back to article French ministers told to use only secure comms post-PRISM

French newspaper L'Express has published a memo it says comes from Christophe Chantepy, chief of staff to French prime minister Jean-Marc Ayrault, and which recommends French cabinet ministers stop using smartphones for phone calls because they are not secure. The paper's report includes three images of the memo, one for each …

COMMENTS

This topic is closed for new posts.
  1. Evil Auditor Silver badge
    FAIL

    France and secure communication

    In the very country that still restricts the use of cryptography?

    1. Cliff

      Re: France and secure communication

      Non, nous utilisons Le ROT-treize toujours, mais pour Le protection additionel nous utilisons Le keyboard AZERTY!

      1. Evil Auditor Silver badge

        Re: France and secure communication

        Good one, Cliff! Don't forget the added security through the use of French and even less comprehendible Frenchised words.

      2. Khaptain Silver badge

        Re: France and secure communication

        Cligg you should have added that all content is written in "Verla".( Not sure how to spell that word please read on to understand why)

        For the unwashed masses : Verlan is a technique in which the french reverse all of the sylables in a word.

        The word Verlan is actually the word " l'enver " in reverse = "len" + "ver" = "ver" + len" = "verlan" ( Yes they do change some of the spelling as well but it iis more of a verbal thing than a written one.

        The word "l'enver " actualy means Reverse or Backwards.... All very clever really.

        "Et les keufs et les meufs dans le RER, la banlieue c’est pas rose"

        1. Pete 2 Silver badge

          Re: France and secure communication

          > Verlan is a technique in which the french reverse all of the sylables in a word.

          So you're advocating that politicians speak in incomprehensible ways? A fine tradition that already goes back 40 or 50 years. (Though, admittedly, one that american presidents seem to be particularly good at, so maybe they would understand what was meant - even if it boggles the rest of humanity.)

          However considering that we're talking about keeping comms safe from american spies, surely all that's needed to confound and confuse them are a few kg's, cm's and the odd è or é scattered through the text.

        2. Crisp

          Re: Verlan

          So basically, Pig Latin for the French?

      3. Anonymous Coward
        Anonymous Coward

        Re: France and secure communication

        Dont laugh about it, but AZERTY is aprotection against keylogers due to the ^ char

    2. ElReg!comments!Pierre

      Re: France and secure communication

      "In the very country that still restricts the use of cryptography?"

      The use of cryptography is not restricted in France. The importation or exportation of crypto tools by businesses may be subject to declaration or authorization (depending on the tool). That's in line with EU "law" (p'tew) so the UK probably has something similar in place. Prior to 1996 it was different though, businesses had to declare the use of crypto keys 128-bits or longer.

      1. Evil Auditor Silver badge

        Re: France and secure communication

        ElReg...Pierre, I know that France liberalised the use of cryptography in the 90ies. But having to declare or getting authorisation for its use is something I still see as a restriction. Can't remember having ever had to register the use of any crypto devices in other countries though.

        1. ElReg!comments!Pierre

          Re: France and secure communication

          "But having to declare or getting authorisation for its use is something I still see as a restriction."

          AFAIK only the importation is regulated (declaration or authorization), not the use. Again, as that's the direct application of an EU directive (strong auth. is considered "dual use", i.e. potentially used for military applications as well as civilian ones), so I think most of UE countries have similar "restrictions". Of course it only applies to businesses anyway (in France and elsewhere), and only once per tool (GPG for example has been declared once, so a business "importing" it , or exporting a product using it, need not declare anything).

    3. John Hughes

      Re: France and secure communication

      France only restricts crypto for time travellers from the last century.

    4. Potemkine Silver badge
      WTF?

      Re: France and secure communication

      You are 9 years late :-)

      Since 2004 anyone can use freely cryptography, restrictions are about import and export of cryptographic means.

  2. Cliff

    You could have so much fun

    Adding "wrap all mobiles in tinfoil" to that list.

  3. Bluenose

    Not saying anything but...

    Most big commercial companies I have worked with require you to change your password every 90 days.

    So there we have it infrequent password changes explain all these government leaks and data losses.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not saying anything but...

      Most big commercial companies I have worked with require you to change your password every 90 days.

      So you can never remember what it is this month, and end up going for something like your car reg number plus an extra letter that you increment every quarter. It's marginally more secure than a post-it...

      Anon, obviously :)

      1. Tom 35

        Re: Not saying anything but...

        Pa$$w0rd3 the Microsoft password test tells me it's very secure.

        1. Laurent Leconte

          Re: Not saying anything but...

          Dammit Tom 35 how did you get ahold of my password ?

    2. Peter Gathercole Silver badge

      Re: Not saying anything but...

      And passwords on privileged accounts every 30 days or less.

      Not sure that many companies I've worked for actually abide by their own rules, however. For most companies, it looked like this was in the policies merely to satisfy an audit requirement.

      Imagine having to change all the passwords on all your routers, intelligent switches, management consoles, data appliances - well anything that has a password that protects a configuration basically! I'm sure that most companies don't really know the scope of the problem.

  4. Anonymous Coward
    Anonymous Coward

    Meanwhile all British ministers are encouraged and trained upon the use of twitter....good job!

  5. Anonymous Coward
    Anonymous Coward

    Is this the same government...

    ... that hastened to do Washington's bidding by closing its air space to the President of Bolivia, and doing everything else in its power to undermine and thwart Snowden's work?

    "Merci mille fois, M. Snowden!" (le frappe plusieurs fois a l'aine).

  6. MrXavia
    Thumb Up

    I can't believe it but I am agreeing with the French.....

    I suggest we do the same to British Ministers, of course you would need to ban the use of any American software at the same time to ensure the NSA has no back doors to it....

    I say we need to go to Open source all the way for government!

    1. Hnk0

      The French parliament and the Gendarmerie already both run on Ubuntu:

      http://www.businessweek.com/stories/2007-03-12/french-assembly-picks-ubuntu-pc-linuxbusinessweek-business-news-stock-market-and-financial-advice

      http://www.ubuntu.com/products/casestudies/french-national-police-force-saves-2-million-year-ubuntu

  7. David Pollard

    Phew

    Thank heaven they didn't forbid the use of post-it notes for passwords.

  8. ciaran

    Mostly seems a good set of reccomendations

    I live in France, so I read the 3 pages in French.

    Passwords: they didn't say "use a separate password for each application". Changing every month is stupid, that's been debunked many times. Changing every 6 months is probably about right.

    The papers distinguish between secret and confidential. Secret get its own treatment. For confidential, use a landline. You don't need to encrypt on a desktop PC - its not mobile. But you must encrypt on anything that can be lost or stolen. Lots of organizations should have that rule !

    Don't plug anything mobile into your desktop box, even just to charge it. Says a lot about the chaos you can do to a PC if you can corrupt someone's smartphone...

    Generally I would say that the memo is basic common sense.

  9. deadlockvictim

    Off topic, but..

    Article» Native French speaker Elodie Quievre...

    What a nice name 'Elodie' is.

  10. Anonymous Coward
    Anonymous Coward

    When I met Patrick Pailloux

    who is head of the Agence nationale de la sécurité des systèmes d'information, he said "before I took this job, I thought you were all paranoid sensationalists" (he was speaking to a roomful of tinfoil-hat wearing cyber/crypto people in Brittany)… he continued…"now I've been in this job a few weeks I apologise as I now realise that you aren't paranoid, just realists"

    this was in 2009

    plus ça change, plus c'est la même chose

  11. jelabarre59

    Flags

    That's right, wouldn't want the NSA snooping on France's latest order of surrender flags...

    1. Potemkine Silver badge

      Re: Flags

      Vietnam, Iraq, Afghanistan and now Syria... it seems the US doesn't need anyone's advice to leave a fight the tail between the legs...

  12. Vociferous

    Good rules...

    ....but since they make life a little bit more difficult for everyone, likely to be bypassed/ignored.

  13. keithpeter Silver badge
    Windows

    Oulipo

    The more I learn about the cryptogames, the more it resembles a fantastic oulipian project of some kind.

    How do ANSSI secure mobile phones then?

    The Tramp: the best guarantee of privacy is a sleeping bag in a bus stop

  14. Anonymous Coward
    Anonymous Coward

    Password001

    Here's a little conundrum. How do you check if someone has left their password in an insecure place without visiting their desk/office and going through their stuff?

    Worst thing I see is people used to worn down by 30day change bringing their coping techniques (post it notes, list in workbook) here. We don't force that frequent changes because I find that just encourages people to put it somewhere quick to access or increment, recycle a few passwords. Yes I know reuse can be mitigated to some extent by policy but there will be written words in the office somewhere and most likely one or more will be passwords, close to hand or in the bin.

  15. crayon

    http://www.theregister.co.uk/2010/01/07/thales_teorem/

    "Sarkozy's ministers, and civilian and military officials, will each be issued with a handset, AFP reports."

    So did austerity and cutbacks meant the current French govt didn't get these?

This topic is closed for new posts.

Other stories you might like