July 31, 2017
The political landscape in France is worrisomely ripe for the enactment of new laws or policies that could undermine the security of encrypted products and services in the name of national security. Since the tragic November 2015 terrorist attacks in Paris, France has been in a state of emergency that has been renewed five times in the face of continuing terror incidents. During this period, in 2015 and 2016, the French Parliament aggressively expanded the government’s surveillance and lawful hacking authorities, expanded penalties for failure to comply with an existing law allowing for compelled key disclosure in criminal investigations, and created a new mandatory key disclosure and decryption authority for use in intelligence investigations. However, French lawmakers have not (yet) passed any law that would clearly require providers of encrypted products and services to redesign their secure services to ensure government access on demand, which would effectively ban strong encryption products without “backdoors” for surveillance.
However, the French Parliament came dangerously close to passing a backdoor mandate in 2016 as it debated a range of anti-encryption proposals, including one that failed by only one vote in the National Assembly. Bills that could have mandated backdoors—supported by a David vs. Goliath narrative where France stands up to the massive Silicon Valley companies that put their profits ahead of France’s security—were headed off in part by the interventions of key leaders in the Socialist Party which controlled the government at the time. But times are changing. Now, France has a new president, Emmanuel Macron, who has taken an aggressive stance on encryption and allied himself with U.K. Prime Minister Theresa May, another hawk on the issue. Meanwhile, French law enforcement officials continue their multi-year push—including in the New York Times and at the EU level—for legislation that would ensure that they can always obtain the encrypted data they seek. Under these conditions, it seems that the encryption debate in France is just beginning—and could end abruptly in favor of backdoors in the face of another major terror attack.
ABOUT THE SERIES
The right to use strong encryption technology—like the encryption that secures your iPhone or protects your Whatsapp messages—isn’t only under political attack in the United States. Governments in the United Kingdom, Germany, France, and other European countries have recently taken steps toward undermining encryption. In particular, a range of government stakeholders have been pressing for service providers to re-engineer their encrypted products so that they always hold a key to their users’ data—often referred to as a “key escrow” scheme, or “exceptional access,” or a “backdoor”—or to simply not offer such products at all.
Although these local debates have engaged a wide range of policymakers, privacy advocates, and internet companies, they’ve been taking place largely in isolation from each other, with limited sharing of information, arguments, and advocacy tactics between those countries’ policy communities. These papers will fill in some of those gaps by mapping the legal landscape and political dynamics around encryption in various European capitals. This is the third of these papers, focused on the encryption debate in France. The other papers in the series cover the encryption debates in Germany and the United Kingdom.