... why is the magnifying glass not mounted?
Nicolas Sarkozy and 20,000 of his French government lieutenants will be equipped with specially-commissioned encrypted smartphones, following fears over the security of BlackBerries. Back in 2007, SGDN, the French equivalent of MI5, banned ministers and civil servants from using RIM's devices, citing "a problem of data …
... why is the magnifying glass not mounted?
Well, sarko has no taste. That thing is positively fugly. Thought crypto was illegal in france, though. Not any longer? Or is that just except the government? Curious, curious.
Don't really see why they had to reinvent the wheel, there's a norwegian outfit that's been selling something like it that also does DECT in case you want to talk over a satellite phone (for a price: EUR 8k, sat uplink not included) and a german shop sells more or less open-source-y phones (for about half that).
How do I know? I wanted a DECT+GSM phone, found a 1999 one, but it broke. And I'm not about to shell out this sort of money for something that is on the one hand a bit of a whim (DECT+GSM) and on the other hand should be ubiquitous as a basic right in this modern world (end to end crypto). But then our democracy isn't and our basic rights aren't, either.
Use of French-developped cryptography is unrestricted AFAIK. Foreign crypto products may be freely imported but cannot be used without official approval (very little red tape here. Mostly requires a clear description of the product and availability of the source code). It's never been a problem for private users to my knowledge, and mostly targets administrations (you wouldn't want your military to use a product with a built-in Chinese or American backdoor, would you?)
In that case it's a French crypto product so no problem at all. Actually the regulation of crypto use in the US is much, much more restrictive than in France. Dunno about the UK but given how aligned it is with the US in general, and the recent tendency towards generalized gov scrying, I wouldn't bet a penny on a more liberal crypto legislation.
If you don't see why they did it you can't have worked with French organisations before. There's a general tendency to demand French made code and hardware from the ground up as much as possible, even if you could buy the same thing for 20 Eurocents at the shop.
Maybe Sarko wasn't referring to it's aesthetic beauty, but it's technical beauty? After all, it's looks are entirely unimportant, it's a phone ...
Cryptography has not been banned in France for over 10 years. It used to be but the arrival of the internet cause the authorities here (France) and elsewhere to come to an agreement (at least the EU and the US) on what is allowed and its export.
I had a friend who, in the time before the international agreements were made, was working for an American company and came up with a modified crypto scheme. He sent a copy of his idea in an email to the headoffice in the US and was then arrested by the French army. Eventually he got let off but for a while he was looking at a possible 10 year prison term (illegal export of arms).
"Cryptography has not been banned in France for over 10 years. It used to be"
Nope. The _use_ (or sale) of foreign-developped crypto products used to be regulated. It never was a criminal offense though(there goes your "possible 10 year prison term"). You might be mistaking France for the US. Or you might just have been pranked by a James Bond wannabe ( "Yes, I assure you, I almost spent ten years in a medieval French dungeon for using SSL")
Type your comment here — plain text only, no HTML
will look massive in Sarko's hands.
"an "impenetrable" smartphone called the Teorem"
There will be a group of Germans working on this I'm sure... and the NSA. That said, each phone most probably costs as much as an Airbus A400M so it should be pretty good.
Blackberry is Canadian - so much for French Canadian policital influence on a mainly English speaking counry - I hope it is dented bacause of ths snub.
What do we use in the UK ? NSA enhanced Blackberries ? GCHQ is run on a shoestring...
Jolly good. If there's anything you should avoid if you want security it's something labelled "brand new".
Anything brand new apart from washing powder has bugs, and you really don't want some nice brand new bug broadcasting state secrets on YouTube :-)
Hmm. Not to be outdone by the President's Sectera Edge, Sarko now has an incredibly ugly but no doubt nicely encrypted phone. Presumably every G8 leader will soon be touting his/her own crypto-phone as they vie for geek superiority. Oy veh.
First of all, this is barely news - fair enough for the Reg to report it but really every high-level govt employee should get a crypto-phone just like they should get an encrypted laptop. The real problem is people leaving said devices on the train home...or deciding that it'll all be ok if they just call the Minister on their iPhone because the crytpto-phone is too tedious to use.
What do we use in the UK ? NSA enhanced Blackberries ? GCHQ is run on a shoestring...
Nah, Some Sizal & two empty Baked bean cans
Off for a cold one
"....each phone most probably costs as much as an Airbus A400M so it should be pretty good."
In that case, have I got a deal for you. I have an old and very battered Samsung with a dodgy battery at home that you'll definately want. It must be fantastic, 'cos I'm prepared to sell it to you for a couple of million quid.
Sarkophage should have been kicked in his 'nads and show the nice tempest-secured non-mobile sweatbox in the corner by a muscled security goon.
Damn this pseudo-macho-dwarf and the deferential sycophantic mud around him.
I'm using a simple smartphone from the 1990s and the built-in email client to connect to my own mail server connected securely using standard IMAP/SMTP with TLS/SSL. Phone is protected with PINs. This complete setup, phone + server, you can make for 300 euro (and the software is free).
I don't get why people feel the need to have complicated setups with expensive specialised phones.
Also I don't get why people use Blackberry's infrastructure and hand over all of your secrets to some company.
So you connect securely to your emails, big deal. Are they encrypted or just open access? Problem is that, for simplicity's sake, email was never established as default encrypted so even though you may want to send encrypted mail chances are no bugger can receive it.
Blackberry with Canadian security and "apparently" no back doors for the US spooks or
something ugly and old fashioned looking from France without even a decent keyboard that is guaranteed to have a back door for French (and therefore German) spooks.
"something ugly and old fashioned looking from France" is by far the best if you happen to be the French President. Unlike the Blackberry the phone was not made for the mass market but is purely function and intended to be used by a very small number of people.
Do you really believe that the French would produce a telephone for the French President that would have a specially built-in back door for German spooks? Do the Americans give the Canadians direct access to all of President Obama's confidential discussions?
Thales -> Thales calls are "secure"? OK, I'll buy that one.
Thales -> Nokia, are they secure?
Nokia -> Thales, are they secure?
Thales -> Landline, are they secure?
Landline -> Thales, are they secure?
Thales -> A.N.Other Crypto Handy, are they secure?
A.N.Other Crypto Handy - > Thales, are they secure?
And that is without considering conference calls and what happens at the exchanges.
So, it seems to me, that you only have a reasonable guarantee of security in 1 of 7 scenarios. You could have a greater certainty of security if others could implement your crypto protocol, but then it would have to be published and form a standard.
It's French crypto anyway, it'll surrender to a brute-force attack within a few minutes. :o)
But I'd say that any phone designed for use in this situation would alert the user when end-to-end encryption was not in place. Then the choice is with the user - the usual weak point in the system.
The French are well known for looking after their own industry, so implementing a ban on products produced outside of the country is normal. They did exactly the same with the SECAM TV system. Everyone else went for PAL or NTSC. The Eastern block countries got SECAM because it would prevent the Poles et al from accidentally picking up the news from Germany and other bad Western countries.
Its been a while since I have had to think about SECAM but didn't giving the Poles SECAM just mean that they were not able to see the German News in colour but instead be forced to watch it in black and white? Once you remove the colour coding isn't PAL and SECAM the same?
Smartphones are all about the QWERTY keyboards. T9 is fugly for constant typing!
IIRC, I think that Obama was going to get one of NSA's own secure smartphones for the "really secure" stuff. Can't remember the name for that thing, though.
Given the US attitude that "if we have access to it it's ours" I can understand the French not wanting the US to have that much access. But damn that's an ugly phone.
@16:30 - AC: Crypto is not illegal in France. It's (well, the ones worth anything, we're not talking about WEP here) classified as warfare technology and as such reserved for the armed & government-sponsored forces.
That's one of the ugliest phones to bear the tag of 'smartphone' I have seen in years. Out of all the things they could have made Sarkozy compliment - speed, user interface, durability, ease of use - they picked "beautiful", the one thing most people would disagree with. It doesn't look good for the French manufacturing/design industry if this is the best they can come up with.
If the only reason not to use a blackberry is email servers outside the country then why not just run their own servers and use any phone which can receive emails over POP/IMAP etc. (say almost every smartphone on the market now).
They could deal with secure calls by writing their own VoIP app to encrypt voice calls between government employees (or just use an existing one which they are sure is cryptographically tested)
As usual for a government they go for the complex and extremely expensive task of commissioning new hardware to solve a problem which doesn't even really exist.
Another French Not Invented Here fail.
Governments will do anything these days to stop the voters finding out what's being done in their name.
Looks like they just stuck bits of other phones together, including a screen from a half-sized model.
"France-headquartered defence giant Thales" - it really does look like something from the defense industries.
Serious. Solid. Absolutely minimal function. Butt-ugly.
When Sarko calls it "beautiful" he must mean that in some abstract spiritual way.
Paris, because I'd rather look at her than at Sarko. Or his phone.
It wants it's phone back.
Seriously - the makers logo is nearly as big as the screen!
"actually the regulation of crypto use in the US is much, much more restrictive than in France"
Really can you point to me the specific law that you are talking about .
Its the exportation of cryptology thats regulated .
Please have a look at the crypto regulation rules for the US as depicted by gilc (http://gilc.org/)
The US ban on crypto export (which is, of course, unenforced because it is unenforceable) has nothing to do with this. We are talking end-user encryption use here. It was borderline illegal but tolerated 'till 2000 or so(there was no specific mention of it in any law so it was down to the people's tribunal for each case), it is now downright illegal unless you are prepared to give the encryption key away to the world+dog provided they mention WEAPONS OF MASS DESTRUCTION in the request (as in " we have no clue and there is probably no link to WEAPONS OF MASS DESTRUCTION which is in itself a clue indicating that this person migh be hidind proof that the WEAPONS OF MASS DESTRUCTION might have existed somewhere at some point").
Or you can replace WEAPONS OF MASS DESTRUCTION by CO-PIRATE-INFRINGEMENT...
just so that you know, as much as I despise the current French stance on data transfer policy, France was one of the first countries to explicitly allow the use of encryption for private communication purpose (with some provisions, as explained above). The law in the US (and indeed the UK) is still (deliberatly?) very ambiguous.
Why do the French govt. pay €1500 Euros per unit (predicted price) to French govt. owned Thales rather than €250 per unit to Canadian owned RIM/Blackberry... They are just being good national socialists and looking after their taxpayers money / citizens jobs etc. Most other countries would do the same if they had the /inclination capability to build such a device. Thales has many such products that are commercially uncompetitive but targetted at a single customer where they have an artificial lock-in...
No not really. Unless you are looking at it from some geeky point of view. Even though I have the N900 that Theorem thingy looks very nice and it looks solidly built.
Of course it could all just be cheap plastic in the end.
here's a nice list about crypto laws, sorted by countries:
AFAIK, it's more a plain point to point encrypted phone than a smartphone ; it peers with other similar units to have voice communications encrypted + the occasional sms while being able to communicate normally with any other handheld.
France has announced an order of 14.000 units to be given to top officials, from president to army brass and such. It's more like an automatic VPN travelling inside the public network. Any lost / stolen phone can be revoked from that network immediately by ID.
fscked by SHA-1 collision? Not so fast, says Linus Torvalds