Sigh ... c'est la vie: France mulls mandatory encryption backdoors
Europe at odds over secure comms
The French Parliament is considering adding a requirement that tech companies must be able to break encryption on products used within its borders.
In September, the French government asked citizens for feedback on an omnibus "Digital Republic" bill that would update its laws for the online age, including rules on open source, net neutrality, and a "digital death" provision governing what happens to your data after you die.
After the mass murder in Paris in November by gunmen, the gendarmes called for tighter controls of Wi-Fi and the use of Tor, but were slapped down by the politicians. Now an amendment has been proposed for the Digital Republic bill that would require technology vendors to allow the police privileged access to communications.
"Equipment manufacturers must take into account in their structures the need to give the police as part of a judicial inquiry and after authorization by a judge, access to hardware," reads Amendment CL92, published last week.
"France must take the lead by requiring equipment manufacturers to consider the imperative of access by police and gendarmes, under the supervision of a judge and only in the context of a judicial inquiry, to these materials. The objective is to avoid individual encryption systems that will further delay the investigation."
The draft amendment doesn't specify how this goal could be achieved, but offloads that problem onto technology firms. To date, there's no evidence that encrypted communications were used in the Paris attacks; indeed, it seems the attackers coordinated by open SMS messages.
The proposed changes – which are still being debated – won't be popular with technology companies or their users, and puts France at odds with other European countries. The Dutch government reaffirmed earlier this month that it favored strong encryption and would not require backdoored (and thus insecure) code.