French Conservatives Push Law To Ban Strong Encryption

Patrick O'Neill writes: The French parliament this week will examine a bill that would require tech manufacturers of computers, phones, and tablets to build backdoors into any encryption on the device. The anti-encryption bill is being presented by 18 conservative members of the National Assembly as part of a large "Digital Republic" bill. According to the article, The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces. "France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices," the legislation reads, according to a translation by Khalil Sehnaoui, a Middle-East security specialist and founder of Krypton Security. "The goal is to avoid that individual encryption systems delay the advancement of an investigation."

Security is only as strong as its weakest door

[Elfich47]

It doesn't matter if the wall you build is thirty feet high and six men can walk abreast if you can kick in a door. The weakest part of a wall is always the gates and these kinds of bills are trying to require extra doors with standardized locks are used. No way this can be abused.

Re:Security is only as strong as its weakest door

[Racemaniac]

I was thinking: sounds like a fair law, if then the state/police is fully responsible if their backdoor becomes public, and can be abused by others :). But then i think they'd not risk it, because they know the won't be able to keep their backdoor secret, and don't want to face the consequences :).

Will likely not pass

[Kilobug]

Please note that the conservatives don't have a majority in the Assemblée Nationale, so this law will likely not pass, at least under its current form. But it's also true that PS hasn't been the strongest defender of privacy and personal freedom, they did a few nasty things in the wake of the terror attacks of last year, so who knows exactly what will happen...

Re:Will likely not pass

Then the French government outlaws the use of OpenBSD and the like. If during an investigation they find the offending software on your machines, you get an automated 10 years sentence. You can avoid this by revealing the encryption keys, with cumulative 5 years sentences for every key and every time you refuse. Is Theo de Raadt living anywhere in the EU? Then he can be arrested and brought to France to stand trial for aiding and abetting terrorists. You cannot solve a political issue through technology because the overwhelming power of the State wins every time.

Re:Will likely not pass

[Opportunist]

You are aware that the Frenchies actually used the US as the blueprint here, yes?

I mean, did you really expect them to come up with such a masterplan all by themselves?

Funny, phoney war on encryption

You know who else don't like strong encryption? The terrorists.

You have to admit that the terrorists have already won. They've pwn your asses so completely that you're stabbing your own liberty like crazy.

Because

[JasterBobaMereel]

The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

Re:Because

[sociocapitalist]

The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

This has nothing to do with terrorism. Terrorism is a fear keyword the politicians will use to get what they want in place.

They know not what they do

[stinerman]

The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces.

While water is great at quenching thirst, it also can kill a person if drawn into their lungs. Therefore, we demand that bottled water manufacturers make their water such that it can no longer drown someone.

What about one-time pads?

[ickleberry]

WIll those be banned?

Re:laws are for Cows

[U2xhc2hkb3QgU3Vja3M]

We used to have these very informative posts about HOSTS files, sometimes more than once per thread.

This only deals with hardware-based encryption

[vikingpower]

With software encryption, you'll still be able to do what you want.

Re: This only deals with hardware-based encryption

[Z00L00K]

And with a pre-arranged language like the Navaho Codetalkers it doesn't matter if someone listens in, it's futile to decode for someone not knowing the language and context.

Re:Innocent until proven Guilty

[EzInKy]

No, you are exactly wrong. Hindering prosecution is already against the law. By inhibiting the State's ability to examine encrypted evidence you are preventing them from proving your innocence.

Dear France:

[seven+of+five]

Yes, please be the guinea pig and backdoor your encryption. Then when your banking system collapses because some idiot leaked the keys, maybe it'll light a lightbulb in governments elsewhere.

Re:Dear France:

[GlennC]

Yes, please be the guinea pig and backdoor your encryption. Then when your banking system collapses because some idiot leaked the keys, maybe it'll light a lightbulb in governments elsewhere.

I'm afraid that you're giving other governments too much credit.

They'd look at France's failure as one of implementation, not of concept.

Yeah, defeating terrorists

[Blaskowicz]

You know what, if you want to defeat terrorists, try to not provide them with weapons and political support for a start.
We got these blow back attacks because France has supported terrorism as a geopolitical weapon against Syria, among other state sponsors of terrorism such as Saudi Arabia, Qatar, Turkey and the US.
So don't support terrorism and let Syria defend itself if you don't want terrorism.

Re: Security is only as strong as its weakest doo

[Corwyn_123]

Might as well bring back Nazi Germany too.

When you make strong encrytion criminal..

[kheldan]

..then only criminals will have strong encryption. Why can't idiot politicians see this!? Legislation like this will do ABSOULUTELY NOTHING to prevent terrorism, it will only curb freedom of speech and the real security of honest, law-abiding, non-terrorist citizens!

Re: That is Le Pew

[Eunuchswear]

The point is moot because the French president obtained special powers after the attack in Paris until February to enact pretty much any anti-terrorism legislation.

No he didn't.

The state of emergency allows a certain number of police actions to be done on order of a "prefet" (an administrator) rather than a judge:

1. Banning of public gatherings.
2. Search warrants.
3. House arrest.

It lasts 3 months (so its nearly over).

Thats it. Nothing more, no power to pass legislation.

Genesis

[Impy+the+Impiuos+Imp]

There are people still alive in France who remember European governments that would have used this to spy on political opponents, and track and kill them. One still exists, reborn from a brief democratic interlude.

One should look in the long term and deny government certain powers out of principle. We have lots of evidence of historical democracies disappearing because they needed to have emergency powers (Rome, Greece, 1930s Germany) and zero evidence for long-term survival of them.

Re: That is Le Pew

[N1AK]

Grandparent falsely claims the French President has been given powers due to a terrorist attack and is modded +4 informative.

Parent explains how that is not the case, with sufficient information for anyone to check it and is left at +1.

User moderation at its finest :( it's only informative if it's what you want to hear...

Jumped the Shark

[bravecanadian]

Why is it that "conservatives" in so many countries have completely lost their minds?

Re:Jumped the Shark

[tnk1]

They haven't lost their minds. Playing to fear is a standard political tactic. It gets votes. Why wouldn't they use it? They'd be stupid not to.

Oh, you mean that it is counterproductive and causes more problems than it solves? Well I'm sure that they believe that once they are in power, it will be temporary.

Re:How can this be enforced?

[vux984]

Preventing hardware manufacturers from building strong encryption into their products accomplishes nothing.

False. It makes strong encryption off by default. So that instead just working out of the box, people have to decide to encrypt something, and go out of there way to locate and use tools to encrypt something; and deal with the hoops and hassles because its not baked in.

That accomplishes *something* pretty significant.

What this does is expose normal users to security risks, while *doing nothing to prevent any determined user to encrypt whatever the hell they want*

Swing and a miss. You are absolutely right to say that normal users are vulnerable and that determined savvy users will encrypt whatever they want.

Your unspoken assumption that terrorists and criminals are in the "determined users" category, however, is false.

Criminals and terrorists ARE mostly so-called "normal users". The vast majority of them aren't tech savvy super villains. Many of them (most of them!) aren't going to take the extra step of encrypting their communications. The recent attacks in france are a case in point -- they used good old fashioned un-encrypted SMS messages to coordinate.