Article Lead Image

Sarah Joy / Flickr (CC by 2.0) | Remix by Max Fleishman

French government considers law that would outlaw strong encryption

France, rocked by deadly terrorist attacks, is attempting to cut off future attacks before they happen.

 

Patrick Howell O'Neill

Tech

Posted on Jan 12, 2016   Updated on May 27, 2021, 9:22 am CDT

The French Parliament is considering a legislative provision that would ban strong encryption by requiring tech companies to configure their systems so that police and intelligence agencies could always access their data.

The amendment to the vast “Digital Republic” bill was introduced in the French National Assembly, parliament’s lower house, by eighteen politicians from the conservative Republican Party. 

The Digital Republic bill, which covers everything from net neutrality to the online publication of scientific research, will be examined and debated this week along with 400 amendments to it.

The anti-encryption amendment is largely seen as a response to the two deadly Paris terrorist attacks in 2015, despite the fact that the attackers repeatedly used unencrypted communications in the leadup to the killings.

Authorities still don’t fully know how the terrorists planned their operations, but the ISIS-inspired militants signaled the start to the Nov. 13 attacks through unencrypted text messages. They also traded unencrypted phone calls with senior operatives elsewhere in Europe. French authorities say that some blind spots remain due to encrypted messaging services like Telegram.

In the weeks since the November attacks, the French government has come under sustained criticism for sacrificing liberty for security. The country has been in a state of emergency for two months, a legal status that gives President François Hollande vast new law-enforcement powers.

The Digital Republic bill came just as the Netherlands issued a statement in favor of strong encryption, promising not to weaken it for investigative purposes.

It’s unclear whether the encryption amendment would have prevented either of the Paris terrorist attacks.

“The attackers were all known to the police and intelligence services!” the security researcher calling himself “the Grugq” told the Daily Dot. “Al Qaeda fretted constantly about finding ‘clean skins,’ new terrorists who weren’t known to security forces. ISIS publishes a magazine featuring an interview and [a] huge photograph of the cell leader’s face. Then they send him into Europe and he does just what he said he would do in his interview. There is little that can be blamed on encryption here.”

Encryption is technology that scrambles data so that only those people who have the keys can unscramble it. It is part of many commonplace Internet activities like commerce and communications.

Many Apple iOS and Google Android devices are now encrypted by default, a move that has reignited a global debate over privacy and encryption because of the technology’s use by cybercriminals, terrorists, and sexual predators. Encryption advocates point to its use by human rights activists, journalists, governments, and tech companies seeking to avoid surveillance and hackers.

The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces.

“France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices,” the legislation reads, according to a translation by Khalil Sehnaoui, a Middle-East security specialist and founder of Krypton Security. “The goal is to avoid that individual encryption systems delay the advancement of an investigation.”

Technologists and open-Internet advocates disagree, arguing that strong encryption—which even the tech companies themselves cannot break—is a crucial part of online privacy and security.

Tech executives like Apple CEO Tim Cook warn that building weaknesses into cryptography will help hackers and hurt average Internet users.

“Let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason,” he argued last year.

Cook and a bevy of tech executives met with U.S. officials last week to discuss how to fight terrorists on social media; encryption briefly came up at the meeting, according to a senior administration official.

Update 6:05am CT, Jan. 12: Updated translation.

Photo via Sarah Joy/Flickr (CC BY 2.0) | Remix by Max Fleishman

Share this article
*First Published: Jan 12, 2016, 8:45 am CST