European States Continue Their Race for Encryption Backdoors

• In France, a proposed "Narcotrafic" law amendment would require encrypted communication services to create backdoors for law enforcement access within 72 hours. Non-compliance could lead to fines: €1.5 million for individuals and 2% of global turnover for companies.
• The amendment has already passed the Senate and is moving to the National Assembly, making opposition essential.

"Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cybercriminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone," Matthias Pfau, CEO of Tuta Mail, told Bleeping Computer.

• Major French copyrights holders are also taking legal action to force large VPN providers to participate in their pirate site blocking program. As a result, some VPN providers are contemplating exiting France if this legal pressure continues.
• Meanwhile in Sweden, the government is pushing for encrypted messaging apps like Signal to implement similar E2EE backdoors, which could become law as soon as March 2026. Signal has threatened to leave the country if this proposal becomes law.

"If you create a vulnerability based on Swedish wishes, it would create a way to undermine our entire network. Therefore, we would never introduce these backdoors," said Signal's CEO Meredith Whittaker.

• Recently, the UK government demanded that Apple create a backdoor for law enforcement to access all of its users' encrypted cloud data. In response, Apple withdrew its most secure cloud storage service from Britain, as it uses end-to-end encryption that prevents even Apple from accessing the data.

"I share your grave concern about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a backdoor that would allow access to Americans personal encrypted data. This would be a clear and egregious violation of Americans’ privacy and civil liberties and open up a serious vulnerability for cyber exploitation by adversarial actors," said US national intelligence director Tulsi Gabbard in a letter Senator Ron Wyden.

• The UK already passed its Online Safety Bill in 2023, which includes a controversial clause for breaking encryption. However, this clause can only be applied when it is "technically feasible."
• Lastly, member countries of the European Union are still attempting to discover a 'viable' way to implement chat control—a mass surveillance initiative by well-funded international NGOs and tech-affiliated surveillance advocacy groups that has been proposed and endorsed by the European Commission.

• The latest "half-good" proposal by the Polish Council Presidency wants to make chat control voluntary rather than compulsory, yet 16 out of 27 EU states, led by Spain, still reject it using a dramatic language.

"The proposal is likely to go too far already for the hardliner majority of EU governments and the EU Commission whose positions are so extreme that they will rather let down victims altogether than accept a proportionate, court-proof and politically viable approach," writes privacy advocate Patrick Breyer.

• This means that there is still no chat control agreement for now. The EU working group will continue to negotiate the issue in March.

• Do you want more? Subscribe and get No Bullshit GM report straight to your mailbox and No Bullshit Bitcoin on Nostr.
• Feedback or tips? Drop it here.
• #FREESAMOURAI