France Testing Out Special Encrypted Messenger For Gov't Officials As It Still Seeks To Backdoor Everyone Else's Encryption
from the roll-yer-own dept
The French government has been pushing for a stupid "backdoors" policy in encryption for quite some time. A couple years ago, following various terrorist attacks, there was talk of requiring backdoors to encrypted communications, and there was even a bill proposed that would jail execs who refused to decrypt data. Current President Emmanuel Macron has come out in favor of backdoors as well, even as he's a heavy user of Telegram (which isn't considered particularly secure encryption in the first place).
But now, the French government is apparently moving forward with its own, homegrown, encrypted messaging system, out of a fear that other -- non-French -- encrypted messaging apps will be forced into providing backdoors to their own systems:
The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday.
None of the world’s major encrypted messaging apps, including Facebook’s WhatsApp and Telegram - a favorite of President Emmanuel Macron - are based in France, raising the risk of data breaches at servers outside the country.
There are a number of silly things here. First off, the fact that they're doing this should make it clear why it's been so stupid to have the government itself calling for backdoors. Clearly, the French government understands the risks involved, or it wouldn't be doing this in the first place. The message it seems to be sending is that keeping messages and communications secure is important... but only for government officials. For the peasants? Let them eat insecure messages, I guess.
Second, there should be questions about how well this will be implemented. The report does note that they're using "free-to-use code found on the Internet," which (hopefully?) means they're basing it on Open Whisper Systems' encrypted messaging code, which is freely available and is generally considered the gold standard (Update: actually it's based on Riot/Matrix and apparently the plan is to open source it -- which is good). However, doing encrypted messaging well is... difficult. It's the kind of thing that lots of people -- even experts -- get wrong. Rolling your own can often get messy, and you have to bet that a government rolling its own encryption for government officials to use is going to be a clear target for nation-state level hackers to try to break in. That's not to say it can't be done, but there are a lot of tradeoffs here, and I'm not sure that the best encryption is going to come from a government employee.
Also, the report suggests that this technology "could be eventually made available to all citizens," which would certainly be interesting, but would seem to contradict with all of those reports and statements about demanding backdoored encryption. Given how often the French government (and the President) have asked for backdoors, would any French citizen ever feel particularly secure using an "encrypted" messaging system offered up by that same French government?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, emmanuel macron, encryption, france
Reader Comments
The First Word
“Based on Riot/Matrix, not Signal
It's going to based off of Riot which is a FOSS messenger app with e2e encryption based on the Matrix protocol. It sounds like the modified version itself will be open sourced, at least according to Matrix.
Subscribe: RSS
View by: Time | Thread
"If there is a backdoor, it's not secure encryption."
It seems like their eyes glaze over and they need a nap to reset.
[ link to this | view in chronology ]
Re:
There is a reason that people get the governments that they deserve. They reject what is best for them and buy nearly every lie that travels near their confirmation biases.
Leaders win by appealing to the lowest common denominator of the political day!
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Leaders you say ... lol - they do not lead as they do not want to nor feel the need to. They dictate as they see themselves as dictators.
You seem very confused about many things but why such low regard for your fellow citizens? You look at one person and project that upon all?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If the goal is to ensure all messages are insecure and easily readable by the government, then this would likely need to be illegal, as the message would become unrecoverable after passing through stomach acid. (Even if it survived the acid bath, would you want to recover it when it finally comes out?)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Unsurprising
[ link to this | view in chronology ]
Re: Unsurprising
[ link to this | view in chronology ]
Re: Re: Unsurprising
That was not an uncommon problem for monarchies, where the nobles, or even the bureaucracy has more power than the monarch. Indeed the slaves, eunuchs in China and Janissaries in the Ottoman Empire, often had more effective power than the emperors.
[ link to this | view in chronology ]
In today's world
[ link to this | view in chronology ]
Based on Riot/Matrix, not Signal
It's going to based off of Riot which is a FOSS messenger app with e2e encryption based on the Matrix protocol. It sounds like the modified version itself will be open sourced, at least according to Matrix.
[ link to this | view in chronology ]
Time to warn them about github - or not
Having done that, or not, post on /. and brag about sandbagging la froggies (or whatever is a uptodate insult, braiseurs for instance).
/. = slashdot.org
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]