Click here to visit Original posting
Digital privacy advocates saved encryption in France last week, yet again, as MPs finally rejected a controversial provision to create a backdoor for law enforcement.
The infamous Article 8 of the proposed Drug Trafficking Act – which is currently passing to the country's National Assembly – would have required all encrypted messaging apps and secure email services to decrypt user data upon an authority's request.
The decision to preserve people's privacy and security is certainly a victory for the tech industry. Yet, "we must keep fighting for privacy and keep raising our voices – as long as there are still politicians trying to break encryption," press officer at Tuta Mail, Hanna Bozakov, told TechRadar.
The dangers of an encryption backdoor
Previously passed by the Senate, the bill aimed at "freeing France from the trap of drug trafficking" came as an attempt to create a strong framework to investigate these types of crimes.
As mentioned earlier, requiring the installation of encryption backdoors into the likes of ProtonMail, Signal, and WhatsApp has attracted strong criticism in and out of the political benches.
Encryption refers to scrambling data into an unreadable form to prevent third-party access. End-to-end encryption is the reiteration that messaging apps and secure email services, among other tools like today's best VPNs, use to protect data in transit by keeping it private between the sender and the receiver – end to end.
As cryptographers and other experts have long argued, however, it's not possible to create an encryption backdoor that only good guys can exploit.
Commenting on the French case, CEO of Tuta Mail, Matthias Pfau, said: "A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cybercriminals and hostile foreign actors."
In 2016, France also rejected an amendment to its Digital Republic law requiring the creation of an encryption backdoor. The provision was introduced as an attempt to fight against terrorism but was deemed a "vulnerability by design" by France's digital minister at the time, Axelle Lemaire – The Register reported.
As the Global Encryption Coalition warned in an open letter published on March 4, a backdoor would have also weakened the French messaging app Olvid, which was officially certified by the country's cybersecurity agency and recommended to French ministers and government officials.
Considering the Salt Typhoon hack in the US – which sparked a warning to switch to encrypted services – and France's concern for Russian alleged cyberattacks, as Politico reported, "the reliance by the French government, citizens, and businesses on end-to-end encryption to keep themselves safe and secure has never been greater," noted experts.
The National Assembly eventually listened to concerns from the industry and scraped the encryption backdoor requirement in the bill on March 6.
Despite the widespread criticism, however, France's Interior Minister Bruno Retailleau confirmed his support for the encryption backdoor provision as a necessity to ensure "maximum efficiency" in combating organized crimes, Le Monde reported.
Commenting on this point, Bozakov from Tuta Mail told TechRadar: "I am worried that politicians still do not understand anything about cybersecurity – even though there are enormous foreign threats right now targeting our societies mainly from Russia and China."
Not just France
France's attempt to undermine encryption may have been halted once again. However, the country isn't alone in pushing to pick the lock of encrypted communications to facilitate criminal investigations.
Sweden is also considering passing a similar requirement for the likes of Signal, WhatsApp, and iMessage. If successful, the new rules could come into force as early as March 2026.
Side-client scanning is just an encryption backdoor but with a fancy name
Romain Digneaux, Proton
These plans have already attracted strong criticism from the tech industry, with Signal President Meredith Whittaker reiterating that Signal would rather leave the country than undermine its encryption protections.
On February 21, 2025, Apple was even forced to kill its iCloud's end-to-end encryption feature in the UK following a government order to create an encryption backdoor.
Since 2022, the EU has also been trying to pass its Chat Control proposal to scan citizens' private communications, including encrypted messages, to halt the spread of child sexual abuse material (CSAM).
As Romain Digneaux, Public Policy Manager at Proton (the provider behind Proton VPN and Proton Mail), points out, while these efforts are nothing new and tend to fail (as in the case of France), they consistently come back.
"What we see is creativity from law enforcement to try to push the same old concept with new names – and that's concerning," Digneaux told TechRadar.
"The side-client scanning is a clear example of that. That's just an encryption backdoor but with a fancy name. Something that sounds more technical and more acceptable to people who don't necessarily understand how the tech works."