By: Nicole Harvey

A “Narcotraffic” bill currently making its way through the French Parliament is making waves in the tech community.  An amendment to the bill would compel messaging and email service providers that utilize end-to-end encryption, like WhatsApp and Telegram, essentially altering the technical makeup of their platforms.  End-to-end encryption is a method of transmitting data that ensures only the sender and recipient can read the messages they send back and forth.  The data is scrambled during transmission and then decoded once it reaches its destination, rendering messages intercepted by law enforcement or hackers useless.  The service providers themselves cannot even access the decoded messages.

The pending bill would require service providers to build in backdoors that would allow them to decrypt users’ messages and provide them to law enforcement within seventy-two hours of a lawful request.  Providers who do not comply would face stiff penalties—up to 2% of annual global profits for companies.  For perspective, if Apple were to refuse a request under the proposed law, it would be on the hook for up to $3.6 billion.

Service providers are strongly opposed to the measure, citing customer privacy and data security.  Tuta, a privacy-focused email provider, condemned the legislation, saying in an article posted to its website, “[w]eakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cybercriminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone.”  The company characterized encryption as “the foundation of secure digital communication.”  As such, Tuta believes the French proposal would likely conflict with European data protection laws like the GDPR and the German IT Security Act, which mandate that technology companies protect users’ data and take measures to protect against cyber threats and unauthorized access to data.

The argument that installing backdoors inherently weakens data security is a popular one across the tech community.  One commentator went as far as to say, “[t]here is no technological compromise between strong encryption that protects the data and a mechanism to allow the government special access to this data . . . There is no world where, once built, these backdoors would only be used by open and democratic governments.”  However, others in the tech world point out that there are measures companies can take to make backdoors safer, including implementing strong authentication systems, certain types of key exchange protocols, and monitoring the backdoors closely with sensors or other analytical tools that can detect attempted cyber-attacks in the early stages when they are most preventable.

On the other side of the debate, law enforcement argues that backdoors are increasingly necessary to combat crime.  They have dubbed end-to-end encryption “warrant-proof-encryption” due to the fact that the technology makes it impossible to wiretap or otherwise obtain communications from the provider.  The U.S. Department of Justice warns, “[t]he use of widespread and increasingly sophisticated encryption technologies significantly impairs, or entirely prevents, many serious criminal and national security investigations, including those involving violent crime, drug trafficking, child exploitation, cybercrime, and domestic and international terrorism.”  For that reason, multiple bills similar to the Narcotraffick bill have been introduced in the U.S. Congress over the past few years, and the United Kingdom recently presented Apple with a legal demand instructing the company to build a backdoor for law enforcement use.

The debate surrounding the French “Narcotraffic” bill underscores the delicate balance between public safety and data privacy.  While law enforcement emphasizes the necessity of backdoors to combat serious crimes, the tech community remains firm in its stance that weakening encryption fundamentally undermines data security, leaving users vulnerable to cybercriminals and hostile actors.  The French legislative effort is not isolated either; it reflects a growing global tension as law enforcement seeks to keep pace with advancing technology.  As critics point out, there remains no clear technological solution that would allow for lawful access to encrypted data without simultaneously compromising overall security.  Moving forward, policymakers will need to navigate these competing interests carefully to ensure that the pursuit of justice does not inadvertently create even more crime by widening bad actors access to personal data, while also ensuring technology like end-to-end encryption does not become a shield for criminal conduct.

Student Bio:  Nicole Harvey is a third-year evening student at Suffolk University School of Law and a staff member for the Journal of High Technology Law.  Nicole is also an Intelligence Analyst at the Office of the Massachusetts Attorney General.  She received a Bachelor of Science degree in Politics, Philosophy, and Economics, with a concentration in Law & Justice, and a minor in Law & Public Policy from Northeastern University in 2019.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL, Suffolk University Law School, or the Office of the Massachusetts Attorney General.