Slashdot Mirror
French Bill Carries 5-Year Jail Sentence For Company Refusals To Decrypt Data For Police (dailydot.com)
Patrick O'Neill writes: Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports. The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail. M. Pierre Lellouche, a French Republican, singled out American encryption in particular. "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals."
Well the primary problem with this is how are they going to put a company in prison for two years?
carries a 5-year old to jail for the Crypt-Keeper? lost in translation, much?
Fuck those fools
If they want access to encrypted data, just give it to them. If they need it decrypted, that's their problem.
Who exactly goes to jail? The CEO? The CTO? The employees who supposedly know how to decrypt the data? How do you establish who has that ability? Suppose no one has that ability. Suppose the devices are designed so only the end user can decrypt the data. Do you jail the engineers who designed such devices? Do you jail the retailers who sold such devices? How does this work? How does the government prove a specific employee at a company has the ability to decrypt the data, or in the alternative, how do they prove which individual was responsible for creating a situation where the data can't be decrypted?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
It is unacceptable that the state loses any control over encryption
if you have such a hard-on for total control, you should NOT be part of any government.
Anons need not reply. Questions end with a question mark.
Outlaw encryption entirely. All data is to be public. Because, after all, some of us might be bad, so everyone has to suffer. Just go ahead and put your credit card numbers out on Facebook.
These are the same people that used to make all encryption illegal until they realized that meant they couldn't buy anything from Amazon. I recommend they just go back to that approach, and then they can arrest everyone who shops. I'm sure that will catch at least one terrorist!
I would hope that corporations faced with these unreasonable demands simply close up shop in the country. Google CEO going to go to jail? Well, Google pulls out of France and has no presence. Good luck French people with your search queries. If a corporation caves to one country then it will just embolden then next country. Better to draw a line in the sand and tell them to fuck off.
Shh.
Public freedoms are no longer permitted. The state must prevail at all costs. And besides, the public agrees
“He’s not deformed, he’s just drunk!”
a French Republican, singled out American encryption in particular. "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists.
hmm... that reminds me of something a fellow American said,
"Those who give up their liberty for more security neither deserve liberty nor security." - Benjamin Franklin
here's the funny thing, he was the Ambassador to France from 1776 to 1785 and he couldn't talk any sense into them.
Anons need not reply. Questions end with a question mark.
See friend, this is where you went wrong. You never had any control over encryption to lose.
Mathematics are sometimes an inconvenient thing to governments.
It's not like they are going to be able to control this. Neither will the US government. People will find ways and the math is out there. They're trying to legislate against math. Kind of like making gravity illegal "if you don't float up here right now you're going to jail..."
In the long term, what will be more important is how Sharia law treats encryption - I mean, after the "refugees" rape all their mothers and sisters senseless and replace the native population in three generations.
They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists.
The same argument applies to cars, guns, knives, shoes... all used by drug traffickers, criminals, and terrorists. Knife companies should be required to install a failsafe so that the blades can be remotely deactivated at the government's request.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Without strong encryption in the hands of the people, criminals will be able to rob people blind, crack their bank accounts, use their credit cards.....
Governments need to get it through their head that there is no electronic lock that can keep criminals out if the Government can get in.
The fundamental thing to remember is that politicians and government employees are often extremely ignorant about technology, yet they think they can make decisions about technology.
It is unacceptable that the state loses any control over encryption
News flash - the state hasn't had control of encryption for decades. Even the US classifying encryption as a munition didn't do it.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Straight up his worthless frog ass.
What happens in France matters in the rest of the world. Obviously we're seeing more and more references to "Europe" and "European law" as the continent becomes more and more like a single country. Less obvious, perhaps, is the effect on American law.
Supreme Court Justice Stephen Breyer's book is called The Court and the World. His central thesis is that the US Supreme Court should make decisions about the Constitutionally of US law by consulting foreign law, particularly laws of Europe. If European countries don't have capital punishment, it must be very bad and therefore unconstitutional, he wrote in one US Supreme Court opinion. If France outlaws encryption, it's okay for the US to do the same, according to Justice Breyer's philosophy. What happens in Europe matters, everywhere.
Companies should ensure all software sold to the French government have backdoors or have encryption weak enough to be useless, which uh would mean the French government wouldn't want to buy their software!?
The above is trying to illustrate a contradictory scenario that in many ways may happen if companies try to follow the French law. Sure in the case of phones and communication it is intended at non-government parties, but where does that line cross?
The other issue as we have recently seen is that enties of national interest will just use their own tools and the result will be a law that only hurts "law abiding" citizens.
Jumpstart the tartan drive.
I am french.
Okay, this article makes no sense.
Yes a new law on the topic was passed, but they are supposed to be 'progressists'. You know socialists.
The guy quoted is from another government from years ago (Pierre Lellouche) a conservative indeed with not much more credibility than a suits (a lot in France).
Yes, the legal archive seems seem legit.
But everything put together makes no sense.
I cannot even find a link to the company targeted and the supposed infraction. I clicked everywhere. Point me to where is it if I missed, else agree with me it is OMGWTFBBQ like.
You jail a CEO for a legislature's inability to understand how math works?
Cryptography isn't about knowing "the algorithm" as in the movies. Nor is it about finding the people who know the right secret trick. When done right, crypto is about being the party holding a particular piece of data, to an incredibly (almost laughably) high degree of certainty.
We jail a CEO for not being able to make P=NP?
FTA: "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers...". So, encryption is mood-altering and addictive? Sheesh!
This is not a signed law, this is a proposal, from opposition. And even if it passes, it also need to pass in the senate.
The real basis for this proposed law has nothing to do with encryption or drug trafficking or child molesting. It has everything to do with anti-americanism. He even says as much - it's about keeping US companies from having any influence in Europe.
While this is alarming about the state of our legislators' technical knowledge, note that this is only a proposal by people that lack the voting power to make this become an actual law.
But I pretty much like the other comments stating that "if you want access to encrypted data, there, you get all the encrypted data you want". It might be a good idea to coin this idea to other members of parliament to see if they can change the wording to that.
tl;dr: Republicans are terrible no matter where in the world they are.
Have gnu, will travel.
Republicans are terrible no matter where in the world they are.
You do realize that President Barrack Obama and his Attorney General are Democrats, very liberal Democrats at that, and that they control the FBI that is currently pushing Apple to comply and proposing that Congress pass legislation to require compliance?
So I'll be the asshole who states the obvious...
So let's pretend all companies, everywhere, comply with decryption requests. What do you think happens next?
It doesn't take rocket science to realize that the next step...the very next step..is for the "bad guys" to go off and roll their own encryption, based on very well known standards.. And then..you're right back where you started.
So, to the organizations who are fighting this, I say; let it happen. You have virtually nothing to loose. And, next week, when you are asked to decrypt something that you don't have any ability to, you can justifiably laugh in their fucking faces for being so fucking worthless.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Breyer's view on international standards for US law is considered a fringe view.
Nothing wrong with considering other countries court decisions when considering Constitutional issues. I know the the Canadian Supreme court has cited the American Supreme Court in decisions, though of course they are not bound by them.
Things like cruel and unusual punishment are open to interpretation and I'm sure our Supreme Court would consider capital punishment to be cruel and unusual, though it was originally banned due to the will of the people, at this point it is unusual punishment, mostly done by extreme religious states and other types of authoritarian states.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
A computer system or phone is only secure if it is secure against adversaries with full access to source code and code signing keys.
"You jail the recalcitrant CEO. Short of that you jail the highest ranked company official in teh country. Simple."
And what army gets the dastardly execs from Cupertino to Paris?
Start building those French gulags, France, because you're gonna need them.
France stinks.
So if you make an encryption scheme where the end user has a password, and then the government comes along and insists that you encrypt it. You don't refuse, but after a week or two you find you are unsuccessful. Then? Do you get paid for your efforts? If you set up a brute force analysis that takes 30 years, does the government still get grumpy? You didn't refuse, and there is no easier way that you know of. The whole thing is just stupid. They want the information, they have experts in cryptography and also infrastructure, and funding.
Seriously, Maybe we should boycott their Olympics.
If you accurately represented his opinion, it would indeed be shocking.
Since you didn't, it is called a "straw man."
There is nothing at all fringe about the idea that European law is connected to American law; indeed, English Common Law was adopted from the start. The earliest legal document that gets cited in US law is the Magna Carta; look it up if you think that was an American document. ;) The reality is that the Constitution bans "cruel and unusual" punishment, which is and always was based on the current culture. It is perfectly reasonable to look to what is considered "cruel" and "unusual" by our formal allies, especially those ones who share certain parts of common law with us. If you read the Declaration of Independence, you know that the Framers of the Constitution did indeed care about European recognition of the United States as being a valid legal entity.
You extract his position on a specific and detailed debate, and convert it to a poorly generalized argument that is easily attacked. That is one floppy straw man.
Maybe someday you'll care about the things you choose to talk about enough to actually read his book for yourself.
Employees of companies in France that refuse to decrypt data ...
How are the employees going to know the key generated for a particular user? This is a sneaky way of enforcing an escrow mechanism upon the manufacturers.
Which terrorists? The last 3 cells in France didn't use encryption and the authorities still couldn't find them. Banning encryption won't remove their incompetence.
A bunch of old men pouring ink on paper isn't going to change the people who don't obey them anyway. This is a bunch of bored, rich white guys thinking they can legislate criminals into obedience.
I hear France is anti-corporation, and doubly so when it's an US corporation but that boat sailed a long time ago. It's time for hardware manufacturers to create a encryption business unit in a not-so-friendly country: It receives the encrypting key and for a fee, returns a signed binary as the decrypting module. The hardware uses the encrypting key to execute the decrypting module. When the police come knocking, the parent corporation can either claim a massive expense per phone (Yay, free-market capitalism!) or argue the foreign company is responsible for decrypting the phone.
The summary and title are wrong. The "bill" to punish smartphone suppliers that refuse or fail to decrypt data at the request of government is not law, it was merely an amendment to a project of law, and it was rejected in Parliament (12 against, 11 in favor) anyway. Don't editors double-check the stories before publishing them ?
To some extent it is about knowing the algorithm, if you want to try and brute force things.
What happens in France matters in the rest of the world.
What was the last thing that happened in France that mattered in the rest of the world? Terrorist attacks don't count.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
If you accurately represented his opinion, it would indeed be shocking.
Since you didn't, it is called a "straw man."
Actually, while GP is being a bit hyperbolic, I think the argument would more accurately be called a "slippery slope" type, rather than a straw man. GP may overestimate how far Breyer is willing to go, but your post underestimates the radical shift in judicial philosophy that is occurring.
There is nothing at all fringe about the idea that European law is connected to American law; indeed, English Common Law was adopted from the start. The earliest legal document that gets cited in US law is the Magna Carta; look it up if you think that was an American document. ;)
And it is you who seemingly misunderstands the issue here. Yes, English Common Law was adopted because it was already in practice. The very definition of Common Law is that matters beyond the written Constitution are frequently resolved by citing relevant court precedent (which is often important, since the law never covers all cases explicitly).
The early US really had no choice here if they wanted to retain a Common Law system. Previously, the Colonies had been governed by English Common Law, and lawyers here had been trained in that system and would cite those cases as precedent (which were themselves often built on English cases). To simply erase all of that history after the US declared independence would be to put a huge amount of cases in legal "limbo" where judges could effectively rule whatever they wanted to with no governing precedent.
So, the citation of earlier English law was required to maintain continuity in the early US. And the very concept of Common Law allows citation of predecessors, whether native law or not. Thus, the Magna Carta may be one of the earliest legal documents that gets cited (and not as often as most legislators seem to think -- there are only one or two concepts there that still have direct import on modern law, and contrary to what you imply, that document is NOT directly binding on US law; it's mostly relevant in the precedents it has created). But English law derived some concepts in turn from medieval French law. And medieval French law in turn inherited concepts from ancient Roman law.
And there are still legal concepts dating back to Roman law which get cited in cases, if not actual documents.
The point is that these are all HISTORICAL citations from systems that are the DIRECT ANCESTORS of our own legal system. That's basically how Common Law works in finding previous precedent and concepts codified in previous rulings.
The reality is that the Constitution bans "cruel and unusual" punishment, which is and always was based on the current culture.
Yes, and the notion is traditionally based on COMMUNITY standards. This goes for a number of legal issues, such as the idea of pornography/obscenity, where we think of Justice Potter Stewart's classic line, "I know it when I see it."
In the case of pornography and "cruel punishment," standards do change, but in previous law the idea was to look at COMMUNITY standards, whether local or for the nation as a whole. Citation of other countries' ideas would generally be confined to historical precedents.
It is perfectly reasonable to look to what is considered "cruel" and "unusual" by our formal allies, especially those ones who share certain parts of common law with us.
I agree it's "perfectly reasonable." But it isn't standard practice in US law (or rather, it hasn't generally been, until it started in recent years). The much more common citation of Common Law in other countries would be to look at historical cases dating before the US. The other time courts would occasionally look to other nations would be to resolve a NOVEL issue for which precedent did not exist yet in the US.
That's an entirely different
Can we just completely scrap encryption already? I'm excited to see all of the government secrets leak out into public, and all of the lives ruined by medical and financial records seeping out into the public. By the time these fucking morons see the problem, it'll be way too late. The unfortunate side is the number of innocent civilians that will be screwed over dry and hard.
The German invasion of France in May of 1940?
It's nice to know that stupidity is not exclusive to the US government.
Absolutely nothing will stop 3rd parties from developing their own encryption software layer.
What's next? Will Governments attempt to outlaw mathematics?
Companies will simply setup shop in encryption friendly countries and host your encrypted data for you. Now these governments are in an even worse scenario.
The data is not only encrypted, but it is also located in another jurisdiction.
The reply by AthanasiusKircher does a pretty good job of explaining why your reasoning is misguided, and frankly misleading. There's no need for me to repeat the facts laid out there. As to Justice Breyer's book, which explains his philosophy at length, you might want to read it before arguing about what it says.
Then there should be no problem in showing all your data. There should be 100% transparency from all these corporations. If they want freedom and democracy, show everything to the world.
So a cop walks into Tony's barber- shop and demands that Tony decrypt a phone. Tony has never owned or used a phone or touched a computer in his life. But if this law is actually worded the way it sounds old tony could be up the creek for five years. In essence, a law is only as good as its worst use or worst interpretation allows it to be used. This can also include what happens when laws are combined. For example, a law banning sleeping on public property, combined with a law outlawing sleeping on private property without permission equals, for a homeless person, a law that demands that they never sleep at all. We see this with people on the sex offenders list which disallows them living near schools and play- grounds. In some cities, that means that it is illegal for them to live anywhere. In south Florida, that often means that living under a bridge is the only legal place for them to live. And it contorts into something even worse. The offenders just lay down and go to sleep when they get tired. When the cops roust them they simply say they live under the bridge and just fell asleep while walking about. That means they sleep in your hedges or under your bush or trees. And since few homes have proper no trespassing signs they can only be warned not to sleep in that lawn again.
Viva la france viva la liberte
Well said. You seem to know a bit about law, yet I haven't noticed your nick in other legal threads. I shall have to start watching for your posts.
That is a lot of words for hand-waving and assertion.
The idea that it is a COMMUNITY[sic] standard is an opinion. That is one known view. Another, more common view is that it is based on society's standards. You just wave your hands about things that are subjective, and use a lot of words to look word-y. But your words don't even accurately distinguish between the subjective and objective.
In the end you agree that the position you argue against is perfectly reasonable; that was 100% of my point. I wasn't taking a position. See above. If you had comprehended my statement, you could have simply come in and helped defend Breyer for having an actual opinion that is reasonable. Who cares if you disagree? We're not debating a Constitutional Amendment, and the thing you're going on about is off topic; off the topic of the story, but also off the topic you responded to.
And shouting just causes me to only skim your words. It doesn't cause me to believe you're extra knowledgeable because you shouted the keywords. Just assume that everybody on slashdot can identify keywords. You're new, but you're not new enough not to know that.
I don't think I'll ever understand why some people, apparently including yourself, have some random guess about what might be, based on no evidence whatsoever, then fervently believe it and argue to defend it. If you bothered to read even the first few pages of the book, you'd have an idea of what his thesis is. Instead, for some reason I'll never understand, you've randomly come up with some guess as to what his book may be about, and you're committed to arguing that.
You asked that I state explicitly what it is you said that's misleading (or in this case utterly false). Here's one:
> You extract his position on a specific and detailed debate, and convert it to a poorly generalized argument that is easily attacked.
No, his book is NOT about the death penalty. In fact, only a few pages cover that case. It's NOT one specific debate. As the title suggests, his book is about the influence of global views on Supreme Court decisions and vice versa. As another commenter here stated, his view, his philosophy, is radically different from what the court has always done in the past.
You then (intentionally? unknowingly? ) conflate precedent (PRE-cedent, what came before) with Breyer's radical philosophy of deciding US Constitutional law based on current popular opinion in Europe and around the world. These aren't the same thing at all.
If you read Roe v. Wade, for example, you'll see a long discussion of the history of abortion law in England before the US, in medieval Europe, and in ancient legal codes. All of those would be considered part of the chain of precedent that the US Common Law inherited. What you will NOT see is a survey of CURRENT international laws on abortion in that case, since citation of other countries' laws to overturn US law would have been against the basic principles of US legal precedent.
But Breyer has asserted that we should do so in some cases. I actually agree that it may be a good idea to take that into account in some cases, since we are increasingly living in a global community, and thus "community standards" are no longer possible in a strict isolationist sense.
The "local community standards" view has never been a legitimate one. We know from his original text of the Bill of Rights that James Madison fully intended it to supersede local and state authority - indeed he considered this the most important aspect of the document. Religious nuts do not get to impose their views on others, even if they are a majority of a local community. The wording of the 1st Amendment was changed during the ratification process, but by making the 1st Amendment explicitly only apply to Congress (possibly at the request of the slave states, to allow them to suppress dissent); however, the application of the others (such as the 9th) to state and local government follows as a matter of ethical practice of law. Indeed, this is the only thing that makes the actions of the federal government with respect to the Civil War somewhat legitimate.
In short, fundamental rights may be inferred from the practices of other nations (including their laws), and then automatically come into play within US law as a result of the existence of the 9th Amendment. For example, the multi-decade Civil Rights movement in Britain that finally led to recognition of the "right to roam" clearly and conclusively shows that such as right is a basic human right, and hence protected under the 9th Amendment. Of course, that right isn't just a right in British law, many societies have had it in one form or another, going back centuries.
That, in turn, invalidates US property law. and many of the legal actions taken to uphold that law, including many arrests and convictions involving trespassing: people have a right to roam over large tracts of land (and down waterways) as long as they follow some reasonable rules: stay reasonably far away from homes, don't litter, don't stay overnight, and so forth.
In general, posting land as "no trespassing", or fencing it off, is thus invalid unless the circumstances are reasonable (such as fencing off a power or water station, or an agricultural area). Probably some special rules would have to be evolved to handle the gated community issue (but that doesn't necessarily pose a problem in those cases where the communities are only fenced close to homes or other structures where having fencing would be reasonable).
US property law in its current form can be considered to result from ethical conflicts of interest on the part of the legal profession that were carried over from English law (where large landowners were major employers of legal professionals - land being wealth in those days - creating a conflict of interest with respect to how the law was written), and hence recognition of the right to roam also improves the ethical character of the law - a small step in a very large task that is long overdue.
Indeed, the right to ethical practice of law is one of the reasons the system of appeal to precedent is often invalid in practice (no matter how nice it might seem in theory) - the public has a right to engage in reasonable conduct, and having to wade through a host of precedents to understand what is reasonable creates an artificial demand for the services of legal professionals, certainly an unethical state of affairs. The letter written to threaten the Onion
extradition treaty
Good heavens.
So basically, in the 1700s, the law was forked, and Justice Breyer is suggesting we might want to merge in the upstream changes?
You jail a CEO for a legislature's inability to understand how math works?
Cryptography isn't about knowing "the algorithm" as in the movies. Nor is it about finding the people who know the right secret trick. When done right, crypto is about being the party holding a particular piece of data, to an incredibly (almost laughably) high degree of certainty.
We jail a CEO for not being able to make P=NP?
That's... not quite what the law requires. It doesn't mandate that a company crack uncrackable encryption. It just makes it illegal to distribute devices with uncrackable encryption, that any encryption must include backdoors, so that companies are not allowed to distribute devices which law enforcement agencies can't inspect.
If this were actually successful (and I doubt this thing will pass), it could signify a return of the early-90s encryption export rules, where the same product (IE, Netscape) would have different encryption routines built-in depending on its destination. Back then, Netscape had strong encryption for US use, weak encryption for versions that were allowed internationally, but since getting the Netscape version with strong encryption was kindof a PITA, most people just used the version with weak keys.