In France, refusing to hand over encrypted information in terrorism cases could lead to a fine of €350,000 (US$385,000) and five years in prison, under proposed legislation.
Deputies voted for the measures as part of a bill entitled "reinforcing the fight against organized crime and terrorism, and their financing," which passed its first reading in the National Assembly on Tuesday afternoon.
It's by no means a done deal: The French Senate now gets its turn to amend, and perhaps reject, the bill before it returns to the Assembly for a further vote. If it makes it that far, parts of it could still be struck out by the Constitutional Court before it is submitted for presidential approval and publication in the Official Journal, the equivalent of the U.S. Federal Register.
Among the bill's 73 pages are a handful of measures aimed at forcing the owners, operators or designers of computer systems to help police with their investigations.
Article 4, Section 5, the subject of a late amendment to the bill, introduces the five-year prison sentence for a private organization that refuses a request from judicial authorities investigating terrorist cases to hand over data protected by an encryption system that it developed.
There's no exception for companies that develop encryption systems for which they do not hold the keys.
It could have been worse: Last week, deputies rejected an amendment imposing a €2 million fine and a two-year sales ban on phone makers, network operators and ISPs refusing to hand over information needed to solve a terrorist case.
Section 5 also extends measures introduced in 2004 that require companies holding information relevant to an investigation, or telecommunications operators carrying the information, to hand it over when served with a warrant. The new bill proposes raising the maximum penalty for not complying in cases involving terrorism from a fine of €3,750 to a fine of €15,000 and two years in prison.
One area in which France is playing catch-up rather than leading the legislative pack is the investigation of offenses conducted on the dark net. Deputies want to allow customs officers to adopt undercover identities online so they can infiltrate such sites, much as the FBI did in its investigation of Silk Road.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.