Meredith Whittaker, president of the Signal Foundation, says a leaked French government memo risked undermining public trust in cybersecurity protocols, after it was revealed that Prime Minister Élisabeth Borne had ordered cabinet members and their staff to delete popular messaging apps like Signal and WhatsApp.
The memo, first reported by Tech 24’s French counterpart Guillaume Grallet in Le Point magazine, does not mention Signal and WhatsApp by name, but said “the main public instant messaging applications” were “not devoid of security flaws”. Signal and WhatsApp are both widely used by French government officials.
“What I see here could very well be a collapse of language, but nonetheless there are very high stakes to that collapse of language,” Whittaker told FRANCE 24. “We need to be very careful, particularly with official assertions that cast aspersions on apps like Signal which set the gold standard for security and privacy in the industry.”
“We’re open source, independently audited, and our cryptographic technologies that power WhatsApp and power a whole host of secure messaging technologies outside of Signal are also audited and have been tried and tested over a decade,” she added.
Ministers, junior ministers and their teams were ordered to delete such apps by December 8 and replace them with a little-known alternative called Olvid, developed by a startup based in Paris.
Olvid is certified by the French cybersecurity agency ANSSI and does not require a phone number to use, whereas Signal does. Asked whether this could constitute a security flaw, Whittaker said the use of a phone number “is important both for ensuring the authenticity of your contacts, so you’re not speaking with someone pretending to be Meredith but who isn’t Meredith (…) and it’s important for protecting from spam accounts.”
French Interior Minister Gérald Darmanin has pushed for a so-called “backdoor” into encrypted services like Signal, in order to allow security services to access private messages and crack down on illegal activity.
“There’s no such thing as a safe backdoor,” Whittaker responded. “If you build a backdoor that the security services can get into, hackers can access it, adversaries can access it, hostile nation-states can access it.”
Read more on related topics: