Independent presidential candidate Emmanuel Macron outlined his counterterrorism plans on Monday, including targeting the encrypted messaging services used by terrorists. But the announcement has drawn criticism from experts.
"If I am elected, France will launch a major initiative beginning this summer targeting the major Internet providers, so that they agree to the legal seizure of data from their encrypted services as part of the fight against terrorism," the En Marche! (Forward!) candidate said.
That same day, Macron tweeted that Internet providers could be considered “complicit” in future attacks if they maintain their opposition and refuse to cooperate.
France and Germany announced in August last year that they wanted to compel messaging service providers to grant governments access to encrypted content as part of terrorism investigations, shortly after Nice, Munich and Ansbach were targeted by terrorist attacks in July.
Macron’s comments were aimed at messaging services such as WhatsApp, Skype, Signal and Telegram, which are known to have been used by terrorists to plan attacks. Such encrypted services regularly come under attack by politicians for allowing extremist movements to recruit new members and disseminate their propaganda away from the prying eyes of the intelligence services.
But one IT security expert who asked to remain anonymous told FRANCE 24 that the proposals “show that Emmanuel Macron does not have a complete understanding of encryption, because he is asking for the impossible, something that does not make sense”.
The services most popular among terrorists – such as Telegram – use an end-to-end encryption system, which guarantees that only the participants in a chat have the key to decrypt the messages. Neither Facebook (owner of WhatsApp) nor Apple (which offers secure communications through its iMessage texting service) have access to the content of messages and do not keep copies of private chats on their servers.
Macron’s threat to order the “legal seizure” of encrypted data is thus a non-starter, unless he were to outlaw the use of end-to-end encryption on French territory. Messaging services that do not use such encryption – such as Skype or Snapchat – may be legally required to provide message decryption keys.
But the IT security expert said such a prohibition might prove untenable.
"These companies would probably not accept national exceptions, which would mean that these messaging services would simply no longer be available to the French," he said.
Another possibility would be for messaging services to install a “back door” in their applications – which would make the messages vulnerable to being stolen as they are exchanged – or to create a universal key that could decipher all online conversations.
The FBI attempted to force Apple to create such a back channel as part of its investigation into the deadly shooting in San Bernardino, California, in 2016. Apple refused, stating that the demand had "implications far beyond the legal case at hand”. The FBI eventually gained access only by paying a third-party company more than $1 million to hack the suspect’s phone.
But introducing security exceptions compromises the safety of messaging services for everyone, the security expert said. "From the moment we create something like a universal key or a security defect, pirates, intelligence services and authoritarian regimes will seek to exploit it."
With his latest announcement, Macron has found himself wading into deep and troubled digital waters. And his campaign is already aware of the shortcomings.
"There have been inaccuracies on the subject that have been misunderstood by the public,” a member of the entourage told FRANCE 24, adding: “We are in the process of preparing a document to clarify the positions of Emmanuel Macron."
But days after his initial comments, the public is still waiting.
Date created : 2017-04-12