French Bill Carries 5-Year Jail Sentence For Company Refusals To Decrypt Data For Police

Patrick O'Neill writes: Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports. The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail. M. Pierre Lellouche, a French Republican, singled out American encryption in particular. "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals."

No. 1 problem

Well the primary problem with this is how are they going to put a company in prison for two years?

Re:No. 1 problem

[Tablizer]

Are you saying corporations are NOT people? Blasphemy!
- Mitt

Re:No. 1 problem

[Sperbels]

They'll hire someone to serve the time for them.

Re:No. 1 problem

[stealth_finger]

I'm just waiting for the long line of snooty Europeans to tell me that this proves that Europe cares about privacy, and Americans have no rights.

It does because reasons.

So just hand them encrypted data

[ArmoredDragon]

If they want access to encrypted data, just give it to them. If they need it decrypted, that's their problem.

Re:So just hand them encrypted data

[Worchaa]

Great point-- give 'em total access to the encrypted data same as the FBI. If they have a problem with it, let the French take it up in US Courts. And let them pound sand for good measure in the process.

If this causes Apple-- and other device manufacturers-- headaches selling in France, then so be it.

Fair is fair. I personally applaud Apple for saying NO to unreasonable search and intrusion as an American citizen in US residence, even though it might likely bite them in the ass and cost them business. I hope the current legal debate works out in favor of privacy and the 4th Amendment in the US. If other countries have different laws, they are certainly entitled to enforce them within their borders. They can start by requiring all smart phones to be government issued Android: open source OS, they can craft and force all of the world's top hardware makers-- save one-- to run their preferred system. No snark intended, I am quite serious.

I'd love to see strong encryption become the norm in the industry-- I'm bothered, but not in fear of terrorism-- however each Nation can do what they want. I'll continue to enjoy being American and prefer living life with my Constitutional rights intact. If I'm killed by Terrorists with an iPhone then fuck those guys and may they roast... but I'm quite certain that I prefer to live out my time without government imposed FUD and nibshit LEOs whining that they cannot do their job without Orwellian access.

Expedient "justice" does not equal higher quality of life.

Re:So just hand them encrypted data

[tlhIngan]

NaÃve. More and more "telemetry" is built-in in Apple operating systems, making user spying "legitimate". The iDevices constantly call the mother ship and "backup" your data on the iCloud. The iDevices are running proprietary software so random hacker cannot really tell what it does (are the camera/microphone on? you're sure?).

Maybe you can prevent some of this data leak with a complex set of fine-tuned firewall rules, ensuring you never use anything else than WiFi you control. You'll be one in a million. At the end of the day, the phone's filesystem is encrypted, but who cares if most/all of the sensitive data already has escaped away from it?

Actually, you can turn off all the telemetry in iOS quite easily - there's lots of options to send exactly what you want back to Apple, or not.

And iCloud backups are optional - Apple will set it if you set it up without iTunes so you, the user ALWAYS have a backup. Because if you forget the PIN or need to replace the phone, Apple may try to transfer the data, but if they can't, they can only restore a backup.

If you forget your PIN, Apple will reset the phone back to factory, and help you restore your iCloud backup. If the phone is damaged and data can't be acccessed, Apple will restore from backup.

So if you don't use iTunes, iOS will use iCloud to backup because there are plenty of situations where you can lose all your data.

If you use iTunes, iCloud backups are off by default because it's assumed you want to backup your device via iTunes (which works over WiFi as well). And if you back up to an encrypted iTunes backup, it's even better.

iCloud backups cover basically application data and data like photos and such. iOS will not backup authentication information like passwords and account information to iCloud - Apple has said they do not want that information, and by not backing it up, it means when Apple is forced to hand it over your data, what's not there is not there.

iTunes local backups will cover low-security authentication information like WiFi passwords and such. But the ultimate in comprehensive backups is the iTunes encrypted backup - because it's encrypted, iOS will back up everything including account and authentication information (email accounts and passwords, etc). But these are local backups that don't touch Apple's servers at all.

iOS has a lot of privacy options, and you can completely disable iCloud so iOS will not use it at all - it won't upload anything to it, it would backup to it, etc. The only real privacy leaks are apps, but even those have limited access - you can reset your ID code so app data cannot be linked to one specific device. And if you don't use iCloud, then the only thing Apple can hand over would be your purchase history.

How do you put a corporation in jail?

[BitterOak]

Who exactly goes to jail? The CEO? The CTO? The employees who supposedly know how to decrypt the data? How do you establish who has that ability? Suppose no one has that ability. Suppose the devices are designed so only the end user can decrypt the data. Do you jail the engineers who designed such devices? Do you jail the retailers who sold such devices? How does this work? How does the government prove a specific employee at a company has the ability to decrypt the data, or in the alternative, how do they prove which individual was responsible for creating a situation where the data can't be decrypted?

Re:How do you put a corporation in jail?

[Tablizer]

Who exactly goes to jail? The CEO? The CTO? The employees who supposedly know how to decrypt the data?

Jail em all and let God sort it out

Re:How do you put a corporation in jail?

[93+Escort+Wagon]

March 3, 2015 (Reuters) - The French Assemblée Nationale today issued instructions to Juge D'Instruction Claude d'Monet, ordering that he determine the being or beings responsible for the existence of the mathematics of encryption.

d'Monet subsequently issued a Warrant and Order to Appear to God, declaring that failure to appear by the 15th of March would result in a summary declaration of contempt, an order for His arrest, and possible forfeiture of the universe.

Police have attempted to serve this warrant at the Notre-Dame de Paris several times, but without success.

Re:How do you put a corporation in jail?

Man, France must be an awesome place to live. Their strict gun control guarantees that nobody ever gets shot there, and now this law will guarantee that they will be safe from terrorists and drug traffickers too!

And obviously their government is benevolent and never abuses its power.

I am so moving there.

Re:How do you put a corporation in jail?

[Anonymous+Brave+Guy]

That would be funnier if it weren't disturbingly close to the level of reality that a lot of laws relating to technology seem to be written at lately.

Re:How do you put a corporation in jail?

[mysidia]

Jail em all and let God sort it out

Bind their hands and legs and toss them in Lake Guerlédan.

The ones that drown were innocent..... those that manage to float or get to the surface are guilty, so lock them in prison for life and throw away the key.

arrogance

[Gravis+Zero]

It is unacceptable that the state loses any control over encryption

if you have such a hard-on for total control, you should NOT be part of any government.

Re:arrogance

Having such a hard-on for total control is the entire reason people get into government.

Close Up Shop

[headkase]

I would hope that corporations faced with these unreasonable demands simply close up shop in the country. Google CEO going to go to jail? Well, Google pulls out of France and has no presence. Good luck French people with your search queries. If a corporation caves to one country then it will just embolden then next country. Better to draw a line in the sand and tell them to fuck off.

Re:Close Up Shop

[ukoda]

It would be interesting to see who would actually stay. I'm with headkase on this one, I think the right response is to close up shop and pull all products for the shelves. I think even just Apple doing it, making the iPhone unavailable to purchase, would be enough to start a backlash against such a law.

It gets more interesting if the other major players join in and leave the country too. Anybody who stayed, like your suggestion of Microsoft, would be view with suspicion outside France as it would be assumed they are likely share anything with anyone and that could hurt sales elsewhere. Mind you Microsoft can hardly be worried about loosing market share with smartphones so maybe they would stay.

Re:The Solution is simple

[Sax+Russell+5449D29A]

Outlaw encryption entirely.

Although that is obviously an exaggerated statement of the ridiculousness of the current situation we're in, I'm afraid it might turn into reality soon. There will be audacious attempts at banning encryption, and they will be laughed out. Soon after this they'll "compromise" with government-mandated backdoors in most-used consumer products. Then we'll, of course, be wondering how the hell did we end up there.

We live dangerous times, people. Keep a tight grip of your privacy and take a moral stance against government control.

Re:not entirely wrong

[BitterOak]

here's the funny thing, he was the Ambassador to France from 1776 to 1785 and he couldn't talk any sense into them.

Ummm, that's not quite true. He did persuade them to help the Americans in their Revolution. Without that French help, we might be under the British encryption laws right now, which aren't really much better than the proposed French law!

It's not just encryption

[penguinoid]

They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists.

The same argument applies to cars, guns, knives, shoes... all used by drug traffickers, criminals, and terrorists. Knife companies should be required to install a failsafe so that the blades can be remotely deactivated at the government's request.

Open the door for criminals

[PeterM+from+Berkeley]

Without strong encryption in the hands of the people, criminals will be able to rob people blind, crack their bank accounts, use their credit cards.....

Governments need to get it through their head that there is no electronic lock that can keep criminals out if the Government can get in.

Re:not entirely wrong

[godrik]

Please, do not put all my fellowmen(and women) in the same basket. The quote comes from "a French Republican" not from a reasonable person!
"Les Republicains" are known to have a ridiculous police state slant. Because of them we did not have the equivalent of Miranda rights until recently. I am not sure that prosecution has to share police reports and investigative reports to the defense lawyer. And remember that in France, the defense can not really conduct its own investigation.

Really have to laugh at the pompous posturing.

[BarbaraHudson]

It is unacceptable that the state loses any control over encryption

News flash - the state hasn't had control of encryption for decades. Even the US classifying encryption as a munition didn't do it.

Cake and eating it.

[Midnight+Thunder]

Companies should ensure all software sold to the French government have backdoors or have encryption weak enough to be useless, which uh would mean the French government wouldn't want to buy their software!?

The above is trying to illustrate a contradictory scenario that in many ways may happen if companies try to follow the French law. Sure in the case of phones and communication it is intended at non-government parties, but where does that line cross?

The other issue as we have recently seen is that enties of national interest will just use their own tools and the result will be a law that only hurts "law abiding" citizens.

Proposal

[manu0601]

This is not a signed law, this is a proposal, from opposition. And even if it passes, it also need to pass in the senate.

Only a proposal

[Cley+Faye]

While this is alarming about the state of our legislators' technical knowledge, note that this is only a proposal by people that lack the voting power to make this become an actual law.
But I pretty much like the other comments stating that "if you want access to encrypted data, there, you get all the encrypted data you want". It might be a good idea to coin this idea to other members of parliament to see if they can change the wording to that.

Re:Well there you have it, straight up

[bill_mcgonigle]

Public freedoms are no longer permitted.

I think they're only saying that the public has no right to achieve privacy when their owners, errr, the government is concerned.

And really, if you had a herd of cattle holding secret meetings you'd want to know what's up too. They're probably not talking about how great your hay is.

And besides, the public agrees

Who else would provide the hay?

Encrypted Elephants

[grasshoppa]

So I'll be the asshole who states the obvious...

So let's pretend all companies, everywhere, comply with decryption requests. What do you think happens next?

It doesn't take rocket science to realize that the next step...the very next step..is for the "bad guys" to go off and roll their own encryption, based on very well known standards.. And then..you're right back where you started.

So, to the organizations who are fighting this, I say; let it happen. You have virtually nothing to loose. And, next week, when you are asked to decrypt something that you don't have any ability to, you can justifiably laugh in their fucking faces for being so fucking worthless.

Re:It matters. Justice Breyer "The Court & the

[tsotha]

Breyer's view on international standards for US law is considered a fringe view.

Re:It matters. Justice Breyer "The Court & the

[Aighearach]

If you accurately represented his opinion, it would indeed be shocking.

Since you didn't, it is called a "straw man."

There is nothing at all fringe about the idea that European law is connected to American law; indeed, English Common Law was adopted from the start. The earliest legal document that gets cited in US law is the Magna Carta; look it up if you think that was an American document. ;) The reality is that the Constitution bans "cruel and unusual" punishment, which is and always was based on the current culture. It is perfectly reasonable to look to what is considered "cruel" and "unusual" by our formal allies, especially those ones who share certain parts of common law with us. If you read the Declaration of Independence, you know that the Framers of the Constitution did indeed care about European recognition of the United States as being a valid legal entity.

You extract his position on a specific and detailed debate, and convert it to a poorly generalized argument that is easily attacked. That is one floppy straw man.

Maybe someday you'll care about the things you choose to talk about enough to actually read his book for yourself.

Re:Fuck French Government

[AlterEager]

Look, I know this is slashdot, so what I'm proposing may seem radical, but RTFA.

The new proposal echoes a bill from January 2016 that would have mandated “backdoors” into encryption in France. That backdoor bill, championed by Conservatives in the French legislature, was defeated and criticized by the current government of Prime Minister Manuel Valls.

The new punitive legislation, which is also being criticized by the Valls government, is an amendment to a larger penal reform bill. Like its predecessor, it's unclear that this amendment will make it through to law.

This is an amendment proposed by "Les Republicans", the opposition party, and will be rejected by the majority socialist group in the assembly. The government is against this amendment.

Who is the fool who should be fucked?

Re:It matters. Justice Breyer "The Court & the

[AthanasiusKircher]

If you accurately represented his opinion, it would indeed be shocking.

Since you didn't, it is called a "straw man."

Actually, while GP is being a bit hyperbolic, I think the argument would more accurately be called a "slippery slope" type, rather than a straw man. GP may overestimate how far Breyer is willing to go, but your post underestimates the radical shift in judicial philosophy that is occurring.

There is nothing at all fringe about the idea that European law is connected to American law; indeed, English Common Law was adopted from the start. The earliest legal document that gets cited in US law is the Magna Carta; look it up if you think that was an American document. ;)

And it is you who seemingly misunderstands the issue here. Yes, English Common Law was adopted because it was already in practice. The very definition of Common Law is that matters beyond the written Constitution are frequently resolved by citing relevant court precedent (which is often important, since the law never covers all cases explicitly).

The early US really had no choice here if they wanted to retain a Common Law system. Previously, the Colonies had been governed by English Common Law, and lawyers here had been trained in that system and would cite those cases as precedent (which were themselves often built on English cases). To simply erase all of that history after the US declared independence would be to put a huge amount of cases in legal "limbo" where judges could effectively rule whatever they wanted to with no governing precedent.

So, the citation of earlier English law was required to maintain continuity in the early US. And the very concept of Common Law allows citation of predecessors, whether native law or not. Thus, the Magna Carta may be one of the earliest legal documents that gets cited (and not as often as most legislators seem to think -- there are only one or two concepts there that still have direct import on modern law, and contrary to what you imply, that document is NOT directly binding on US law; it's mostly relevant in the precedents it has created). But English law derived some concepts in turn from medieval French law. And medieval French law in turn inherited concepts from ancient Roman law.

And there are still legal concepts dating back to Roman law which get cited in cases, if not actual documents.

The point is that these are all HISTORICAL citations from systems that are the DIRECT ANCESTORS of our own legal system. That's basically how Common Law works in finding previous precedent and concepts codified in previous rulings.

The reality is that the Constitution bans "cruel and unusual" punishment, which is and always was based on the current culture.

Yes, and the notion is traditionally based on COMMUNITY standards. This goes for a number of legal issues, such as the idea of pornography/obscenity, where we think of Justice Potter Stewart's classic line, "I know it when I see it."

In the case of pornography and "cruel punishment," standards do change, but in previous law the idea was to look at COMMUNITY standards, whether local or for the nation as a whole. Citation of other countries' ideas would generally be confined to historical precedents.

It is perfectly reasonable to look to what is considered "cruel" and "unusual" by our formal allies, especially those ones who share certain parts of common law with us.

I agree it's "perfectly reasonable." But it isn't standard practice in US law (or rather, it hasn't generally been, until it started in recent years). The much more common citation of Common Law in other countries would be to look at historical cases dating before the US. The other time courts would occasionally look to other nations would be to resolve a NOVEL issue for which precedent did not exist yet in the US.

That's an entirely different