D-Day for the bill that seeks to force encrypted messaging services such as WhatsApp, Signal, Telegram or Olvid to install backdoors. As the text reaches the National Assembly's Law Committee on Tuesday, March 4, tensions are running high among opponents of the text. After the manufacturers of electronic devices (Afnum), after the Quadrature du Net, after the encrypted messaging services that positioned themselves against this type of obligation, it is Numeum who has taken up its pen, reports L’Informé, on Monday March 3.
In a letter published by our colleagues, the organization that brings together nearly 2,500 tech companies in France including Microsoft, Meta, Atos and Docaposte asks parliamentarians to delete, no more, no less, the controversial amendment.
As we explained to you at the end of January, the Senate adopted an article of the bill aimed at combating drug trafficking. Article 8 ter as introduced by the lower house would require encrypted messaging services such as Signal, WhatsApp, Telegram or Olvid to communicate conversations of their users to the French authorities and their agents, in the context of the fight against drug trafficking.
Until now, communications made on this type of messaging service are inaccessible to them, because they are "encrypted", only visible to their sender and their recipient, the only ones holding a key that allows them to be decrypted: neither the messaging service itself nor the police can have access to them. To put an end to this situation, the amendment would force these platforms to install “backdoors” in their encryption systems. According to the current terms of Article 8b, these companies would be required to “take, within a period not exceeding 72 hours, the necessary technical measures to allow authorised agents to access the intelligible content of the correspondence and data in transit”. Platforms could not escape it by putting forward “contractual or technical arguments or those that would obstruct it”.
A text much broader than indicated
For Numeum, the scope of the text is much broader than “what the explanatory statement indicates”, since it “would have an impact on the entire digital value chain”. The law would not only force encrypted messaging services to install backdoors – a technique decried by many experts and by the platforms themselves.
Opening the door to the investigation services of the justice and the police also means opening it to malicious individuals such as hackers and foreign governments, the organization points out. The latter cites in particular the case of these Chinese hackers belonging to the Salt Typhoon group who used backdoors, set up for American authorities, for espionage purposes.
But the controversial article would also apply to the "many intermediaries in the value chain - telecom operators, hosts, software publishers" lists the organization. From the moment the encrypted data passes through their services, the rule should apply.
And above all, the measure would call into question "end-to-end encryption, the cornerstone of security and trust in digital services", writes Numeum. Or "the right to encryption is an extension of the right to privacy enshrined in Article 8 of the European Convention on Human Rights", recalls the organization, which cites a jumble of decisions from several European authorities.
For Numeum, the text is "technically unrealistic, would facilitate cyberattacks, would contravene the European Convention on Human Rights, and would handicap many French digital companies." "In a context of heightened geopolitical tensions and increasing cyberattacks, should we weaken cybersecurity and undermine trust in digital services?", the organization continues to question, putting forward another option - that of strengthening the resources of the STNCJ - the national technical service for judicial recording, responsible for "legal wiretapping".
Clara Chappaz in full balancing act
In a message published on X on Monday March 3, Clara Chappaz, the Minister Delegate for Artificial Intelligence and Digital Affairs, called on parliamentarians to "rework" the article, the text being described as "too broad" and potentially "undermine essential principles: public freedoms, confidentiality of correspondence, and especially cybersecurity".
In a balancing act, the politician did not, however, condemn the text outright - it is supported by two members of the Government, Gérald Darmanin, the Minister of Justice and Bruno Retailleau, the Minister of the Interior. “Strengthening the resources of the intelligence services in the face of criminal networks (is) a security imperative that I fully support,” she writes. As a result, it is necessary to "find a balance", by "reconciling security imperatives and protecting digital trust", she continues.
The fact that Clara Chappaz describes the amendment as lacking "sufficient guarantees" has not failed to worry some specialists on the subject, for whom no guarantee would make even the slightest backdoor acceptable. "There is no backdoor that respects freedoms and privacy," insists for example Baptiste Robert, a cybersecurity researcher who defines himself as an "ethical hacker", on his account X. After the Laws Committee this week, the bill will be debated in the National Assembly on March 17.
0 Comments