French Parliament Votes For Law That Would Put Tech Execs In Jail If They Don't Decrypt Data
from the goodbye-computer-security-in-france dept
Okay, this is just getting silly now. A bunch of reactionary French politicians have voted to put tech execs in jail if they refuse to decrypt data for criminal investigations:
The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine.
Telecoms operating companies would be liable to lesser penalties but would still face up to two years in jail.
Of course, this comes at the same time that basically the entire tech industry is rallying in support of Apple’s stance of refusing to hack into its own systems to remove security features and make it easier to decrypt data. And it’s coming right as the world was ridiculing Brazil for arresting (and then releasing) a Facebook exec for refusing to hand over data from subsidiary Whatsapp.
This kind of move is so stupid on so many levels that it defies any kind of logic. It’s bad for security, because weak encryption puts us all at much greater risk than the threat of terrorists or criminals using encryption (in part, because this kind of thing won’t stop them from using secure encryption, and in part because those threats are very low probability risks). It’s also bad for the economy, because you’ve just given a ton of important tech companies every reason in the world to no longer operate in France due to such a ridiculous law that may put execs in jail. It’s bad for the public in that it will mean less secure services and devices that put them at risk, while also potentially cutting off more innovative and useful products and services.
This is the kind of kneejerk reaction from people who are too ignorant and too scared to understand the actual technology and the actual issues at stake. Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?
Filed Under: backdoors, criminal, encryption, execs, france, jail
Comments on “French Parliament Votes For Law That Would Put Tech Execs In Jail If They Don't Decrypt Data”
Mandatory 'Golden Keys' with one law
Bad for security.
Bad for the economy.
Bad for the public.
One guess as to who benefits from such a law. Figure that out and you figure out the most likely source of the push for it.
If there’s a hefty fine and jail time in the wings for refusal to hand over decrypted data, then it becomes effectively legally impossible to offer security that a company cannot break themselves if ordered to do so, which means that no matter how far the tech advances, there will always be at least one glaring vulnerability in the security employed and the products sold in any country with a law like this.
Re: Mandatory 'Golden Keys' with one law
It’ll be like the secret sauce scene in Fast Times at Ridgemont High, except with companies knowing each other’s security vulnerabilities and neither being able to legally close them.
Brad: Okay, here’s your preparation stuff. You got your sliced tomatoes, shredded lettuce, secret sauce.
Guy: What’s the secret sauce?
Brad: Thousand Island dressing. What’s the secret sauce at Bronco Burger?
Guy: Ketchup and mayonnaise.
And that will become:
Joe: What’s Microsoft’s vulnerability?
Andy: It’s [insert tech jargon here that I can’t fake here]. What’s Apple’s vulnerability?
Joe: It’s [insert more tech jargon I can’t fake here].
One ring to rule them all.
Because most technically competent people do not want to go into politics. They are usually of the opinion that cooperation rather than coercion is the way to do things, and cooperation does not fly when it comes to politics, but rather gets them ridiculed for not having a definite answer to a problem.
Why idiots keep getting voted in.
I think Douglas Adams put it best.
“So,” said Arthur, hoping he wasn’t sounding ridiculously obtuse, “why don’t people get rid of the lizards?”
“It honestly doesn’t occur to them,” said Ford. “They’ve all got the vote, so they all pretty much assume that the government they’ve voted in more or less approximates to the government they want.”
“You mean they actually vote for the lizards?”
“Oh yes,” said Ford with a shrug, “of course.”
“But,” said Arthur, going for the big one again, “why?”
“Because if they didn’t vote for a lizard,” said Ford, “the wrong lizard might get in. Got any gin?”
(Mind you, the same would be true of my own government…)
Re: Why idiots keep getting voted in.
In the ’50s, if you didn’t understand how TV, radio and the telephone worked, then at least you knew someone who did.
Now knowledge in the sciences has become so vertical that it takes a lifetime to understand what is half way to the hemorrhaging edge. Fifty years ago I did investigatory work in Quantum Mechanics. Today I don’t have a clue as to what is going on. Quantum entanglement, quantum computing, qubits, and more?
My dad went to NYU for engineering. One of his chemistry labs was beating flour and water in a cloth sack to demonstrate the formation of gluten. I laughed at this. When my daughter was in 9th grade she was being taught concepts I didn’t hit until grad school (minus the math.) An interesting question is just how much can the mind hold?
People fear what they do not understand. The Salem witch trials are repeating. Italian scientists went to jail for “failing” to predict an earthquake. Now tech execs are going to jail. How long before they are dragged into the streets for lynching?
Re: Why idiots keep getting voted in.
I think this quote from Douglas Adams is even more on point:
It is a well-known fact that those people who must want to rule people are, ipso facto, those least suited to do it… anyone who is capable of getting themselves made President should on no account be allowed to do the job.
While it is limited to discussing the President, I think it applies to pretty much any elected official.
Re: Why idiots keep getting voted in.
Because we don’t get a “none of the above” option.
For all elected offices, not just president.
I can’t remember in the past few decades any election where even one candidate was honorable; I feel like I’m voting for the lesser of evils.
Re: Re: Why idiots keep getting voted in.
I think we all feel that way. The choices are usually bad and worse.
Re: Re: Why idiots keep getting voted in.
Was it Jerry Garcia who said that if you vote for the lesser of two evils, you are still voting for evil ?
Re: Re: "Do you want to be shot in the left leg or right? 'Neither' is not an option"
Oh if only. Picking the lesser of the two evils would be an improvement over how it is a lot of the time, where it’s not ‘greater’ vs lesser’, and is instead ‘what flavor of evil do you want?’.
Re: Re: Why idiots keep getting voted in.
You can write in none of the above. It will count the same as any write in vote. If enough people do it, politicians might take note of it.
I’m planning on voting for Bill the Cat in 2016. Please join me, or vote for Mickey Mouse or Honest Gil. It really doesn’t matter, it will just be counted as write in.
Re: Re: Re: Why idiots keep getting voted in.
I still don’t know who the actual candidates will be, but I rather suspect that I’ll be voting for R. U. Sirius this election.
this has nothing to do with terrorists or even crooks.
this has to do with according ordinary people no opportunity to communicate without federal agents listening in. that it opens the door for terrorists and crooks to do likewise is not the reason for doing this nor is reason to not do this.
Yet another European country no longer worth visiting. Its sad that countries that historically were anti-citizen are looking much more appealing to visit.
Answer:
Citizens continue to allow ignorant scared people to make such blatantly bad rules because they don’t know any better. They are, largely, ignorant and scared too.
Fear it seems is a good way for governments to grab more control over the people they are supposed to serve. Here in the US, we have plenty of similarly bad rules and laws bred from ignorance and fear. For example, we’ve been given things like DHS, the TSA and NSA mass surveillance of Americans “because terrorism”. This is a problem not unique to France.
hahahahaha
How about someone compile a list
I would like to see a list in standard form that everyone can understand that documents the government employee and what they have voted for/done against the citizens. There will be prosecution in the future and there needs to be a simple list that shows what the leaders have done. The average citizens doesn’t remember getting crapped on 10 minutes after a senator/president/dictator does it to them.
Liberté, égalité, fraternité my ass. Let every radical fool into a country without vetting them and see what happens….
Now we see a governments irrational response to it’s own incompetence.
Re: Re:
“without vetting them”
Uhhhh, nope. Try again, troll.
https://youtu.be/7U-t3GetV_Q
Because the vast majority of these citizens are just as ignorant about why strong encryption is important to a technological society as the politicians trying to pass these laws–and like these politicians they have no desire to learn anything about it–so like these politicians they are easily exploited by those who want to undermine these systems–who for the most part are probably just as ignorant as to why this is a bad idea as everyone else.
I know it’s very cynical of me, but in my view the world is run with a recursive cluster—- of ignorance and stupidity.
Because civilian crypto is more corrosive than fraud, pollution, graft, espionage, etc.
I get the feeling from all of these kinds of demands that this is driven by some sort of bizarre collective need for reciprocity. My thinking is that legislators are being so grey-mailed by data brokers that it is looking for some payback.
What is bizarre is that in most cases, that grey mail is sourced for violations of civil rights the state is compelled by sovereign duty to protect.
The question then becomes: “Why; in consideration of the legal leverage already available by simply executing the law rightously; legislators endeavor to emulate the most psychopathic corporate executives in the world?”
Or in a nutshell, RTFM you oafs. Rev 1.0 was written in France in 1791, and in the U.S. in 1789. Everything you need to know, is right there. Stop calling meetings. We don’t care how cool you are. Just focus on the fundamentals, and do your damned job.
Re: Because civilian crypto is more corrosive than fraud, pollution, graft, espionage, etc.
Oh, come on… you KNOW that any v1.0 will have bugs!
More to the point, those critical freedoms, those bill of rights amendments are only outlined in the constitution. Precedent set by the courts creates the practical shape of those rights.
Is dancing ‘free speech’ ? Is flag burning? Is computer code? The constitution says “speech”, not “acts”, in those words on paper. It is precedent you have to thank for your freedom to burn flags.
… and also for regulation of dancing, the long disclaimed “fire in a theater” metaphor, the “death-by-inches” of abortion clinic legislation, etc. It’s not all good, not all bad.
Those sneaky French politicians are trying to get this passed before their public becomes more aware. Glad to know the US is not exclusive to scummy weasels.
Re: Re:
To godwin it, looks like this is the nazis legacy of high officials being allowed into the various victorius governments after the war was lost by them.
“WE lost the war, but our ideology won in the end”
And what if the encryption is too strong to break? What if the password is too long and nobody can break it… then what? Put people in jail because no computers exist that are powerful enough? How has this question not been brought up?
Re: Re:
Because when you issue the orders, it is up to other people to do what you command.
kneejerk mentality
I have no doubt that, if a company was stupid enough to add encryption backdoors, these same legislators would be screaming to blame the company when the backdoors backfire. The question is not whether those backdoors will be misused but when they are misused. We can be certain that the people demanding weakened security will not take responsibility for putting citizens at risk, so they will abuse their legislative power to blame someone else, of course.
Tourism Destroyed
I used to want to visit France. Wine country, Alps, food, the ‘romanticism of Paris’, Alsace Lorraine, many places highlighted in literature.
Now I seem to have forgotten them all.
Chill out guys...
The amendement was rejected last week by the Assemblée Nationale.
You should check your infos before writing something.
Investigative reporters use encryption.
Need I say anything more?
Rejecting Tech
Once all the executives that produce encrypted products and have some sort of office in France have been arrested, the criminals, terrorists, and citizens (it WILL be more difficult to tell the difference) will use encryption from companies that have no offices in France. Now they have destroyed a growing piece of the economy, at least growing in theory.
The IoT in France is going to be a lot of fun, for someone.
I can imagine the Keystone Cops competing with the Pink Panther for most ‘liked’ videos depicting the race to catch IoT enabled thieves. Lot’s of slapstick, little results.
I guess that from now on the French are going to have to communicate by training monkeys to wave cheese blocks and white flags in semaphore patterns.
So, maybe I'm the only one....
So, has anyone read the actual legislation? I don’t speak or read French.
The thing I wonder is:
The Guardian article states, “…stipulates that a private company which refuses to hand over encrypted data…”
So, does the legislation actually say, “hand over the decrypted data?”
This would seem to be an important distinction.
Quoting a comment over at Torrentfreak...
“Every time I hear mention of legislators and jurists in the context of contemporary science and technology issues, I am reminded that statistically speaking half the people you meet have below average intelligence. I suspect that something about the lure of the-power-to-legislate-or-interpret-laws may skew those numbers in favor of the shallow end of the IQ pool.”
To which I add that legislators and jurists are also most frequently the guys who studied non-sciencey and non-mathy disciplines ‘cuz those were MUCH easier to pass.
Shallow AND lazy.
“stipulates that a private company which refuses to hand over encrypted data to an investigating authority”
That doesn’t actually state they need to decrypt it….
when will France learn.
So the French seem to be mimicking America again but taking things to a new level without regard of the consequences.
America had a revolutionary war where we kicked out the British. France did the same thing to their existing government but went to the extreme of guillotining the ruling class.
America suffered terrorist attack on 9/11 then proceed to create knee-jerk legislation. France has a similar event but then go overboard on the replacement of freedoms and even encryption.
Re: when will France learn.
Not quite true, as after Napoleon they restored the Bourbons to power, with some limitation on that power, just like the English civil war led back to a restored monarchy, with some limitations on their power.
If you want to see just how messy revolutions can be visit http://www.revolutionspodcast.com/
They have no idea how encryption work. Good luck decrypting 4096 bit RSA keys.
Re: Re:
It is dead easy when the key is transmitted to some company key store, so that they can respond to requests.
I wonder what would happen, theoretically, if no one voted at all in political elections? Most candidates are completely corrupt and unfit anyway. But without the facade of election, they can’t pretend a democracy still exists. And they would have no way of knowing who would get the office. It might bring the entire machine to a halt, which could be just the thing we need.
Re: Re:
they could just lie and say enough people voted for the one they want in power
Re: Re: Re:
Then what happens when every single candidate claims this same thing at the same time? How would they figure it out then?
Lets do it..
Lets walk into the parliament..
And decrypt all their phones and tablets..
LETS bring in a List of every person they have called in the last year..
WHAT and WHICH encryption do you want to do/look at/decrypt??
The Phone, the Programs…
Even if you COULD get the Phone the customer Could of placed their OWN PROTECTIONS..
how ARE YOU GOING TO SORT IT OUT AND PASS BLAME..
Once strong encryption...
Once strong encryption is outlawed only outlaws will have strong encryption. Or in other-words, the mere possession of a copy of PGP/GPG/etc is grounds for immediate arrest.
i bet the French people are thinking ‘why the hell did my relations go and die trying to stop a certain country with certain views from instilling them on to the rest of the World when our own government is doing the same sort of thing to us now?? like the UK, France has condemned countries like China and Iran for their lack of freedom and privacy, now it’s doing exactly what those countries do, remove all freedom, privacy and security! it’s doing what terrorists do but under a different flag! and be sure of this, it isn’t to catch criminals or terrorists, it’s to keep a firm grip on what ordinary people do! after all, they have nothing to hide so they’re a hell of a lot easier to track!!
Re: Re:
they create the terrorists, setup the terrorist attacks, then benefit from all the fear and panic that comes of it to setup a closet police state.
Dictatorship 101.
‘Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?’
probably for the same stupid reasons that companies, industries etc are allowed to write self important rules that do nothing but harm to the various countries and peoples involved, while ensuring that their profits will continue to come in and, if needed, governments can be sued for more if they want! yes! TPP, TTIP and a dozen other trade deals are what i’m talking about! why has no government had the balls to say ‘NO’ to them?
Speaking of Europe and Cryptography
http://www.bbc.com/news/uk-35750127
If it can be used against someone ‘misusing’ it, it can be used against a legitimate user. Why is this so hard for some people to understand?
Re: Speaking of Europe and Cryptography
Because doing so would force them to admit that they were wrong, completely, and it’s a rare politician or ‘public servant’ that can manage a feat like that.
If nothing else it would require them to admit that they were saying things that they had no real knowledge about before, and once they admit that they’ve either lied and/or made factually incorrect statements before, that brings in to question future statements they might make.
The nation that gave us –
Right to be forgotten – Allowing predators to demand the world be blind to their crimes & actions making people less safe.
Draconian Copyright Punishments – while the leader of the nation violated copyright multiple times in commercial infringement.
It is so wonderful seeing the pandering to try and shore up their poll position. They give 2 shits about encryption, but they need to ride the wave that they helped create. They have learned nothing from their other championing of cause celeb and I hope it burns them all.
How much longer can they keep trying to turn the dial past 11 before it snaps?
Notable French Firsts....
First to successfully capture a fleet at anchor with cavalry officers (Den Helder – look it up!)
First to lose a war against Greenpeace (yea they blew up the Rainbow Warrior but lost the war)
And soon, first to criminally charge corporate executives for failing to decrypt data. I agree most corporate executives should be charged….just not with this!
How curious...
Every encrypted message my company is forced to decrypt is always the same: “This is the decrypted message that the French government wanted so badly. Here you go. Happy now? Fin.”