Tuta, a privacy-focused email provider, and the VPN Trust Initiative (VTI) have expressed their concerns about proposed laws in France that would require encrypted communication services to implement backdoors for law enforcement. The law, part of an amendment to France’s “Narcotrafic” law, would require companies to decrypt messages within 72 hours upon request from authorities. Non-compliance could result in severe penalties, including fines of €1.5 million for individuals and up to 2% of annual global turnover for companies. The law has already passed the French Senate and is now advancing to the National Assembly, prompting strong opposition from privacy advocates.
Tuta, in particular, has urged the French National Assembly to reject the amendment, stressing that mandating backdoors would undermine encryption security for everyone, not just criminals.
Tuta’s CEO, Matthias Pfau, pointed out that backdoors create vulnerabilities that cybercriminals and hostile foreign actors could exploit. The company further argued that weakening encryption for law enforcement purposes would not only compromise privacy but also contradict existing laws, such as Europe’s GDPR and Germany’s IT security regulations. Tuta views the amendment as a direct threat to digital security and privacy.
Alongside Tuta’s concerns, the VPN Trust Initiative has criticized a separate proposal driven by French rightsholders, such as Canal+ and the French Football League, which aims to force VPN providers to block access to pirate sites. VTI, whose members include major players like AWS, Google, and ExpressVPN, believes this approach unfairly targets VPN services rather than addressing the root causes of piracy.
The initiative warned that this proposal could harm cybersecurity and privacy by undermining the basic tools used to protect user data and online anonymity.
The rise of these government-driven proposals for data surveillance is part of a larger global trend. Apple recently removed its iCloud end-to-end encryption feature from the UK following government pressure to create a backdoor for accessing user data. Similarly, a proposed law in Sweden could force the messaging app Signal to hand over user data or leave the country. As governments increasingly push for greater control over digital communications, privacy advocates fear that these measures will lead to widespread censorship and compromise user security worldwide.
Reference:
