Feeds

back to article French ministers told to use only secure comms post-PRISM

French newspaper L'Express has published a memo it says comes from Christophe Chantepy, chief of staff to French prime minister Jean-Marc Ayrault, and which recommends French cabinet ministers stop using smartphones for phone calls because they are not secure. The paper's report includes three images of the memo, one for each of …

COMMENTS

This topic is closed for new posts.
Silver badge
FAIL

France and secure communication

In the very country that still restricts the use of cryptography?

6
1
Silver badge

Re: France and secure communication

Non, nous utilisons Le ROT-treize toujours, mais pour Le protection additionel nous utilisons Le keyboard AZERTY!

14
0
Silver badge

Re: France and secure communication

Good one, Cliff! Don't forget the added security through the use of French and even less comprehendible Frenchised words.

6
0
Silver badge

Re: France and secure communication

Cligg you should have added that all content is written in "Verla".( Not sure how to spell that word please read on to understand why)

For the unwashed masses : Verlan is a technique in which the french reverse all of the sylables in a word.

The word Verlan is actually the word " l'enver " in reverse = "len" + "ver" = "ver" + len" = "verlan" ( Yes they do change some of the spelling as well but it iis more of a verbal thing than a written one.

The word "l'enver " actualy means Reverse or Backwards.... All very clever really.

"Et les keufs et les meufs dans le RER, la banlieue c’est pas rose"

1
0
Silver badge

Re: France and secure communication

> Verlan is a technique in which the french reverse all of the sylables in a word.

So you're advocating that politicians speak in incomprehensible ways? A fine tradition that already goes back 40 or 50 years. (Though, admittedly, one that american presidents seem to be particularly good at, so maybe they would understand what was meant - even if it boggles the rest of humanity.)

However considering that we're talking about keeping comms safe from american spies, surely all that's needed to confound and confuse them are a few kg's, cm's and the odd è or é scattered through the text.

1
0
Silver badge

Re: Verlan

So basically, Pig Latin for the French?

3
0
Silver badge

Re: France and secure communication

"In the very country that still restricts the use of cryptography?"

The use of cryptography is not restricted in France. The importation or exportation of crypto tools by businesses may be subject to declaration or authorization (depending on the tool). That's in line with EU "law" (p'tew) so the UK probably has something similar in place. Prior to 1996 it was different though, businesses had to declare the use of crypto keys 128-bits or longer.

4
0
Bronze badge

Re: France and secure communication

France only restricts crypto for time travellers from the last century.

2
0
Anonymous Coward

Re: France and secure communication

Dont laugh about it, but AZERTY is aprotection against keylogers due to the ^ char

1
1
Silver badge

Re: France and secure communication

ElReg...Pierre, I know that France liberalised the use of cryptography in the 90ies. But having to declare or getting authorisation for its use is something I still see as a restriction. Can't remember having ever had to register the use of any crypto devices in other countries though.

1
1
Silver badge

Re: France and secure communication

"But having to declare or getting authorisation for its use is something I still see as a restriction."

AFAIK only the importation is regulated (declaration or authorization), not the use. Again, as that's the direct application of an EU directive (strong auth. is considered "dual use", i.e. potentially used for military applications as well as civilian ones), so I think most of UE countries have similar "restrictions". Of course it only applies to businesses anyway (in France and elsewhere), and only once per tool (GPG for example has been declared once, so a business "importing" it , or exporting a product using it, need not declare anything).

0
0
WTF?

Re: France and secure communication

You are 9 years late :-)

Since 2004 anyone can use freely cryptography, restrictions are about import and export of cryptographic means.

0
0
Silver badge

You could have so much fun

Adding "wrap all mobiles in tinfoil" to that list.

0
0

Not saying anything but...

Most big commercial companies I have worked with require you to change your password every 90 days.

So there we have it infrequent password changes explain all these government leaks and data losses.

0
0
Anonymous Coward

Re: Not saying anything but...

Most big commercial companies I have worked with require you to change your password every 90 days.

So you can never remember what it is this month, and end up going for something like your car reg number plus an extra letter that you increment every quarter. It's marginally more secure than a post-it...

Anon, obviously :)

8
0
Silver badge

Re: Not saying anything but...

And passwords on privileged accounts every 30 days or less.

Not sure that many companies I've worked for actually abide by their own rules, however. For most companies, it looked like this was in the policies merely to satisfy an audit requirement.

Imagine having to change all the passwords on all your routers, intelligent switches, management consoles, data appliances - well anything that has a password that protects a configuration basically! I'm sure that most companies don't really know the scope of the problem.

1
0
Silver badge

Re: Not saying anything but...

Pa$$w0rd3 the Microsoft password test tells me it's very secure.

0
0

Re: Not saying anything but...

Dammit Tom 35 how did you get ahold of my password ?

2
0
Anonymous Coward

Meanwhile all British ministers are encouraged and trained upon the use of twitter....good job!

3
0
Silver badge

Is this the same government...

... that hastened to do Washington's bidding by closing its air space to the President of Bolivia, and doing everything else in its power to undermine and thwart Snowden's work?

"Merci mille fois, M. Snowden!" (le frappe plusieurs fois a l'aine).

3
1
Silver badge
Thumb Up

I can't believe it but I am agreeing with the French.....

I suggest we do the same to British Ministers, of course you would need to ban the use of any American software at the same time to ensure the NSA has no back doors to it....

I say we need to go to Open source all the way for government!

5
0

The French parliament and the Gendarmerie already both run on Ubuntu:

http://www.businessweek.com/stories/2007-03-12/french-assembly-picks-ubuntu-pc-linuxbusinessweek-business-news-stock-market-and-financial-advice

http://www.ubuntu.com/products/casestudies/french-national-police-force-saves-2-million-year-ubuntu

1
0
Bronze badge

Phew

Thank heaven they didn't forbid the use of post-it notes for passwords.

6
0

Mostly seems a good set of reccomendations

I live in France, so I read the 3 pages in French.

Passwords: they didn't say "use a separate password for each application". Changing every month is stupid, that's been debunked many times. Changing every 6 months is probably about right.

The papers distinguish between secret and confidential. Secret get its own treatment. For confidential, use a landline. You don't need to encrypt on a desktop PC - its not mobile. But you must encrypt on anything that can be lost or stolen. Lots of organizations should have that rule !

Don't plug anything mobile into your desktop box, even just to charge it. Says a lot about the chaos you can do to a PC if you can corrupt someone's smartphone...

Generally I would say that the memo is basic common sense.

2
0
Bronze badge

Off topic, but..

Article» Native French speaker Elodie Quievre...

What a nice name 'Elodie' is.

1
0
Anonymous Coward

When I met Patrick Pailloux

who is head of the Agence nationale de la sécurité des systèmes d'information, he said "before I took this job, I thought you were all paranoid sensationalists" (he was speaking to a roomful of tinfoil-hat wearing cyber/crypto people in Brittany)… he continued…"now I've been in this job a few weeks I apologise as I now realise that you aren't paranoid, just realists"

this was in 2009

plus ça change, plus c'est la même chose

2
0

Flags

That's right, wouldn't want the NSA snooping on France's latest order of surrender flags...

0
5

Re: Flags

Vietnam, Iraq, Afghanistan and now Syria... it seems the US doesn't need anyone's advice to leave a fight the tail between the legs...

2
0
Silver badge

Good rules...

....but since they make life a little bit more difficult for everyone, likely to be bypassed/ignored.

0
0
Bronze badge
Windows

Oulipo

The more I learn about the cryptogames, the more it resembles a fantastic oulipian project of some kind.

How do ANSSI secure mobile phones then?

The Tramp: the best guarantee of privacy is a sleeping bag in a bus stop

0
0
Anonymous Coward

Password001

Here's a little conundrum. How do you check if someone has left their password in an insecure place without visiting their desk/office and going through their stuff?

Worst thing I see is people used to worn down by 30day change bringing their coping techniques (post it notes, list in workbook) here. We don't force that frequent changes because I find that just encourages people to put it somewhere quick to access or increment, recycle a few passwords. Yes I know reuse can be mitigated to some extent by policy but there will be written words in the office somewhere and most likely one or more will be passwords, close to hand or in the bin.

1
0

http://www.theregister.co.uk/2010/01/07/thales_teorem/

"Sarkozy's ministers, and civilian and military officials, will each be issued with a handset, AFP reports."

So did austerity and cutbacks meant the current French govt didn't get these?

0
0
This topic is closed for new posts.