This isn’t a case of NIH; France has adopted Matrix for the project, which is a lightweight fork of Riot.im combined with a large private federation of Matrix servers. The whole thing is open source (although not public yet, as it is very early days) and open standards based. At Matrix.org we’ve been providing some support to them :) It’s very exciting to see open government projects which actually grok open source and open standards.
Comment from a French insider:
It will not work. The last two IT projects the government ordered I have in mind are the ears dropping facility for the police and SAIP, an application to warn citizens in case of a dramatic event such as a terrorist attack. Both are failures. On the first one, the police complains of crashes, slowness, and not fulfilling its missions. The second simply does not warn people when there is an attack...<p>The worst is that it will cost tax payers millions
The spin here is funny. The article pretends this is done to prevent eavesdropping, while it is probably closer to the truth that this is done to <i>ensure</i> eavesdropping by the DGSI.
What’s amusing is that foreign secret services are not the only ones snooping on French politicians. French secret services have a whole department (formally called RG) in charge of collecting files on every domestic public figure (own file is a interesting ritual read for a newly promoted minister of interior). The justice dept had also an interesting interpretation of attorney client privilege where it argued recently that it was ok to snoop if retroactively a wrongdoing is found (the Sarkozy case).<p>If I was a tech savvy French politician I would try to use something that is neither in control of French authorities nor foreign. But French politicians are almost exclusively political science graduates, lawyers, doctors and teachers, not typically tech savvy.
I remember when they tried to build a Google rival:<p><a href="http://www.spiegel.de/international/quaero-qu-est-ce-que-c-est-franco-german-rival-to-google-flops-a-455775.html" rel="nofollow">http://www.spiegel.de/international/quaero-qu-est-ce-que-c-e...</a>
This is awesome to see! My only wish was that matrix and riot were clearly mentioned. This would have significantly raised the profiles of both projects that I'm a big fan of.<p>To @Arathorn and any other members of matrix and riot teams, kudos on this news, and great job! Next step - of course, beyond the tech work already being done on the platforms - is to promote the heck out of this news!! ;-)<p>EDIT: Ok, there's at least some other promotion elsewhere which mentions matrix and riot; cool: <a href="https://www.tomshardware.com/news/france-alternative-whatsapp-telegram-spying-concerns,36898.html" rel="nofollow">https://www.tomshardware.com/news/france-alternative-whatsap...</a>
> Both WhatsApp and Telegram promote themselves as ultra secure because all their data is encrypted from start to finish.<p>Sigh. I wish they had added that Telegram is not "encrypted from start to finish"
See also <a href="https://en.wikipedia.org/wiki/Quaero" rel="nofollow">https://en.wikipedia.org/wiki/Quaero</a>
Is there a reason a crypto messenger team wouldn't seem to publish their protocol specs using BAN notation that people can objectively reason about, and then verify the implementation of it in the code?<p>As in, if you can't explain it this clearly, what's the problem?<p><a href="http://www.lsv.fr/Software/spore/table.html" rel="nofollow">http://www.lsv.fr/Software/spore/table.html</a><p>Having worked on some crypto projects, the admonition to, "just read the code," is disingenuous, because without a formal spec, you have nothing to compare the code to or evaluate the code against.
I don't quite get the need of messaging service for the government when there are already other secure/official means of communication. Would any corporate promote messaging app over official email communication channel for employees?
Are these communications preserved for open records purposes? This seems like a good way for government officials to avoid scrutiny from the public or history.
It's funny how I'm learning things about my government first on NH and not on national news.<p>Edit: and I've learned a few other things (SAIP, Quaero)
Well looks like our government (I'm French) is having the NIH syndrome as well. Why not reusing existing solutions like XMPP + OMEMO? They can invest a few thousands euros in those projects and in a couple of open source clients. Plus this will also allow the citizen to have a nice, government funded, encrypted solution.<p>But hey, it's not "sexy" enough. So they'll drop some public money to a big company that knows "what they are doing" and deliver a crappy platform that no one will use :) It already happened too many times.
I wish I would have seen a GitHub repo opened by the French government (à la Keybase) instead of an article from Reuters telling me that 20 officials beta-test an app developed by "we don't know who" using the taxes that pay my parents and friends. Show, don't tell.
Would it not have been enough to pass a law that prohibited survaillance?<p>It's a wonderful initiative, but I doubt the average user will switch.