Beautiful, but...
... why is the magnifying glass not mounted?
Nicolas Sarkozy and 20,000 of his French government lieutenants will be equipped with specially-commissioned encrypted smartphones, following fears over the security of BlackBerries. Back in 2007, SGDN, the French equivalent of MI5, banned ministers and civil servants from using RIM's devices, citing "a problem of data …
Well, sarko has no taste. That thing is positively fugly. Thought crypto was illegal in france, though. Not any longer? Or is that just except the government? Curious, curious.
Don't really see why they had to reinvent the wheel, there's a norwegian outfit that's been selling something like it that also does DECT in case you want to talk over a satellite phone (for a price: EUR 8k, sat uplink not included) and a german shop sells more or less open-source-y phones (for about half that).
How do I know? I wanted a DECT+GSM phone, found a 1999 one, but it broke. And I'm not about to shell out this sort of money for something that is on the one hand a bit of a whim (DECT+GSM) and on the other hand should be ubiquitous as a basic right in this modern world (end to end crypto). But then our democracy isn't and our basic rights aren't, either.
Use of French-developped cryptography is unrestricted AFAIK. Foreign crypto products may be freely imported but cannot be used without official approval (very little red tape here. Mostly requires a clear description of the product and availability of the source code). It's never been a problem for private users to my knowledge, and mostly targets administrations (you wouldn't want your military to use a product with a built-in Chinese or American backdoor, would you?)
In that case it's a French crypto product so no problem at all. Actually the regulation of crypto use in the US is much, much more restrictive than in France. Dunno about the UK but given how aligned it is with the US in general, and the recent tendency towards generalized gov scrying, I wouldn't bet a penny on a more liberal crypto legislation.
Cryptography has not been banned in France for over 10 years. It used to be but the arrival of the internet cause the authorities here (France) and elsewhere to come to an agreement (at least the EU and the US) on what is allowed and its export.
I had a friend who, in the time before the international agreements were made, was working for an American company and came up with a modified crypto scheme. He sent a copy of his idea in an email to the headoffice in the US and was then arrested by the French army. Eventually he got let off but for a while he was looking at a possible 10 year prison term (illegal export of arms).
"Cryptography has not been banned in France for over 10 years. It used to be"
Nope. The _use_ (or sale) of foreign-developped crypto products used to be regulated. It never was a criminal offense though(there goes your "possible 10 year prison term"). You might be mistaking France for the US. Or you might just have been pranked by a James Bond wannabe ( "Yes, I assure you, I almost spent ten years in a medieval French dungeon for using SSL")
"an "impenetrable" smartphone called the Teorem"
There will be a group of Germans working on this I'm sure... and the NSA. That said, each phone most probably costs as much as an Airbus A400M so it should be pretty good.
Blackberry is Canadian - so much for French Canadian policital influence on a mainly English speaking counry - I hope it is dented bacause of ths snub.
What do we use in the UK ? NSA enhanced Blackberries ? GCHQ is run on a shoestring...
Jolly good. If there's anything you should avoid if you want security it's something labelled "brand new".
Anything brand new apart from washing powder has bugs, and you really don't want some nice brand new bug broadcasting state secrets on YouTube :-)
Hmm. Not to be outdone by the President's Sectera Edge, Sarko now has an incredibly ugly but no doubt nicely encrypted phone. Presumably every G8 leader will soon be touting his/her own crypto-phone as they vie for geek superiority. Oy veh.
First of all, this is barely news - fair enough for the Reg to report it but really every high-level govt employee should get a crypto-phone just like they should get an encrypted laptop. The real problem is people leaving said devices on the train home...or deciding that it'll all be ok if they just call the Minister on their iPhone because the crytpto-phone is too tedious to use.
"....each phone most probably costs as much as an Airbus A400M so it should be pretty good."
In that case, have I got a deal for you. I have an old and very battered Samsung with a dodgy battery at home that you'll definately want. It must be fantastic, 'cos I'm prepared to sell it to you for a couple of million quid.
I'm using a simple smartphone from the 1990s and the built-in email client to connect to my own mail server connected securely using standard IMAP/SMTP with TLS/SSL. Phone is protected with PINs. This complete setup, phone + server, you can make for 300 euro (and the software is free).
I don't get why people feel the need to have complicated setups with expensive specialised phones.
Also I don't get why people use Blackberry's infrastructure and hand over all of your secrets to some company.
"something ugly and old fashioned looking from France" is by far the best if you happen to be the French President. Unlike the Blackberry the phone was not made for the mass market but is purely function and intended to be used by a very small number of people.
Do you really believe that the French would produce a telephone for the French President that would have a specially built-in back door for German spooks? Do the Americans give the Canadians direct access to all of President Obama's confidential discussions?
Thales -> Thales calls are "secure"? OK, I'll buy that one.
Thales -> Nokia, are they secure?
Nokia -> Thales, are they secure?
Thales -> Landline, are they secure?
Landline -> Thales, are they secure?
Thales -> A.N.Other Crypto Handy, are they secure?
A.N.Other Crypto Handy - > Thales, are they secure?
And that is without considering conference calls and what happens at the exchanges.
So, it seems to me, that you only have a reasonable guarantee of security in 1 of 7 scenarios. You could have a greater certainty of security if others could implement your crypto protocol, but then it would have to be published and form a standard.
It's French crypto anyway, it'll surrender to a brute-force attack within a few minutes. :o)
The French are well known for looking after their own industry, so implementing a ban on products produced outside of the country is normal. They did exactly the same with the SECAM TV system. Everyone else went for PAL or NTSC. The Eastern block countries got SECAM because it would prevent the Poles et al from accidentally picking up the news from Germany and other bad Western countries.
That's one of the ugliest phones to bear the tag of 'smartphone' I have seen in years. Out of all the things they could have made Sarkozy compliment - speed, user interface, durability, ease of use - they picked "beautiful", the one thing most people would disagree with. It doesn't look good for the French manufacturing/design industry if this is the best they can come up with.
If the only reason not to use a blackberry is email servers outside the country then why not just run their own servers and use any phone which can receive emails over POP/IMAP etc. (say almost every smartphone on the market now).
They could deal with secure calls by writing their own VoIP app to encrypt voice calls between government employees (or just use an existing one which they are sure is cryptographically tested)
As usual for a government they go for the complex and extremely expensive task of commissioning new hardware to solve a problem which doesn't even really exist.
"France-headquartered defence giant Thales" - it really does look like something from the defense industries.
Serious. Solid. Absolutely minimal function. Butt-ugly.
When Sarko calls it "beautiful" he must mean that in some abstract spiritual way.
Paris, because I'd rather look at her than at Sarko. Or his phone.
G.
Please have a look at the crypto regulation rules for the US as depicted by gilc (http://gilc.org/)
The US ban on crypto export (which is, of course, unenforced because it is unenforceable) has nothing to do with this. We are talking end-user encryption use here. It was borderline illegal but tolerated 'till 2000 or so(there was no specific mention of it in any law so it was down to the people's tribunal for each case), it is now downright illegal unless you are prepared to give the encryption key away to the world+dog provided they mention WEAPONS OF MASS DESTRUCTION in the request (as in " we have no clue and there is probably no link to WEAPONS OF MASS DESTRUCTION which is in itself a clue indicating that this person migh be hidind proof that the WEAPONS OF MASS DESTRUCTION might have existed somewhere at some point").
Or you can replace WEAPONS OF MASS DESTRUCTION by CO-PIRATE-INFRINGEMENT...
just so that you know, as much as I despise the current French stance on data transfer policy, France was one of the first countries to explicitly allow the use of encryption for private communication purpose (with some provisions, as explained above). The law in the US (and indeed the UK) is still (deliberatly?) very ambiguous.
Why do the French govt. pay €1500 Euros per unit (predicted price) to French govt. owned Thales rather than €250 per unit to Canadian owned RIM/Blackberry... They are just being good national socialists and looking after their taxpayers money / citizens jobs etc. Most other countries would do the same if they had the /inclination capability to build such a device. Thales has many such products that are commercially uncompetitive but targetted at a single customer where they have an artificial lock-in...
AFAIK, it's more a plain point to point encrypted phone than a smartphone ; it peers with other similar units to have voice communications encrypted + the occasional sms while being able to communicate normally with any other handheld.
France has announced an order of 14.000 units to be given to top officials, from president to army brass and such. It's more like an automatic VPN travelling inside the public network. Any lost / stolen phone can be revoked from that network immediately by ID.