31 May 1999. See also FBIS/CIA translation: http://jya.com/jospin-fbis.htm
24 May 1999. Thanks to Anonymous, Jean Guisnel and Le Point; merci beaucoup to DN for translation.
See French encryption decrees of March 1999: http://jya.com/fr-decrees.htm
Le Point (May 21, 1999 N 1392)
In liberalizing the use of cryptology in France, after a year's battle, Lionel Jospin throws the French secret service into a tailspin. Investigation of a defeat.
BY JEAN GUISNEL
Without a sound, as is the wont of shadow men, the French secret services experienced a digital Waterloo on January 19. Breaking with secular tradition, Prime Minister Lionel Jospin completely liberalized the use of cryptology in France, trampling on principles heretofore reserved for security specialists who had never known how to anticipate the effects of the explosion of the information society. This cataclysm pulverized principles as old as espionage itself. Those that had insisted since the earliest times that the most powerful means to encrypt communications should be reserved for the three pillars of State: the military, diplomats and the secret services.
Since assuming power in 1997, Lionel Jospin had been advised of the urgency of his signing decrees to regulate texts on cryptology, to be integrated into new telecommunications law voted the previous year. After much hesitation, the government had finally published these decrees in February 1998, ratifying the birth of a cryptologic "gas works". Put simply, the right of the French to encrypt communication would be retained, but with the condition that encryption software would have to be acquired from "trusted third parties", with the police having access to service companies holding each deciphering key. It didn't take Lionel Jospin long to understand that the system inspired by the DST and the DGSE was absolutely untenable. Urged on by his two heavyweight technophile ministers, Claude Allegre and Dominique Strauss-Kahn, and by a half-dozen influential advisers, led by Jean-Christmas Trunk -- responsible for information technologies in Matignon -- who, during government meetings, talk only of "bits", "spam", "ping" and cyberdelirium, the Prime Minister took the bull by the horns.
Just as he was announcing publication of the decrees, a year ago, he was encouraging the startup of a huge cryptology project. And, for ten months, a small secret guerrilla effort was deployed. At DGSE or DST, the question of cryptology had always been tackled very simply. A position which one could summarize in a formula: "We don't want it!". Why? Quite simply because the services have always thought that strong cryptology could only be used only by the administration and that to give citizens access to it to hide the content of a conversation -- by voice or e-mail -- would prevent them being intercepted and monitored. And to explain that citizens having the right to encrypt would mean the end of investigations of terrorists, drug traffickers, and other pedophiles rampant on the Internet.
The problem is that these services, who weren't afraid in the 90s to suggest that the government prohibit the use of the Internet in France, had still not understood in 1998 that already, for ages at least, some free and hyperstrong cryptology software had been freely distributed on the network, and that any delinquent could have access to it without difficulty. In particular, a major tactical error in the iron arm which had started to be outlined by the government, no specialized service was able to produce a single serious example of French criminals using cryptology ...
For one expert who took part in the negotiations from beginning to end, the situation was no longer tenable: "When Lionel Jospin announced in February 1998 that cryptology would be free to 40 bits, he knew full well that the services has imposed this limit, because documents encrypted with that key length are read without difficulty By DGSE computers. Evidence emerged gradually: France had completely isolated itself, all the other countries were liberalizing, and Claude Allegre hammered in that scientists did not consider keys with less than 128 bits to be secure. More obvious still: the government was convinced that the Americans were spying on the commercial communications of large French companies (see Le Point number 1344) and understood the need to offer to everyone means of effective electronic security.
Nevertheless, by the summer 1998, positions were still stuck. The relationship requested by the government, on the recommendation of Claude Allegre, with Jacques Stern, the manager of the of cryptology laboratory of Ecole Normal Superieure had its effect. In his turn, France's pope of cryptology had explained that software with less than 128 bits did not offer enough security. He had used an imagery-filled formula to convince his listeners: "If a coded message is tackled with the 'brute force' method by testing all possible combinations, one can compare the process with that of emptying a volume of liquid with a eye-dropper. Breaking a 40-bit key amounts to emptying a water glass. For a 56-bit key, it's a bath-tub. And for 128-bit key, it's all the water of all the oceans of the world". In fact, DES Crack, the computer built by the EFF (Electronic Frontier Foundation) "cracked" a DES 56-bit key in twenty-two hours in January 1999.
DGSE and DST, supported without much vigor by their supervising ministries, Defense and the Interior, did not budge an inch: it's agreed: 40-bits. Not more! "The Rivalry between the DGSE and the DST undermined the credibility of their argument", confided a participant of the meetings, "we had the feeling that what they were presenting as imperative were in fact just professionally comfortable positions. A minister told them that just because they'd lived with the comfort of wiretaps for fifty years didn't mean it shouldn't change. And their profession with it."
Then came Jean-Claude Mallet, 44 years old. With a degree in literature, graduate of Ecole Nationale d'Administration, adviser to the State, he continued on as director of strategic affaires for the Ministry of Defense under Pierre Joxe, Francois Leotard, Charles Millon and Alain Richard. On July 8, the Council of Ministers names this glutton for work -- one capable of summoning colleagues to 11pm meetings -- to the post of secretary-general of national defense. With two cumbersome security organizations among others under its control, the SCSSI (Service Central de security deas systemes d'information) and the GIC (Groupement interministeriel de controle). From time immemorial, the General Secretariat of National Defense (SGDN) has confirmed choices about security technostructure. Including those on cryptology.
But Lionel Jospin entrusts to this man, one as effective as he is discrete, the clearing out of cryptology's undergrowth. In the beginning, he knows nothing, or almost, but immediately understands the stakes. He informs himself, devours files, digests tens of discussions with experts, kneads the whole and forges his conviction in a few weeks: France's position is impossible to maintain. One intelligence agent's translation: "The SGDN link has been broken." Hot commentary from a ministerial expert: "The secret services went crazy. When we had to remind them of republican principles, we sensed that they were taking us for gutless individuals, or for dupes. We experienced what could be called a dense debate."
Positioned for an ambush, the Americans were watchful. They knew the status of the discussions in France, and hoped that our country would preserve its restrictive position on cryptology. For the FBI and the National Security Agency, who have tried since 1993 without any success to turn back legislation that they consider too liberal in their country, France is the European leader. If it liberalizes, then all Europe will follow. A little perversely, they publish in December on the Web the contents of secret negotiations between officials of the cryptology "czar", David Aaron, and a French official, Michel Ferrier. When Aaron comes to Paris a few weeks later, he will find himself in meetings face to face with French counterparts who remain completely silent. Playing the dummies. Aggravating...
Last 19 January, Lionel Jospin made up his mind. In government, among the experts, everyone agrees to liberalize cryptology. He announces, at the end of the interdepartmental consultation on the encryption of information, that he has weighed the pros and cons, that the law in force does not take enough into account modern society's need for security, that it is necessary to move towards a total liberalization of cryptology. He announces that in the immediate future, everyone will be able to encrypt with 128 bits. Then that the law will be changed. He will provide technological and human means to guarantee the secret services' ability to decipher encrypted communications. For the sake of justice, the law will guarantee that citizens will have to turn over text or data in the event of an investigation. In short, he announces that France is entering digital modernity.
In the defeated secret services, they're thumbing their noses. Mocks one intelligence agent: "All indications are that the government was too attentive to unrestrained lobbying by companies. Free cryptology will be the end of the State!"
Jean Guisnel.
Le Point (21 mai 1999 N 1392)
Translation and HTML by JYA/Urban Deadline.