Slashdot Mirror
France is Building Its Own Encrypted Messaging Service To Ease Fears That Foreign Entities Could Spy on Private Conversations (reuters.com)
The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday. From a report: None of the world's major encrypted messaging apps, including Facebook's WhatsApp and Telegram -- a favorite of President Emmanuel Macron -- are based in France, raising the risk of data breaches at servers outside the country.
About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."
About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."
The French government’s encrypted app has been developed on the basis of free-to-use code found on the Internet and could be eventually made available to all citizens, the spokeswoman said. She declined to give the names of either the codes or the messaging service.
They seemed to build their end of the Channel Tunnel in the same length of time as it took the British to do their half. In the mean time you can't get a f---ing tunnel everyone knows needs building that goes 1/20th of the distance in the US because of politics, and it'll cost 10x as much if it ever gets built. So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?
I don't know about 30hours vs 40hour workweeks- but there have been studies that show increasing work hours per week does have diminishing returns up until a point where adding more hours does actually result in lower overall productivity.
There have also been studies that show that taking a lot of vacation actually increases productivity over the year than forcing people to go to work 50 weeks a year and only have 2 weeks vacation. America's stingy vacation policy actually negatively impacts productivity. If you want your workers to be more productive over a year- give them 6 weeks off not 2.
"That's the way to do it" - Punch
On the other hand, if a government creates a F/OSS app that has been vetted, isn't this a boon for pretty much anyone in the world? The German government is why GNU's Privacy Guard is still being updated, and France already funds VeraCrypt.
Anybody - a government, a group, an individual - who wants secure encrypted communications they trust can get them.
If you're just careful, you can download code from trusted sources, spin it up, and run your own servers.
If you're paranoid and have more resources, you can audit the code before using it.
if you're REALLY paranoid, you can go to the theory papers and write your own code.
Governments and law enforcement agencies have to stop dreaming about systems that are secure against everyone except them - that horse left the barn in the 1990's, never to return.
To a Lisp hacker, XML is S-expressions in drag.
Yeah, that's the great thing about FOSS, is you don't need to reinvent the wheel. Just take the wheel someone else invented, and make the changes you want.
Still, when they talk about setting up a service, I'm guessing they're not just talking about the software. You can't just audit the code and "call it good". You have to figure out how to deploy it, e.g. what servers are going to run it, and how are you going to make sure the service is resilient and secure.
Any encryption can be brute-forced. The only question is, does it take seconds or centuries do it?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Conversations, an XMPP client, now has OMEMO encryption built in. You can also use OpenPGP with it.
And it works many different hosting providers. I recently changed the XMPP host for my domain from one provider to another. France could just make certain that they have an XMPP service provider, and bam, they are done. Don't reinvent the wheel.
That's what the Germans said about their Enigma machine.
Nonsense. They believed it was reasonably secure, but they knew it had some weaknesses and that the resultant messages could eventually be decrypted given enough manpower dedicated to the task. Which is why they kept making newer, more complex versions of it. Nobody believed that it would take "several lifetimes of the universe" to brute force an enigma message; they were just betting on it taking long enough for the encoded information to be stale and useless.
Even with the weaknesses inherent in the system the allies still had to develop an entirely new technology to decrypt (in a useful amount of time) the messages pumped out by the latter versions, AND they had to find procedural weaknesses in how the Germans were using the machines.