France Testing Out Special Encrypted Messenger For Gov't Officials As It Still Seeks To Backdoor Everyone Else's Encryption

from the roll-yer-own dept

The French government has been pushing for a stupid "backdoors" policy in encryption for quite some time. A couple years ago, following various terrorist attacks, there was talk of requiring backdoors to encrypted communications, and there was even a bill proposed that would jail execs who refused to decrypt data. Current President Emmanuel Macron has come out in favor of backdoors as well, even as he's a heavy user of Telegram (which isn't considered particularly secure encryption in the first place).

But now, the French government is apparently moving forward with its own, homegrown, encrypted messaging system, out of a fear that other -- non-French -- encrypted messaging apps will be forced into providing backdoors to their own systems:

The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday.

None of the world’s major encrypted messaging apps, including Facebook’s WhatsApp and Telegram - a favorite of President Emmanuel Macron - are based in France, raising the risk of data breaches at servers outside the country.

There are a number of silly things here. First off, the fact that they're doing this should make it clear why it's been so stupid to have the government itself calling for backdoors. Clearly, the French government understands the risks involved, or it wouldn't be doing this in the first place. The message it seems to be sending is that keeping messages and communications secure is important... but only for government officials. For the peasants? Let them eat insecure messages, I guess.

Second, there should be questions about how well this will be implemented. The report does note that they're using "free-to-use code found on the Internet," which (hopefully?) means they're basing it on Open Whisper Systems' encrypted messaging code, which is freely available and is generally considered the gold standard (Update: actually it's based on Riot/Matrix and apparently the plan is to open source it -- which is good). However, doing encrypted messaging well is... difficult. It's the kind of thing that lots of people -- even experts -- get wrong. Rolling your own can often get messy, and you have to bet that a government rolling its own encryption for government officials to use is going to be a clear target for nation-state level hackers to try to break in. That's not to say it can't be done, but there are a lot of tradeoffs here, and I'm not sure that the best encryption is going to come from a government employee.

Also, the report suggests that this technology "could be eventually made available to all citizens," which would certainly be interesting, but would seem to contradict with all of those reports and statements about demanding backdoored encryption. Given how often the French government (and the President) have asked for backdoors, would any French citizen ever feel particularly secure using an "encrypted" messaging system offered up by that same French government?


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Baron von Robber, 19 Apr 2018 @ 9:58am

    The concept is difficult for many to understand.
    "If there is a backdoor, it's not secure encryption."

    It seems like their eyes glaze over and they need a nap to reset.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Apr 2018 @ 11:29am

      Re:

      People don't want intelligent leaders, they do not understand them. After a person passes a certain milestone in intelligence they are considered more harmful than good.

      There is a reason that people get the governments that they deserve. They reject what is best for them and buy nearly every lie that travels near their confirmation biases.

      Leaders win by appealing to the lowest common denominator of the political day!

      reply to this | link to this | view in chronology ]

      • identicon
        Wendy Cockcroft, 20 Apr 2018 @ 5:58am

        Re: Re:

        Cynical about democracy? So far, so anarchist. But anarchy doesn't scale. Voluntaryism doesn't work in practice at scale.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Apr 2018 @ 7:34am

        Re: Re:

        Do you get the replies you deserve?

        Leaders you say ... lol - they do not lead as they do not want to nor feel the need to. They dictate as they see themselves as dictators.

        You seem very confused about many things but why such low regard for your fellow citizens? You look at one person and project that upon all?

        reply to this | link to this | view in chronology ]

  • identicon
    AricLeRouge, 19 Apr 2018 @ 9:58am

    Baiseurs!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Apr 2018 @ 10:05am

    Let them eat insecure messages

    If the goal is to ensure all messages are insecure and easily readable by the government, then this would likely need to be illegal, as the message would become unrecoverable after passing through stomach acid. (Even if it survived the acid bath, would you want to recover it when it finally comes out?)

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 19 Apr 2018 @ 10:06am

    This will be great. I hope they implement it... with a back door. Then when it's cracked and all the French dirty laundry comes to light we can sit back and gloat.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Apr 2018 @ 10:24am

    Unsurprising

    Despite France being a "constitutional republic" their constitution doesn't afford anywhere near the same rights as that of the US. Whatever they name it, their government is still run largely like their old monarchy.

    reply to this | link to this | view in chronology ]

    • icon
      Sharur (profile), 19 Apr 2018 @ 11:26am

      Re: Unsurprising

      Is it really? I thought France was rather centralized. My remembering of history class was that the French monarchy was extremely weak (outside of their zone of immediate and direct control, i.e. Paris), which is part of the reason for the French Revolution (they couldn't effectively collect taxes or deal with the outlying nobles).

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Apr 2018 @ 1:05pm

        Re: Re: Unsurprising

        My remembering of history class was that the French monarchy was extremely weak

        That was not an uncommon problem for monarchies, where the nobles, or even the bureaucracy has more power than the monarch. Indeed the slaves, eunuchs in China and Janissaries in the Ottoman Empire, often had more effective power than the emperors.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Apr 2018 @ 10:28am

    In today's world

    encryption is easy. However, key management is extremely difficult.

    reply to this | link to this | view in chronology ]

  • icon
    Robert Barat (volt4ire) (profile), 19 Apr 2018 @ 12:12pm

    Based on Riot/Matrix, not Signal

    It's going to based off of Riot which is a FOSS messenger app with e2e encryption based on the Matrix protocol. It sounds like the modified version itself will be open sourced, at least according to Matrix.

    reply to this | link to this | view in chronology ]

  • icon
    David (profile), 19 Apr 2018 @ 1:42pm

    Time to warn them about github - or not

    Assuming they are typical government providers this can be scuttled by one of two methods. First hack into the account on github and plant a backdoor.

    Having done that, or not, post on /. and brag about sandbagging la froggies (or whatever is a uptodate insult, braiseurs for instance).


    /. = slashdot.org

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Apr 2018 @ 1:51am

    but all govts are doing similar things. they want to know every detail of every ordinary person, every second, while ensuring that all the back handed, underhanded, self-serving and often illegal crap they are up to is well hidden and if found, the finder and those even reading it are imprisoned for decades! if this isn't turning the planet into something run by the very few at the expense of everyone else, enabling slavery (do as you're told or die, basically), coupled with no one except the elite having any rights, what is?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Apr 2018 @ 3:20am

    I'm guessing it involves semaphore and white flags.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2018 @ 9:39am

    "Do as I say, not as I do"

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.