France Testing Out Special Encrypted Messenger For Gov't Officials As It Still Seeks To Backdoor Everyone Else's Encryption
from the roll-yer-own dept
The French government has been pushing for a stupid “backdoors” policy in encryption for quite some time. A couple years ago, following various terrorist attacks, there was talk of requiring backdoors to encrypted communications, and there was even a bill proposed that would jail execs who refused to decrypt data. Current President Emmanuel Macron has come out in favor of backdoors as well, even as he’s a heavy user of Telegram (which isn’t considered particularly secure encryption in the first place).
But now, the French government is apparently moving forward with its own, homegrown, encrypted messaging system, out of a fear that other — non-French — encrypted messaging apps will be forced into providing backdoors to their own systems:
The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday.
None of the world?s major encrypted messaging apps, including Facebook?s WhatsApp and Telegram – a favorite of President Emmanuel Macron – are based in France, raising the risk of data breaches at servers outside the country.
There are a number of silly things here. First off, the fact that they’re doing this should make it clear why it’s been so stupid to have the government itself calling for backdoors. Clearly, the French government understands the risks involved, or it wouldn’t be doing this in the first place. The message it seems to be sending is that keeping messages and communications secure is important… but only for government officials. For the peasants? Let them eat insecure messages, I guess.
Second, there should be questions about how well this will be implemented. The report does note that they’re using “free-to-use code found on the Internet,” which (hopefully?) means they’re basing it on Open Whisper Systems’ encrypted messaging code, which is freely available and is generally considered the gold standard (Update: actually it’s based on Riot/Matrix and apparently the plan is to open source it — which is good). However, doing encrypted messaging well is… difficult. It’s the kind of thing that lots of people — even experts — get wrong. Rolling your own can often get messy, and you have to bet that a government rolling its own encryption for government officials to use is going to be a clear target for nation-state level hackers to try to break in. That’s not to say it can’t be done, but there are a lot of tradeoffs here, and I’m not sure that the best encryption is going to come from a government employee.
Also, the report suggests that this technology “could be eventually made available to all citizens,” which would certainly be interesting, but would seem to contradict with all of those reports and statements about demanding backdoored encryption. Given how often the French government (and the President) have asked for backdoors, would any French citizen ever feel particularly secure using an “encrypted” messaging system offered up by that same French government?
Filed Under: backdoors, emmanuel macron, encryption, france
Comments on “France Testing Out Special Encrypted Messenger For Gov't Officials As It Still Seeks To Backdoor Everyone Else's Encryption”
The concept is difficult for many to understand.
“If there is a backdoor, it’s not secure encryption.”
It seems like their eyes glaze over and they need a nap to reset.
People don’t want intelligent leaders, they do not understand them. After a person passes a certain milestone in intelligence they are considered more harmful than good.
There is a reason that people get the governments that they deserve. They reject what is best for them and buy nearly every lie that travels near their confirmation biases.
Leaders win by appealing to the lowest common denominator of the political day!
Re: Re: Re:
Cynical about democracy? So far, so anarchist. But anarchy doesn’t scale. Voluntaryism doesn’t work in practice at scale.
Re: Re: Re:
Do you get the replies you deserve?
Leaders you say … lol – they do not lead as they do not want to nor feel the need to. They dictate as they see themselves as dictators.
You seem very confused about many things but why such low regard for your fellow citizens? You look at one person and project that upon all?
If the goal is to ensure all messages are insecure and easily readable by the government, then this would likely need to be illegal, as the message would become unrecoverable after passing through stomach acid. (Even if it survived the acid bath, would you want to recover it when it finally comes out?)
This will be great. I hope they implement it… with a back door. Then when it’s cracked and all the French dirty laundry comes to light we can sit back and gloat.
Despite France being a “constitutional republic” their constitution doesn’t afford anywhere near the same rights as that of the US. Whatever they name it, their government is still run largely like their old monarchy.
Is it really? I thought France was rather centralized. My remembering of history class was that the French monarchy was extremely weak (outside of their zone of immediate and direct control, i.e. Paris), which is part of the reason for the French Revolution (they couldn’t effectively collect taxes or deal with the outlying nobles).
Re: Re: Unsurprising
That was not an uncommon problem for monarchies, where the nobles, or even the bureaucracy has more power than the monarch. Indeed the slaves, eunuchs in China and Janissaries in the Ottoman Empire, often had more effective power than the emperors.
In today's world
encryption is easy. However, key management is extremely difficult.
Based on Riot/Matrix, not Signal
It’s going to based off of Riot which is a FOSS messenger app with e2e encryption based on the Matrix protocol. It sounds like the modified version itself will be open sourced, at least according to Matrix.
Time to warn them about github - or not
Assuming they are typical government providers this can be scuttled by one of two methods. First hack into the account on github and plant a backdoor.
Having done that, or not, post on /. and brag about sandbagging la froggies (or whatever is a uptodate insult, braiseurs for instance).
/. = slashdot.org
but all govts are doing similar things. they want to know every detail of every ordinary person, every second, while ensuring that all the back handed, underhanded, self-serving and often illegal crap they are up to is well hidden and if found, the finder and those even reading it are imprisoned for decades! if this isn’t turning the planet into something run by the very few at the expense of everyone else, enabling slavery (do as you’re told or die, basically), coupled with no one except the elite having any rights, what is?
I’m guessing it involves semaphore and white flags.
“Do as I say, not as I do”