French presidential candidate Emmanuel Macron has become the latest high-profile European politician to threaten U.S. tech companies over their use of end-to-end encryption, and for how digital platforms enable the spread of terrorist propaganda online.
Officially launching his presidential campaign yesterday with a five-point plan for combating terrorism, Macron said it is “no longer acceptable” that companies say they have a contractual obligation to their users to protect their communications.
Opinion polls predict Macron will be one of two candidates to reach the second round of the election next month.
“Democratic states must have access to content exchanged between terrorists on social media and instant messaging,” he said, according to a BBC report.
We’re reached out to Macron’s press team with questions and will update this story with any response.
In the 40-minute speech discussing his approach to counterterrorism, Macron describes the Internet as having become “an essential part of terrorism”, and argues it therefore “needs to be an essential part of the fight against terrorism”.
“That’s why we need to have an open discussion with big internet companies: Google, Facebook, Apple, Twitter and others,” he said, adding: “Many terrorists went ahead after having been radicalized on social networks. They’re exposed to Islamist propaganda that manipulates them and leads them to violence. It’s essential that big internet companies commit to remove this content immediately. This commitment should have an obligation of results. They can’t argue that there’s a technical incompatibility, or that they value freedom or neutrality.
“[Terrorist] organizations that threaten us take advantage of the possibilities of modern cryptography to hide their projects. They use strongly encrypted instant messengers to talk with each other and give orders. A good chunk of that internet traffic is encrypted and gets away from police forces. It’s obviously a weakness and makes the fight against terrorism harder.
“Until now, big Internet companies have refused to give their encryption keys or access to this content, saying that they have told their clients that their communications are protected. This situation is no longer acceptable. You can be strongly in favor of protecting your privacy and your conversations — and it’s my case. And it’s not incompatible with new rules so that the police can prevent terrorist attacks efficiently, with all the safeguards we need.”
If elected, Macron says he will push for a common European initiative to co-operate on encryption and push for big Internet companies to “accept a legal requisition system of their encrypted services similar to the existing one for telecom companies”.
Governments, as long as they are democratic, should be able to access terrorist content on social networks and instant messaging services. We need to figure out the terms and the safeguards. But the goal is clear.
“Governments, as long as they are democratic, should be able to access terrorist content on social networks and instant messaging services. We need to figure out the terms and the safeguards. But the goal is clear. If I’m elected, I’ll undertake this at the very beginning of my five-year mandate at the European level and within NATO,” he added.
His comments come days after a terror attack in Stockholm, Sweden in which a truck was driven at speed into pedestrians, killing four people. And several weeks after a similar attack in London, in which pedestrians and a policeman guarding parliament were killed by a lone attacker.
Last summer interior ministers in France and Germany also called for the European Commission to consider a law change to enable courts to demand Internet companies decrypt data to afford security agencies access to messages.
And the UK passed just such a law at the end of last year — aka: the Investigatory Powers Act — which includes powers for authorities to limit or block the use of end-to-end encryption. Although that legislation hasn’t stopped current UK Home Secretary, Amber Rudd, piling very public political pressure on tech companies last month after the Westminster terror attack — apparently also calling for them to stop using end to end-to-end encryption.
“We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other,” said Rudd last month. “It used to be that people would steam open envelopes or just listen in on phones when they wanted to find out what people were doing, legally, through warranty. But on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.”
Rudd’s criticism of end-to-end encryption was followed by a meeting with major tech firms in which the discussion apparently centered on how they could do more to limit the spread of terrorist propaganda on their public platforms. (Something Germany has also been pushing for, including via new legislation.) So the pressure in the UK on WhatsApp et al’s use of e2e encryption appears to have evaporated at least for now — or at least publicly.
At the Europe-wide level, EU Member State justice ministers remain unclear on whether to push for a decrypt law according to the European Commission — although the idea is being actively discussed. Another meeting of the justice ministers group is due to take place in June. And while some interior ministers are clearly supportive of the notion of a decrypt law, the EC’s digital minister is not.
The global nature of technology and the inability of politicians in one jurisdiction to control access to software or algorithms developed elsewhere makes political attempts to outlaw encryption as futile as they are historically repetitious. Though the frequency and speed with which politicians seeking to sound tough on terrorism point the finger of blame at tech companies probably boils down to a calculation of what plays best with domestic voters (and, in Macron’s case, on the campaign trail).
After all, no politicians are talking about banning cars and trucks from cities despite a wave of terror attacks in which lone attackers have repurposed vehicles as killing machines.
However the exact nature of counterterrorism discussions between commercial tech firms and governments remains unknown, given they are held behind closed doors. Which is why closed source deployments of robust encryption still require users to trust the company making the secure messaging claims, given there’s no way to externally verify their software does not contain government mandated backdoors. Open source software can provide the disinfectant for that doubt.
Update: In a written update following the counterterrorism strategy launch, Macron’s campaign and policy team have emphasized that it is not his intention to undermine encryption or outlaw the use of end-to-end encryption, rather — in the case of the latter technology — the suggestion is that metadata is what Macron wants companies to hand over.
They write [translated by Google Translate], emphasis theirs: “With regard to end-to-end encrypted messaging, since the service provider does not have the keys for decrypting messages, it is not possible to obtain from it the decryption of the data exchanged by this mechanism. However, these messaging services have other information that may be essential to investigations. Today, some of these courier companies refuse to cooperate with police, investigative and justice agencies or do so within a time limit that renders the information transmitted unnecessary. It is therefore essential to apply to these operators obligations of cooperation and processing of applications.”
TechCrunch’s Roman Dillet contributed to this report