Meredith Whittaker, president of US messaging app Signal, has threatened to pull it out of France over a proposed law where the government has demanded the ability to look into private chats.
In Article 8 of the proposed “Narcotraffic” law, Sortir la France du piège du narcotrafic [Getting France out of the drug trafficking trap], France said it wanted encrypted messaging applications such as Signal and WhatsApp and encrypted email services such as Proton Mail to provide authorities with decrypted data of its users within 72 hours of request.
It has sparked significant opposition from privacy advocates, tech companies and cybersecurity experts due to what they saw as its implications for weakening encryption and compromising user security globally.
The French Senate had passed on March 4 and it was scheduled for further consideration in the National Assembly.
On March 17, it was reviewed by the Assembly’s legislative committee, setting off significant pushback.
Whittaker put a lengthy post on X on March 19, sounding the alarm over the soon-to-be-voted-on French law.
She condemned it as a “callow, dishonest attack”, contradicting expert consensus and threatening both global cybersecurity and the fundamental human right to privacy.
📣🚨 BAT SIGNAL: A law in France that would mandate a backdoor in end to end encrypted communications is set for a vote within the next day, after some start-stop skirmishes.
The French Narcotraffic law would require encrypted communications providers—like Signal—create a…
— Meredith Whittaker (@mer__edith) March 19, 2025
“The French Narcotraffic law would require encrypted communications providers — like Signal — to create a backdoor by giving the government the ability to add themselves to any group or chat they like. In the name of fighting drug trafficking,” Whittaker said.
“While those hyping this bad law have rushed to assure French politicians that the proposal isn’t’ ‘breaking encryption’, their arguments are as tedious as they are stale [and] as they are laughable.”
She stressed that “end-to-end encryption must only have two ‘ends’ — sender and recipient(s). Otherwise, it is backdoored” and anything else “rips a hole in the hull of private communications”.
Whittaker noted that a similar attempt to bypass encryption was successfully prevented in the UK in 2019 and emphasised that France should likewise abandon its current proposal.
She warned that Signal’s robust privacy guarantees were at risk, stressing that for anyone wanting to undermine it, “instead of contending with unbreakable math, they only have to compromise a French Government employee, or the vendor-provided software used to sideload government operatives into your private chats”.
Whittaker stated Signal would exit the French market rather than comply with the contested anti-privacy law.
“At this moment especially, there is simply too much riding on Signal, on our being able to forge a future in which private communication persists, to allow such pernicious undermining,” she said.
Matthew Hodgeson, CEO of Element, a secure communications platform used by governments, told specialised news outlet Computer Weekly in late February that Element was concerned the French proposals were “not technically feasible without fundamentally weakening the security of messaging and email services”.
Matthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said the French proposal was not necessary or proportional.
French MP Philippe Latombe has urged European Commission President Ursula von der Leyen to suspend the US-EU Data Privacy Framework before President-elect Donald Trump assumes office. https://t.co/ni5C4rYxxW
— Brussels Signal (@brusselssignal) November 15, 2024
French digital rights and freedoms advocacy group La Quadrature du Net compiled an overview of the French Narcotraffic law, showing what he said were numerous problematic elements of it.
Besides the encryption backdoor, it claimed the law did not only apply to drug traffickers but could also be used to monitor activists.
A provision of the law classified any documents detailing the methods used for surveillance techniques during investigations as secret.
This infringed the right to an adequate defence and prevented the public from understanding the full extent of judicial police surveillance capabilities, the group said.
The law also enabled the police to remotely activate the microphones and cameras of fixed and mobile-connected devices – computers, phones, and so forth – to “spy” on people using them.
International human rights bodies have recognised encryption as fundamental to privacy and other rights.
In 2022, the European Data Protection Board and European Data Protection Supervisor stated that encryption “contributes in a fundamental way” to privacy, free expression and digital growth.
The European Court of Human Rights has acknowledged anonymity’s importance for protecting free speech and, in February 2024, ruled that Russia’s demand for Telegram’s encryption keys violated human rights laws.
The EU Commission is struggling to reconcile a landmark ECHR ruling on encryption with its own efforts against child sexual material. @vonpecka: "The EU should cease its efforts towards the statutory obligation to decrypt end-to-end communications." https://t.co/j8H58qrxyU
— Brussels Signal (@brusselssignal) February 21, 2024
