
France’s government is building its own encrypted messenger service - lnguyen
https://www.reuters.com/article/us-france-privacy/france-builds-whatsapp-rival-due-to-surveillance-risk-idUSKBN1HN258
======
Arathorn
This isn’t a case of NIH; France has adopted Matrix for the project, which is
a lightweight fork of Riot.im combined with a large private federation of
Matrix servers. The whole thing is open source (although not public yet, as it
is very early days) and open standards based. At Matrix.org we’ve been
providing some support to them :) It’s very exciting to see open government
projects which actually grok open source and open standards.

~~~
spacenick88
Would you say it's a correct description of Matrix to call it "Jabber/XMP
without the whole XML mess and over HTTP"?

~~~
Arathorn
Not really - the protocols are very different. Matrix is a way of replicating
conversation history over a mesh of participating servers; a bit like a bunch
of Git repositories constantly pushing commits (messages) to one another. XMPP
is much lighter weight and builds on simpler message passing and pubsub
primitives. You can use both to build comms systems, but they take opposite
engineering and governance approaches on almost everything.

~~~
amelius
> a bit like a bunch of Git repositories constantly pushing commits (messages)
> to one another.

Why would you need to do that? Why not just give every message a timestamp,
make sure they get sent, and sort the messages on the receiver side? If you're
really concerned about message order, you could give every message a unique
id, and send out the id of the previous message with every message, and
improve your sort function accordingly.

~~~
Arathorn
Absolute timestamps cannot be trusted in a byzantine environment, so we do
precisely as you suggest - messages are transmitted with pointers to the
previous message(s) in the room message graph, so you get a partial ordering
within the room (just like git). We also sign the messages into a merkle graph
(like git) to stop the shared datastructure being tampered with.

~~~
greenhouse_gas
So it's a blockchain! /s

~~~
Arathorn
[https://twitter.com/whitequark/status/946886702932557824](https://twitter.com/whitequark/status/946886702932557824)
:D

------
Davidbrcz
Comment from a French insider: It will not work. The last two IT projects the
government ordered I have in mind are the ears dropping facility for the
police and SAIP, an application to warn citizens in case of a dramatic event
such as a terrorist attack. Both are failures. On the first one, the police
complains of crashes, slowness, and not fulfilling its missions. The second
simply does not warn people when there is an attack...

The worst is that it will cost tax payers millions

~~~
isolli
Such a comment is meaningless without context. How often do corporate IT
projects fail? How often do government IT projects fail?

~~~
icebraining
How is the corporate failure rate relevant?

~~~
isolli
It is relevant because IT projects are inherently difficult, and many of them
fail. Just because the French government failed at two projects mentioned in
the original comment does not mean that a) it's particularly bad at IT
projects or b) it will necessarily fail again. Having the corporate failure
rate as a baseline could help assess the proficiency of governments around the
world.

------
draugadrotten
The spin here is funny. The article pretends this is done to prevent
eavesdropping, while it is probably closer to the truth that this is done to
_ensure_ eavesdropping by the DGSI.

~~~
Aissen
If you're talking about the metadata, yes, probably. It 's the same kind of
eavesdropping capability you'd have from Signal servers (i.e: not much).

Also: from what we've seen of Macron's team, they've proven that they have
good-enough internal technical advisors; so it remains to be seen if they'd
use a solution that can be eavesdropped.

~~~
cm2187
Unless you can verify the deployed build against an open source code, whether
the code is open source or not is irrelevant, you trust all the
intermediaries. Which is ok for a corporate actor but probably not when you
are a sovereign actor and know you are dealing with a keen NSA. How could you
control that Apple or Google wouldn’t patch the app before it gets deployed or
after it has been deployed?

~~~
Aissen
On Android (at least); you can verify that the apk is signed with the
developer's key; and Signal provides reproducible builds. Then the app is
designed to not trust the server.

I think we are in agreement that Apple or Google _could_ patch the app before
it gets deployed. But AFAIK it has never been done yet, and if it ever
happens, it would undermine all credibility of the platform. Of course a state
actor wouldn't want to be the first to find out.

~~~
cm2187
Thinking about it, Google and Apple actually don't even need to patch the app,
they have access to all key strokes and screen rendering. It just needs to be
a few lines of code hidden anywhere.

~~~
Aissen
This would need patching the OS at runtime, but yes, it's also possible.

~~~
cm2187
What I mean is that perhaps they already have.

~~~
Aissen
It's a possibility. It just wouldn't make any business sense, it's a pure
self-destruct button. And there are hundreds of reverse engineers on both
platforms that could have caught it by now.

------
cm2187
What’s amusing is that foreign secret services are not the only ones snooping
on French politicians. French secret services have a whole department
(formally called RG) in charge of collecting files on every domestic public
figure (own file is a interesting ritual read for a newly promoted minister of
interior). The justice dept had also an interesting interpretation of attorney
client privilege where it argued recently that it was ok to snoop if
retroactively a wrongdoing is found (the Sarkozy case).

If I was a tech savvy French politician I would try to use something that is
neither in control of French authorities nor foreign. But French politicians
are almost exclusively political science graduates, lawyers, doctors and
teachers, not typically tech savvy.

~~~
blauditore
> But French politicians are almost exclusively political science graduates,
> lawyers, doctors and teachers, not typically tech savvy.

I think this applies to politicians worldwide, at least in western countries.

~~~
icebraining
We have a non-insignificant number of engineers as politicians in Portugal.
E.g. the current Secretary-General of the UN is one of our ex-PMs, and is an
ex-assistant professor of Telecommunication Signals after having graduated in
Physics and Electrical Engineering.

Considering our political panorama, I don't think this has helped much,
though.

------
gman83
I remember when they tried to build a Google rival:

[http://www.spiegel.de/international/quaero-qu-est-ce-que-
c-e...](http://www.spiegel.de/international/quaero-qu-est-ce-que-c-est-franco-
german-rival-to-google-flops-a-455775.html)

------
benevol
When tax dollars go into open source, it's just an endless chain of win-win-
win-win-...

News like this is just great. :-)

~~~
nickik
Yeah its a total win for the french tax payer who will spend a bunch of money
on a service that they neither need nor want.

~~~
grive
It seems that the source have already been published and is using open
protocols.

I'm actually greatly pleased that my taxes are spent on an app that is
actually accessible from the public, and will benefit open source project.
This should be the standard way for most government development projects.

------
mxuribe
This is awesome to see! My only wish was that matrix and riot were clearly
mentioned. This would have significantly raised the profiles of both projects
that I'm a big fan of.

To @Arathorn and any other members of matrix and riot teams, kudos on this
news, and great job! Next step - of course, beyond the tech work already being
done on the platforms - is to promote the heck out of this news!! ;-)

EDIT: Ok, there's at least some other promotion elsewhere which mentions
matrix and riot; cool: [https://www.tomshardware.com/news/france-alternative-
whatsap...](https://www.tomshardware.com/news/france-alternative-whatsapp-
telegram-spying-concerns,36898.html)

~~~
Arathorn
thanks :) the problem here is that the government comms guys simply don’t know
about Matrix or care about the underlying protocol, hence lack of reference to
Matrix. Hopefully the word will get out anyway!

------
_jomo
> Both WhatsApp and Telegram promote themselves as ultra secure because all
> their data is encrypted from start to finish.

Sigh. I wish they had added that Telegram is not "encrypted from start to
finish"

------
VMG
See also
[https://en.wikipedia.org/wiki/Quaero](https://en.wikipedia.org/wiki/Quaero)

------
ersiees
What about using Signal? Will they do something else then using the Signal
protocol? If so, this might be either pretty expensive or could go wrong.

~~~
barbs
I thought about that too...if their concern is that they want the server to
remain on French soil could they not spin up an instance of their own Signal
server?

[https://github.com/signalapp/Signal-
Server](https://github.com/signalapp/Signal-Server)

------
motohagiography
Is there a reason a crypto messenger team wouldn't seem to publish their
protocol specs using BAN notation that people can objectively reason about,
and then verify the implementation of it in the code?

As in, if you can't explain it this clearly, what's the problem?

[http://www.lsv.fr/Software/spore/table.html](http://www.lsv.fr/Software/spore/table.html)

Having worked on some crypto projects, the admonition to, "just read the
code," is disingenuous, because without a formal spec, you have nothing to
compare the code to or evaluate the code against.

~~~
Arathorn
the crypto specs are
[https://git.matrix.org/git/olm/about/docs/olm.rst](https://git.matrix.org/git/olm/about/docs/olm.rst)
and
[https://git.matrix.org/git/olm/about/docs/megolm.rst](https://git.matrix.org/git/olm/about/docs/megolm.rst)
(amongst others).

~~~
motohagiography
Now that's how it's done. Nice.

------
kaustyap
I don't quite get the need of messaging service for the government when there
are already other secure/official means of communication. Would any corporate
promote messaging app over official email communication channel for employees?

~~~
baud147258
I though we already had such a service, used by top-level government
executives.

------
briandear
Are these communications preserved for open records purposes? This seems like
a good way for government officials to avoid scrutiny from the public or
history.

------
rb808
What is the best Matrix/Riot Android app right now? I see Riot only has 50k
downloads which I'm not sure if is a mistake or reality.

~~~
mxuribe
Asking for "the best" might be a bit subjective, no? Early on, the Matrix
Console Android client was ok; i had no problems with it. Though i think it
was intended merely as a reference implementation. The Riot client (it used to
be called Vector client) gained alot of attention since the beginning, so its
got plenty more polish. I honestly have not used any of the other clients -
since happily sticking with Riot (web client). But the matrix.org site does
have a list of clients/apps (and the list is much longer than I recall since
the last time I checked): [https://matrix.org/docs/projects/try-matrix-
now.html](https://matrix.org/docs/projects/try-matrix-now.html) You lose
nothing in giving a few of them a try. Cheers!

------
baud147258
It's funny how I'm learning things about my government first on NH and not on
national news.

Edit: and I've learned a few other things (SAIP, Quaero)

------
edhelas
Well looks like our government (I'm French) is having the NIH syndrome as
well. Why not reusing existing solutions like XMPP + OMEMO? They can invest a
few thousands euros in those projects and in a couple of open source clients.
Plus this will also allow the citizen to have a nice, government funded,
encrypted solution.

But hey, it's not "sexy" enough. So they'll drop some public money to a big
company that knows "what they are doing" and deliver a crappy platform that no
one will use :) It already happened too many times.

~~~
danielbarla
The article was pretty light on details, but isn't it more a case of "Not
Hosted Here"? This is the only relevant parts I could find:

> We need to find a way to have an encrypted messaging service that is not
> encrypted by the United States or Russia

and

> The French government’s encrypted app has been developed on the basis of
> free-to-use code found on the Internet.

I'm hoping this means they are using a mature, open implementation for most of
it.

~~~
puszczyk
+1 on that. Based on the article I hope they’re using signal or some other
reputable crypto. Ideally they’ll host it in France and provide a good UI

~~~
Davidbrcz
I think it is intended for the government only, you'll never see it as a
citizen.

------
stesch
Wasn't PGP illegal in France in the 1990s? Do they expect people to trust
them?

~~~
klmr
> Wasn't PGP illegal in France in the 1990s?

Essentially yes (and not just PGP), strong cryptography fell under arms
regulations and required, essentially, the equivalent of a firearms license
(but was, by contrast, almost impossible to obtain). Import and export of
cryptography technology are still regulated, though [1].

> Do they expect people to trust them?

I’m not sure what you mean by that: This isn’t a trust issue, the French
government is/was completely upfront about these restrictions.

[1]
[https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFT...](https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000801164#LEGISCTA000006136109)

~~~
loup-vaillant
Wait a minute, does this means what I have done with Monocypher¹ is illegal? I
live in France, and I clearly provided and exported "cryptographic means", and
I haven't written a word to our prime minister.

Same goes for Libsodium by the way, I doubt Franck Denis bothered to ask
permission as well.

[1]: [https://monocypher.org](https://monocypher.org)

~~~
klmr
As far as I understand (I haven’t lived in France since 2004), the import and
export restrictions are essentially unenforced, and nobody cares (as long as
you’re not actively trading with embargoed nations). But if you’re working in
cryptography, it might be worth talking to other local experts. There are
surely user groups that know the legal situation inside out — at the very
least, publicly funded researchers should be able to point you to resources.

------
ArmandGrillet
I wish I would have seen a GitHub repo opened by the French government (à la
Keybase) instead of an article from Reuters telling me that 20 officials beta-
test an app developed by "we don't know who" using the taxes that pay my
parents and friends. Show, don't tell.

~~~
Arathorn
So there is an open github repo, and I’m a bit surprised they’re not linking
to it - I think this reflects more on the government comms processes than the
FOSS side of things. On the Matrix side we’re seeing what we can do to help.

------
nkkollaw
Would it not have been enough to pass a law that prohibited survaillance?

It's a wonderful initiative, but I doubt the average user will switch.

------
bertolo1988
Until there is an open source micro chip i won't believe that any security
protocol is not being cheated.

------
amelius
When are they rolling their own CPUs, in light of Intel ME and associated
surveillance risk?

~~~
girvo
So if it can’t be perfect we might as well give up? One time pads or go home?

~~~
amelius
No, I was just wondering how far they are prepared to go.

