France Rejects Backdoor Mandate (eff.org) 10
The French National Assembly has rejected a controversial provision that would have forced messaging platforms like Signal and WhatsApp to allow government access to encrypted private conversations, lawmakers voted Thursday night. The measure, embedded within anti-drug trafficking legislation, would have implemented a "ghost participant model" allowing law enforcement to silently join encrypted chats without users' knowledge.
Some sanity in world (Score:5, Insightful)
The EFF is being too polite (Score:5, Informative)
"The founder of Session, an encrypted messaging app, recently moved from Australia to Switzerland—or more precisely, he fled.
The sudden move came after police unexpectedly showed up at an employee’s home, with the founder pointing to Australia’s increasing hostility toward privacy-focused technology as his reason for leaving."
The "Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018" of Australia essentially empowers the government to act the same as the UK: Demand a communications/storage provider build a back-door into their products.
Technical Capability Notice: ... notice requiring the communications provider to build a new capability. Once built, ASIO [The Aus. version of the CIA is split into 2 departments: This is the analysis side.] or an interception agency can seek assistance ...
French intelligence didn't have enough dirt! (Score:2)
Amazing; one would expect such a bill to sail through because the spooks would have plenty of blackmail material on the resisters. Of course there may be a sudden change of heart by many in a few weeks... Wouldn't that be strange?
No, this is not a win, it's a pause (Score:2)
As far as I know, France does not have a law that prohibits resubmission of rejected legislation again and again. Until such a law is in place, there is a risk that this tactic will be tried.
How is it financed? (Score:2)
I just read thru the Oxen annual report, quickly, on a phone. Still not clear. I won't click on any "learn more" buttons without knowing where it goes.
I guess they are funded with unicorn farts and happy thoughts?
Extracts from the debates (Score:4, Informative)
The proposal was introduced by deputies Marleix, Lefèvre, Midy. It is highly supported by minister Retailleau.
DEBATES
Olivier Marleix (Republican Right) -- Nothing justifies a difference of treatment between operators of telephony and cryptographic messaging. The latter are free from any obligation of cooperation with the public powers, while they support all traffics
Mathieu Lefèvre (Together for the Republic) -- Part of this Congress shows a troubling ingenuity in refusing the interception. Where are public freedoms where narcotraffickers use cryptographic messaging to hire hitmen, sell drugs and sow death among the youth?
Paul Midy (Together for the Republic) -- The comprehensive rewrite of article 8ter responds to these legitimate fears. The technological solutions would not weaken cryptography by creating backdoors. The technological solutions would be validated by a technical commission ensuring they meet the constrains, which is that the non-criminal population has a good quality of cryptography on messaging. It is also not generalized surveillance. The techniques would only be used for specific individuals, after approval from the national security commission, and upon authorization of the Prime Minister.
Aurélien Lopez-Liguori (National Rally) -- Your intention -- fighting drug traffic -- is worth of praise. But for this, you intend to obliger secure messaging systems to weaken their cryptography. You will weaken the security of companies, institutions, and of the population. Creating backdoors and ghost users creates an entrance for intelligence services, but also for hackers and foreign governments. We propose to replace this amendment and oblige the platforms to collect certain unencrypted data -- and only these ones -- in particular connection data.
Pouria Amirshahi (Ecologist and Social) -- I understand Mr. Marleix wishes us to take into account that narcotraffickers have moved to cryptographic messaging. But if you penetrate messaging used by regular users, such as Whatsapp, Signal or Telegram, you weaken their security. The platforms highlighted this risk and it would be a pity to see them leave.
Sébastien Huyghe (Together for the Republic) -- The Americans are doing it!
Pouria Amirshahi (Ecologists and Socials) -- Narcotraffickers understood this risk since they created their own messaging systems.
Arthur Delaporte (Socialists) -- Mr. Midy says experts dont agree. But all operators, smartphone manufacturers, providers of information systems, and designers of secure messaging that we have met told us that they are not in capacity to satisfy the requirements that your amendment plans for.
Olivier Marleix (Republican Right) -- Stop listening to the lobbies!
Arthur Delaporte (Socialists) -- If you tell criminals that you can require Whatsapp to give data and spy on their conversations, what will you get? A move towards applications that you can't require to follow this law.
Sandra Regol (Ecologists and Socials) -- Big traffickers are using disposable phones and have their own messaging systems being developed. Those using the messaging systems open to the public are the least dangerous. Mr. Marleix, you said that the companies which develop these messaging systems refuse to help France and only deal with the US. But the facts don't agree. To take only one example, Meta, which owns Whatsapp, receives 30,000 requisitions yearly from France. The platforms already give data to French investigators. What you want to set up is a weakness in the messaging systems that everybody uses
Ugo Bernalicis (France Unbowed -- New Popular Front) -- This debate is incredidble. Mr. Midy is saying "give it a try!" What a lack of seriousness. We are talking about a text tha could allow to enter any conversation based on a suspicion of the intelligence services. The National Rally, which does not oppose these dangerous techniques, proposes to only get metadata. But this is already done. How do you think Mr Amra was captured? [esc
Greece say yes! (Score:2)
Yes, But Greece accepted due to historical familiarity with back doors.
Code Golf Exercise (Score:3)
You may use CryptoJS or similar for free.
Write an end-to-end encrypted messaging system requiring only a LAMP stack as its backend, in as few lines of PHP+JS+HTML possible.
Well, of course . . . (Score:2)
French women expect it to be their choice.