Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Communications Encryption Politics Technology

France is Building Its Own Encrypted Messaging Service To Ease Fears That Foreign Entities Could Spy on Private Conversations (reuters.com) 87

The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday. From a report: None of the world's major encrypted messaging apps, including Facebook's WhatsApp and Telegram -- a favorite of President Emmanuel Macron -- are based in France, raising the risk of data breaches at servers outside the country.

About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."

France is Building Its Own Encrypted Messaging Service To Ease Fears That Foreign Entities Could Spy on Private Conversations

Comments Filter:
  • Why not just audit https://xmpp.org/ [xmpp.org] and call it good?

    • by CaptSlaq ( 1491233 ) on Monday April 16, 2018 @02:17PM (#56447117)
      Per TFA, that sounds like what they may have done:

      The French government’s encrypted app has been developed on the basis of free-to-use code found on the Internet and could be eventually made available to all citizens, the spokeswoman said. She declined to give the names of either the codes or the messaging service.

      • Yeah, that's the great thing about FOSS, is you don't need to reinvent the wheel. Just take the wheel someone else invented, and make the changes you want.

        Still, when they talk about setting up a service, I'm guessing they're not just talking about the software. You can't just audit the code and "call it good". You have to figure out how to deploy it, e.g. what servers are going to run it, and how are you going to make sure the service is resilient and secure.

        • Meh. We've already seen this movie before. The plot always goes like this in every one of its sequels:

          A French president finishes reading an old newspaper from his minitel emulator, and begins resenting out loud about how most of the world doesn't pay enough attention to France anymore. He observes his people always paying attention to and patronizing the latest technology trend coming out of America, who he wants to be better than.

          "I've got it!" he mutters in French to himself, "I'll make a better one, and

          • It didn't sound to me like a crazy plot to restore French pride. They're not saying, "We'll reinvent telecommunications!"

            It sounds more like the French government saying, "Maybe it's not a good idea for our government communications to be going through services operated in other countries, subject to the laws of other countries, and at the mercy of those countries' intelligence agencies."

            Given that there are secure open-source alternatives, it seems like common sense to me.

            • by rtb61 ( 674572 )

              Lets guess the country they will pretend not trust whilst they are actually targeting another country, they definitely do not trust. Weirdness going on at the moment, heads of government operating without the required approval of their legislative bodies against the law (likely because they are being extorted). Everyone is going to go to trust no one mode and this is just the first sign. After software comes locally produced and audited communications hardware, reality is the US has proven time and time aga

          • by Maritz ( 1829006 )
            You sure know how to take an inch and turn it into a light-year, don't ya.
      • code found on the Internet

        That sounds very vague.

        Just use established, audited tech like PGP and OMEMO, and be upfront about it!

    • The primary problem with XMPP adoption as far as I can tell is simply that nobody working on it understands how it works or what it's for, and nobody working on developer's documentation for it does either.

    • Beccause that is a protocol and neither a service (server) nor an app/application.

  • Color me surprised. I supposed that, at least developed countries, would have specialised services for their important personnel to comunicate through.
  • Minitel [wikipedia.org] goes secure huh...
  • by alispguru ( 72689 ) <bane.gst@com> on Monday April 16, 2018 @02:38PM (#56447275) Journal

    Anybody - a government, a group, an individual - who wants secure encrypted communications they trust can get them.

    If you're just careful, you can download code from trusted sources, spin it up, and run your own servers.

    If you're paranoid and have more resources, you can audit the code before using it.

    if you're REALLY paranoid, you can go to the theory papers and write your own code.

    Governments and law enforcement agencies have to stop dreaming about systems that are secure against everyone except them - that horse left the barn in the 1990's, never to return.

  • Why are government officials using services like these for "secure" messages anyway? Seriously? Government officials who do this insane thing now are going to be trusted to use some French home brew thing instead? Surely there must be rules they are breaking now by doing this?
  • As if the French security services aren't dogy as all fuck.
    Anything they build, their SS will want a sneaky way into.

The trouble with the rat-race is that even if you win, you're still a rat. -- Lily Tomlin

Working...