Publication of:
Meredith Whittaker, president of the Signal Foundation, released leaked French government documents after it was revealed that Prime Minister Elisabeth Born had ordered ministers and staff to delete popular messaging apps such as Signal and WhatsApp. The memo risks undermining public trust in cybersecurity protocols, it said.
The memo, first reported by Tech 24’s Frenchman Guillaume Grallet in Le Point magazine, does not mention Signal or WhatsApp by name, but says that “major public instant messaging applications” have “security flaws. That’s not to say there aren’t.” Both Signal and WhatsApp are widely used by French government officials.
“What I’m seeing here is very likely a language collapse, but there’s still a very big risk in that language collapse,” Whittaker told France 24. . “You have to be very careful about public claims, especially those that criticize apps” like Signal, which has set the gold standard for security and privacy in the industry. ”
“We are open source, independently audited, and the cryptographic technology that powers WhatsApp and all of our secure messaging technologies outside of Signal is also audited and has been tried and tested for over a decade. ” she added.
Ministers, deputy ministers and their teams have been ordered to remove such apps and replace them with a lesser-known alternative called Olvid, developed by a Paris-based startup. .
Olvid is certified by French cybersecurity agency ANSSI and does not require a phone number to use, while Signal does. Asked whether this could constitute a security flaw, Whittaker said that the use of a phone number is also “important to ensure the authenticity of the contact, so you can’t pretend to be Meredith.” But that doesn’t mean he’s talking to someone who isn’t Meredith.” .) Important to protect against spam accounts. ”
French Interior Minister Gerard Darmanin has pushed for the introduction of so-called “backdoors” into encrypted services like Signal to allow security services to access private messages and crack down on illegal activity. .
“There is no such thing as a secure backdoor,” Whittaker replied. “When you build a backdoor that security services can get in, it gives hackers access, it gives adversaries access, it gives hostile nation states access.”