[Cryptography] Licensing of cryptographic services in France

Richard T. Carback III rick at carback.us
Tue Aug 27 18:02:15 EDT 2024 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



> On Aug 27, 2024, at 3:05 PM, Paul Fraser <paulf at a2zliving.com> wrote:
> On 28/08/2024 1:13 am, Phillip Hallam-Baker wrote:
>> At this point, we don't know what charges are going to be brought against Durov in France. It is very likely that the 'failure to register to provide cryptographic services' cited in the complaint is merely the equivalent of a holding charge.
>> 
>> That said, there is a big difference between providing cryptographic apparatus and providing cryptographic services and this is why I believe Signal, Session and many other companies need to consider a change of course because their current architectures make them sitting ducks for hostile government intervention.
> Where does TLS, WhatsApp, Noise Protocol etc., fit with government requirements?
> 

I believe that part of the charge has to do with not following export control rules, which I have personally had to do to get my apps published in France before via the Apple App Store. This makes no sense, though, because neither google nor apple will post your app without these export control documents on file, and I doubt they lied or misrepresented anything in the documents (there’s no benefit to doing so).

Cryptomator had a good overview of the process here (which helped me immensely): https://cryptomator.org/blog/2016/06/16/indepth-french-app-store/

The iOS docs were also a good resource: https://developer.apple.com/documentation/security/complying-with-encryption-export-regulations 

Regardless of how you feel about Pavel or Telegram, we should all strongly condemn this action based on the current allegations and reporting. Refusing to moderate other’s speech is not terrorism. It is not conspiracy to commit a crime. 

Pavel’s arrest is a stain on the central fraternity between France and the US in supposedly being the world’s defenders of free speech and liberty. France is continuing an unfortunate tradition our governments have of ignoring our values whenever it is convenient. This is both wrong and short sighted.

While I understand the “Telegram is not E2EE and gives full access to Russia” sentiment (e.g., https://www.wired.com/story/the-kremlin-has-entered-the-chat/ ), I believe this is an L take. In this context, it is saying if you are capable of moderating then you should be required to do so per government orders. I feel similarly about the “this is about CSAM” take, as applying that to any other messaging platform is problematic at best.

Any precedent set here will be used against other platforms. We should be extremely uncomfortable about this situation. We are violating the long-standing principle of going after the criminals and not the mediums they use. You can pretend that Signal/WhatsApp is somehow incapable of modifying their client to add monitoring, but they are definitely capable of monitoring usage and just choose not to record that metadata. 

Geopolitically this is an unprecedented, massive propaganda win for Russia. As they continue to suppress freedom at home, they can now credibly say they’re fighting to free him. 

Make no mistake, Telegram is harmful. They are not encrypted and do not care about free speech or privacy for their users. Their business model exploits access to user messages. Just because a fascist regime enjoys special access does not mean you should join in the facism. It is as simple as “two wrongs do not make a right.” 

-R
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsFzBAEBCAAnBQJmzkzmCRA/GuWbfQE6TRYhBAGFytdGt1Ef10NhlD8a5Zt9
ATpNAABTQhAAgn75LF29f54L6LNlDWR9mDbrXpEySafgJOJ79uX4O8psCLk+
Ph58J745seDYRL89PtCI/MHMDzdUPClfdNZftvP+S7TsPbJdjMKc4vOnsFso
KGbTT+0QY2ExSZMPvPctHCHpr+dvfyKnXAmuE+SOEDtS9TtQvhioZICz6e+Y
FqhDVHTVmFDa22RzCcowa6NqDuuZ9oHaduMkOyskyHXxMYYM/9tYd744lMyD
5UALE1dG9bUsZRmDlSIPgzPlT3voxXFlJjFcP3bwN6Atde3nUiDqYAQD9re5
IyJSg2pfT9OMqsl3s2IhVyd3E7UM74YdHt5TC0IUq77Pn5zRwtGY5Z9do4Tw
DQbmFqhRa4lbCRqIBBDMBdJear5f+bDoh3xwaiA0oi4L1w/LS3CdvV0WOl7x
0d/v73SQsEXe4nu177r93LwY7lAY6tDCJBaOsPc8NN6ziujHMZv0ID6P6azH
8Di73kvDanuroV3prOQW3yJjw30e80HiiyIWTTdEKcUIIwd0+q8EK3KkKC5x
Jd+7zrpNgDaJw/bxf4H0tWkxdrGdki0Ag60pkqNxYo7RumUqA5sOkqOZ/Dy+
gBMO9XSahJLDbdExmn1WnqvNfeL1KhmMJRmyJK3GldVtkkQnc0vvYn/XBpcG
P69SNfO3TZp4cwyTk51c1dFN1HG5Y4h8reA=
=H06J
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - rick at carback.us - 0x0185CAD7.asc
Type: application/pgp-keys
Size: 3147 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240827/5f649298/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - rick at carback.us - 0x0185CAD7.asc.sig
Type: application/pgp-signature
Size: 566 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240827/5f649298/attachment.sig>

More information about the cryptography mailing list