Slashdot Mirror

← Back to Stories (view on slashdot.org)

France is Building Its Own Encrypted Messaging Service To Ease Fears That Foreign Entities Could Spy on Private Conversations (reuters.com)

Posted by msmash on from the taking-matter-on-their-own-hands dept.

The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday. From a report: None of the world's major encrypted messaging apps, including Facebook's WhatsApp and Telegram -- a favorite of President Emmanuel Macron -- are based in France, raising the risk of data breaches at servers outside the country.

About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."

87 comments

  1. Reinventing the wheel by grasshoppa · · Score: 1

    Why not just audit https://xmpp.org/ and call it good?

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
    1. Re:Reinventing the wheel by CaptSlaq · · Score: 4, Informative
      Per TFA, that sounds like what they may have done:

      The French government’s encrypted app has been developed on the basis of free-to-use code found on the Internet and could be eventually made available to all citizens, the spokeswoman said. She declined to give the names of either the codes or the messaging service.

    2. Re:Reinventing the wheel by Anonymous Coward · · Score: 0

      There are extents for XMPP to add on encryption, but last I knew, out of the box it sent all your messages in cleartext. Maybe someone knows if that has changed recently?

      The problem with the extension approach is that it is a barrier for the average person which they are unlikely to overcome. To be meaningful, strong, non-backdoored encryption has to be the default.

    3. Re:Reinventing the wheel by Anonymous Coward · · Score: -1

      NIH Syndrome: https://en.wikipedia.org/wiki/Not_invented_here

      Also, strong encryption is illegal in france, so they also have to invent that there...

    4. Re:Reinventing the wheel by nine-times · · Score: 2

      Yeah, that's the great thing about FOSS, is you don't need to reinvent the wheel. Just take the wheel someone else invented, and make the changes you want.

      Still, when they talk about setting up a service, I'm guessing they're not just talking about the software. You can't just audit the code and "call it good". You have to figure out how to deploy it, e.g. what servers are going to run it, and how are you going to make sure the service is resilient and secure.

    5. Re:Reinventing the wheel by Narcocide · · Score: 1

      The primary problem with XMPP adoption as far as I can tell is simply that nobody working on it understands how it works or what it's for, and nobody working on developer's documentation for it does either.

    6. Re:Reinventing the wheel by dos1 · · Score: 1

      It's a matter of the client, not the protocol. Conversations, one of the best Android XMPP clients, encrypts by default now.

    7. Re: Reinventing the wheel by ArmoredDragon · · Score: 1

      Meh. We've already seen this movie before. The plot always goes like this in every one of its sequels:

      A French president finishes reading an old newspaper from his minitel emulator, and begins resenting out loud about how most of the world doesn't pay enough attention to France anymore. He observes his people always paying attention to and patronizing the latest technology trend coming out of America, who he wants to be better than.

      "I've got it!" he mutters in French to himself, "I'll make a better one, and France will be the envy of the world!"

      Several hundred million dollars later, nobody remembers that the project ever existed, a new president gets elected, and the previous president shouts from his bedroom window "You may have won this time, America, but I'll get you back by making all French people snooty to you from now on!"

      The first movie in this series, called Quaero, was panned by film critics:

      https://www.theguardian.com/te...

    8. Re:Reinventing the wheel by Anonymous Coward · · Score: 0

      Because you missed the key word in the announcement: "to ease fears that *foreign entities* could spy on private conversations"
      France was one of the first countries to legalize dragnet surveillance after Snowden.
      This messaging service will surely be backdoored so that "domestic entities" will have no problems reading messages what so ever.

    9. Re:Reinventing the wheel by angel'o'sphere · · Score: 1

      Beccause that is a protocol and neither a service (server) nor an app/application.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    10. Re: Reinventing the wheel by nine-times · · Score: 1

      It didn't sound to me like a crazy plot to restore French pride. They're not saying, "We'll reinvent telecommunications!"

      It sounds more like the French government saying, "Maybe it's not a good idea for our government communications to be going through services operated in other countries, subject to the laws of other countries, and at the mercy of those countries' intelligence agencies."

      Given that there are secure open-source alternatives, it seems like common sense to me.

    11. Re:Reinventing the wheel by Anonymous Coward · · Score: 0

      Is France also building it's own hardware, it's own operating system, it's own... I could go on and on. The app level is a very tiny one.

    12. Re: Reinventing the wheel by rtb61 · · Score: 1

      Lets guess the country they will pretend not trust whilst they are actually targeting another country, they definitely do not trust. Weirdness going on at the moment, heads of government operating without the required approval of their legislative bodies against the law (likely because they are being extorted). Everyone is going to go to trust no one mode and this is just the first sign. After software comes locally produced and audited communications hardware, reality is the US has proven time and time again, it has no allies on vassal states that it will betray. China is not all that trusted and now the UKs reputations stinks. Everyone will be rolling their own or be slaves to the country that supplies their gear and you can bet the US will make demands of countries that they use US controlled equipment. Global trust is getting worse and worse, thanks to psychopathic morons serving their own individual interests.

      --
      Chaos - everything, everywhere, everywhen
    13. Re:Reinventing the wheel by Anonymous Coward · · Score: 0

      I just forked XOR and renamed it le'XOR, hope the FR govt give me that contract! ;)

    14. Re:Reinventing the wheel by Anonymous Coward · · Score: 0

      The primary problem with XMPP adoption as far as I can tell is simply that nobody working on it understands how it works or what it's for, and nobody working on developer's documentation for it does either.

      Give me a fucking break. XMPP is essentially a messaging protocol, so to claim that people who use it have no idea what it's for is like accusing a motorcycle owner that they have no idea what a motorcycle is for. Those who use it know damn well what it's for, just as those who choose to use encryption.

      As far as any adoption issues, that is more a problem of marketing and popularity. Apparently you need a chat client to have video capability and stupid childish filters in order to be popular, which is also far more important than encryption and privacy.

    15. Re: Reinventing the wheel by Maritz · · Score: 1

      You sure know how to take an inch and turn it into a light-year, don't ya.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  2. Think about this.... by Anonymous Coward · · Score: 0

    Ok but....What's stopping the french government to eavesdrop on the communications used on this app? Or Are they willing to go as far as to implement strong crypto even they can't break?

    1. Re:Think about this.... by tomhath · · Score: 1

      What's stopping the french government to eavesdrop on the communications used on this app?

      Same thing that would stop other governments from eavesdropping - essentially nothing. The encryption will be cracked.

    2. Re:Think about this.... by Anonymous Coward · · Score: 0

      Are you trying to compare France (and generally Europe) to the kind of surveillance state and murderous government they have going on in the U.S.? Wow.

    3. Re:Think about this.... by ctilsie242 · · Score: 3, Informative

      On the other hand, if a government creates a F/OSS app that has been vetted, isn't this a boon for pretty much anyone in the world? The German government is why GNU's Privacy Guard is still being updated, and France already funds VeraCrypt.

    4. Re:Think about this.... by Anonymous Coward · · Score: 0

      FYI: France approves 'Big Brother' surveillance powers

    5. Re:Think about this.... by Anonymous Coward · · Score: 0

      I don't like in the U.S. While most of Europe is much less murder and military happy, the surveillance state is just as bad if not worse. I live in Marlborough, UK and the surveillance state in this country is awful. Much, much worse than pretty much anywhere else. The exception being China, maybe.

    6. Re:Think about this.... by Anonymous Coward · · Score: 0

      Let's see ... there is no strong protection of free speech in France. There is a law against strong encryption. Their police state is stronger than the US.

    7. Re:Think about this.... by Locke2005 · · Score: 2

      Any encryption can be brute-forced. The only question is, does it take seconds or centuries do it?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    8. Re:Think about this.... by GameboyRMH · · Score: 1

      LOL no they're going to hold the encryption keys, which just keeps everyone except the French government eavesdropping on the communications. Until the keys are leaked that is.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    9. Re:Think about this.... by jellomizer · · Score: 1

      Not much, but EU in general found the sweet spot to tamper free speech, so there is less dirty laundry being shown.
      This has its good and bad. But France being a smaller country (compared to the US, Russia and China) has more to lose from bad PR

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    10. Re:Think about this.... by Anonymous Coward · · Score: 0

      They have to eavesdrop. This is about internal government communications. It will certainly use strong algorithms, but it is also certainly not end-to-end encrypted. For the normal use-case.

    11. Re:Think about this.... by Anonymous Coward · · Score: 0

      More like one age of Universe or two?

    12. Re:Think about this.... by angel'o'sphere · · Score: 1

      It is most likely an RSA or DH end to end encryption, so: it can't be craccked with todays math and technology.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    13. Re:Think about this.... by angel'o'sphere · · Score: 1

      Or several lifetimes of the universe ...

      (actually you are "kind of wrong" anyway ... if you don't even have a clue how it was encrypted "brute forcing" takes another dimension)

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    14. Re:Think about this.... by Anonymous Coward · · Score: 0

      They want to snoop on their own French people. That's the whole point of it.

    15. Re:Think about this.... by tomhath · · Score: 1

      That's what the Germans said about their Enigma machine. Japanese thought their code was pretty good too.

    16. Re: Think about this.... by c6gunner · · Score: 2

      That's what the Germans said about their Enigma machine.

      Nonsense. They believed it was reasonably secure, but they knew it had some weaknesses and that the resultant messages could eventually be decrypted given enough manpower dedicated to the task. Which is why they kept making newer, more complex versions of it. Nobody believed that it would take "several lifetimes of the universe" to brute force an enigma message; they were just betting on it taking long enough for the encoded information to be stale and useless.

      Even with the weaknesses inherent in the system the allies still had to develop an entirely new technology to decrypt (in a useful amount of time) the messages pumped out by the latter versions, AND they had to find procedural weaknesses in how the Germans were using the machines.

    17. Re:Think about this.... by Locke2005 · · Score: 1

      We'll have much, much faster computers 100 years from now... given the current rate of technology progression, anything encrypted today will _eventually_ be easily decrypted, although most things won't be worth the expense.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    18. Re:Think about this.... by AHuxley · · Score: 1

      This keeps French people safe from the NSA, GCHQ, 5 eyes, Germans.
      The crypto will keep both competing nations and support French security forces.

      --
      Domestic spying is now "Benign Information Gathering"
    19. Re: Think about this.... by Anonymous Coward · · Score: 0

      Yes. Police in France is more or less god. Specially under the current anti-terrorist laws. The main difference with the us is that the French one don't take black people and its own citizen as wild beasts to hunt.

    20. Re:Think about this.... by Anonymous Coward · · Score: 0

      The U.K. markedly stands out from the rest of Europe, to be fair.

    21. Re:Think about this.... by pnutjam · · Score: 1

      I hear they are using matrix and a custom Riot client.

      --
      Cheap storage VM.
    22. Re:Think about this.... by Anonymous Coward · · Score: 0

      You're assuming that crypto tech is static, it's not.

  3. France by Anonymous Coward · · Score: -1

    Since this is France and they have 30-hour work weeks and 6 months of vacation, expect this in about 10 years.

    1. Re:France by giggleloop · · Score: 1

      Whereas were it done by a US government contractor, it'd be late, not work as intended and be around 4x over budget.

    2. Re:France by Anonymous Coward · · Score: 0

      They seemed to build their end of the Channel Tunnel in the same length of time as it took the British to do their half. In the mean time you can't get a f---ing tunnel everyone knows needs building that goes 1/20th of the distance in the US because of politics, and it'll cost 10x as much if it ever gets built. So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?

    3. Re:France by Oswald+McWeany · · Score: 3, Informative

      They seemed to build their end of the Channel Tunnel in the same length of time as it took the British to do their half. In the mean time you can't get a f---ing tunnel everyone knows needs building that goes 1/20th of the distance in the US because of politics, and it'll cost 10x as much if it ever gets built. So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?

      I don't know about 30hours vs 40hour workweeks- but there have been studies that show increasing work hours per week does have diminishing returns up until a point where adding more hours does actually result in lower overall productivity.

      There have also been studies that show that taking a lot of vacation actually increases productivity over the year than forcing people to go to work 50 weeks a year and only have 2 weeks vacation. America's stingy vacation policy actually negatively impacts productivity. If you want your workers to be more productive over a year- give them 6 weeks off not 2.

      --
      "That's the way to do it" - Punch
    4. Re:France by Anonymous Coward · · Score: 0

      There you go giggleloop, under-estimating the project again!

    5. Re:France by ShanghaiBill · · Score: 1

      So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?

      Except the French are less productive

    6. Re:France by sconeu · · Score: 1

      Chunnel goes under water. No rich people there to say "NIMBY".

      Meanwhile, Los Angeles really Really REALLY needs a rail tunnel under the Santa Monica Mountains from the San Fernando Valley to the Westside, but that would go under all the rich people's houses.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    7. Re:France by JackieBrown · · Score: 1

      If you work 66% of the hours that a US worker works and gain 10-15% productivity, you are still in the negative.

      I do agree that eventually you get demising returns but that involves working much more than 40 hours a week (depending on the job, of course.)

    8. Re:France by Anonymous Coward · · Score: 0

      You say that as if it's a bad thing. Imagine if all the evil things governments do they did efficiently and effectively. We'd all be slaves decades ago or the planet would have been wiped out.

    9. Re:France by godrik · · Score: 1

      Ranking 6th in the world in productivity per hour is not bad at all.
      In particular, that is much higher than japan, and south korea which are both first world country who work a lot more.

    10. Re:France by ausekilis · · Score: 0

      I expect it to be called "White Flag". Thanks folks, I'll be here all week.

    11. Re:France by Anonymous Coward · · Score: 0

      But then you can't relish in your peon servants' misery!

    12. Re:France by Anonymous Coward · · Score: 0

      And yet, they enjoy their life while you're stuck wasting your limited time doing meaningless work. Nobody cares about your stupid values.

    13. Re:France by angel'o'sphere · · Score: 1

      Except your link is not about prosuctivity ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    14. Re:France by phayes · · Score: 1

      Sure, as long as what you're calling "enjoying their lives" means watching their kids cycle from unemployment to unpaid trainee to bogus training programs.

      Unemployment in France is sky high in the under 25 population and tends to be persistent meaning that those who are affected stay unemployed and through public assistance go on with their lives to have kids that will grow up never seeing their parents ever hold a regular job. One hopes Macron will at least make make progress on solving this after the disastrous 5 years we spent under do-nothing Hollande. Under Hollande a signifiacant part of University graduates had no better choice than to look for work outside France. All the major journals were doing pieces on how to find a job in England, Canada, Brazil, Morocco, etc anyplace but France.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    15. Re:France by ShanghaiBill · · Score: 1

      And yet, they enjoy their life while you're stuck wasting your limited time doing meaningless work.

      No. The French are not happier.

      If you are unemployed, you are not happier because your neighbor works shorter hours.

      Unemployment rate in America: 4.1%
      Unemployment rate in France: 9.2%

    16. Re:France by Anonymous Coward · · Score: 0

      White Flag? You mean like the Confederate Flag?

    17. Re:France by ecbpro · · Score: 1

      No, it's a white eagle on a white background!

    18. Re:France by Anonymous Coward · · Score: 0

      Flood the place then, problem solved?!

  4. everyone wants you to have privacy by Anonymous Coward · · Score: 0

    To Ease Fears That Foreign Entities Could Spy on Private Conversations

    ... but enshrine the ability of the French Government to spy on private conversations.

    I think it was Bruce Schneier who said "Everyone wants you to have privacy... just not from them".

  5. Hide from govt? by Anonymous Coward · · Score: 0

    Sound Illegal already. Just give it some time.

  6. Secure? by Anonymous Coward · · Score: 0

    My understanding is that designing a (more or less) truly secure application is quite difficult. The encryption math can probably be handled quite easily, but there a myriad of ways to mess up the logic that goes around the math (key generation, key storage, key transport, etc).

  7. Do top government officials use commercial apps? by iampiti · · Score: 1

    Color me surprised. I supposed that, at least developed countries, would have specialised services for their important personnel to comunicate through.

  8. minitel by bugs2squash · · Score: 1

    Minitel goes secure huh...

    --
    Nullius in verba
  9. This is as it should be by alispguru · · Score: 2

    Anybody - a government, a group, an individual - who wants secure encrypted communications they trust can get them.

    If you're just careful, you can download code from trusted sources, spin it up, and run your own servers.

    If you're paranoid and have more resources, you can audit the code before using it.

    if you're REALLY paranoid, you can go to the theory papers and write your own code.

    Governments and law enforcement agencies have to stop dreaming about systems that are secure against everyone except them - that horse left the barn in the 1990's, never to return.

    --

    To a Lisp hacker, XML is S-expressions in drag.
  10. A lesson in global affairs by Anonymous Coward · · Score: 0

    Of course. The EU member states (and the UK) are part of the same ilk that rules Washington, D.C. Why do you think they always tend to collaborate on war and banking?

    There is no moral high ground here. The world stage basically has four players:

    1. The US - EU - UK

    2. China

    3. Russia

    4. Everybody else (the serfs of #1-3)

    1. Re:A lesson in global affairs by Anonymous Coward · · Score: 0

      Umm... the EU is incorruptible, unlike the US. Europe will not put up with such crap as anonymous donors, or outright bribery as there is across the pond.

    2. Re: A lesson in global affairs by Anonymous Coward · · Score: 0

      This is one of the most absurdly hilarious comments ever written on Slashdot. The EU is a cesspool of corruption.

    3. Re: A lesson in global affairs by Anonymous Coward · · Score: 0

      Define corruption. Something like the Patriot act would never pass at the EU parlment level.

  11. If it will run on Android and iPhone, well by Anonymous Coward · · Score: 0

    then the U.S. gov will effectively have a way in. It's even possible they can modify the app if it runs on Windows or macOS. The only way to be truly sure is to only run the software on Linux systems.

  12. The internet does in fact have borders by Anonymous Coward · · Score: 0

    Now we're starting to see them.

    1. Re:The internet does in fact have borders by Anonymous Coward · · Score: 0

      We're about to see them way more, and they're about to be walled. The naive dream of a borderless virtual world are dead, just like its promises of equality. The great digital hope is dead.

  13. trois mots by Anonymous Coward · · Score: 0

    assez bonne intimité

  14. Can it be used? by Anonymous Coward · · Score: 0

    Cool.

    So, assuming it is designed to be utterly and completely insecure (so that the government can access it to investigate terrorism, child porn, etc) might it be a good thing to tunnel a secure protocol through?

  15. What? by cascadingstylesheet · · Score: 1

    Why are government officials using services like these for "secure" messages anyway? Seriously? Government officials who do this insane thing now are going to be trusted to use some French home brew thing instead? Surely there must be rules they are breaking now by doing this?

    1. Re:What? by AHuxley · · Score: 1

      Better than trusting the US big brand NSA PRISM networks.

      --
      Domestic spying is now "Benign Information Gathering"
  16. French! by Anonymous Coward · · Score: 0

    Yeah, I heard they speak french!

    Ça, c'est une façon de passer sous le radar! ;-)

  17. Conversations rocks by Kludge · · Score: 3, Interesting

    Conversations, an XMPP client, now has OMEMO encryption built in. You can also use OpenPGP with it.
    And it works many different hosting providers. I recently changed the XMPP host for my domain from one provider to another. France could just make certain that they have an XMPP service provider, and bam, they are done. Don't reinvent the wheel.

    1. Re:Conversations rocks by Anonymous Coward · · Score: 0

      Conversations, an XMPP client, now has OMEMO encryption built in. You can also use OpenPGP with it.
      And it works many different hosting providers. I recently changed the XMPP host for my domain from one provider to another. France could just make certain that they have an XMPP service provider, and bam, they are done. Don't reinvent the wheel.

      Sure, but that would prevent surreptitious domestic spying too. They only want to keep the foreign governments out.

  18. Plus ça change by Blue+Stone · · Score: 1

    As if the French security services aren't dogy as all fuck.
    Anything they build, their SS will want a sneaky way into.

    --
    Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  19. Wrong way to go about it by Anonymous Coward · · Score: 0

    Instead of encrypting these services which are always being data-mined, they should saturate them with noise. Current machine-learning algorithms are easily tricked and can be led to a local minimum by spamming a few different common queries. For example, if user X wants to talk to Y about a meeting at a place Z, then all they have to do is to spam that they want to meet at Z1,...Zn , where Zi are very different types of places (amusement parks, schools, hospitals, supermarkets, etc.) , this will confuse the hell out of the algorithm. I've been trying these things already with google, I was surprised how easily it is to trick and manipulate it into messing up queries after you do this kind of "noise spam".

  20. Telegram scam? by Anonymous Coward · · Score: 0

    Telegram might be completely accessible to Putin, and the Russian government's scorn for the service may be just a ruse to attract more users.
    Good move by France.

  21. Reminds me... by Anonymous Coward · · Score: 0

    Reminds me of a conversation I had with a french "engineer" fresh out of school, employed in a big company.
    Him: And I will develop a new crypto system for this because it must be really secure.
    Me: Ah, ok, nice will you use PGP or RSA as a base or something else?
    Him: No, no, it must be REALLY secure! I will develop my own algorithm! These things, RSA and so on, the algorithm and the code is known to everybody, it's not secure enough!
    Me: ...

    1. Re: Reminds me... by Brockmire · · Score: 1

      Having worked with a company that bought a Sequins SDK for a small chunk of change, they pretty much damaged all of our opinions of French companies. What they claimed and what they delivered was vastly different. Support was hot garbage. We've dealt with Poland, Germany, India, China, and Mexico, and everyone was wondering what the fuck is wrong with the French. They're just fucking clueless and arrogant.

  22. Seen this before by Anonymous Coward · · Score: 0

    This has happened before.

    "Fine! Keep your stupid services, America and Russia! We'll build our own encrypted messaging system. With blackjack! And hookers!"

    "In fact, screw the messaging system!"

    Voila, you end up with Moulin Rouge.

    1. Re:Seen this before by Anonymous Coward · · Score: 0

      > With blackjack! And fishmongers!"

      Didn't you get the memo? Trump signed FOSTA-SESTA.

    2. Re:Seen this before by Anonymous Coward · · Score: 0

      Didn't you get the memo? Trump signed FOSTA-SESTA.

      You seem to be confused about which country that happened in.

  23. vague by pD-brane · · Score: 1

    code found on the Internet

    That sounds very vague.

    Just use established, audited tech like PGP and OMEMO, and be upfront about it!