French Parliament Votes For Law That Would Put Tech Execs In Jail If They Don't Decrypt Data

from the goodbye-computer-security-in-france dept

Okay, this is just getting silly now. A bunch of reactionary French politicians have voted to put tech execs in jail if they refuse to decrypt data for criminal investigations:
The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine.

Telecoms operating companies would be liable to lesser penalties but would still face up to two years in jail.
Of course, this comes at the same time that basically the entire tech industry is rallying in support of Apple's stance of refusing to hack into its own systems to remove security features and make it easier to decrypt data. And it's coming right as the world was ridiculing Brazil for arresting (and then releasing) a Facebook exec for refusing to hand over data from subsidiary Whatsapp.

This kind of move is so stupid on so many levels that it defies any kind of logic. It's bad for security, because weak encryption puts us all at much greater risk than the threat of terrorists or criminals using encryption (in part, because this kind of thing won't stop them from using secure encryption, and in part because those threats are very low probability risks). It's also bad for the economy, because you've just given a ton of important tech companies every reason in the world to no longer operate in France due to such a ridiculous law that may put execs in jail. It's bad for the public in that it will mean less secure services and devices that put them at risk, while also potentially cutting off more innovative and useful products and services.

This is the kind of kneejerk reaction from people who are too ignorant and too scared to understand the actual technology and the actual issues at stake. Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, criminal, encryption, execs, france, jail


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 7 Mar 2016 @ 5:09am

    Mandatory 'Golden Keys' with one law

    Bad for security.

    Bad for the economy.

    Bad for the public.

    One guess as to who benefits from such a law. Figure that out and you figure out the most likely source of the push for it.

    If there's a hefty fine and jail time in the wings for refusal to hand over decrypted data, then it becomes effectively legally impossible to offer security that a company cannot break themselves if ordered to do so, which means that no matter how far the tech advances, there will always be at least one glaring vulnerability in the security employed and the products sold in any country with a law like this.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 8:02am

      Re: Mandatory 'Golden Keys' with one law

      It'll be like the secret sauce scene in Fast Times at Ridgemont High, except with companies knowing each other's security vulnerabilities and neither being able to legally close them.




      Brad: Okay, here's your preparation stuff. You got your sliced tomatoes, shredded lettuce, secret sauce.

      Guy: What's the secret sauce?

      Brad: Thousand Island dressing. What's the secret sauce at Bronco Burger?

      Guy: Ketchup and mayonnaise.




      And that will become:

      Joe: What's Microsoft's vulnerability?

      Andy: It's [insert tech jargon here that I can't fake here]. What's Apple's vulnerability?

      Joe: It's [insert more tech jargon I can't fake here].

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 6:32am

    One ring to rule them all.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 6:40am

    Why do citizens in these continue to allow ignorant scared people to make such blatantly bad rules?

    Because most technically competent people do not want to go into politics. They are usually of the opinion that cooperation rather than coercion is the way to do things, and cooperation does not fly when it comes to politics, but rather gets them ridiculed for not having a definite answer to a problem.

    link to this | view in chronology ]

  • identicon
    kallethen, 7 Mar 2016 @ 6:45am

    Why idiots keep getting voted in.

    Why do citizens in these continue to allow ignorant scared people to make such blatantly bad rules?

    I think Douglas Adams put it best.

    "So," said Arthur, hoping he wasn't sounding ridiculously obtuse, "why don't people get rid of the lizards?"
    "It honestly doesn't occur to them," said Ford. "They've all got the vote, so they all pretty much assume that the government they've voted in more or less approximates to the government they want."
    "You mean they actually vote for the lizards?"
    "Oh yes," said Ford with a shrug, "of course."
    "But," said Arthur, going for the big one again, "why?"
    "Because if they didn't vote for a lizard," said Ford, "the wrong lizard might get in. Got any gin?"

    (Mind you, the same would be true of my own government...)

    link to this | view in chronology ]

    • icon
      Groaker (profile), 7 Mar 2016 @ 7:18am

      Re: Why idiots keep getting voted in.

      In the '50s, if you didn't understand how TV, radio and the telephone worked, then at least you knew someone who did.

      Now knowledge in the sciences has become so vertical that it takes a lifetime to understand what is half way to the hemorrhaging edge. Fifty years ago I did investigatory work in Quantum Mechanics. Today I don't have a clue as to what is going on. Quantum entanglement, quantum computing, qubits, and more?

      My dad went to NYU for engineering. One of his chemistry labs was beating flour and water in a cloth sack to demonstrate the formation of gluten. I laughed at this. When my daughter was in 9th grade she was being taught concepts I didn't hit until grad school (minus the math.) An interesting question is just how much can the mind hold?

      People fear what they do not understand. The Salem witch trials are repeating. Italian scientists went to jail for "failing" to predict an earthquake. Now tech execs are going to jail. How long before they are dragged into the streets for lynching?

      link to this | view in chronology ]

    • icon
      ThatFatMan (profile), 7 Mar 2016 @ 7:31am

      Re: Why idiots keep getting voted in.

      I think this quote from Douglas Adams is even more on point:

      It is a well-known fact that those people who must want to rule people are, ipso facto, those least suited to do it... anyone who is capable of getting themselves made President should on no account be allowed to do the job.

      While it is limited to discussing the President, I think it applies to pretty much any elected official.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 7:39am

      Re: Why idiots keep getting voted in.

      Because we don't get a "none of the above" option.

      For all elected offices, not just president.

      I can't remember in the past few decades any election where even one candidate was honorable; I feel like I'm voting for the lesser of evils.

      link to this | view in chronology ]

      • icon
        ThatFatMan (profile), 7 Mar 2016 @ 7:43am

        Re: Re: Why idiots keep getting voted in.

        I think we all feel that way. The choices are usually bad and worse.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Mar 2016 @ 8:26am

        Re: Re: Why idiots keep getting voted in.

        Was it Jerry Garcia who said that if you vote for the lesser of two evils, you are still voting for evil ?

        link to this | view in chronology ]

      • icon
        That One Guy (profile), 7 Mar 2016 @ 8:43am

        "Do you want to be shot in the left leg or right? 'Neither' is not an option"

        Oh if only. Picking the lesser of the two evils would be an improvement over how it is a lot of the time, where it's not 'greater' vs lesser', and is instead 'what flavor of evil do you want?'.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Mar 2016 @ 10:31am

        Re: Re: Why idiots keep getting voted in.

        You can write in none of the above. It will count the same as any write in vote. If enough people do it, politicians might take note of it.

        I'm planning on voting for Bill the Cat in 2016. Please join me, or vote for Mickey Mouse or Honest Gil. It really doesn't matter, it will just be counted as write in.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 7 Mar 2016 @ 10:39am

          Re: Re: Re: Why idiots keep getting voted in.

          I still don't know who the actual candidates will be, but I rather suspect that I'll be voting for R. U. Sirius this election.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 6:46am

    this has nothing to do with terrorists or even crooks.

    this has to do with according ordinary people no opportunity to communicate without federal agents listening in. that it opens the door for terrorists and crooks to do likewise is not the reason for doing this nor is reason to not do this.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:00am

    Yet another European country no longer worth visiting. Its sad that countries that historically were anti-citizen are looking much more appealing to visit.

    link to this | view in chronology ]

  • icon
    ThatFatMan (profile), 7 Mar 2016 @ 7:02am

    Answer:

    Citizens continue to allow ignorant scared people to make such blatantly bad rules because they don't know any better. They are, largely, ignorant and scared too.

    Fear it seems is a good way for governments to grab more control over the people they are supposed to serve. Here in the US, we have plenty of similarly bad rules and laws bred from ignorance and fear. For example, we've been given things like DHS, the TSA and NSA mass surveillance of Americans "because terrorism". This is a problem not unique to France.

    link to this | view in chronology ]

  • identicon
    French Pussy's, 7 Mar 2016 @ 7:02am

    hahahahaha

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:03am

    How about someone compile a list

    I would like to see a list in standard form that everyone can understand that documents the government employee and what they have voted for/done against the citizens. There will be prosecution in the future and there needs to be a simple list that shows what the leaders have done. The average citizens doesn't remember getting crapped on 10 minutes after a senator/president/dictator does it to them.

    link to this | view in chronology ]

  • identicon
    French pussy's, 7 Mar 2016 @ 7:12am

    Liberté, égalité, fraternité my ass. Let every radical fool into a country without vetting them and see what happens....
    Now we see a governments irrational response to it's own incompetence.

    link to this | view in chronology ]

  • icon
    Keroberos (profile), 7 Mar 2016 @ 7:31am

    Why do citizens in these continue to allow ignorant scared people to make such blatantly bad rules?
    Because the vast majority of these citizens are just as ignorant about why strong encryption is important to a technological society as the politicians trying to pass these laws--and like these politicians they have no desire to learn anything about it--so like these politicians they are easily exploited by those who want to undermine these systems--who for the most part are probably just as ignorant as to why this is a bad idea as everyone else.

    I know it's very cynical of me, but in my view the world is run with a recursive cluster---- of ignorance and stupidity.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:32am

    Because civilian crypto is more corrosive than fraud, pollution, graft, espionage, etc.

    I get the feeling from all of these kinds of demands that this is driven by some sort of bizarre collective need for reciprocity. My thinking is that legislators are being so grey-mailed by data brokers that it is looking for some payback.

    What is bizarre is that in most cases, that grey mail is sourced for violations of civil rights the state is compelled by sovereign duty to protect.

    The question then becomes: "Why; in consideration of the legal leverage already available by simply executing the law rightously; legislators endeavor to emulate the most psychopathic corporate executives in the world?"

    Or in a nutshell, RTFM you oafs. Rev 1.0 was written in France in 1791, and in the U.S. in 1789. Everything you need to know, is right there. Stop calling meetings. We don't care how cool you are. Just focus on the fundamentals, and do your damned job.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:17am

      Re: Because civilian crypto is more corrosive than fraud, pollution, graft, espionage, etc.

      Oh, come on... you KNOW that any v1.0 will have bugs!



      More to the point, those critical freedoms, those bill of rights amendments are only outlined in the constitution. Precedent set by the courts creates the practical shape of those rights.

      Is dancing 'free speech' ? Is flag burning? Is computer code? The constitution says "speech", not "acts", in those words on paper. It is precedent you have to thank for your freedom to burn flags.

      ... and also for regulation of dancing, the long disclaimed "fire in a theater" metaphor, the "death-by-inches" of abortion clinic legislation, etc. It's not all good, not all bad.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:50am

    Those sneaky French politicians are trying to get this passed before their public becomes more aware. Glad to know the US is not exclusive to scummy weasels.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:38pm

      Re:

      To godwin it, looks like this is the nazis legacy of high officials being allowed into the various victorius governments after the war was lost by them.

      "WE lost the war, but our ideology won in the end"

      link to this | view in chronology ]

  • identicon
    Joe, 7 Mar 2016 @ 8:07am

    And what if the encryption is too strong to break? What if the password is too long and nobody can break it... then what? Put people in jail because no computers exist that are powerful enough? How has this question not been brought up?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 8:15am

      Re:

      Because when you issue the orders, it is up to other people to do what you command.

      link to this | view in chronology ]

  • identicon
    mcinsand, 7 Mar 2016 @ 8:11am

    kneejerk mentality

    I have no doubt that, if a company was stupid enough to add encryption backdoors, these same legislators would be screaming to blame the company when the backdoors backfire. The question is not whether those backdoors will be misused but when they are misused. We can be certain that the people demanding weakened security will not take responsibility for putting citizens at risk, so they will abuse their legislative power to blame someone else, of course.

    link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 7 Mar 2016 @ 8:11am

    Tourism Destroyed

    I used to want to visit France. Wine country, Alps, food, the 'romanticism of Paris', Alsace Lorraine, many places highlighted in literature.

    Now I seem to have forgotten them all.

    link to this | view in chronology ]

  • identicon
    frenchguy, 7 Mar 2016 @ 8:17am

    Chill out guys...

    The amendement was rejected last week by the Assemblée Nationale.

    You should check your infos before writing something.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 8:19am

    Investigative reporters use encryption.

    Need I say anything more?

    link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 7 Mar 2016 @ 8:21am

    Rejecting Tech

    Once all the executives that produce encrypted products and have some sort of office in France have been arrested, the criminals, terrorists, and citizens (it WILL be more difficult to tell the difference) will use encryption from companies that have no offices in France. Now they have destroyed a growing piece of the economy, at least growing in theory.

    The IoT in France is going to be a lot of fun, for someone.

    I can imagine the Keystone Cops competing with the Pink Panther for most 'liked' videos depicting the race to catch IoT enabled thieves. Lot's of slapstick, little results.

    link to this | view in chronology ]

  • icon
    SteveMB (profile), 7 Mar 2016 @ 8:30am

    I guess that from now on the French are going to have to communicate by training monkeys to wave cheese blocks and white flags in semaphore patterns.

    link to this | view in chronology ]

  • icon
    Dismembered3po (profile), 7 Mar 2016 @ 8:31am

    So, maybe I'm the only one....

    So, has anyone read the actual legislation? I don't speak or read French.

    The thing I wonder is:

    The Guardian article states, "...stipulates that a private company which refuses to hand over encrypted data..."

    So, does the legislation actually say, "hand over the decrypted data?"

    This would seem to be an important distinction.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 8:52am

    Quoting a comment over at Torrentfreak...

    "Every time I hear mention of legislators and jurists in the context of contemporary science and technology issues, I am reminded that statistically speaking half the people you meet have below average intelligence. I suspect that something about the lure of the-power-to-legislate-or-interpret-laws may skew those numbers in favor of the shallow end of the IQ pool."

    To which I add that legislators and jurists are also most frequently the guys who studied non-sciencey and non-mathy disciplines 'cuz those were MUCH easier to pass.

    Shallow AND lazy.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 9:00am

    "stipulates that a private company which refuses to hand over encrypted data to an investigating authority"

    That doesn't actually state they need to decrypt it....

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 9:42am

    when will France learn.

    So the French seem to be mimicking America again but taking things to a new level without regard of the consequences.

    America had a revolutionary war where we kicked out the British. France did the same thing to their existing government but went to the extreme of guillotining the ruling class.

    America suffered terrorist attack on 9/11 then proceed to create knee-jerk legislation. France has a similar event but then go overboard on the replacement of freedoms and even encryption.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 10:02am

      Re: when will France learn.

      France did the same thing to their existing government but went to the extreme of guillotining the ruling class.

      Not quite true, as after Napoleon they restored the Bourbons to power, with some limitation on that power, just like the English civil war led back to a restored monarchy, with some limitations on their power.
      If you want to see just how messy revolutions can be visit http://www.revolutionspodcast.com/

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 9:57am

    They have no idea how encryption work. Good luck decrypting 4096 bit RSA keys.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 10:05am

      Re:

      It is dead easy when the key is transmitted to some company key store, so that they can respond to requests.

      link to this | view in chronology ]

  • identicon
    TDR, 7 Mar 2016 @ 10:17am

    I wonder what would happen, theoretically, if no one voted at all in political elections? Most candidates are completely corrupt and unfit anyway. But without the facade of election, they can't pretend a democracy still exists. And they would have no way of knowing who would get the office. It might bring the entire machine to a halt, which could be just the thing we need.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:44pm

      Re:

      they could just lie and say enough people voted for the one they want in power

      link to this | view in chronology ]

      • identicon
        TDR, 8 Mar 2016 @ 3:38pm

        Re: Re:

        Then what happens when every single candidate claims this same thing at the same time? How would they figure it out then?

        link to this | view in chronology ]

  • icon
    ECA (profile), 7 Mar 2016 @ 12:01pm

    Lets do it..

    Lets walk into the parliament..
    And decrypt all their phones and tablets..
    LETS bring in a List of every person they have called in the last year..

    WHAT and WHICH encryption do you want to do/look at/decrypt??
    The Phone, the Programs...
    Even if you COULD get the Phone the customer Could of placed their OWN PROTECTIONS..

    how ARE YOU GOING TO SORT IT OUT AND PASS BLAME..

    link to this | view in chronology ]

  • icon
    afn29129 (profile), 7 Mar 2016 @ 12:08pm

    Once strong encryption...

    Once strong encryption is outlawed only outlaws will have strong encryption. Or in other-words, the mere possession of a copy of PGP/GPG/etc is grounds for immediate arrest.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 12:10pm

    i bet the French people are thinking 'why the hell did my relations go and die trying to stop a certain country with certain views from instilling them on to the rest of the World when our own government is doing the same sort of thing to us now?? like the UK, France has condemned countries like China and Iran for their lack of freedom and privacy, now it's doing exactly what those countries do, remove all freedom, privacy and security! it's doing what terrorists do but under a different flag! and be sure of this, it isn't to catch criminals or terrorists, it's to keep a firm grip on what ordinary people do! after all, they have nothing to hide so they're a hell of a lot easier to track!!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:46pm

      Re:

      they create the terrorists, setup the terrorist attacks, then benefit from all the fear and panic that comes of it to setup a closet police state.

      Dictatorship 101.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 12:23pm

    'Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?'

    probably for the same stupid reasons that companies, industries etc are allowed to write self important rules that do nothing but harm to the various countries and peoples involved, while ensuring that their profits will continue to come in and, if needed, governments can be sued for more if they want! yes! TPP, TTIP and a dozen other trade deals are what i'm talking about! why has no government had the balls to say 'NO' to them?

    link to this | view in chronology ]

  • icon
    Mat (profile), 7 Mar 2016 @ 12:28pm

    Speaking of Europe and Cryptography

    http://www.bbc.com/news/uk-35750127

    "The solution is not, of course, that encryption should be weakened, let alone banned. But neither is it true that nothing can be done without weakening encryption," he said, adding that it was wrong to see every attempt to tackle the misuse of encryption by criminals and terrorists as a "backdoor".


    If it can be used against someone 'misusing' it, it can be used against a legitimate user. Why is this so hard for some people to understand?

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 8 Mar 2016 @ 8:15am

      Re: Speaking of Europe and Cryptography

      Because doing so would force them to admit that they were wrong, completely, and it's a rare politician or 'public servant' that can manage a feat like that.

      If nothing else it would require them to admit that they were saying things that they had no real knowledge about before, and once they admit that they've either lied and/or made factually incorrect statements before, that brings in to question future statements they might make.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 7 Mar 2016 @ 12:30pm

    The nation that gave us -
    Right to be forgotten - Allowing predators to demand the world be blind to their crimes & actions making people less safe.

    Draconian Copyright Punishments - while the leader of the nation violated copyright multiple times in commercial infringement.

    It is so wonderful seeing the pandering to try and shore up their poll position. They give 2 shits about encryption, but they need to ride the wave that they helped create. They have learned nothing from their other championing of cause celeb and I hope it burns them all.

    How much longer can they keep trying to turn the dial past 11 before it snaps?

    link to this | view in chronology ]

  • icon
    Get off my cyber-lawn! (profile), 7 Mar 2016 @ 3:03pm

    Notable French Firsts....

    First to successfully capture a fleet at anchor with cavalry officers (Den Helder - look it up!)

    First to lose a war against Greenpeace (yea they blew up the Rainbow Warrior but lost the war)

    And soon, first to criminally charge corporate executives for failing to decrypt data. I agree most corporate executives should be charged....just not with this!

    link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 8 Mar 2016 @ 9:56pm

    How curious...

    Every encrypted message my company is forced to decrypt is always the same: "This is the decrypted message that the French government wanted so badly. Here you go. Happy now? Fin."

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.