France to Punish Companies for Refusing to Decrypt Devices

[CGurrell]

After watching the fight between the FBI and Apple unfold regarding the San Bernardino attack, other governments are unfortunately starting to push legislation through to avoid this happening to them. The UK are doing it with the Investigatory powers bill (or Snoopers Charter), and now France are getting in on the act.

 

eTeknix have reported that France are about to accept an amendment to a bill, "amendment 90", that could see companies face a fine, or 5 years of jail time, if they fail to hand over encrypted data. "Amendment 51" is also being considered, and went as far to say that companies who refuse to assist the French government in retrieving data from encrypted devices would be considered "accomplices to terrorism". Another amendment being considered, "amendment 221" (they are really creative naming these aren't they...) suggests increasing the fine by over 5 times, and “all relevant information" would need to be handed over, not just the message they are looking for.

 

It is important to note that the bill is only in its first reading, so a lot may change between now and becoming law, but if the UK government have set any precedent, we could see this forced through very quickly indeed.

 

Source: eTeknix http://www.eteknix.com/france-punish-companies-refusing-decrypt-devices

 

EDIT: I misunderstood the amendments and how they're all being considered, updated the post to reflect this. Apologies.

[aisle9]

"And the hammers batter down your door"

[Samfisher]

Aren't they only going to vote for it?  Title kinda implies they already do so.  It's only going to the votes, totally different thing and misleading.

[CGurrell]

Just now, Samfisher said:

Aren't they only going to vote for it?  Title kinda implies they already do so.  It's only going to the votes, totally different thing and misleading.

If the french government is similar to the UK government, then maybe not. The way the UK government works, a bill is proposed and voted on within the house of commons, i.e. all of the local members of parliament who we vote for in the election vote on our behalf, similar to the way a bill is passed in the US senate I believe, I could be wrong. With the exception of voting for a different person years before, the people really have no say at all. 

[FreeDiver]

2 minutes ago, CGurrell said:

If the french government is similar to the UK government, then maybe not. The way the UK government works, a bill is proposed and voted on within the house of commons, i.e. all of the local members of parliament who we vote for in the election vote on our behalf, similar to the way a bill is passed in the US senate I believe, I could be wrong. With the exception of voting for a different person years before, the people really have no say at all. 

[thekeemo]

Good. Safety of the majority comes before your privacy.

[CGurrell]

Just now, FreeDiver said:

-snip-

It gets worse in the UK. The leaders of the Conservative Party and Labour Party have a tools they can use called Whips (not the physical item).

 

If a leader decides to use the parliamentary whips, what they're basically saying to their members is "vote the way we tell you to or resign".

[AlwaysFSX]

If I owned the company I'd just leave the country and never sell a product there. Don't like me? Kiss my ass.

[CGurrell]

1 minute ago, thekeemo said:

Good. Safety of the majority comes before your privacy.

Yet safety of the majority is more at risk if these powers come into effect. Lets take the San Bernardino iPhone for example. If Apple was to retrieve the data, the only way to do so is to write a vulnerability into the OS. This OS is then either distributed to all other iPhones, or kept away at Apple. Problems arise either way, if the OS is platform-wide, iPhones are then vulnerable as anybody can target the vulnerability of the OS, and exploit it to gain access. This could be, for example, by a criminal who accesses the iPhone of the Chief of Police, gets into his work emails, finds the patrol schedule of all police officers on a given night, and does something with the information. If Apple keep the OS for themselves, the government keeps requesting access to the OS, one day somebody with not-so-great intentions in the government makes a copy of the OS, distributes it, we have the same problem.

 

Governments are not just entities, they're groups of people, and often in ANY group of people large enough, you have one "bad egg" who will make use of information they have and distribute it. Laws are there to be followed in most cases, but in all cases, a criminal will not care about breaking the law, as they're a criminal.

[thekeemo]

Just now, CGurrell said:

Yet safety of the majority is more at risk if these powers come into effect. Lets take the San Bernardino iPhone for example. If Apple was to retrieve the data, the only way to do so is to write a vulnerability into the OS. This OS is then either distributed to all other iPhones, or kept away at Apple. Problems arise either way, if the OS is platform-wide, iPhones are then vulnerable as anybody can target the vulnerability of the OS, and exploit it to gain access. This could be, for example, by a criminal who accesses the iPhone of the Chief of Police, gets into his work emails, finds the patrol schedule of all police officers on a given night, and does something with the information. If Apple keep the OS for themselves, the government keeps requesting access to the OS, one day somebody with not-so-great intentions in the government makes a copy of the OS, distributes it, we have the same problem.

 

Governments are not just entities, they're groups of people, and often in ANY group of people large enough, you have one "bad egg" who will make use of information they have and distribute it. Laws are there to be followed in most cases, but in all cases, a criminal will not care about breaking the law, as they're a criminal.

Say what you will but Apple already has this power. They have used it multiple times in the past.

[aisle9]

8 minutes ago, thekeemo said:

Good. Safety of the majority comes before your privacy.

Privacy ensures the safety of the majority.

[CGurrell]

3 minutes ago, thekeemo said:

Say what you will but Apple already has this power. They have used it multiple times in the past.

I haven't seen the evidence that supports this and if you provide it I'll happily take a look, but this was probably before Apple had given up their ability to access any given iPhone in its property. "We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business" - http://apple.com/customer-letter/

[thekeemo]

Just now, aisle9 said:

Privacy ensures the safety of the majority.

I disagree. If everyone can see what everyone is doing then alot less bad will happen.

[thekeemo]

Just now, CGurrell said:

I haven't seen the evidence that supports this and if you provide it I'll happily take a look, but this was probably before Apple had given up their ability to access any given iPhone in its property ("We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business" - http://apple.com/customer-letter/) 

http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/

[Arty]

6 minutes ago, thekeemo said:

Say what you will but Apple already has this power. They have used it multiple times in the past.

IF apple has power, then we def don't wanna piss off google.

[CGurrell]

2 minutes ago, thekeemo said:

http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/

All that really states is that they want a vulnerability instead of a backdoor (look back through my post, I know this, I didn't use "backdoor" once). The problem is, once this has been done once, it will be recreated and it will happen again. Already there's another case in New York with the same argument going on, so it's obvious that, if this can be done once, it can be done again and again and again

[aisle9]

3 minutes ago, thekeemo said:

I disagree. If everyone can see what everyone is doing then alot less bad will happen.

Or it will be that much easier for the societal bad apples (no pun intended) to exert crushing pressure and complete control over you and your naked sheep in glass houses.

[thekeemo]

Just now, aisle9 said:

Or it will be that much easier for the societal bad apples (no pun intended) to exert crushing pressure and complete control over you and your naked sheep in glass houses.

And everyone will know they did it and retaliate?

[CGurrell]

Just now, thekeemo said:

And everyone will know they did it and retaliate?

Ahh but no, this is the mistake. If everything is open, you can see what everyone does. However, you cannot see who is looking at who, there is no way to do this. So whilst every device may be open, no theoretical log is kept of everyone who has looked at it. After all, as Ars stated, the FBI want to be able to brute fore the PIN key. If anyone can do this, all we know is that somebody unidentified entered the correct 4 digit PIN. Nothing else.

[aisle9]

Just now, thekeemo said:

And everyone will know they did it and retaliate?

Or they'll comply, because nothing is sacred and those in power know exactly which buttons to press.

 

Stop thinking small. What if the bad apples aren't the people who make no secret of their intent to strip your rights and liberties, but those who claim to be using the end of privacy to defend them?

[thekeemo]

Just now, aisle9 said:

Or they'll comply, because nothing is sacred and those in power know exactly which buttons to press.

Stop thinking small. What if the bad apples aren't the people who make no secret of their intent to strip your rights and liberties, but those who claim to be using the end of privacy to defend them?

Defend who?

1 minute ago, CGurrell said:

Ahh but no, this is the mistake. If everything is open, you can see what everyone does. However, you cannot see who is looking at who, there is no way to do this. So whilst every device may be open, no theoretical log is kept of everyone who has looked at it. After all, as Ars stated, the FBI want to be able to brute fore the PIN key. If anyone can do this, all we know is that somebody unidentified entered the correct 4 digit PIN. Nothing else.

Ok but the thing is anyone can make a log if everything is open.

[aisle9]

Just now, thekeemo said:

Defend who?

Ok but the thing is anyone can make a log if everything is open.

Defend the people whose liberties and rights they're slowly peeling away, of course. You mean you don't think that when the government browses your credit card usage, that donation to a certain group or religion won't stand out? And those phone calls to and from Egypt on your cell phone record? You're basically defending the practice of those in power, who will always have all the privacy they need when doing things like that, using that illegally-gotten information to actively diminish your way of life in hopes of pinning you as a boogeyman, thus further enhancing their ability to "defend" our rights by taking them away.

 

Anyone can make a log, yes, but how many people can change it?

[CGurrell]

Just now, thekeemo said:

Defend who?

Ok but the thing is anyone can make a log if everything is open.

No, but you can't, this is the point. If I had the ability to brute force, say my dads iPhone (i know the PIN anyway, 6253 jk, I do know it but I'm not that stupid) to find out something about my dad, all I'd have to do is enter every possible combination of 4 numbers from 0-9. Once I eventually hit the right number, I'm in. Nothing is kept on the phone about who entered the correct pin, as it's a phone, it doesn't know who is holding it or using it. All it knows is that it should unlock as the right PIN was entered after numerous failed attempts. This is why Apple has the 10-try safeguard available.

[thekeemo]

4 minutes ago, aisle9 said:

Defend the people whose liberties and rights they're slowly peeling away, of course. You mean you don't think that when the government browses your credit card usage, that donation to a certain group or religion won't stand out? And those phone calls to and from Egypt on your cell phone record? You're basically defending the practice of those in power, who will always have all the privacy they need when doing things like that, using that illegally-gotten information to actively diminish your way of life in hopes of pinning you as a boogeyman, thus further enhancing their ability to "defend" our rights by taking them away.

 

Anyone can make a log, yes, but how many people can change it?

If my phone records are open and the calls are recorded you can plainly see that the phone calls are made to check up on my grandpa.

 

3 minutes ago, CGurrell said:

No, but you can't, this is the point. If I had the ability to brute force, say my dads iPhone (i know the PIN anyway, 6253 jk, I do know it but I'm not that stupid) to find out something about my dad, all I'd have to do is enter every possible combination of 4 numbers from 0-9. Once I eventually hit the right number, I'm in. Nothing is kept on the phone about who entered the correct pin, as it's a phone, it doesn't know who is holding it or using it. All it knows is that it should unlock as the right PIN was entered after numerous failed attempts. This is why Apple has the 10-try safeguard available.

Everything open is theoretical meaning everyone can see everything.

Dont think that is possible..

[PlayStation 2]

Oh hooray. France is going the conspiracy route.