France: government rejects encryption backdoors
It’s rare to find a politician that really “gets” IT.
Who can forget Stephen Timms MP? He was the Minister for the Digital Economy in the last Labour government who’s on record for mistakenly stating that the IP in IP address was an abbreviation for Intellectual Property (Doh! Ed.).
More recently, British Home Secretary Theresa May made a less than sparkling performance before a joint committee of the Commons and Lords examining the draft of the latest incarnation of the Snooper’s Charter, the Investigatory Powers Bill. When questioned on encryption, the general consensus was that May was “vague”. In particular she believes that end-to-end encryption is “unacceptable” and thinks that firms offering this service must comply with her proposed bill no matter what: “Under this legislation when a warrant is served they will be expected to take responsible steps to comply,” she declared. She was evidently well out of her depth, as were the civil servants briefing her.
Now let’s cross the English Channel to France, where politicians were discussing encryption last week. Numerama informs us that, on behalf of the government the Secretary of State for Digital Affairs, Axelle Lemaire, rejected an amendment to the Digital Republic Law proposed by the Republican party member Nathalie Kosciusko-Morizet (usually more popularly known by her initials, NKM. Ed.) who wanted to impose mandatory backdoors on encrypted communication systems.
The minister had already stated she was in favour of the right of encryption, but she reminded the National Assembly of this position on behalf of the entire government, including the Ministry of the Interior.
“What you are proposing is a vulnerability by design,” Ms Lemaire explained, acknowledging that this was a growing demand from law enforcement agencies. “It’s inappropriate. Firstly because it’s not the subject of the law. Then because the text gives the CNIL a new task, the promotion of encryption. Finally because recent current affairs show the point at which the act of deliberately introducing flaws at the request of the intelligence services – sometimes even without being aware of it – has an effect which is harmful to the whole community.”
Ms Lemaire referred specifically to the position of the Netherlands, which has made encryption a human right and the Juniper Networks affair, which is still causing problems for equipment suppliers.
With a backdoor “personal data is not protected at all any more,” Axelle Lemaire commented. Although the intention [of giving law enforcement agencies resources] is laudable, it also opens the door to operators who have less laudable intentions, not to mention possible financial losses affecting the credibility of the companies who make provision for these flaws.”
“You are right to feed into the debate, but it’s not a good solution in the government’s opinion,” The Secretary of State concluded.
Nathalie Kosciusko-Morizet finally withdrew her amendment, but continued to defend its substance.