France is proposing a law to require encrypted messaging applications including Signal and WhatsApp and encrypted email services such as Protonmail to provide law enforcement with decrypted data on request.An amendment to Frances proposed Narcotraffic bill, which is passing through the National Assembly in the French Parliament, will require tech companies to hand over decrypted chat messages of suspected criminals within 72 hours.The law, which aims to provide French law enforcement with stronger powers to combat drug trafficking, has raised concerns among tech companies and civil society groups that it will lead to the creation of back doors in encrypted services that will be exploited by cyber criminals and hostile nation states.Individuals that fail to comply face fines of Euro 1.5 million while companies risk fines of up 2% of their annual world turnover if they fail to hand over encrypted communications demanded by French law enforcement.Back doors would be exploited by criminalsMatthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said that it was not possible to introduce back doors into encrypted services without fundamentally weakening their security.A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can and will be exploited by cybercriminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone, he said.Matthew Hodgeson, CEO of Element, a secure communications platform used by governments, said that the company was concerned that the French proposals were not technically feasible without fundamentally weakening the security of messaging and email services.We are deeply concerned by yet another potential attack on encryption, he said. Like the Online Safety Act in the UK, this French proposal shows a deep misunderstanding of what is technically possible in end-to-end encrypted systems, he said.We will keep repeating ourselves until the message sticks - there are no safe backdoors into encrypted services, he added.France led international police operations against encrypted phonesFrance has played a key role in hacking dedicated encrypted messaging services used by drug traffickers, including EncroChat, Sky ECC, and Anom, resulting in the arrests of thousands of people worldwide suspected of drugs trafficking and money laundering.But opponents of the French law argue that breaking an encryption application that is allegedly designed for use by criminals is very different from breaking the encryption of chat apps, such as WhatsApp and Signal, and encrypted emails used by billions of people for non-criminal communications.We do not see any evidence that the French proposal is necessary or proportional. To the contrary, any backdoor will sooner or later be exploited, it is only a matter of time, said Pfau.French senators, tienne Blanc and Jrme Durain, first tabled the proposed law, entitled Getting France out of the drug trafficking trap in January 2024. The bill has passed its first reading, and is due to be considered in Committee on 4 March 2025 and by the Chamber of the National Assembly on 17 March 2025.The amendment establishes an obligation for platforms to implement the necessary technical measures to allow intelligence services to access the intelligible content of correspondence and data transiting through them.It requires French intelligence agencies to consult with Frances National Oversight Commission for Intelligence-Gathering Techniques (CNTR) - an independent body that has parallels with the UKs Investigatory Powers Commissioners Office (IPCO) - to obtain authorisations to demand clear-text versions of encrypted messages from tech companies.Law permits police use of spywareThe law also permits the use of spyware such as NSO Groups Pegasus or Paragon to allow police to remotely activate microphones and cameras of mobile phones and computers, according to an analysis by the civil society group, La Quadrature Du Net.It also extends the scope of algorithms, known as black boxes, which collect data on communications over the internet with the intention of identifying people suspected of criminal activity to authorise the collection of data for combating crime and organised crime.Police will also have powers to censor or restrict access to web sites and content relating to drug trafficking reported by members of the public through the Pharos reporting system, if the material is considered illegal, without the intervention of a judge.The move has raised concerns from human rights groups that shared memes or jokes about drugs, or excerpts of films could be wrongly blocked.French law in conflict with EU and German privacy lawsTuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT security Act and Germanys Telecommunications Act (TKG) which require companies to secure their customers data.If France goes ahead with its proposals Tuta Mail, which provides services in both France and Germany, would be forced to choose between complying with French or German law.German laws like the IT Security Act and the TKG [Telecommunications Act] force us to protect data and mandate that IT systems must not be altered in a way that the security is weakened just for access by law enforcement. We at Tuta will not comply with any law requiring a backdoor, but German law also prohibits us from doing so, says Pfau.The European Data Protection Supervisor has clearly stated that any new measure restricting encryption must pass the test of necessity and proportionality, based on substantiated evidence. We do not see any evidence that the French proposal is necessary or proportional, he added.La Quadrature du Net, a non profit organisation that defends peoples rights and freedoms on the net, has urged politicians to reject the amendment when it is discussed in the National Assembly in March.The group said in a blog post in January that civil society groups, cryptography experts and the French Cyber Security Agency ANSSI, have been warning for years that accessing encrypted communications is not only technically impossible but contravenes digital security requirements.End-to-end encryption is designed so that companies themselves do not have access to messages. Introducing access (a "backdoor") would weaken the level of protection of all communications and this is not provided for anywhere in the world, it said.The Observatory of Liberties and Digital Technology (OLN), a coalition representing, the French lawyers union, the magistrates union, and human rights groups, has also called for parliamentarians to reject the bill.It has raised concerns that the bill prevents information about surveillance operations from being disclosed to defendants, making it impossible for them to challengeThe persons prosecuted would thus no longer have any way of knowing or contesting when and how they were monitored, including therefore, in the event of potential abuse by the investigation services, it said.Amendment to French law will allow access to encrypted messages and emailDrug trafficking networks, terrorist groups and, beyond that, all criminal organisations are taking advantage of the widespread use of encrypted messaging and the difficulties for intelligence services to access the information exchanged on these platforms.This amendment establishes an obligation for platforms to implement the necessary technical measures to allow intelligence services to access the intelligible content of correspondence and data transiting through them. This access would be limited to correspondence and data that have been the subject of specific authorization to implement intelligence gathering techniques, after consulting the Intelligence Techniques Control Commission( CNCTR).To ensure compliance with these cooperation requirements, it is proposed to strengthen the criminal sanctions applicable to individuals and legal entities who refuse to fulfil their obligations: a fine of EUR 1.5 million for individuals who habitually commit these offences and a fine of up to 2% of annual global turnover excluding tax for legal entities in the same situation.Read the full amendment here