French bill carries 5-year jail sentence for company refusals to decrypt data for police

glitched image of a lock

Joe Buckingham / Flickr (CC by 2.0) | Remix by Max Fleishman

The crypto wars are heating up in France.

Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports.

The new proposal echoes a bill from January 2016 that would have mandated “backdoors” into encryption in France. That backdoor bill, championed by Conservatives in the French legislature, was defeated and criticized by the current government of Prime Minister Manuel Valls.

The new punitive legislation, which is also being criticized by the Valls government, is an amendment to a larger penal reform bill. Like its predecessor, it’s unclear that this amendment will make it through to law.

“It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals.”

The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail.

M. Pierre Lellouche, a French Republican, singled out American encryption in particular.

“Ironically, encrypted systems generally come from the U.S. military—I think the Tor network and Dark cloud in general—and most companies that engage in this kind of trade are American,” he told the National Assembly. “They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals.”

Lellouche criticized opponents of the amendment sharply: “In terms of prevention, by one vote, you do not want to send the signal of resistance to US multinationals to end encryption of communications between terrorists. You do not want to send that signal.”

The new French proposal will resonate loudly with those following the American legal clashes between the FBI and Apple. The U.S. tech firm is fighting a court order requiring it to help the Federal Bureau of Investigation hack into the iPhone of a San Bernardino shooter, arguing that it will set a harmful precedent and greatly weaken overall American cybersecurity.

“It is absolutely essential that France is sending a solemn signal that our prosecutors and intelligence services can have access to data available to these multinational corporations,” Lellouche said. “For such companies, colleagues, know the addresses of those who plan attacks against our country. It is unbearable to accept such a situation!”

French parliamentary deputies voted in favor of the new amendment on Thursday.

H/T Sam Thielman | Photo via Joe Buckingham/Flickr (CC BY 2.0) | Remix by Max Fleishman

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.