According to a recent report, the French government is currently developing an end-to-end encrypted alternative to WhatsApp and Telegram that its officials could use without worrying about foreign spying.
Fear Of Foreign Surveillance
Although Telegram was recently banned in Russia for not providing the encryption keys to the Russian government, the French government has more to fear than just Russian spies.
In 2012, the U.S. government was accused of infecting the PCs of President Sarkozy’s advisors with a variant of the Flame virus (also believed to be developed by the U.S. government), exposing national secrets. Other leaks later revealed that the U.S. government has been spying on Germany’s chancellor Angela Merkel, too.
All of this could explain why the French government trusts neither the Telegram app (whose founders are Russian) nor the Facebook-owned WhatsApp. Compared to Telegram, WhatsApp’s messages are at least supposed to be end-to-end encrypted and only users should ever have access to them, at least in theory.
In practice, WhatsApp implementation of end-to-end encryption isn’t as strict as Signal, for instance. For one, users are not warned by default when someone else is impersonating the people with which they’re communicating.
Second, WhatsApp has given itself the ability to “re-encrypt” user messages with its own key before they arrive to the recipient so that when the recipient changes SIM cards, they can still receive the messages. However, this breaks the end-to-end encryption and if WhatsApp can use it in this situation, then it can use it in others, too, such as for lawful (or unlawful) interception requests.
A spokesperson for the French government told Reuters:
We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia. You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead.
A Matrix/Riot-Based Chat Application
Although the French government’s spokesperson said that the government’s app will be based on open source software found freely available on the internet, she declined to name it. However, Matrix developers have confirmed that the app in question will be based on the federated chat Matrix protocol (a more modern XMPP/Jabber competitor) and, more specifically, on the Riot client, which uses this protocol.
Riot also comes with built-in support for the double ratchet end-to-end encryption algorithm, also used by Signal. Riot uses a variant of the double ratchet algorithm called Olm for strong end-to-end encryption for private conversations between two individuals, and Megolm, a variant for end-to-end encrypted group chats.
Megolm has variable privacy options in its library that developers will have to tweak before deploying. The reason for this is that some developers may prefer additional user convenience over maximum security.
Taking Control Of Own Data
The recent Cambridge Analytica privacy scandal seems to have reminded the French government and others, too, that you don’t have much control over your data if it's being stored and processed by someone else. The French government will be able to fully control the Riot-based application by using open source code with its own modifications, if needed, and then run it on its own servers.
The French government’s spokesperson said that eventually this app may be available to everyone. However, French citizens will need to consider the fact that the app could also make enable their own government to spy on them more easily.
If the app’s source code remains public and transparent, and end-to-end encryption is enabled by default, it may not be a significant concern. It may still be preferable for citizens to use some other secure application developed by a non-profit group, whether that group is French or foreign.