HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

French Parliament Votes For Law That Would Put Tech Execs In Jail If They Don't Decrypt Data

from the goodbye-computer-security-in-france dept

Okay, this is just getting silly now. A bunch of reactionary French politicians have voted to put tech execs in jail if they refuse to decrypt data for criminal investigations:
The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine.

Telecoms operating companies would be liable to lesser penalties but would still face up to two years in jail.
Of course, this comes at the same time that basically the entire tech industry is rallying in support of Apple's stance of refusing to hack into its own systems to remove security features and make it easier to decrypt data. And it's coming right as the world was ridiculing Brazil for arresting (and then releasing) a Facebook exec for refusing to hand over data from subsidiary Whatsapp.

This kind of move is so stupid on so many levels that it defies any kind of logic. It's bad for security, because weak encryption puts us all at much greater risk than the threat of terrorists or criminals using encryption (in part, because this kind of thing won't stop them from using secure encryption, and in part because those threats are very low probability risks). It's also bad for the economy, because you've just given a ton of important tech companies every reason in the world to no longer operate in France due to such a ridiculous law that may put execs in jail. It's bad for the public in that it will mean less secure services and devices that put them at risk, while also potentially cutting off more innovative and useful products and services.

This is the kind of kneejerk reaction from people who are too ignorant and too scared to understand the actual technology and the actual issues at stake. Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?

Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 7 Mar 2016 @ 5:09am

    Mandatory 'Golden Keys' with one law

    Bad for security.

    Bad for the economy.

    Bad for the public.

    One guess as to who benefits from such a law. Figure that out and you figure out the most likely source of the push for it.

    If there's a hefty fine and jail time in the wings for refusal to hand over decrypted data, then it becomes effectively legally impossible to offer security that a company cannot break themselves if ordered to do so, which means that no matter how far the tech advances, there will always be at least one glaring vulnerability in the security employed and the products sold in any country with a law like this.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 8:02am

      Re: Mandatory 'Golden Keys' with one law

      It'll be like the secret sauce scene in Fast Times at Ridgemont High, except with companies knowing each other's security vulnerabilities and neither being able to legally close them.




      Brad: Okay, here's your preparation stuff. You got your sliced tomatoes, shredded lettuce, secret sauce.

      Guy: What's the secret sauce?

      Brad: Thousand Island dressing. What's the secret sauce at Bronco Burger?

      Guy: Ketchup and mayonnaise.




      And that will become:

      Joe: What's Microsoft's vulnerability?

      Andy: It's [insert tech jargon here that I can't fake here]. What's Apple's vulnerability?

      Joe: It's [insert more tech jargon I can't fake here].

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 6:32am

    One ring to rule them all.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 6:40am

    Why do citizens in these continue to allow ignorant scared people to make such blatantly bad rules?

    Because most technically competent people do not want to go into politics. They are usually of the opinion that cooperation rather than coercion is the way to do things, and cooperation does not fly when it comes to politics, but rather gets them ridiculed for not having a definite answer to a problem.

    reply to this | link to this | view in chronology ]

  • identicon
    kallethen, 7 Mar 2016 @ 6:45am

    Why idiots keep getting voted in.

    Why do citizens in these continue to allow ignorant scared people to make such blatantly bad rules?

    I think Douglas Adams put it best.

    "So," said Arthur, hoping he wasn't sounding ridiculously obtuse, "why don't people get rid of the lizards?"
    "It honestly doesn't occur to them," said Ford. "They've all got the vote, so they all pretty much assume that the government they've voted in more or less approximates to the government they want."
    "You mean they actually vote for the lizards?"
    "Oh yes," said Ford with a shrug, "of course."
    "But," said Arthur, going for the big one again, "why?"
    "Because if they didn't vote for a lizard," said Ford, "the wrong lizard might get in. Got any gin?"

    (Mind you, the same would be true of my own government...)

    reply to this | link to this | view in chronology ]

    • icon
      Groaker (profile), 7 Mar 2016 @ 7:18am

      Re: Why idiots keep getting voted in.

      In the '50s, if you didn't understand how TV, radio and the telephone worked, then at least you knew someone who did.

      Now knowledge in the sciences has become so vertical that it takes a lifetime to understand what is half way to the hemorrhaging edge. Fifty years ago I did investigatory work in Quantum Mechanics. Today I don't have a clue as to what is going on. Quantum entanglement, quantum computing, qubits, and more?

      My dad went to NYU for engineering. One of his chemistry labs was beating flour and water in a cloth sack to demonstrate the formation of gluten. I laughed at this. When my daughter was in 9th grade she was being taught concepts I didn't hit until grad school (minus the math.) An interesting question is just how much can the mind hold?

      People fear what they do not understand. The Salem witch trials are repeating. Italian scientists went to jail for "failing" to predict an earthquake. Now tech execs are going to jail. How long before they are dragged into the streets for lynching?

      reply to this | link to this | view in chronology ]

    • icon
      ThatFatMan (profile), 7 Mar 2016 @ 7:31am

      Re: Why idiots keep getting voted in.

      I think this quote from Douglas Adams is even more on point:

      It is a well-known fact that those people who must want to rule people are, ipso facto, those least suited to do it... anyone who is capable of getting themselves made President should on no account be allowed to do the job.

      While it is limited to discussing the President, I think it applies to pretty much any elected official.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 7:39am

      Re: Why idiots keep getting voted in.

      Because we don't get a "none of the above" option.

      For all elected offices, not just president.

      I can't remember in the past few decades any election where even one candidate was honorable; I feel like I'm voting for the lesser of evils.

      reply to this | link to this | view in chronology ]

      • icon
        ThatFatMan (profile), 7 Mar 2016 @ 7:43am

        Re: Re: Why idiots keep getting voted in.

        I think we all feel that way. The choices are usually bad and worse.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Mar 2016 @ 8:26am

        Re: Re: Why idiots keep getting voted in.

        Was it Jerry Garcia who said that if you vote for the lesser of two evils, you are still voting for evil ?

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 7 Mar 2016 @ 8:43am

        "Do you want to be shot in the left leg or right? 'Neither' is not an option"

        Oh if only. Picking the lesser of the two evils would be an improvement over how it is a lot of the time, where it's not 'greater' vs lesser', and is instead 'what flavor of evil do you want?'.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Mar 2016 @ 10:31am

        Re: Re: Why idiots keep getting voted in.

        You can write in none of the above. It will count the same as any write in vote. If enough people do it, politicians might take note of it.

        I'm planning on voting for Bill the Cat in 2016. Please join me, or vote for Mickey Mouse or Honest Gil. It really doesn't matter, it will just be counted as write in.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 7 Mar 2016 @ 10:39am

          Re: Re: Re: Why idiots keep getting voted in.

          I still don't know who the actual candidates will be, but I rather suspect that I'll be voting for R. U. Sirius this election.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 6:46am

    this has nothing to do with terrorists or even crooks.

    this has to do with according ordinary people no opportunity to communicate without federal agents listening in. that it opens the door for terrorists and crooks to do likewise is not the reason for doing this nor is reason to not do this.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:00am

    Yet another European country no longer worth visiting. Its sad that countries that historically were anti-citizen are looking much more appealing to visit.

    reply to this | link to this | view in chronology ]

  • icon
    ThatFatMan (profile), 7 Mar 2016 @ 7:02am

    Answer:

    Citizens continue to allow ignorant scared people to make such blatantly bad rules because they don't know any better. They are, largely, ignorant and scared too.

    Fear it seems is a good way for governments to grab more control over the people they are supposed to serve. Here in the US, we have plenty of similarly bad rules and laws bred from ignorance and fear. For example, we've been given things like DHS, the TSA and NSA mass surveillance of Americans "because terrorism". This is a problem not unique to France.

    reply to this | link to this | view in chronology ]

  • identicon
    French Pussy's, 7 Mar 2016 @ 7:02am

    hahahahaha

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:03am

    How about someone compile a list

    I would like to see a list in standard form that everyone can understand that documents the government employee and what they have voted for/done against the citizens. There will be prosecution in the future and there needs to be a simple list that shows what the leaders have done. The average citizens doesn't remember getting crapped on 10 minutes after a senator/president/dictator does it to them.

    reply to this | link to this | view in chronology ]

  • identicon
    French pussy's, 7 Mar 2016 @ 7:12am

    Liberté, égalité, fraternité my ass. Let every radical fool into a country without vetting them and see what happens....
    Now we see a governments irrational response to it's own incompetence.

    reply to this | link to this | view in chronology ]

  • icon
    Keroberos (profile), 7 Mar 2016 @ 7:31am

    Why do citizens in these continue to allow ignorant scared people to make such blatantly bad rules?
    Because the vast majority of these citizens are just as ignorant about why strong encryption is important to a technological society as the politicians trying to pass these laws--and like these politicians they have no desire to learn anything about it--so like these politicians they are easily exploited by those who want to undermine these systems--who for the most part are probably just as ignorant as to why this is a bad idea as everyone else.

    I know it's very cynical of me, but in my view the world is run with a recursive cluster---- of ignorance and stupidity.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:32am

    Because civilian crypto is more corrosive than fraud, pollution, graft, espionage, etc.

    I get the feeling from all of these kinds of demands that this is driven by some sort of bizarre collective need for reciprocity. My thinking is that legislators are being so grey-mailed by data brokers that it is looking for some payback.

    What is bizarre is that in most cases, that grey mail is sourced for violations of civil rights the state is compelled by sovereign duty to protect.

    The question then becomes: "Why; in consideration of the legal leverage already available by simply executing the law rightously; legislators endeavor to emulate the most psychopathic corporate executives in the world?"

    Or in a nutshell, RTFM you oafs. Rev 1.0 was written in France in 1791, and in the U.S. in 1789. Everything you need to know, is right there. Stop calling meetings. We don't care how cool you are. Just focus on the fundamentals, and do your damned job.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:17am

      Re: Because civilian crypto is more corrosive than fraud, pollution, graft, espionage, etc.

      Oh, come on... you KNOW that any v1.0 will have bugs!



      More to the point, those critical freedoms, those bill of rights amendments are only outlined in the constitution. Precedent set by the courts creates the practical shape of those rights.

      Is dancing 'free speech' ? Is flag burning? Is computer code? The constitution says "speech", not "acts", in those words on paper. It is precedent you have to thank for your freedom to burn flags.

      ... and also for regulation of dancing, the long disclaimed "fire in a theater" metaphor, the "death-by-inches" of abortion clinic legislation, etc. It's not all good, not all bad.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 7:50am

    Those sneaky French politicians are trying to get this passed before their public becomes more aware. Glad to know the US is not exclusive to scummy weasels.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:38pm

      Re:

      To godwin it, looks like this is the nazis legacy of high officials being allowed into the various victorius governments after the war was lost by them.

      "WE lost the war, but our ideology won in the end"

      reply to this | link to this | view in chronology ]

  • identicon
    Joe, 7 Mar 2016 @ 8:07am

    And what if the encryption is too strong to break? What if the password is too long and nobody can break it... then what? Put people in jail because no computers exist that are powerful enough? How has this question not been brought up?

    reply to this | link to this | view in chronology ]

  • identicon
    mcinsand, 7 Mar 2016 @ 8:11am

    kneejerk mentality

    I have no doubt that, if a company was stupid enough to add encryption backdoors, these same legislators would be screaming to blame the company when the backdoors backfire. The question is not whether those backdoors will be misused but when they are misused. We can be certain that the people demanding weakened security will not take responsibility for putting citizens at risk, so they will abuse their legislative power to blame someone else, of course.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 7 Mar 2016 @ 8:11am

    Tourism Destroyed

    I used to want to visit France. Wine country, Alps, food, the 'romanticism of Paris', Alsace Lorraine, many places highlighted in literature.

    Now I seem to have forgotten them all.

    reply to this | link to this | view in chronology ]

  • identicon
    frenchguy, 7 Mar 2016 @ 8:17am

    Chill out guys...

    The amendement was rejected last week by the Assemblée Nationale.

    You should check your infos before writing something.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 8:19am

    Investigative reporters use encryption.

    Need I say anything more?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 7 Mar 2016 @ 8:21am

    Rejecting Tech

    Once all the executives that produce encrypted products and have some sort of office in France have been arrested, the criminals, terrorists, and citizens (it WILL be more difficult to tell the difference) will use encryption from companies that have no offices in France. Now they have destroyed a growing piece of the economy, at least growing in theory.

    The IoT in France is going to be a lot of fun, for someone.

    I can imagine the Keystone Cops competing with the Pink Panther for most 'liked' videos depicting the race to catch IoT enabled thieves. Lot's of slapstick, little results.

    reply to this | link to this | view in chronology ]

  • icon
    SteveMB (profile), 7 Mar 2016 @ 8:30am

    I guess that from now on the French are going to have to communicate by training monkeys to wave cheese blocks and white flags in semaphore patterns.

    reply to this | link to this | view in chronology ]

  • icon
    Dismembered3po (profile), 7 Mar 2016 @ 8:31am

    So, maybe I'm the only one....

    So, has anyone read the actual legislation? I don't speak or read French.

    The thing I wonder is:

    The Guardian article states, "...stipulates that a private company which refuses to hand over encrypted data..."

    So, does the legislation actually say, "hand over the decrypted data?"

    This would seem to be an important distinction.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 8:52am

    Quoting a comment over at Torrentfreak...

    "Every time I hear mention of legislators and jurists in the context of contemporary science and technology issues, I am reminded that statistically speaking half the people you meet have below average intelligence. I suspect that something about the lure of the-power-to-legislate-or-interpret-laws may skew those numbers in favor of the shallow end of the IQ pool."

    To which I add that legislators and jurists are also most frequently the guys who studied non-sciencey and non-mathy disciplines 'cuz those were MUCH easier to pass.

    Shallow AND lazy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 9:00am

    "stipulates that a private company which refuses to hand over encrypted data to an investigating authority"

    That doesn't actually state they need to decrypt it....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 9:42am

    when will France learn.

    So the French seem to be mimicking America again but taking things to a new level without regard of the consequences.

    America had a revolutionary war where we kicked out the British. France did the same thing to their existing government but went to the extreme of guillotining the ruling class.

    America suffered terrorist attack on 9/11 then proceed to create knee-jerk legislation. France has a similar event but then go overboard on the replacement of freedoms and even encryption.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 10:02am

      Re: when will France learn.

      France did the same thing to their existing government but went to the extreme of guillotining the ruling class.

      Not quite true, as after Napoleon they restored the Bourbons to power, with some limitation on that power, just like the English civil war led back to a restored monarchy, with some limitations on their power.
      If you want to see just how messy revolutions can be visit http://www.revolutionspodcast.com/

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 9:57am

    They have no idea how encryption work. Good luck decrypting 4096 bit RSA keys.

    reply to this | link to this | view in chronology ]

  • identicon
    TDR, 7 Mar 2016 @ 10:17am

    I wonder what would happen, theoretically, if no one voted at all in political elections? Most candidates are completely corrupt and unfit anyway. But without the facade of election, they can't pretend a democracy still exists. And they would have no way of knowing who would get the office. It might bring the entire machine to a halt, which could be just the thing we need.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 7 Mar 2016 @ 12:01pm

    Lets do it..

    Lets walk into the parliament..
    And decrypt all their phones and tablets..
    LETS bring in a List of every person they have called in the last year..

    WHAT and WHICH encryption do you want to do/look at/decrypt??
    The Phone, the Programs...
    Even if you COULD get the Phone the customer Could of placed their OWN PROTECTIONS..

    how ARE YOU GOING TO SORT IT OUT AND PASS BLAME..

    reply to this | link to this | view in chronology ]

  • icon
    afn29129 (profile), 7 Mar 2016 @ 12:08pm

    Once strong encryption...

    Once strong encryption is outlawed only outlaws will have strong encryption. Or in other-words, the mere possession of a copy of PGP/GPG/etc is grounds for immediate arrest.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 12:10pm

    i bet the French people are thinking 'why the hell did my relations go and die trying to stop a certain country with certain views from instilling them on to the rest of the World when our own government is doing the same sort of thing to us now?? like the UK, France has condemned countries like China and Iran for their lack of freedom and privacy, now it's doing exactly what those countries do, remove all freedom, privacy and security! it's doing what terrorists do but under a different flag! and be sure of this, it isn't to catch criminals or terrorists, it's to keep a firm grip on what ordinary people do! after all, they have nothing to hide so they're a hell of a lot easier to track!!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Mar 2016 @ 11:46pm

      Re:

      they create the terrorists, setup the terrorist attacks, then benefit from all the fear and panic that comes of it to setup a closet police state.

      Dictatorship 101.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Mar 2016 @ 12:23pm

    'Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?'

    probably for the same stupid reasons that companies, industries etc are allowed to write self important rules that do nothing but harm to the various countries and peoples involved, while ensuring that their profits will continue to come in and, if needed, governments can be sued for more if they want! yes! TPP, TTIP and a dozen other trade deals are what i'm talking about! why has no government had the balls to say 'NO' to them?

    reply to this | link to this | view in chronology ]

  • icon
    Mat (profile), 7 Mar 2016 @ 12:28pm

    Speaking of Europe and Cryptography

    http://www.bbc.com/news/uk-35750127

    "The solution is not, of course, that encryption should be weakened, let alone banned. But neither is it true that nothing can be done without weakening encryption," he said, adding that it was wrong to see every attempt to tackle the misuse of encryption by criminals and terrorists as a "backdoor".


    If it can be used against someone 'misusing' it, it can be used against a legitimate user. Why is this so hard for some people to understand?

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 8 Mar 2016 @ 8:15am

      Re: Speaking of Europe and Cryptography

      Because doing so would force them to admit that they were wrong, completely, and it's a rare politician or 'public servant' that can manage a feat like that.

      If nothing else it would require them to admit that they were saying things that they had no real knowledge about before, and once they admit that they've either lied and/or made factually incorrect statements before, that brings in to question future statements they might make.

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 7 Mar 2016 @ 12:30pm

    The nation that gave us -
    Right to be forgotten - Allowing predators to demand the world be blind to their crimes & actions making people less safe.

    Draconian Copyright Punishments - while the leader of the nation violated copyright multiple times in commercial infringement.

    It is so wonderful seeing the pandering to try and shore up their poll position. They give 2 shits about encryption, but they need to ride the wave that they helped create. They have learned nothing from their other championing of cause celeb and I hope it burns them all.

    How much longer can they keep trying to turn the dial past 11 before it snaps?

    reply to this | link to this | view in chronology ]

  • icon
    Get off my cyber-lawn! (profile), 7 Mar 2016 @ 3:03pm

    Notable French Firsts....

    First to successfully capture a fleet at anchor with cavalry officers (Den Helder - look it up!)

    First to lose a war against Greenpeace (yea they blew up the Rainbow Warrior but lost the war)

    And soon, first to criminally charge corporate executives for failing to decrypt data. I agree most corporate executives should be charged....just not with this!

    reply to this | link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 8 Mar 2016 @ 9:56pm

    How curious...

    Every encrypted message my company is forced to decrypt is always the same: "This is the decrypted message that the French government wanted so badly. Here you go. Happy now? Fin."

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.