediately and is willing to force weakpoints into encryption to do it. This makes messages less secure if anyone wants to decrypt them and gives the government the ability to decrypt everything. Requiring disclosure of passwords in court provides a number of benefits (vs that terrible system): The courts may not do everything the government wants, you can always refuse (lets say if people you care about could be harmed if disclosed), and the encryption remains strong meaning your messages are more secure against other attackers.

Vraiment?

[X10]

Ils sont fous, ces Français....

Re:Vraiment?

and it's the same country that has banned radar warnings in car navigation. (probably they need monies and not want you to drive slower in some areas).

It's the same country that is scared that legal immigration from new EU countries (such as Romania, Bulgaria or Poland) would take their jobs, but at the same time it welcomed huge wave of (partially) illegal immigration from it's former African colonies.

We've seen this before...

[chaboud]

The British and French are reported to have pushed for weak encryption in cellular phones (A5/1 and A5/3) to make snooping easier for law enforcement. http://www.aftenposten.no/nyheter/uriks/Sources-We-were-pressured-to-weaken-the-mobile-security-in-the-80s-7413285.html.

Apparently, these governments didn't want to bother with having to serve warrants to telephone companies... Which would require, you know, legal warrants. So we ended up with 54-bit encryption (A5/1) when the engineers involved were pushing for 128.

So what happened?

What virtually everyone here will already have guessed: The back doors left for convenient government snooping made it easy for *anyone* to snoop, effectively rendering the encryption worthless. (http://www.infosecurity-magazine.com/news/3g-encryption-cracked-in-less-than-two-hours/.

Modular arithmetic is not a crime. If you make it one, French law will suddenly sit in conflict with privacy laws around the world *and in France*. And will it be illegal to transmit random bits? What about SSL?

Idiots.

French? Uk? US? China?

[JcMorin]

Lets assume the French get the phone manufacturer to put a backdoor, the UK will surely want that. So is the US. I assume control-freak China will want that too. After that all countries will have their own backdoor with their thousands of operator who have access to that.

Gravity, etc.

[H0p313ss]

Encryption is just math, attempting to legislate math is like tying to legislate gravity or the speed of light.

Re:Gravity, etc.

[tnk1]

Yes, but it is very easy to discover. Right now, if something is encrypted, you can't read it, so you can't prosecute for the content of the encrypted text.

Under this law, you get prosecuted if it is encrypted and they can't read it. It doesn't matter if it is your shopping list or not.

A law to control encryption means that as long as they can identify a file as encrypted, you could go to jail just for having an encrypted file they can't break.

Re:Gravity, etc.

[david_thornley]

The speed of light will be a certain number of meters per second no matter what (that's the definition of the meter), but the legislature can still set speed limits that are far under lightspeed.

Re:laws are for Cows

[FatdogHaiku]

When today's dumbfuck generation tries trolling and all you can do is facepalm...

Someone cue the face palming cows please...
or would that be face hoofing cows?
Because that would have to really hurt...
I have to stop now, I've run out of ellipses,,,

Re: Security is only as strong as its weakest doo

[myowntrueself]

Might as well bring back Nazi Germany too.

Or Nazi UK. Where, if they ask you for the password and you refuse you can go to jail until you agree.

Re:They (and other countries) should pass these la

[tnk1]

The major problem is that most of the markets don't actually care about privacy in these contexts. Your standard iPhone user wouldn't know privacy from their privates.

Yes, everyone agrees that losing privacy is bad, but rarely does anyone know what that entails except for a relatively small informed group.

highschool choices vindicated.

Im now glad i didn't learn french. I focused on math and science with the goal of learning a second language later in life.

Now im going to learn spanish as the french keep insisting on making them selves more and more irrelevant int he global market.

As a north American i really hope the french rush to these laws first as it is much easier for tech companies to boycott the french markets from their product offerings. this may actually demonstrate to other countries how ass backwards a plan this really is

That is about as smart as

Making it illegal to have any secrets.

Some refuse to learn

Politicians, RIIA, MPAA, etc. Things change only because those who desperately cling to the past and to obsolete ideas eventually die. Imagine if immortality were to become viable - things would never change (and we would be stuck with the Kurzweil clown to boot.)

Re:laws are for Cows

Personally, of all the trolls and crapflooding here, the cow meme is the only one I sometimes get a little chuckle out of. I find it healthier not to take /. too seriously anyway.

When encryption is outlawed...

[Kazoo+the+Clown]

Only outlaws will have encryption. And you won't be able to recognize it as such, it'll come in the form of steganography, or code talking that looks like mundane communications. The whole anti-encryption thing is a boondoggle, and only helps to catch the low-hanging fruit, that which is too stupid to even try to cover their tracks. And that's even if they have the time and energy to scan every piece of data for that low hanging fruit, to find the needles in the haystacks. The recent attackers in France weren't even using encryption, and they weren't able to prevent the attacks. Banning encryption isn't going to change that.

Re:When encryption is outlawed...

[zwarte+piet]

Dies is nighthawk to loonly chicken. Ze soupe is ready! I repeat Ze soupe is ready.

Give France a break

[PPH]

This is just a few conservatives sponsoring a bill. How many times have we been laughed at for Pi = 3 or teaching the Fred Flintstone theory of evolution.

Re: Security is only as strong as its weakest doo

[matbury]

And Godwin's law is yet again validated. https://en.wikipedia.org/wiki/...

Re: Security is only as strong as its weakest doo

[dryeo]

How so? As long as it is actually on topic and appropriate, such as now talking about totalitarian ideologies, it is not Godwins law. To quote your link,

Godwin's law applies especially to inappropriate, inordinate, or hyperbolic comparisons of other situations (or one's opponent) with Nazis – often referred to as "playing the Hitler card". The law and its corollaries would not apply to discussions covering known mainstays of Nazi Germany such as genocide, eugenics, or racial superiority, nor, more debatably, to a discussion of other totalitarian regimes or ideologies,[citation needed] if that was the explicit topic of conversation, because a Nazi comparison in those circumstances may be appropriate, in effect committing the fallacist's fallacy, or inferring that an argument containing a fallacy must necessarily come to incorrect conclusions. Whether it applies to humorous use or references to oneself is open to interpretation, because this would not be a fallacious attack against a debate opponent.

Oh boy, this is going to be great!

[Opportunist]

Please do! Don't hesitate, can we somehow support you?

France bugs out of the data center business and pretty much nixes its cloud storage industry. If only some other European countries could follow, we could become the data center of Europe!

The real problems.

[TsuruchiBrian]

Which terrorists will this stop? The cats out of the bag on strong encryption. You can force every hardware manufacturer to sell machines pre-installed with weak encryption, and nothing stops terrorists (or anybody) from replacing this software with strong encryption. You can't stop the spread of strong encryption because it's math.

The best you can hope for is to mandate that every citizen allow you to read their personal data, and hope that the ones that refuse are the terrorists.

And even if that somehow magically works, you can be congratulated for turning a first world country into a shithole just like where terrorists come from, and you can start breeding homegrown terrorists angry at the totalitarian regimes they are oppressed by.

Another problem is that we can;t read minds yet. Terrorists could be holding all sorts of secrets that they haven't stored in digital files or on paper. Maybe we should pass a law mandating that brains come with weak encryption and band whispering.

Re:The real problems.

[AHuxley]

Re " You can force every hardware manufacturer to sell machines pre-installed with weak encryption,"
That was done at the emergence of cell phones in the UK back in the early 1980's. No cell phone system sold in the UK or Ireland was going to be too difficult to listen in and locate on in real time. The press and home computer enthusiast could be kept out of recording voice conversations but the security services would get every word or message and location on any network.
The US did talk in public about such national systems later with the Communications Assistance for Law Enforcement Act.

The solution is simple

Devise an encryption scheme which has multiple back doors. Ensure adoption of that encryption by Apple, Google, etc. Give a back door key to any government that asks. Result: encryption that every country apparently wants.

Then, all persons in country A can be spied on by country A, country B, country C, etc. Including all the politicians, police, private citizens, and so forth.

Re:I'd rather have weak encryption..

[unixisc]

Most Arabs would seethe at you or anyone else considering them brown. They consider themselves white, and as the purest of peoples. And Muslims ain't a race - you have whites (Turkic, Farsi and Arab as well as European - Bosniak and Albanian), Browns (South & South East Asia) and Blacks (North Africa). Doesn't make a difference - since Quran 2:223 says that women are tilth to be plowed by (Muslim) men, it's perfectly okay for any Muslim - regardless of race - to rape women. As per Muslims.

Re:I'd rather have weak encryption..

[unixisc]

You think? Given all the negative mods every post in this particular thread has gotten?

Ummm...no

[MitchDev]

"France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers"

No, fuck law enforcement officers in this regard.

They exist to serve and protect the citizens, but all government agencies everywhere have forgotten this...

Good luck with that

[StikyPad]

France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices.

The only problem is that there is no such thing. Asking for government-only access to decryption is like asking for government-only access to perpetual motion, you know, in case we run out of power from other sources.

What's really happening

... the imperative of access for law enforcement officers ...

Between American corporations, American servers and the packet logging conducted in most countries, intelligence agencies already have all data sent to, or from, personal devices. Now France and it seems, the UK, are targeting your on-device backups and encrypted data. That may be great for finding 'The anarchists cookbook' or kiddie porn; (or planting it, since laws enabling invasive snooping tend to enable this too) but will add far more noise than capacity to enforce law and order. Recent terrorist actions around the world were achieved without the benefit of encryption: The police/intelligence departments can't operate the tools they already have but they're clamouring for more. Governments see total surveillance as a way of finding dissenters, traitors and terrorists with the push of a button.

The real question is: How will the corporations handle this? Will they offer a dumbed-down handset for countries banning true encryption, will they track encryption keys for every handset, or will they withdraw their products from countries building a police state? Since the law is merely the cost of doing business for a corporation, I doubt the last option will be chosen but I wish it will be.

Re:What's really happening

[netwiz]

I think you hit the nail on the head with your "planting it" comment. There's no available computer power to search all the data in realtime, only to sift through it after the fact. Thus, it becomes all about catching someone after the fact rather than catching them before something happens. With such a system ripe for abuse, it becomes trivial to invent a crime where none may have existed so as to dispose of "undesirables." It's already been mentioned somewhere that surveillance is reaching for ever-more encroaching levels, but to what extent? What does the government hope to achieve?

I think they've seen the writing on the wall, that sooner or later our shaky systems of finance and employment are on the verge of a massive correction in the form of a significant crash, and they're hoping that by enslaving us all they can ensure their survival in the face of a massive public uprising, but that's just between you, me, and the microphone-laden wall. It won't work, never has, and likely never will. All that this will ultimately succeed in doing is guaranteeing a much harder swing-back of the pendulum when things finally do let go.

Strong Encryption ???

Strong Encryption implies there are Weak Encryption options. Why would anybody ( even the French ) prefer Weak Encryption if Strong is available ? It's like asking for Cheap Fire Insurance that doesn't pay out in case of a fire.

fucking retarded mother fuckers

You cant fucking put encryption back in the fucking bottle

About as dumb as anything I have ever heard.

BAN CLOTHING

How about they ban clothing, everyone in France will be required to be NUDE as to not conceal explosives/weapons. Cause you know terrorist wear clothing!

Re:BAN CLOTHING

[zwarte+piet]

Explosives can also be carried in rectum or vagina. But otherwise as a nudist, I'm all for it.

The Article Is An Encrypted Message

From a radical nutrition group called Nutritionistas. The decoded message says "All fructose is metabolized by the liver as fat." They took a existing article and overlayed an encryption scheme. They vow never to give up the key, no matter how may politicians are bought by corporate interest. They will get their message out there.

Re:I'd rather have weak encryption..

I'm not going to waste a bunch of mods I made but would still like to explain to others what a dick you are re. Quran 2:223.
It specifically says your wives and orders these men to: take heed of your ultimate future; and fear God and know that you shall meet Him

The word or concept of rape is no-where mentioned.

Al in al you reason like an ISIS member.

--
Teun

This just in......

[JustAnotherOldGuy]

This just in......French Conservatives Push Law To Make Pi Equal to 3.0

Next up, French Conservatives Push Law To Make Kids Turn That Darn Music Down

French Conservatives Push Law To Stop People From Thinking Bad Thoughts

I'll tell you exactly what I think

[presidenteloco]

about this proposed French law.

d9gtj3ld9g73jgljtgud;4gh0y0jjokdgs.dd954kqfakva

Re:I'll tell you exactly what I think

[nytes]

Report to the Bastille, citizen.

conservatives?

"French conservatives"? The poster does not understand european politics. The farthest right in Europe they get is National Socialism there is simply no comparison to the American right wing. And of the American right wing, conservatism is the most left part of it... it is closer to progressivism than anything else because it still values the centralized government to achieve its goals. The American right wing - libertarianism and objectivism and anarchy - has nothing to do with the European or French right wing, which is still socialist and collectivist.

Re:I'd rather have weak encryption..

[unixisc]

A Muzzie w/ mod points! That explains it all

Re:laws are for Cows

But as he's posting as AC, he probably won't read the answers ? I don't get it.. What's the benefit for him for crapflooding ? Is it some kind of mental disorder ? Some kind of Tourette syndrome or something ?

Re: Security is only as strong as its weakest doo

In France it was the Vichy Régime. They still remember it fondly (nope!).

Once the payment systems make their case

[lsatenstein]

Once the payment systems make their case, the bill will die. And it will die when people get into encrypted databases because someone in the government allowed the key and knowledge to backdoors to become common knowledge.

This is not spam

[neminem]

Dear Business person ; We know you are interested in
receiving amazing news . We will comply with all removal
requests . This mail is being sent in compliance with
Senate bill 1623 , Title 3 , Section 305 ! Do NOT confuse
us with Internet scam artists . Why work for somebody
else when you can become rich within 26 months . Have
you ever noticed how long the line-ups are at bank
machines and the baby boomers are more demanding than
their parents . Well, now is your chance to capitalize
on this ! WE will help YOU turn your business into
an E-BUSINESS plus deliver goods right to the customer's
doorstep . You are guaranteed to succeed because we
take all the risk . But don't believe us ! Prof Ames
who resides in Alaska tried us and says "Now I'm rich,
Rich, RICH" ! We assure you that we operate within
all applicable laws . We implore you - act now ! Sign
up a friend and your friend will be rich too . Thanks
. Dear Cybercitizen ; This letter was specially selected
to be sent to you ! We will comply with all removal
requests . This mail is being sent in compliance with
Senate bill 2416 , Title 9 ; Section 305 . This is
a ligitimate business proposal . Why work for somebody
else when you can become rich as few as 30 weeks .
Have you ever noticed nobody is getting any younger
and more people than ever are surfing the web ! Well,
now is your chance to capitalize on this ! WE will
help YOU turn your business into an E-BUSINESS and
increase customer response by 130% ! The best thing
about our system is that it is absolutely risk free
for you ! But don't believe us . Ms Ames of South Dakota
tried us and says "I was skeptical but it worked for
me" ! We are licensed to operate in all states ! You
have no reason not to act now . Sign up a friend and
you get half off . Thanks . Dear Cybercitizen , Thank-you
for your interest in our publication . If you no longer
wish to receive our publications simply reply with
a Subject: of "REMOVE" and you will immediately be
removed from our mailing list . This mail is being
sent in compliance with Senate bill 2616 ; Title 8
, Section 301 ! Do NOT confuse us with Internet scam
artists ! Why work for somebody else when you can become
rich inside 62 months . Have you ever noticed how long
the line-ups are at bank machines and nobody is getting
any younger ! Well, now is your chance to capitalize
on this . WE will help YOU deliver goods right to the
customer's doorstep and sell more . You can begin at
absolutely no cost to you ! But don't believe us !
Mrs Jones who resides in Washington tried us and says
"I was skeptical but it worked for me" ! This offer
is 100% legal . For the sake of your family order now
! Sign up a friend and you get half off ! Thank-you
for your serious consideration of our offer ! Dear
Friend ; Especially for you - this red-hot intelligence
! We will comply with all removal requests . This mail
is being sent in compliance with Senate bill 1624 ,
Title 4 , Section 307 ! This is NOT unsolicited bulk
mail . Why work for somebody else when you can become
rich as few as 72 WEEKS ! Have you ever noticed nobody
is getting any younger plus nobody is getting any younger
. Well, now is your chance to capitalize on this .
We will help you deliver goods right to the customer's
doorstep & use credit cards on your website ! You can
begin at absolutely no cost to you ! But don't believe
us . Prof Jones of Alaska tried us and says "My only
problem now is where to park all my cars" . We are
licensed to operate in all states ! Don't delay - order
today . Sign up a friend and you get half off ! Thank-you
for your serious consideration of our offer ! Dear
Decision maker ; Especially for you - this amazing
news ! If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our mailing list . This
mail is being

Re: Security is only as strong as its weakest doo

[matbury]

Comparing a modern, (relatively) liberal democracy like the USA to the genocidal Nazi fascist regime isn't Godwin's law?