The French parliament has voted in favor of punishing companies that refuse to decrypt data for government investigators – by threatening businesses with big fines and possible jail terms for staff.
This comes amid the FBI’s high-profile battle with Apple in the US to unlock a dead killer’s encrypted iPhone.
French deputies voted to add an amendment to a penal reform bill that would fine companies €350,000 (US$385,350) for a refusal to decrypt and give up to five years in jail for senior executives.
Telecommunications company executives would face smaller fines and up to two years in jail for not cooperating with the authorities.
The new penalties were the idea of right wing opposition deputies, AFP (Agence France Presse) reports, and are opposed by the French government, which has consistently opposed moves to reduce IT security after the terrorist attack in Paris last November.
The vote for the amendment doesn’t mean the measure will become law, however.
The full bill will be voted on by the National Assembly on March 8 and will then move to the upper house for a separate vote.
The President will also have to sign it before it takes effect.
In the meantime, expect technology firms to begin a massive lobbying effort to get the amendment removed. Nothing concentrates the mind so much as the thought of a C-level executive spending time in the slammer.
Meanwhile, the FBI must be looking at the land of the cheese-eating surrender monkeys (or the nation that was key to the creation of America, depending on your viewpoint) with envy.
The agency is embroiled in its case with Apple and – if this week’s RSA conference was anything to go by – is getting almost no support from the tech industry.
Speaker after speaker decried the FBI’s conduct and intentions in the case, and US Attorney General Loretta Lynch got a very frosty reception indeed in her address to the conference.
The US tech industry, and others, are standing firm on encryption and the French amendment is not going to go down well. ®
Sponsored: Securing personal and mobile device use with next-gen network access controls