On October 3, the trial of the so-called “December 8” case will begin. Seven people are prosecuted for “association of terrorist criminals” (“association de malfaiteurs terroristes”). In this case, the intelligence services in charge of the judicial investigation (the General Directorate for Internal Security – Direction générale de la Sécurité intérieure or “DGSI”), the National Antiterrorist Prosecution Office’s (Parquet National Antiterroriste, PNAT) and then the investigating judge (“juge d’instruction”) built up a narrative of a terrorist plot. To feed this story, they used the fact that the defendants were using different tools to protect their privacy and encrypt their communications on a daily basis.In a blogpost published a few months ago, we explained how much danger we see in this unprecedented attack and how much concern we have regarding this ground of accusation. This trial is thus going to be crucial in the battle against the State’s ongoing attempts to criminalize commonplace, secure and healthy digital practices – practices that we have always defended.

“He admitted to the investigators that he used the Signal application”

Last week, Le Monde pointed out in a lengthy article that the “December 8” case relies “on fragile grounds“. Among those different grounds, we are particularly concerned about the place given to the use of encryption tools or, more broadly, to any measures conceived to protect one’s privacy. One of the main issue of this trial will be whether such privacy habits can be used by the police and the courts as an incriminating evidence to feed the presumption of a terrorist plot. If such a biais is adopted on the part of the judge, it would be an extremely dangerous step, meaning that any form of confidentiality would then become suspect by default.

In this case, protecting one’s privacy and encrypting communications is no longer merely suspect, but participates of constituting a “clandestine behavior”, a way of concealing criminal intentions. In several memos, the DGSI keeps on trying to demonstrate how the use of tools such as Signal, Tor, Proton, Silence, etc., would be evidence of a desire to hide compromising elements. And on top of this, as we denounced last June, the DGSI justifies the absence of evidence of a terrorist project by the use of encryption tools itself. According to them, if they lack of elements proving a terrorist intent, it’s because those proofs are necessarily hold back in those much-vaunted encrypted and inaccessible messages. In reaction of such absurd vicious circle, lawyers of a person charged denounced the fact that “here, the absence of evidence becomes an evidence itself“.

What’s worrying us even more are all the approximations and technical errors made by the DGSI during investigation, which were later repeated by the prosecutor and then the investigating judge. For example, the investigators confused Tor and Tails in certain memos. Also, they point as an element of guilt the fact that the defendant encrypted the contents of their phones and computers. Again with much technical confusion, the DGSI accuses the defendants of using LUKS, a tool available under Linux for encrypting disks, even though it is a common and recommended tool for data protection. More broadly, the whole case tends to show that the police and justice authorities are unaware that encryption of storage media is implemented by default by the main software developers. And these same authorities seem to forget that their own devices are also encrypted (at least, we hope they are!).

In short, the defendant are accused of respecting basic computer security rules. What is sometimes referred to as “digital hygiene” is becoming a symbol of allegedly clandestine behavior.

Is this a new crypto-war?

Encryption of electronic communications has always been source of political tensions. This can be easily explained given the inherent political nature of this technology. One good example is the way Martin Hellmann, one of the mathematical researchers who developed asymmetric encryption in the 1970s, justified his work at the time. He explained to fear that “the increasing use of automated processing tools would represent a real threat to the economy and privacy“. For him, reliable encryption techniques were a way of preventing the increase of “surveillance by a police state helped by computerization¹Quotes from Corrigan-Gibbs, « Keeping Secrets », in Félix Tréguer sociology thesis, « Pouvoir et résistance dans l’espace public : une contre-histoire d’Internet (XVe-XXIe siècle) » accessible on https://shs.hal.science/tel-01631122. See also the book Contre-histoire d’Internet : Du XVe siècle à nos jours, Agone, 2023..”. This encryption technology is not a random scientific discovery but is rather the result of an emerging balance of power. This is why governments have always resisted the development and use of encryption. And through the years, we could see this desire for control in every occasion used by governments to suggest creators and users of encryption were potential criminals.

When Hallman and his colleagues published their work about cryptography, the U.S. government tried to pressure in order to keep this technique within the military domain and maintain control on its development. Then, during the 1990s, encryption started to be more accessible, for example via the PGP protocol. Scared by this generalization, the U.S. government proposed to introduce “Clipper Chips“, i.e. an obligation to install a chip containing a “backdoor” in any encrypted system, that could enable law enforcement authorities to access stored data.

It was the beginning of a crypto-war“, opposing the Clinton administration against the many activists defending the right to cryptography. The federal government defended its project by explaining that “if encryption technology is made freely available worldwide, it would no doubt be used extensively by terrorists, drug dealers, and other criminals to harm Americans both in the U.S. and abroad.” But this criminalizing narrative failed, and in 1996, encryption was removed from the list of “arms and ammunition”, paving the way for its spread. In France, although it was pushed by activists, legalization of the use of encryption only took place in 1999, making France one of the last countries to keep this technology under its control.

But governmental critics on encryption resurfaced in the 2010s. It was a time when the public had become aware of state surveillance programs while also living terrorists attacks leading to an intense security climate, but also gaining access to mainstream encrypted messaging services. This context gave new opportunities to the various French Ministers of Interior (Cazeneuve, Castaner and Darmanin), Members of Parliament or President to use again the narrative of criminalization of both the users and developers of encryption-based tools (remember, for example, of the San Bernardino iPhone case, which put Apple at the center of criticism).

Fearing an irreparable precedent

With the “December 8” case, we are witnessing how this narrative according to which encryption of communications is the prerogative of criminals and terrorists, can become a reality. It is no longer an opportunistic political statement of leaders wishing to extend long-desired prerogatives. Today, we are talking about a police and judicial accusation with concrete and serious consequences, which has helped put people in prison. We are deeply concerned about the possibility that judges migh endorse this narrative criminalizing privacy tools. This would set a legal precedent as well as a political precedent, in addition to having disastrous human consequences for the defendents. Privacy would then become a presumption of guilt, today concerning digital measures but that could extend tomorrow to physical practices. Protecting oneself, adopting security measures for oneself and others, would then be grounds for prosecution.

Isabela Fernandes, the Executive Director of The Tor Project, transmitted her support in this upcoming battle. She told us that “encryption should not be misconstrued as a sign of malicious intent but should instead be regarded as a fundamental component of people’s right to privacy and security online. As more and more aspects of our lives are carried out online, encryption empowers individuals to protect their privacy and digital rights.”

She added that “a wide range of privacy tools are utilized by members of the European Commission and other government bodies. Governments have the responsibility of safeguarding the rights to free expression and privacy for all to protect a fundamental pillar of democratic societies – rather than promoting biased interpretations of who can have those rights and who cannot.”

In an op-ed published in Le Monde, 130 individuals and organizations have denounced this false link between clandestine behavior and the use of privacy and encryption tools, that feeds today a very weak criminal prosecution. This dangerous situation arrives at a time France is authorizing remote surveillance of connected objects, including those of journalists under the pretext of national securityarresting journalists who reveal war crimes committed with the complicity of the state, and want to end online anonymity or confidentiality. We are currently witnessing a terribly worrying authoritarian runaway.

This trial is yet another threat on fundamental rights, but above all it’s a possible point of no return in how the state’s perceives the right to privacy. Your support is important! If you can, come along to the hearings (to be held in the afternoons of October 3 to 27 at the Paris court) to show your solidarity and resistance to these attacks. You can also fin information in English on the blog “Solidarity to december 8“.