A new blue icon is added to the policy screens. After TikTok, it is the turn of WhatsApp and others to disappear for cybersecurity reasons from the phones of French ministers and members of ministerial cabinets, according to a circular revealed, Wednesday, November 29, which recommends the application unknown to the general public Olvid.
In this document dated November 22 and spotted by the weekly Point, Matignon asks members of the government and ministerial offices to install this system on their phones and computers “to replace other instant messaging services in order to strengthen the security of exchanges.” According to the Prime Minister’s services, “the main general public instant messaging applications” (WhatsApp, Messenger, Telegram, Signal, etc.) “occupy a growing place in our communications”, but “are not without security vulnerabilities”.
“Towards greater French sovereignty”
Note that secure messaging is an increasingly popular work and communication tool for politicians and firms, who love WhatsApp loops to contact journalists in particular. Since the 2017 presidential campaign, Emmanuel Macron’s entourage is known to make extensive use of the Russian application Telegram.
Elisabeth Borne asks to “take all measures” to deploy Olvid “by December 8, 2023 at the latest”. “The integration of this solution not only constitutes awareness in terms of cybersecurity, but also a step forward towards greater French sovereignty,” she says. “We have been using it with my team since July 2022. In December the entire government will use @olvid_io, the most secure instant messaging in the world,” Minister for Digital Jean-Noël Barrot said on X ( formerly Twitter).
And oh well, Olvid was created in 2019 by French cybersecurity experts. Its innovation: the removal of the centralized user directory, in order to achieve maximum security of conversations. If the messages are end-to-end encrypted, a practice now common in the industry, OIvid goes further: their metadata (who speaks to whom and when) is also encrypted.
The only instant messaging certified by Anssi
Available for free on Android, iPhone and computer, the application does not require a phone number to register. And therefore does not require the use of a SIM card. A simple internet connection is enough. But it is not easier to use: in the absence of a centralized directory, adding a contact is done by scanning a QR code. Olvid will never be viral like WhatsApp (more than 2 billion monthly users). Paid options are also available to make audio calls, use multiple devices, or facilitate business use.
This circular “goes rather in the right direction”, reacted to AFP Baptiste Robert, a cybersecurity researcher who defines himself as an “ethical hacker”. “Professional conversations have no place on apps like WhatsApp or Telegram,” he adds. Olvid has had “for several years a good influence in state circles”, in particular thanks to the very strict certification by the National Agency for the Security of Information Systems (Anssi) – which protects the critical infrastructures of the State – that it is the only messaging service to be held since September 2020. Anssi increased active attacks for thirty-five days without finding a flaw, and Olvid published these technical evaluation reports on its site.
In March, the French government had already tried to curb the use of foreign and potentially insecure applications by civil servants. Following in the footsteps of many Western executives and parliaments, he notably banned them from installing the Chinese social network TikTok and more broadly “recreational applications”. For security experts, the still limited use of Olvid does not make it possible to prove its reliability when scaling up. It also remains to convince the head of state. And maybe the European Union?