“8 December” case: why is encryption on trial?
On 3 October, the trial of the so-called “8 December” case began. Seven people are prosecuted for being a “terrorist group”.
On 3 October, the trial of the so-called “8 December” case began. Seven people are prosecuted for being a “terrorist group”.
The intelligence services in charge of the judicial investigation (Direction générale de la Sécurité intérieure, DGSI), the National Antiterrorist Prosecution Office (Parquet National Antiterroriste, PNAT), and the investigating judge based their case on the fact that the defendants were using different tools to protect their privacy and encrypt their communications on a daily basis.
This trial is part of an increased political push by states and law enforcement for surveillance measures and the criminalisation of encryption. That is why the trial is crucial in the battle against the state’s ongoing attempts to criminalise commonplace, secure and healthy digital practices.
EDRi member in France La Quadrature du Net has continuously defended people’s right to privacy and fought for strong protections of everyone’s digital security. Now, once again, they stand up for the last pillar of our digital security – encryption.
“He admitted that he used the Signal application”
A few days before the trial began, Le Monde, a French daily afternoon newspaper, pointed out that the “8 December” case relies “on fragile grounds”. Among these grounds, La Quadrature du Net is particularly concerned about the place given to the use of encryption tools or, more broadly, to any measures thought to protect privacy.
One of the main issues in this trial is whether such privacy habits can be used by the police and the courts as incriminating evidence to feed the presumption of a terrorist plot. If the judge shows such bias, it would have dangerous consequences. This would mean that any form of confidentiality would become a reason for suspicion.
In the “8 December” case, the actions of protecting privacy and encrypting communications are no longer merely raising suspicion. These practices are now seen as “clandestine behaviour”, suggesting that people who take actions to protect their privacy have criminal intentions.
In several memos taken during the investigation, we see that the DGSI intended to demonstrate how the use of tools such as Signal, Tor, Proton, Silence, etc., would be evidence of an intention to hide compromising elements. Furthermore, as La Quadrature du Net denounced last June, the DGSI attempts to explain the absence of evidence of a terrorist project with the use of encryption tools.
According to the law-enforcement agency, if they lack proof of a terrorist intent, it is because the evidence is held in these encrypted and inaccessible messages. The lawyers of one of the prosecuted persons denounced the fact that “here, the absence of evidence becomes evidence itself“.
What’s worrying La Quadrature even more are all the approximations and technical errors the DGSI made during the investigation. These were later repeated by the PNAT and then the investigating judge. For example, the investigators confused Tor and Tails in certain memos. Also, they present as a crime that the defendant encrypted the contents of their phones and computers. The DGSI further accuses the defendants of using LUKS, a tool available under Linux for encrypting disks. These tools are common and recommended to use for data protection.
The case shows that law enforcement authorities are unaware that encryption of storage media is implemented by default by mainstream software. And these same authorities seem to forget that their own devices are probably also encrypted.
In short, defendants are accused of respecting basic computer security rules. What is sometimes referred to as having a “Healthy Information System” is becoming a symbol of allegedly clandestine behavior.
Why this can be a new crypto-war?
Encryption of electronic communications has always been a source of political tensions. This can be easily explained given the inherent political nature of this technology. One good example is the way Martin Hellmann, one of the mathematical researchers who developed asymmetric encryption in the 1970s, justified his work at that time.
He explained that “the increasing use of automated processing tools would represent a real threat to the economy and privacy“. For him, reliable encryption techniques were a way of preventing the increase of “surveillance by a police state helped by computerisation.”
This encryption technology is not a random scientific discovery but it is rather the result of an emerging balance of power. This is why governments have always resisted the development and use of encryption that could take away their powers. Throughout the years, we have seen governments pushing for more control in instances where they suggest that creators and users of encryption are potential criminals.
When Hallman and his colleagues published their work about cryptography, the U.S. government lobbied to keep this technique within the military domain and maintain control of its development. Then, during the 1990s, encryption became more accessible, for example via the PGP protocol. Scared by this popularisation of encryption, the U.S. government proposed to introduce “Clipper Chips“. This is an obligation to install a chip containing a “backdoor” in any encrypted system, which could enable law enforcement authorities to access stored data.
This was the beginning of a “crypto-war“, positioning the Clinton administration against the many activists defending the right to cryptography. The federal government defended its position by explaining that “if encryption technology is made freely available worldwide, it would no doubt be used extensively by terrorists, drug dealers, and other criminals to harm Americans both in the U.S. and abroad.” But this criminalising narrative failed. In 1996, encryption was removed from the list of “arms and ammunition”, paving the way for its spread.
In France, although pushed for by activists, legalisation of the use of encryption only took place in 1999. This made France one of the last countries to keep this technology under state control.
But state criticism of encryption resurfaced in the 2010s. It was a time when the public became aware of state surveillance programs, while also living through terrorist attacks. This context led to an intense security climate, accompanied by people gaining access to mainstream encrypted messaging services to protect their digital security.
This context gave new opportunities to the various French Ministers of Interior (Cazeneuve, Castaner and Darmanin), Members of Parliament and the President to use the narrative of criminalisation of both the users and developers of encryption-based tools. For example, the San Bernardino iPhone case, which put Apple at the center of state criticism.
Fearing an irreparable precedent
The “8 December” case shows that the narrative of encrypted tools being associated as key elements of crime and terrorism can become a reality.
It is no longer an opportunistic political statement of leaders wishing to extend long-desired prerogatives. Today, we are talking about a police and judicial accusation with concrete and serious consequences, leading to people being put in prison.
In this context, La Quadrature du Net is deeply concerned about the possibility of judges endorsing the narrative of criminalising privacy tools. This would set legal and political precedents, enabling disastrous life consequences for the defendants.
This would mean that privacy will no longer be seen as a right but a crime. Today, we are looking at digital security measures, tomorrow this will extend to physical practices.
In such a reality, adopting security measures for protecting ourselves would turn into a ground for prosecution.
“Encryption should not be misconstrued as a sign of malicious intent but should instead be regarded as a fundamental component of people’s right to privacy and security online. As more and more aspects of our lives are carried out online, encryption empowers individuals to protect their privacy and digital rights. A wide range of privacy tools are utilised by members of the European Commission and other government bodies. Governments have the responsibility of safeguarding the rights to free expression and privacy for all to protect a fundamental pillar of democratic societies – rather than promoting biased interpretations of who can have those rights and who cannot.”
In an op-ed published in Le Monde, 130 individuals and organizations (including EDRi and several EDRi members) have denounced this false link between clandestine behaviour and the use of privacy and encryption tools. The authors highlighted that this narrative is being used to feed a very weak criminal case.
This dangerous situation arrives at a time when France is authorising remote surveillance of connected devices like phones, including those of journalists, under the pretext of national security. The state is also arresting journalists, who reveal war crimes committed with the complicity of the state, and wants to end online anonymity or confidentiality. La Quadrature du Net comments that they are currently witnessing a worrying authoritarian runaway.
This trial is yet another threat to fundamental rights, but above all, it is a possible point of no return in how the state perceives the right to privacy.
La Quadrature du Net will continue to follow the case and will report again at the end of the trial. Meanwhile, more information about this case is available in English on “Solidarity to December 8“.
Contribution by: EDRi member, La Quadrature du Net