France Rejects Controversial Encryption Backdoor Provision
Digital privacy advocates have saved encryption in France once again, as Members of Parliament (MPs) finally rejected a controversial provision to create a backdoor for law enforcement. The infamous Article 8 of the proposed Drug Trafficking Act, which was passed by the Senate earlier this year, would have required all encrypted messaging apps and secure email services to decrypt user data upon an authority's request.
The decision to preserve people's privacy and security is certainly a victory for the tech industry. However, as Hanna Bozakov, press officer at Tuta Mail, warned: "We must keep fighting for privacy and keep raising our voices – as long as there are still politicians trying to break encryption." Bozakov emphasized that the dangers of an encryption backdoor cannot be overstated.
Previously passed by the Senate, the bill aimed to create a strong framework to investigate drug trafficking crimes. However, requiring the installation of encryption backdoors into popular services like ProtonMail, Signal, and WhatsApp has attracted strong criticism from experts and lawmakers alike. Encryption refers to scrambling data into an unreadable form to prevent third-party access.
End-to-end encryption is a crucial feature used by messaging apps, secure email services, and other tools like VPNs to protect data in transit by keeping it private between the sender and receiver – end to end. As cryptographers and other experts have long argued, however, it's not possible to create an encryption backdoor that only good guys can exploit.
"A backdoor for the good guys only is a dangerous illusion," said Matthias Pfau, CEO of Tuta Mail. "Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cybercriminals and hostile foreign actors." Pfau emphasized the importance of preserving end-to-end encryption to ensure the security of users' data.
In 2016, France also rejected an amendment to its Digital Republic law requiring the creation of an encryption backdoor. The provision was introduced as an attempt to fight against terrorism but was deemed a "vulnerability by design" by France's digital minister at the time, Axelle Lemaire.
As the Global Encryption Coalition warned in an open letter published on March 4, a backdoor would have also weakened the French messaging app Olvid, which was officially certified by the country's cybersecurity agency and recommended to French ministers and government officials. Considering the Salt Typhoon hack in the US – which sparked a warning to switch to encrypted services – and France's concern for Russian alleged cyberattacks, "the reliance by the French government, citizens, and businesses on end-to-end encryption to keep themselves safe and secure has never been greater," noted experts.
The National Assembly eventually listened to concerns from the industry and scraped the encryption backdoor requirement in the bill on March 6. Despite the widespread criticism, however, France's Interior Minister Bruno Retailleau confirmed his support for the encryption backdoor provision as a necessity to ensure "maximum efficiency" in combating organized crimes.
"I am worried that politicians still do not understand anything about cybersecurity – even though there are enormous foreign threats right now targeting our societies mainly from Russia and China," Bozakov from Tuta Mail told TechRadar. France's attempt to undermine encryption may have been halted once again, but the country isn't alone in pushing to pick the lock of encrypted communications to facilitate criminal investigations.
Side-client scanning is just an encryption backdoor but with a fancy name. These plans have already attracted strong criticism from the tech industry, with Signal President Meredith Whittaker reiterating that Signal would rather leave the country than undermine its encryption protections.
Stay Safe Online
Worried about DeepSeek? Google Gemini collects even more of your personal data. Stay informed and up-to-date with the latest security software and cybersecurity news.
Got a story, tip-off, or something tech-interesting to say? Reach out to Chiara Castro at chiara.castro@futurenet.com