French Government May Ban Strong Encryption

Late last year, the French government was on the receiving end of a backlash when its law enforcement agencies proposed that Tor and public Wi-Fi should be banned. The government quickly retracted those proposals, saying it’s not going to do that, but now it’s coming back with a proposal that’s just as bad: banning strong encryption.

This time, the proposal is actually an amendment to the “Digital Republic” bill that was introduced in France’s lower house of Parliament by 18 politicians from the right-wing Republican party (former UMP). The whole bill will be debated this week along with over 400 amendments to it.

The amendment banning strong encryption requires “equipment manufacturers” to build in decryption capability, so when law enforcement asks the manufacturers to decrypt a device, they would be able to do so. This could be a response to recent moves by Apple and Google, who have made it so only the users can decrypt the device with their own passphrases or fingerprints.

The amendment was written with the idea that it would stop future attacks such as the recent one in Paris. However, soon after the attacks, it turned out that the Paris attackers used unencrypted SMS and phone calls, and some of them were even known to the authorities as extremists. Therefore, perhaps the reason for why the attacks couldn’t be stopped can be found elsewhere.

While France has been weakening civil liberties with new surveillance and censorship laws even since before the Charlie Hebdo attack, the Dutch government recently made public its support for encryption and at the same time committed half a million euro in donations to open source encryption libraries such as OpenSSL, PolarSSL and LibreSSL.

The European Commission’s Vice-President, Andrus Ansip, recently spoke against backdoors and the weakening of encryption, arguing that the EU needs strong data protection legislation and tools to protect users’ data.

A requirement to force companies to decrypt devices would mean those devices aren’t as well protected as they could be. When the data of millions of users is protected by a single entity, then that entity becomes an important target for attackers, and it makes the data more vulnerable to attacks. This is also why it’s better to have fingerprint data stored and encrypted locally on each individual device than in a centralized database, regardless of whether it’s stored by a private company or a government.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+RSSTwitter and YouTube.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
20 comments
    Your comment
    Top Comments
  • innocent bystander
    I hate to break it to the French (not really), but they just aren't a big enough market to influence global product development at the likes of Apple and Google. I can see any serious manufacturer just pulling out of that market rather than giving in and building in a backdoor.
    17
  • Gam3r01
    France no...
    This really does nothing productive than make the public mad, and their information less secure. This was partly stirred by the Paris attack (Later revealed to be not involved), however I doubt most extremists go through the trouble of encrypting data.
    A perfect example of punishing the majority for the acts of a few.
    13
  • Other Comments
  • Gam3r01
    France no...
    This really does nothing productive than make the public mad, and their information less secure. This was partly stirred by the Paris attack (Later revealed to be not involved), however I doubt most extremists go through the trouble of encrypting data.
    A perfect example of punishing the majority for the acts of a few.
    13
  • innocent bystander
    I hate to break it to the French (not really), but they just aren't a big enough market to influence global product development at the likes of Apple and Google. I can see any serious manufacturer just pulling out of that market rather than giving in and building in a backdoor.
    17
  • clonazepam
    I would hand over source code to China or India just to have a crack at billions of consumers. Secure some footing in those potential markets, help it grow, and I could ignore the whimpers of hundreds of millions easily.

    Some folks like to say they have nothing to hide and don't understand all the fuss. Please invite a dozen random people on the street over to dinner, and allow them to browse through your filing cabinets and other financial documents. You might feel a little discomfort and an inability to control the situation. It's perfectly normal though, and you should just ignore it.
    9