[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encouraging News - France

On lun 01 sept 1997  11:18:10AM -0700, Tim May wrote:
> I'm extremely skeptical that France will truly liberalize crypto use by its
> citizen-units. Rather, I expect they will just be falling in line with the
> OECD/Wasenaar/New World Order "trusted third party" key recovery approach

That's probably true. Given the recent history on the subject in France,
I doubt they would do a 180 degree turn...

> Does anyone think this means: "Hey, use whatever crypto program you want.
> Use something SDECE cannot break!"?

Update, SDECE is now called DGSE ;-) 
Besides, they are our CIA, and therefore not supposed to act within
France. But I guess the DST (the french FBI) would handle matters like
that. So far France doesn't have a (known) equivalent of the NSA. A
department controlled by the prime minister (the SGDN) handles the
authorization process for crypto usage, and is assisted for technical
issues by the SCSSI (which usually says "no way" for strong cryto).
Now, the army has also its own cryto units, and they have quite
knowledgeable people... (have a look at
http://www.dmi.ens.fr/equipes/grecc/, and all these "ingenieurs de
l'Armement" which are linked a way or another to this lab)

> Given the monopoly France Telecom has on Internet access, I'd expect a
> "solution" that involves FT issuing keys, or something equally brain dead
> as that.

It's not entirely true that FT has a monopoly. They do have a monopoly
on the phone lines, yes, which means of course that they can (and do)
dictate their own terms to any french internet provider. This won't last
forever, as starting january 1st this monopoly will end. This means
anybody will be free to switch to another phone provider (and yes, there
will be a few of them, which have installed networks, and which
currently can only offer phone services to compagnies, say to link to
physical locations in France, and are eager to enter the market
targeting individuals). Furthermore, it is untrue to say "FT=french
governement". Actually, most senior officials at FT wanted the company
to be sold to private interests, because they felt they would defend
their dominant position better this way. The new governement stopped the
process, but anyway FT has its own agenda, which may differ from the gov
vues. Of course, this doesn't mean anything good to the end customer,
the average french guy who would like to use the internet. FT is
catching up on the subject, but they did everything to slow down the
internet progression in France, fearing it would dammage their
"minitel", which generates high revenues.

> (I gave an invited talk on crypto anarchy at a conference in Monaco a few
> years ago, and spoke to several France Telecom representatives. They made
> it quite clear that France was not going to tolerate independent ISPs, and
> that France Telecom would administer any crypto ever to be used by the
> populace. Maybe this policy has changed, but I doubt it. Whatever France's
> charms, open debate is not one of them.)

You said everything when saying "a few years ago". I guess they woke up
on these issues, and now their key problem is more "how to keep making
the huge profits we make currently on the phone when we will have
competitors next january". Somehow internet and use of crypto aren't
that important in respect to that, even if anybody with half a brain can
see how everything is connected. Besides, I will give you an example
which illustrate how sometimes FT can be driven by market law rather
than gov interests. A few months ago, they started to sell cell-phone
cards, with a prepaid amount of time on it. these were anonymous, (they
wouldn't ask for an ID or anything), and everything went fine for a
couple of weeks, until somebody in the police realized they wouldn't be
able to link calls like that to a poor soul. So FT got an order from the
govt, and now they ask for an ID when purchasing. Now, I don't know if
any of the other 2 cell-phone operators in France offer the same kind of
card. I think they don't, unfortunatly, but if they decide to do so, it
would take more than a phone call from the governement to make them
comply with the police concerns. Well, I hope so...

> I'll bet 1000 francs that this will not mean citizens can use PGP openly.
> (I know some Frenchies who are already using PGP, of course.)

The thing is, currently many individuals use it, for e-mail or file
encryption, and I seriously doubt that anybody would be prosecuted just
for that. But they (LEAs, gvt, you name it) know that it's a Damocles
sword they can use at will. And they want to keep it that way. Unlike in
the US, it's rather difficult to challenge a law in France, the way
Berstein or Karn or Junger are doing. Therefore the current situation is
unlikely to change in the near future.

> >>The new decree in France follows a 1996 telecommunications regulation
> >>law, which opened the way to liberalisation of encryption software but
> >>which has so far not led to publication of any details of how the
> >>measures could be applied.

Well, mainly because they don't know themselves how to enforce their
laws. Or simply to interpret them.

> One wag put it this way: "Any Frenchman may apply for a permit to use
> strong cryptography. The same way any Frenchman may apply for a permit for
> an Exocet missile."

Old technology. We know better ;-)
<serious> you don't want to apply for a permit. You just use it. And if
later LEAs targets you as a drug dealer, you will get 20 years for drug
offences and 3 more months for crypto use. So as an individual, you
don't care, but by doing things this way cryto won't be widespred soon,
and large corporations or companies won't "just use it" the way a single
guy will.
Don't misunderstand me, it sucks, but at least when you are in France
you don't expect to wake up in front of a SWAT.


Fabrice Planchon                                          (ph) 609/258-6495
Applied Math Program, 210 Fine Hall                      (fax) 609/258-1735