Cryptology in France: Jospin's Takeover by Force

31 May 1999. Thanks to SA.

Title: New Cryptology Law, Secret Services Viewed

21 May 1999

Paris Le Point in French 21 May 99 pp 91-92

Article by Jean Guisnel: "Cryptology in France: Jospin's Takeover by Force"

[FBIS* Translated Text] By liberalizing the use of cryptology in France, after a yearlong battle, Lionel Jospin has disoriented the French secret services. Inquiry into a defeat.

Silently, as befits men of the shadows, the French secret services on January 19 suffered a digital Waterloo. Breaking with a secular tradition and trampling underfoot the previously untouchable principles of security specialists, who were never able to anticipate the impact of the explosion of the information society, Prime Minister Lionel Jospin completely liberalized the use of cryptology in France. This cataclysm pulverized principles as old as espionage, which have demanded since the dawn of time that the most powerful means of encrypting a communication be reserved to three pillars of government: soldiers; diplomats; and the secret services.

As soon as he came to power in 1997, Lionel Jospin was advised of the urgency of signing the implementing decrees of texts on cryptology, incorporated in the new law on telecommunications adopted the year before. After hesitating for a long time, the government finally published these decrees in February 1998, confirming the birth of a cryptological "gasworks." For simplicity's sake, remember that French people had the right to encrypt communications, but on the condition that they obtain their encryption software from "trusted third parties," meaning service companies that kept everyone's decoding keys available for the police. It did not take Lionel Jospin long to understand that this system, inspired by the DST [Territorial Surveillance Directorate] and DGSE [General Directorate for External Security], was absolutely intolerable. Goaded on by his two heavy-weight and technophile ministers Claude Allegre and Dominique Strauss-Kahn, and by a half-dozen influential advisors led by Jean-Noel Tronc, in charge of information technologies at Matignon, who speak of nothing but "bits," "spam," "ping" and cybermania in government meetings, the prime minister took the bull by the horns.

At the same time he was announcing the publication of the decrees a year ago, he was encouraging the launch of a huge cryptology construction project. And for ten months, a minor secret guerilla war was waged. At the DGSE and DST, the question of cryptology has always been approached very simply, a position that could be summarized as: "We don't want it! " Why? Quite simply because the services have always felt that a strong cryptology could only be used by government administrations, and that allowing citizens to have access to it to conceal the contents of a conversation by voice or e-mail would amount to barring them from being intercepted for the purpose of being listened to. And they have explained that if citizens had the right to encryption, it would be the end of investigations into terrorists, drug traffickers and pedophiles flourishing on the Internet.

The problem with this is that these services, which were not afraid in the 1990s to suggest to the government that it ban the use of the Internet in France, had still not grasped in 1998 that already, for at least five years, free and superpowerful cryptology software was being distributed freely on the network, and that any offender can use it without problem. Especially, and this was a major tactical error in the battle shaping up with the government, no specialized service has been able to show a single serious example of the use of cryptology by French criminals.

For one expert who participated throughout the negotiations, the situation was no longer tenable: "When Lionel Jospin announced in February 1998 that cryptology would be free up to 40 bits, he knew perfectly well that this limit had been imposed by the services, because encrypted documents with this key length are read without problem by the DGSE's computers. The obvious fact came out gradually: France had totally isolated itself, all the other countries were liberalizing, and Claude Allegre was hammering away that scientists did not consider keys of less than 128 bits to be safe." More obvious yet was that the government is convinced that the Americans are spying on the business communications of the major French firms (see Le Point issue 1342), and has understood the need to offer everyone effective means of electronic security.

However, in the summer of 1998 the positions were still blocked. The report requested by the government, on the advice of Claude Allegre, from the head of the cryptology laboratory of the Ecole normale superieure, Jacques Stern, had made an impact. The high priest of cryptology in France explained in it that software of less than 128 bits did not offer adequate security. He convinced his readers with a formula resorting to imagery: "If an encrypted message is attacked using the "brute force" method by trying all possible combinations, the operation can be compared to that of emptying a volume of liquid with an eyedropper. Beating a 40-bit key is equivalent to emptying a glass of water. For a 56-bit key, it is a bathtub. And for a 12-bit key, it is all the water of all the oceans in the world." In fact, the computer assembled by the EFF (Electronic Frontier Foundation), DES Crack, in January 1999 in 22 hours "cracked" a DES key of 56 bits.

Nonetheless, DGSE and DST, supported without enthusiasm by their oversight ministries, Defense and Interior, did not give up: 40 bits are okay, but no more! "The rivalry between DGSE and DST discredited their arguments," confides one participant in the meetings. "We had the feeling that what they were portraying as imperatives were in fact only professional comfort factors. One minister told them that the fact that they have lived comfortably with phone taps for 50 years does not mean the situation must not change. And their livelihood with it."

Then along came Jean-Claude Mallet, 44 years of age. A certified teacher of the humanities, graduate of ENA (Ecole nationale d'administration), he has remained the director of strategic affairs at the Ministry of Defense under Pierre Joxe, Francois Leotard, Charles Millon and Alain Richard. On July 8, the Council of Ministers appointed as General Secretary of National Defense this workaholic who is capable of calling his coworkers to meetings at 10 p. M. With two other major security agencies under his control: the SCSSI (Central Information Systems Security Service) and the GIC (Interministerial Monitoring Group). The General Secretary of National Defense (SGDN) has always been the one to make the final selections on security technology. Including those on cryptology.

But it was this man, as efficient as he is discrete, to whom Lionel Jospin entrusted the task of doing the spadework on cryptology. Initially, he knew nothing about it, or almost nothing, but he immediately grasped what was at stake. He read up, devoured files, digested dozens of conversations with experts, kneaded it all and forged his conviction in a few weeks: France's position is unsustainable. In the words of someone in intelligence: "The SGDN chain snapped." The on-the-scene comment of a ministerial expert: "The services went crazy. When they had to be reminded of republican principles, you got the feeling they took us for wimps, or suckers. We had what you might call a heavy debate."

The Americans, waiting in ambush, are keeping watch. They are aware of the status of the discussions in France, and want our country to keep its restrictive position on cryptology. For the FBI and the National Security Agency, which have been trying unsuccessfully since 1993 to roll back legislation in their country which they consider too liberal, France is the number one factor in Europe. If it liberalizes, all of Europe will rush in behind it. Somewhat perversely, in December they distributed on the Web the contents of secret negotiations between the "czar" of cryptology, David Aaron, and a French official, Michel Ferrier. When Aaron came to Paris a few weeks later, he found himself facing only French interlocutors who were strictly silent in the meetings. Acting as figureheads. Annoyingly.

Last January 19, Lionel Jospin settled on his conviction. In the government, among experts, everyone agreed on liberalizing cryptology. Following the interagency council on the information society, he announced that he had weighed the pros and cons, that the law in force does not adequately take into account the security needs of modern society, that the move towards a total liberalization of cryptology had to be made. He announced that for the time being everyone could encrypt at 128 bits, and later that the law will be changed. He will provide the technical and human resources to guarantee the services' ability to decipher encrypted communications. For the law enforcement authorities, the law will guarantee that in case of an investigation citizens will have to send texts or data unencrypted. In short, he announced that France is entering the digital modern age.

In the defeated services, there was contempt. This man in intelligence scoffs: "Everything indicates to us that the government was too attentive to the unbridled lobbying of companies. Free cryptology means the end of the state! "

THIS REPORT MAY CONTAIN COPYRIGHTED MATERIAL. COPYING AND DISSEMINATION IS PROHIBITED WITHOUT PERMISSION OF THE COPYRIGHT OWNERS.

* Foreign Broadcast Information Service, Central Intelligence Agency.