Gregory's ServerReading through the French prosecutor's press release re: Pavel Durov and Telegram, it's still not clear what is going on, but the last three items are a big red flag.
 30 comments
 @thegibson @evacide I can't tell - is this the French equivalent of not filing ITAR declarations? @vathpela @thegibson I think so? France has an import control regime for some cryptography and now I have to go read about it. @evacide @vathpela @TheGibson I always thought that law was superseded by LCEN which explicitly made strong crypto (>40 bits) legal. Whatever happens to him, it's probably not these three bullet points that will cause the most damage. There's also the question of why he went to France when he knew what was coming.  Protection from Putin is a very interesting suggestion that I've seen made. French citizen who might cooperate ... @evacide apparently it's this thing here https://cyber.gouv.fr/controle-relatif-un-moyen-de-cryptologie, I'm about to file a FOIA request to know more (e.g. a list of the authorised tools)  wait. it's not just about moderation but about encrypted services too? color me shocked...  @paul_ipv6 @evacide yeah, when I first heard it was about moderation was I was all “yeah, every other platform is finding out about this in the EU now” but then I saw the cryptography bits and was all “oh ho this is a sneaky backdoor attempt to outlaw crypto” @evacide french prosecutors tend to incriminate for everything that sounds probable in addition to the first offence. @evacide but you can ask @laquadrature they know way better than me. And to be honest this guy issue given how fast he gets french citizenship is not on top priority for me and other left wing people given the state of affairs in France after the last election.  I read this more as throwing everything they can think of against the wall, to see what sticks. But, yeah, I hope they are not going to reopen that particular can of worms. @evacide Apparently we have similar legal powers in Australia. In this article it is argued that the spooks have never used them and don’t understand them. Maybe all that is about to change?  @evacide French requires import declaration and approval for products that use encryption other than few pre-approved things like HTTPS and some very specific stuff directly available in e.g. iOS / Android. We opted not to publish an app in France at all. I don’t remember the details anymore as it was years ago when I last had to facepalm the French regulations.    @evacide Just picturing the Gallic shrugs when it becomes clear that 99.9% of Telegram messages aren't actually encrypted at all... @evacide I was working in France until 18 years ago and we would have been required to register our VPN certificates (link back to UK) had we not had a Presidential exemption. It definitely helped to have the right friends back then! @evacide France does not like strong crypto when it's being rubbed in the government's face. The servers for Encrochat were in French data centres and seriously heavy-duty court orders were granted to the C3N (French cyber crime type cops) in respect of those servers.  @evacide Would "providing a cryptology tool" mean I'd get arrested for bringing my laptop to France? It has GPG, ssh, and sshd on it, not to mention openssl. That let's me use rsync to back up some directories. I'll use GPG to encrypt a separate copy of Firefox login data.  @evacide Didn't France once ban encryption over the Internet? I expect that to work as well today as it did in the early 20C when the International Telegraph Union tried it.  |
@evacide Same items that caught my attention as well.