Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Encryption Privacy Security News Your Rights Online Politics Technology

French Bill Carries 5-Year Jail Sentence For Company Refusals To Decrypt Data For Police (dailydot.com) 190

Patrick O'Neill writes: Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports. The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail. M. Pierre Lellouche, a French Republican, singled out American encryption in particular. "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals."
This discussion has been archived. No new comments can be posted.

French Bill Carries 5-Year Jail Sentence For Company Refusals To Decrypt Data For Police

Comments Filter:
  • by Anonymous Coward
    Well the primary problem with this is how are they going to put a company in prison for two years?
  • carries a 5-year old to jail for the Crypt-Keeper? lost in translation, much?
  • by ArmoredDragon ( 3450605 ) on Thursday March 03, 2016 @09:01PM (#51633535)

    If they want access to encrypted data, just give it to them. If they need it decrypted, that's their problem.

    • by Dr. Evil ( 3501 )

      To: François Hollande
      Subject: Your Silkroad Bitcoins

      ==== Begin PGP Encrypted Message ====
      ...
      • I'm always wondering why we're still sending the subject unencrypted.
        • Why can't we encrypt everything except To and mail transit control headers? You can't hide encryption, so a "Subject: PGP Encrypted Message" and possibly "X-Header-Transit: PGP" would make sense. You could even include an X-Recipient-Key-Print to tell the MTA to add additional client-targeted headers (X-Mailing-List, etc.) as separate PGP-encrypted blocks, possibly encapsulated (encrypt the original PGP-encrypted message prepended with a MIME segment containing a header block), so the message always ships
    • by Worchaa ( 774320 )
      Great point-- give 'em total access to the encrypted data same as the FBI. If they have a problem with it, let the French take it up in US Courts. And let them pound sand for good measure in the process.

      If this causes Apple-- and other device manufacturers-- headaches selling in France, then so be it.

      Fair is fair. I personally applaud Apple for saying NO to unreasonable search and intrusion as an American citizen in US residence, even though it might likely bite them in the ass and cost them business

      • by sconeu ( 64226 )

        I personally applaud Apple for saying NO to unreasonable search and intrusion as an American citizen in US residence, even though it might likely bite them in the ass and cost them business.

        It may not cost them business. I'm in the market for a tablet, and was ignoring an iPad because of price. But with Apple fighting the Three Letter Agencies over this, I'm reconsidering. If others feel the same way I do, it might be GOOD for business.

        • by ptaff ( 165113 )

          Apple fighting the Three Letter Agencies over this

          Naïve. More and more "telemetry" is built-in in Apple operating systems, making user spying "legitimate". The iDevices constantly call the mother ship and "backup" your data on the iCloud. The iDevices are running proprietary software so random hacker cannot really tell what it does (are the camera/microphone on? you're sure?).

          Maybe you can prevent some of this data leak with a complex set of fine-tuned firewall rules, ensuring you never use anythi

          • by tlhIngan ( 30335 )

            NaÃve. More and more "telemetry" is built-in in Apple operating systems, making user spying "legitimate". The iDevices constantly call the mother ship and "backup" your data on the iCloud. The iDevices are running proprietary software so random hacker cannot really tell what it does (are the camera/microphone on? you're sure?).

            Maybe you can prevent some of this data leak with a complex set of fine-tuned firewall rules, ensuring you never use anything else than WiFi you control. You'll be one in a mill

          • Telemetry just means long-distance measuring.

      • Thank you for saying what I was thinking, but saying it better than I would.

        There is no way to outlaw math. You can outlaw sharing information. You can outlaw not sharing information. When the secret is out, and in this case it is, anyone can learn to do unbreakable encryption, then it is impossible to outlaw knowledge, and in this specific instance the secret isn't secret anymore.

        In this case the attempt is to make it illegal to fail to know something nobody knows. Nobody knows a way to decrypt something e

      • It's cute you think your constitutional rights are intact.

        Did you miss the bit about warrantless mass surveillance of the US people by the NSA?

        • "Did you miss the bit about warrantless mass surveillance of the US people by the NSA?"

          Which if it were really as good as you paranoids think it is, there would be no Apple controversy. Police agencies would be trying to lull terrorists and criminals into thinking there data is safe in iPhones, which they would be merrily decryptin. And there wouldn't be this global rash of ransomware attacks, because we would be able to identify where the threats were coming from and trace their Bitcoin transfers.

    • If they want access to encrypted data, just give it to them. If they need it decrypted, that's their problem./quote.

      My thought: "We have started work on decrypting the message. Lacking the private key, we expect it to be decrypted in 10^15 years. We'll let you know when it's done".

  • by BitterOak ( 537666 ) on Thursday March 03, 2016 @09:02PM (#51633539)
    Who exactly goes to jail? The CEO? The CTO? The employees who supposedly know how to decrypt the data? How do you establish who has that ability? Suppose no one has that ability. Suppose the devices are designed so only the end user can decrypt the data. Do you jail the engineers who designed such devices? Do you jail the retailers who sold such devices? How does this work? How does the government prove a specific employee at a company has the ability to decrypt the data, or in the alternative, how do they prove which individual was responsible for creating a situation where the data can't be decrypted?
    • by Tablizer ( 95088 ) on Thursday March 03, 2016 @09:04PM (#51633549) Journal

      Who exactly goes to jail? The CEO? The CTO? The employees who supposedly know how to decrypt the data?

      Jail em all and let God sort it out

      • by mysidia ( 191772 )

        Jail em all and let God sort it out

        Bind their hands and legs and toss them in Lake Guerlédan.

        The ones that drown were innocent..... those that manage to float or get to the surface are guilty, so lock them in prison for life and throw away the key.

    • The universe, apparently, for making the mathematics of encryption possible.

      Some day, maybe, we will begin voting for politicians who have the vaguest fucking notion about the real world.

      • by 93 Escort Wagon ( 326346 ) on Thursday March 03, 2016 @09:27PM (#51633635)

        March 3, 2015 (Reuters) - The French Assemblée Nationale today issued instructions to Juge D'Instruction Claude d'Monet, ordering that he determine the being or beings responsible for the existence of the mathematics of encryption.

        d'Monet subsequently issued a Warrant and Order to Appear to God, declaring that failure to appear by the 15th of March would result in a summary declaration of contempt, an order for His arrest, and possible forfeiture of the universe.

        Police have attempted to serve this warrant at the Notre-Dame de Paris several times, but without success.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Man, France must be an awesome place to live. Their strict gun control guarantees that nobody ever gets shot there, and now this law will guarantee that they will be safe from terrorists and drug traffickers too!

      And obviously their government is benevolent and never abuses its power.

      I am so moving there.

    • The fundamental thing to remember is that politicians and government employees are often extremely ignorant about technology, yet they think they can make decisions about technology.
      • Of course the real trouble is that legally and practically speaking, these people can make decisions about technology.

        They just happen to be very bad decisions, with potentially horrible consequences for everyone those politicians and governments are supposedly there to serve.

    • by Kjella ( 173770 )

      I'm guessing it'll be like the SOX act in US law where the CFO gets to sign a statement these fiscal numbers are accurate or I could go to jail for 20 years. How is he to know that? Not the lawmaker's problem. It's the company itself that must find good enough compliance mechanisms.

    • It would start with the CEO and work down and it would be tempered by ability. If the company cannot decrypt then it is a non issue.

      In the event of an order to decrypt, if the company has the capability then the CEO will be on the hook. If the CEO orders the person who actually has the capability to unlock to unlock it will move to that person if they refuse. If the company claims no ability then they would be subject to a search warrant which looks for evidence to say they did have the ability. Also if

      • It would start with the CEO and work down and it would be tempered by ability. If the company cannot decrypt then it is a non issue.

        In the event of an order to decrypt, if the company has the capability then the CEO will be on the hook. If the CEO orders the person who actually has the capability to unlock to unlock it will move to that person if they refuse. If the company claims no ability then they would be subject to a search warrant which looks for evidence to say they did have the ability. Also if the CEO says no they will go to prison but so will any other employee with the capability who also refuses.

        But the point of my question was how will the court know who has the ability to decrypt? Suppose the CEO says "Jones down in software engineering is the guy who can do this," and Jones says "Not me. I have no idea how to decrypt this. I think maybe Ted works on that stuff but I'm not sure." Who do they believe? What is considered sufficient evidence that someone has the know-how to convict them? If everyone in the company claims they can't do it, do they just jail the CEO by default?

        • Given it is a felony offence where people can be imprisoned they would raid the company for documents to show who would have the knowledge. There is no way there wouldn't be a paper trail.

    • According to the article, the employees can go to jail. Presumably you start at the top of the chain of command, go down the stack, and the first person to refuse will go to jail.
  • arrogance (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Thursday March 03, 2016 @09:02PM (#51633541)

    It is unacceptable that the state loses any control over encryption

    if you have such a hard-on for total control, you should NOT be part of any government.

  • Close Up Shop (Score:5, Interesting)

    by headkase ( 533448 ) on Thursday March 03, 2016 @09:08PM (#51633557)

    I would hope that corporations faced with these unreasonable demands simply close up shop in the country. Google CEO going to go to jail? Well, Google pulls out of France and has no presence. Good luck French people with your search queries. If a corporation caves to one country then it will just embolden then next country. Better to draw a line in the sand and tell them to fuck off.

    • I would hope that corporations faced with these unreasonable demands simply close up shop in the country. Google CEO going to go to jail? Well, Google pulls out of France and has no presence. Good luck French people with your search queries.

      Microsoft would gladly take their place.

      If a corporation caves to one country then it will just embolden then next country. Better to draw a line in the sand and tell them to fuck off.

      Considering the history of Microsoft, i think they would sooner give all the politicians of France weekly handjobs than lose a chance to gain ground on Google. Hell, they'd give every government access to everyone's desktops if it meant they were the golden boy again.

      • by ukoda ( 537183 )
        It would be interesting to see who would actually stay. I'm with headkase on this one, I think the right response is to close up shop and pull all products for the shelves. I think even just Apple doing it, making the iPhone unavailable to purchase, would be enough to start a backlash against such a law.

        It gets more interesting if the other major players join in and leave the country too. Anybody who stayed, like your suggestion of Microsoft, would be view with suspicion outside France as it would be
    • by nebaz ( 453974 )

      That's all fine and good, but then the people in that country no longer have access to the products that the company makes. That's a win for the country.

    • I would hope that corporations faced with these unreasonable demands simply close up shop in the country. Google CEO going to go to jail? Well, Google pulls out of France and has no presence. Good luck French people with your search queries. If a corporation caves to one country then it will just embolden then next country. Better to draw a line in the sand and tell them to fuck off.

      Yeah that worked well in China didn't it.
      http://www.baidu.com/ [baidu.com]

      • So, we should race to the bottom then? Cooperate with whatever crass demands those other shitty nations decide we should oppress with? Or actually act like an enlightened democracy and say we won't help you do your shit?

        • So, we should race to the bottom then? Cooperate with whatever crass demands those other shitty nations decide we should oppress with? Or actually act like an enlightened democracy and say we won't help you do your shit?

          I didn't say anything about giving in - I just said that leaving doesn't leave the hole in services that was stated or at least not for very long as that hole will be quickly filled by some other company who will give in.

          In the case of China I think they do it quite deliberately so that Chinese companies can take the market once the western company has been pushed out.

      • For starters, France does not have the economic pull of the United States or China. Secondly, businesses didn't leave China because of threats of jail time. The Chinese government propped up Chinese counterparts to most major web services. In the cases they didn't exist, China had them built. They then firewalled off the outside competition, leaving only the Chinese version accessible.

        My point is China intentionally cut out companies like Google and Facebook where in France's case it would be an unintend
    • by houghi ( 78078 )

      OTOH if a corporation dictates what a country must do, there is an issue as well.

    • by AmiMoJo ( 196126 )

      Google won't leave France over this or the billions they owe in tax, because it's too profitable for them. They will adapt their business practices and spend more money on lobbying.

      Don't worry though, this bill won't pass. We need to stop reacting to every stupid thing a politician says, and wait until there is some reasonable risk of it becoming law. Politicians say stupid shit all the time, no point getting worked up over it.

      • We need to stop reacting to every stupid thing a politician says, and wait until there is some reasonable risk of it becoming law.

        I disagree. The more they say the more the public gets acclimated to it and the more likely they are to accept it. We should take every opportunity to discredit and impugn these politicians as they will otherwise just keep this shit up until they get their way, remember SOPA, PIPA, what ever the hell replaced that?

  • by penguinoid ( 724646 ) on Thursday March 03, 2016 @09:17PM (#51633605) Homepage Journal

    They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists.

    The same argument applies to cars, guns, knives, shoes... all used by drug traffickers, criminals, and terrorists. Knife companies should be required to install a failsafe so that the blades can be remotely deactivated at the government's request.

    • Also cheese and wine. It's well known that a serious criminal once ate cheese and drank wine, so we should impose international sanctions on any nation producing such dangerous substances immediately, since clearly it is a haven for hardened criminals.

      • by dissy ( 172727 )

        Also cheese and wine. It's well known that a serious criminal once ate cheese and drank wine, so we should impose international sanctions on any nation producing such dangerous substances immediately, since clearly it is a haven for hardened criminals.

        Well you don't want the terrorists practicing tyromancy now do you? Then they would have ALL of our secrets!!

        It would be far better to ban cheese and mandate encryption purely to keep the terrorists in the dark.

    • The same argument applies to cars, guns, knives, shoes... all used by drug traffickers, criminals, and terrorists. Knife companies should be required to install a failsafe so that the blades can be remotely deactivated at the government's request.

      I know the geek loves this argument. But it is the lawmakers who get to decide when and where to draw the line.

    • They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists.

      The same argument applies to cars, guns, knives, shoes... all used by drug traffickers, criminals, and terrorists. Knife companies should be required to install a failsafe so that the blades can be remotely deactivated at the government's request.

      The difference being the level of control that the government has over cars, guns, knives, shoes, etc., all of which are physical items.

  • Without strong encryption in the hands of the people, criminals will be able to rob people blind, crack their bank accounts, use their credit cards.....

    Governments need to get it through their head that there is no electronic lock that can keep criminals out if the Government can get in.

    • by AHuxley ( 892839 )
      re 'Governments need to get it through their head that there is no electronic lock that can keep criminals out if the Government can get in."
      France has always had very good human informants. Most people in contact with, entering or exiting the French justice system get made an offer to become informants at some point. Refusing that nice request created new issues.
      Thats generations of interesting people who get turned into informants. They can go where cell phones would not be allowed or undercover poli
  • It is unacceptable that the state loses any control over encryption

    News flash - the state hasn't had control of encryption for decades. Even the US classifying encryption as a munition didn't do it.

  • by Midnight Thunder ( 17205 ) on Thursday March 03, 2016 @10:02PM (#51633803) Homepage Journal

    Companies should ensure all software sold to the French government have backdoors or have encryption weak enough to be useless, which uh would mean the French government wouldn't want to buy their software!?

    The above is trying to illustrate a contradictory scenario that in many ways may happen if companies try to follow the French law. Sure in the case of phones and communication it is intended at non-government parties, but where does that line cross?

    The other issue as we have recently seen is that enties of national interest will just use their own tools and the result will be a law that only hurts "law abiding" citizens.

  • FTA: "They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers...". So, encryption is mood-altering and addictive? Sheesh!

  • Proposal (Score:5, Informative)

    by manu0601 ( 2221348 ) on Thursday March 03, 2016 @10:21PM (#51633893)
    This is not a signed law, this is a proposal, from opposition. And even if it passes, it also need to pass in the senate.
    • Yes, but it is important to let people know just who is out there promoting laws like this. It is rare that you get to see politicians outright show their disdain for personal liberty, so please help raise every single instance of it up for everyone to see.
  • Anti-americanism (Score:2, Insightful)

    by jodido ( 1052890 )
    The real basis for this proposed law has nothing to do with encryption or drug trafficking or child molesting. It has everything to do with anti-americanism. He even says as much - it's about keeping US companies from having any influence in Europe.
    • by ukoda ( 537183 )
      From what I have seen from France over the years this could well be true, but not so much anti-American as anti anything not French.

      Serious question. Taken to the extreme and all non-French phone manufacturers pull out of France what would be left for consumers to buy? Are there actually any French companies that make phones still? There was Alcatel? Do they still make smart phones? I would love it if the companies got together with a united front and gave the politicians a lesson in public option w
  • by Cley Faye ( 1123605 ) on Thursday March 03, 2016 @10:26PM (#51633917) Homepage
    While this is alarming about the state of our legislators' technical knowledge, note that this is only a proposal by people that lack the voting power to make this become an actual law.
    But I pretty much like the other comments stating that "if you want access to encrypted data, there, you get all the encrypted data you want". It might be a good idea to coin this idea to other members of parliament to see if they can change the wording to that.
  • by PPH ( 736903 )

    ... the plaintext is all in French [youtube.com]

  • by grasshoppa ( 657393 ) <skennedy@@@tpno-co...org> on Thursday March 03, 2016 @11:12PM (#51634179) Homepage

    So I'll be the asshole who states the obvious...

    So let's pretend all companies, everywhere, comply with decryption requests. What do you think happens next?

    It doesn't take rocket science to realize that the next step...the very next step..is for the "bad guys" to go off and roll their own encryption, based on very well known standards.. And then..you're right back where you started.

    So, to the organizations who are fighting this, I say; let it happen. You have virtually nothing to loose. And, next week, when you are asked to decrypt something that you don't have any ability to, you can justifiably laugh in their fucking faces for being so fucking worthless.

    • So many bad guys though, aren't going to roll their own encryption. It's not like someone is going to think "I'm going to start committing crimes today, better change my encryption scheme". And those organized well enough to do so, will probably be under the gaze of the five eyes. It's somewhat similar to when a terrorist expert is asked why a dirty bomb has yet to happen and the answer is that to be the type of person to actually get a dirty bomb working requires a certain mental standard which prevents on
      • Companies will simply setup shop in encryption friendly countries and host your encrypted data for you. Now these governments are in an even worse scenario.

        The data is not only encrypted, but it is also located in another jurisdiction.

  • That's why Apple-style security, that is, security they can break but refuse to, is the wrong approach. When French or Chinese or Russian governments come calling, they will have no alternative to compliance.

    A computer system or phone is only secure if it is secure against adversaries with full access to source code and code signing keys.

  • Can we just completely scrap encryption already? I'm excited to see all of the government secrets leak out into public, and all of the lives ruined by medical and financial records seeping out into the public. By the time these fucking morons see the problem, it'll be way too late. The unfortunate side is the number of innocent civilians that will be screwed over dry and hard.
  • It's nice to know that stupidity is not exclusive to the US government.

    Absolutely nothing will stop 3rd parties from developing their own encryption software layer.

    What's next? Will Governments attempt to outlaw mathematics?

"A car is just a big purse on wheels." -- Johanna Reynolds

Working...