France building encrypted messaging app for politicians
Yes, this is the same France that wants not-backdoors for the rest of us
France's government has built an encrypted messaging app for government use.
The move was announced last Friday on radio station France Inter by digital secretary of state Mounir Mahjoubi (here in French).
Mahjoubi said the aim is to create an end-to-end encrypted app to be “internal to the state and intended to replace” non-state services now used by parliamentarians and ministers.
Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agreeREAD MORE
The report names Telegram as a favourite both of the president and other elected representatives, with Aurore Bergé of the LERM group in parliament saying she checks the service “hundreds of times a day”.
Apart from concern over Telegram's future, that app has been pinged for vulnerabilities over the years: in 2015, The Gruqq said it had “wonky homebrew encryption” as well as metadata leaks; the following year, researchers worked out how to bypass message length restrictions to attack recipients; and this year it had to plug a Unicode handling bug that allowed attackers to install malware.
However, just why Mahjoubi wants a homebrew app is something of a mystery, since in common with all modern administrations, the French government has an extensive and encrypted parliamentary network and secured e-mail (ministerial conversations traverse the RIE, the ministerial network of the state, overseen by ANSSI, the National Agency for Information Systems Security).
ANSSI also certifies phones for ministerial use.
Reuters reported there are 20 officials currently using whatever is intended to replace Telegram, and added that the government is concerned that none of the major encrypted apps are based in France.
A spokeswoman told Reuters that France wanted an app whose encryption isn't controlled by the US or Russia.
The development of the app is richly and darkly ironic given that France has called for the installation of not-backdoors in consumer-grade encrypted messaging apps. ®