France Testing Out Special Encrypted Messenger For Gov't Officials As It Still Seeks To Backdoor Everyone Else's Encryption

from the roll-yer-own dept

The French government has been pushing for a stupid "backdoors" policy in encryption for quite some time. A couple years ago, following various terrorist attacks, there was talk of requiring backdoors to encrypted communications, and there was even a bill proposed that would jail execs who refused to decrypt data. Current President Emmanuel Macron has come out in favor of backdoors as well, even as he's a heavy user of Telegram (which isn't considered particularly secure encryption in the first place).

But now, the French government is apparently moving forward with its own, homegrown, encrypted messaging system, out of a fear that other -- non-French -- encrypted messaging apps will be forced into providing backdoors to their own systems:

The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday.

None of the world’s major encrypted messaging apps, including Facebook’s WhatsApp and Telegram - a favorite of President Emmanuel Macron - are based in France, raising the risk of data breaches at servers outside the country.

There are a number of silly things here. First off, the fact that they're doing this should make it clear why it's been so stupid to have the government itself calling for backdoors. Clearly, the French government understands the risks involved, or it wouldn't be doing this in the first place. The message it seems to be sending is that keeping messages and communications secure is important... but only for government officials. For the peasants? Let them eat insecure messages, I guess.

Second, there should be questions about how well this will be implemented. The report does note that they're using "free-to-use code found on the Internet," which (hopefully?) means they're basing it on Open Whisper Systems' encrypted messaging code, which is freely available and is generally considered the gold standard (Update: actually it's based on Riot/Matrix and apparently the plan is to open source it -- which is good). However, doing encrypted messaging well is... difficult. It's the kind of thing that lots of people -- even experts -- get wrong. Rolling your own can often get messy, and you have to bet that a government rolling its own encryption for government officials to use is going to be a clear target for nation-state level hackers to try to break in. That's not to say it can't be done, but there are a lot of tradeoffs here, and I'm not sure that the best encryption is going to come from a government employee.

Also, the report suggests that this technology "could be eventually made available to all citizens," which would certainly be interesting, but would seem to contradict with all of those reports and statements about demanding backdoored encryption. Given how often the French government (and the President) have asked for backdoors, would any French citizen ever feel particularly secure using an "encrypted" messaging system offered up by that same French government?

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, emmanuel macron, encryption, france


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Baron von Robber, 19 Apr 2018 @ 9:58am

    The concept is difficult for many to understand.
    "If there is a backdoor, it's not secure encryption."

    It seems like their eyes glaze over and they need a nap to reset.

    link to this | view in thread ]

  2. identicon
    AricLeRouge, 19 Apr 2018 @ 9:58am

    Baiseurs!

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 19 Apr 2018 @ 10:05am

    Let them eat insecure messages

    If the goal is to ensure all messages are insecure and easily readable by the government, then this would likely need to be illegal, as the message would become unrecoverable after passing through stomach acid. (Even if it survived the acid bath, would you want to recover it when it finally comes out?)

    link to this | view in thread ]

  4. identicon
    I.T. Guy, 19 Apr 2018 @ 10:06am

    This will be great. I hope they implement it... with a back door. Then when it's cracked and all the French dirty laundry comes to light we can sit back and gloat.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 19 Apr 2018 @ 10:24am

    Unsurprising

    Despite France being a "constitutional republic" their constitution doesn't afford anywhere near the same rights as that of the US. Whatever they name it, their government is still run largely like their old monarchy.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 19 Apr 2018 @ 10:28am

    In today's world

    encryption is easy. However, key management is extremely difficult.

    link to this | view in thread ]

  7. icon
    Sharur (profile), 19 Apr 2018 @ 11:26am

    Re: Unsurprising

    Is it really? I thought France was rather centralized. My remembering of history class was that the French monarchy was extremely weak (outside of their zone of immediate and direct control, i.e. Paris), which is part of the reason for the French Revolution (they couldn't effectively collect taxes or deal with the outlying nobles).

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 19 Apr 2018 @ 11:29am

    Re:

    People don't want intelligent leaders, they do not understand them. After a person passes a certain milestone in intelligence they are considered more harmful than good.

    There is a reason that people get the governments that they deserve. They reject what is best for them and buy nearly every lie that travels near their confirmation biases.

    Leaders win by appealing to the lowest common denominator of the political day!

    link to this | view in thread ]

  9. icon
    Robert Barat (volt4ire) (profile), 19 Apr 2018 @ 12:12pm

    Based on Riot/Matrix, not Signal

    It's going to based off of Riot which is a FOSS messenger app with e2e encryption based on the Matrix protocol. It sounds like the modified version itself will be open sourced, at least according to Matrix.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 19 Apr 2018 @ 1:05pm

    Re: Re: Unsurprising

    My remembering of history class was that the French monarchy was extremely weak

    That was not an uncommon problem for monarchies, where the nobles, or even the bureaucracy has more power than the monarch. Indeed the slaves, eunuchs in China and Janissaries in the Ottoman Empire, often had more effective power than the emperors.

    link to this | view in thread ]

  11. icon
    David (profile), 19 Apr 2018 @ 1:42pm

    Time to warn them about github - or not

    Assuming they are typical government providers this can be scuttled by one of two methods. First hack into the account on github and plant a backdoor.

    Having done that, or not, post on /. and brag about sandbagging la froggies (or whatever is a uptodate insult, braiseurs for instance).


    /. = slashdot.org

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 20 Apr 2018 @ 1:51am

    but all govts are doing similar things. they want to know every detail of every ordinary person, every second, while ensuring that all the back handed, underhanded, self-serving and often illegal crap they are up to is well hidden and if found, the finder and those even reading it are imprisoned for decades! if this isn't turning the planet into something run by the very few at the expense of everyone else, enabling slavery (do as you're told or die, basically), coupled with no one except the elite having any rights, what is?

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 20 Apr 2018 @ 3:20am

    I'm guessing it involves semaphore and white flags.

    link to this | view in thread ]

  14. identicon
    Wendy Cockcroft, 20 Apr 2018 @ 5:58am

    Re: Re:

    Cynical about democracy? So far, so anarchist. But anarchy doesn't scale. Voluntaryism doesn't work in practice at scale.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 20 Apr 2018 @ 7:34am

    Re: Re:

    Do you get the replies you deserve?

    Leaders you say ... lol - they do not lead as they do not want to nor feel the need to. They dictate as they see themselves as dictators.

    You seem very confused about many things but why such low regard for your fellow citizens? You look at one person and project that upon all?

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 22 Apr 2018 @ 9:39am

    "Do as I say, not as I do"

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.