Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Encryption Communications Government

French Conservatives Push Law To Ban Strong Encryption (dailydot.com) 246

Patrick O'Neill writes: The French parliament this week will examine a bill that would require tech manufacturers of computers, phones, and tablets to build backdoors into any encryption on the device. The anti-encryption bill is being presented by 18 conservative members of the National Assembly as part of a large "Digital Republic" bill. According to the article, The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces. "France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices," the legislation reads, according to a translation by Khalil Sehnaoui, a Middle-East security specialist and founder of Krypton Security. "The goal is to avoid that individual encryption systems delay the advancement of an investigation."
This discussion has been archived. No new comments can be posted.

French Conservatives Push Law To Ban Strong Encryption

Comments Filter:
  • by Elfich47 ( 703900 ) on Tuesday January 12, 2016 @09:59AM (#51286251)
    It doesn't matter if the wall you build is thirty feet high and six men can walk abreast if you can kick in a door. The weakest part of a wall is always the gates and these kinds of bills are trying to require extra doors with standardized locks are used. No way this can be abused.
    • by Racemaniac ( 1099281 ) on Tuesday January 12, 2016 @10:08AM (#51286327)

      I was thinking: sounds like a fair law, if then the state/police is fully responsible if their backdoor becomes public, and can be abused by others :). But then i think they'd not risk it, because they know the won't be able to keep their backdoor secret, and don't want to face the consequences :).

    • French Conservatives Push Law to Promote Society-Wide Identity Theft

    • Up until 1999 encryption was illegal in France. Looks like they are stepping backwards
      • I thought of this immediately. france was one of the few modern countries to make encryption illegal for users, for a LONG time.

        they dropped that rule.

        now they want to go back to the bad old days.

        look, france, do we REALLY have to start the old and tired 'france surrenders!' jokes all over again? we're all tired of that old joke, but maybe you citizens need to tell your government that you don't want to go backwards and hide in fear any more.

        good luck with that, though; our own people (US) won't do this e

    • It doesn't matter if the wall you build is thirty feet high and six men can walk abreast if you can kick in a door.

      Or, y'know, just walk around it [wikipedia.org].

  • Will likely not pass (Score:5, Informative)

    by Kilobug ( 213978 ) <le-mig_g.epita@fr> on Tuesday January 12, 2016 @10:00AM (#51286259)

    Please note that the conservatives don't have a majority in the Assemblée Nationale, so this law will likely not pass, at least under its current form. But it's also true that PS hasn't been the strongest defender of privacy and personal freedom, they did a few nasty things in the wake of the terror attacks of last year, so who knows exactly what will happen...

    • Even if it did pass it would be likely difficult to enforce and its detractors would simply turn to open source solutions that exist outside of the borders of France. A citizen could start using an OS like OpenBSD, and because it is a freely available product, there would be no way for French authorities to force the project to weaken the encryption. Imagine the French government asking Theo de Raadt to weaken OpenBSD's encryption. First Theo would laugh and then cuss up a storm. The bottom line is that an
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Then the French government outlaws the use of OpenBSD and the like. If during an investigation they find the offending software on your machines, you get an automated 10 years sentence. You can avoid this by revealing the encryption keys, with cumulative 5 years sentences for every key and every time you refuse. Is Theo de Raadt living anywhere in the EU? Then he can be arrested and brought to France to stand trial for aiding and abetting terrorists. You cannot solve a political issue through technology bec

        • by sudon't ( 580652 )

          Well, unless they start censoring the internet within their borders, these laws are as useless as, say, anti-pirating laws. If people want strong encryption, they'll get it. This only affects the non-technical/lazy.

    • by hey! ( 33014 )

      Laws like this aren't proposed to make people safer; they're proposed to make people feel like someone is doing something to make them safer. So the consequences of this proposal depend on the degree to which the French people feel vulnerable at this point in time. At a minimum it's bound reinforce the Conservatives' standing with their xenophobic base. It might gain them supporters. Depending on how future events play out, something like it may even pass, even though it demonstrably won't make anyone sa

  • by Anonymous Coward on Tuesday January 12, 2016 @10:02AM (#51286281)

    You know who else don't like strong encryption? The terrorists [theintercept.com].

    You have to admit that the terrorists have already won. They've pwn your asses so completely that you're stabbing your own liberty like crazy.

    • I agree. Every reaction to terrorism by all governments is to simply shrink the freedom of their own citizens. Ineffective, but at least they con come back to their people and say "We did this for you."
  • Because (Score:4, Informative)

    by JasterBobaMereel ( 1102861 ) on Tuesday January 12, 2016 @10:04AM (#51286295)

    The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

    • The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

      This has nothing to do with terrorism. Terrorism is a fear keyword the politicians will use to get what they want in place.

    • The Paris terrorists used un-encrypted communications repeatedly prior and during the attacks ... so ... ?

      That's true but do you not remember the kneejerk claims of communication via encrypted ps4 chat. That's the line they're running with and be damned if a little thing like the truth stands in the way.

  • by stinerman ( 812158 ) <nathan DOT stine AT gmail DOT com> on Tuesday January 12, 2016 @10:05AM (#51286309) Homepage

    The new French bill briefly praises encryption’s role in protecting user data but immediately pivots to criticizing the effects of strong encryption on state security forces.

    While water is great at quenching thirst, it also can kill a person if drawn into their lungs. Therefore, we demand that bottled water manufacturers make their water such that it can no longer drown someone.

    • Oh, yes, you're absolutely right! And while we're at it, everybody knows that large bodies of water can drown a person in a few seconds, so we'll need a ban on those, too! No more lakes or rivers allowed, they all have to be dried up and blocked off. Put up a 30 foot high wall separating France from the Atlantic, too, since the ocean is nothing but death waiting to happen! Everyone will have to have special permits and safety training/certification for the taps in their homes, showers are frowned upon, and
  • by ickleberry ( 864871 ) <web@pineapple.vg> on Tuesday January 12, 2016 @10:14AM (#51286379) Homepage
    WIll those be banned?
    • Also, strong passwords have been shown to hinder law enforcement from entering someone's account - which they promise they'd only do when approved by a judge and no they aren't crossing their fingers behind their back. Therefore, all passwords must now be "12345". As a bonus, nobody will ever be locked out of their luggage ever again!

  • With software encryption, you'll still be able to do what you want.

    • And with a pre-arranged language like the Navaho Codetalkers it doesn't matter if someone listens in, it's futile to decode for someone not knowing the language and context.

    • by AHuxley ( 892839 )
      Software sits on hardware so the weak junk hardware will just allow France to get any "software" layer plain text, voice, data before OS application level encryption.
      The hardware will always report your ip, and log, collect or allow a trap door, back door. Any software allowed on top is just bait to make a user think they have something creative and useful.
  • Dear France: (Score:5, Insightful)

    by seven of five ( 578993 ) on Tuesday January 12, 2016 @10:27AM (#51286505)
    Yes, please be the guinea pig and backdoor your encryption. Then when your banking system collapses because some idiot leaked the keys, maybe it'll light a lightbulb in governments elsewhere.
    • Re:Dear France: (Score:4, Insightful)

      by GlennC ( 96879 ) on Tuesday January 12, 2016 @10:53AM (#51286733)

      Yes, please be the guinea pig and backdoor your encryption. Then when your banking system collapses because some idiot leaked the keys, maybe it'll light a lightbulb in governments elsewhere.

      I'm afraid that you're giving other governments too much credit.

      They'd look at France's failure as one of implementation, not of concept.

      • They'll arrest those that expose the idiocy in the implementation and the harebrained concept and consider the whole deal safe again.

        Why should It be different this time?

    • Who would be responsible if someone suffers financial harm due to their phone being compromised by criminals using the government-mandated "backdoor"? Could the French government itself be sued for damages in that case?

  • - Convince one large-ish nation to ban effective cryptography.

    - Monitor incoming and outgoing communications

    - Compare the weakly encrypted (decrypted therefore) with the strongly encrypted data.

    - Improve your systems to be able to break the strongly encrypted data.

    - Government!

    • by johanw ( 1001493 )

      This is called a known-plaintext attack and does not work against decent crypto algorithms.

  • by Blaskowicz ( 634489 ) on Tuesday January 12, 2016 @10:38AM (#51286593)

    You know what, if you want to defeat terrorists, try to not provide them with weapons and political support for a start.
    We got these blow back attacks because France has supported terrorism as a geopolitical weapon against Syria, among other state sponsors of terrorism such as Saudi Arabia, Qatar, Turkey and the US.
    So don't support terrorism and let Syria defend itself if you don't want terrorism.

    • by johanw ( 1001493 )

      Most terrorists in the west are 3rd generation muslim immigrants. Lets not create a new generation of 3rd generation muslims and kick out all new ones who want to enter.

  • by kheldan ( 1460303 ) on Tuesday January 12, 2016 @11:18AM (#51286887) Journal
    ..then only criminals will have strong encryption. Why can't idiot politicians see this!? Legislation like this will do ABSOULUTELY NOTHING to prevent terrorism, it will only curb freedom of speech and the real security of honest, law-abiding, non-terrorist citizens!
    • by gsslay ( 807818 )

      You are working under a mistaken belief of the purpose of the legislation. Terrorism prevention is just the flag of convenience it's currently sailing under.

      • That also goes without saying.. but the average citizen won't listen to that, all they'll hear if you try is 'conspiracy theory nutjob', so we have to point out how stupid it all is and wake their sheep brains up so they'll complain and maybe we can stop asshole politicians from destroying everything.
  • I'm serious. The countries should pass the laws

    We live in a society that is ruled by money first. These countries should pass the laws, and the major players in the system (Apple, Google, Samsung, Sony, etc), should simply pull the products out of the country. They would take a hit to the wallet for a VERY short while, but would give those major players a HUGE advertising campaign to run on - "We won't give up your privacy".

    Top tier products disappearing alone would piss off the populations in most count

    • by tnk1 ( 899206 )

      The major problem is that most of the markets don't actually care about privacy in these contexts. Your standard iPhone user wouldn't know privacy from their privates.

      Yes, everyone agrees that losing privacy is bad, but rarely does anyone know what that entails except for a relatively small informed group.

  • How can you you make hardware that will automatically backdoor an arbitrary software crypto implementation that has no backdoors. Sure this would make it harder to use conversations in games on PS4 and XBOX1 as a means of talking in secret, but that is about it.

  • So companies would face two paths. One path is that their products must meet French laws or maybe it would be better simply to not offer the products for sale in France. It is obvious that individual nations, usually, must not be in a position of regulating foreign- made devices. Obviously some nations are off the wall, mad dog, crazy. Would you like Somalia determining how your cell phone is built?
  • They're happy to build in backdoors to all equipment supplied to France.

    Seriously, hardware manufacturers could simply put backdoors into equipment destined from France, and depending on the laws where the device is made be obliged to provide access to other governments when required by law. Meanwhile, anyone buying a device elsewhere would still have no backdoor and bring it into France if they want secure communications. Software services would be harder to localize given the ability to use VPNs and the n

  • Genesis (Score:4, Insightful)

    by Impy the Impiuos Imp ( 442658 ) on Tuesday January 12, 2016 @11:47AM (#51287111) Journal

    There are people still alive in France who remember European governments that would have used this to spy on political opponents, and track and kill them. One still exists, reborn from a brief democratic interlude.

    One should look in the long term and deny government certain powers out of principle. We have lots of evidence of historical democracies disappearing because they needed to have emergency powers (Rome, Greece, 1930s Germany) and zero evidence for long-term survival of them.

    • by tnk1 ( 899206 )

      Actually *France* has a long history of losing their government to emergency powers and the like. They don't appear to have learned their lesson, or they don't actually care. Starting to think its #2.

  • Then only terrorists will have secure communication capabilities.

    It is easy to hide messages in large photo images and not be able to tell whether there is actually any hidden data in the photo.

    Governments think organized criminals & terrorists are stupid.

    • Agreed. A long time ago (15 years ?), encryption in France was limited to a certain number of bits. This was a real annoyance for any government / educational / company because they had to use specially-weak software (remember ssj instead of ssh ?) while everyone else did not care.

      That was the stupidest thing to do.

  • to help identity thieves gain access to everyone's phones. Because there aren't any criminal organizations that will EVER find these back doors as well, and everyone on the planet is far too moral to exploit mandatory security holes.
  • ...that the set "conservatives" has a relatively small intersection with the set "smart people". How else does one explain the fact that anyone who knows anything at all about encryption and information security (almost exclusively "smart people") knows that back doors such as those being proposed are a colossally bad idea?
  • Jumped the Shark (Score:5, Interesting)

    by bravecanadian ( 638315 ) on Tuesday January 12, 2016 @11:55AM (#51287191)

    Why is it that "conservatives" in so many countries have completely lost their minds?

    • It's the human condition, 90% of us are barking mad.


    • by tnk1 ( 899206 )

      They haven't lost their minds. Playing to fear is a standard political tactic. It gets votes. Why wouldn't they use it? They'd be stupid not to.

      Oh, you mean that it is counterproductive and causes more problems than it solves? Well I'm sure that they believe that once they are in power, it will be temporary.

  • Ils sont fous, ces Français....

  • Lets assume the French get the phone manufacturer to put a backdoor, the UK will surely want that. So is the US. I assume control-freak China will want that too. After that all countries will have their own backdoor with their thousands of operator who have access to that.
  • Encryption is just math, attempting to legislate math is like tying to legislate gravity or the speed of light.

    • by tnk1 ( 899206 )

      Yes, but it is very easy to discover. Right now, if something is encrypted, you can't read it, so you can't prosecute for the content of the encrypted text.

      Under this law, you get prosecuted if it is encrypted and they can't read it. It doesn't matter if it is your shopping list or not.

      A law to control encryption means that as long as they can identify a file as encrypted, you could go to jail just for having an encrypted file they can't break.

    • The speed of light will be a certain number of meters per second no matter what (that's the definition of the meter), but the legislature can still set speed limits that are far under lightspeed.

  • Only outlaws will have encryption. And you won't be able to recognize it as such, it'll come in the form of steganography, or code talking that looks like mundane communications. The whole anti-encryption thing is a boondoggle, and only helps to catch the low-hanging fruit, that which is too stupid to even try to cover their tracks. And that's even if they have the time and energy to scan every piece of data for that low hanging fruit, to find the needles in the haystacks. The recent attackers in F
  • This is just a few conservatives sponsoring a bill. How many times have we been laughed at for Pi = 3 or teaching the Fred Flintstone theory of evolution.

  • Please do! Don't hesitate, can we somehow support you?

    France bugs out of the data center business and pretty much nixes its cloud storage industry. If only some other European countries could follow, we could become the data center of Europe!

  • Which terrorists will this stop? The cats out of the bag on strong encryption. You can force every hardware manufacturer to sell machines pre-installed with weak encryption, and nothing stops terrorists (or anybody) from replacing this software with strong encryption. You can't stop the spread of strong encryption because it's math.

    The best you can hope for is to mandate that every citizen allow you to read their personal data, and hope that the ones that refuse are the terrorists.

    And even if that someho

  • "France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers"

    No, fuck law enforcement officers in this regard.

    They exist to serve and protect the citizens, but all government agencies everywhere have forgotten this...

  • France must take the initiative and force device manufacturers to take into consideration the imperative of access for law enforcement officers, under the control of a judge and only in the case of an investigation, to those devices.

    The only problem is that there is no such thing. Asking for government-only access to decryption is like asking for government-only access to perpetual motion, you know, in case we run out of power from other sources.

  • This just in......French Conservatives Push Law To Make Pi Equal to 3.0

    Next up, French Conservatives Push Law To Make Kids Turn That Darn Music Down

    French Conservatives Push Law To Stop People From Thinking Bad Thoughts

Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN.