There are times when a piece of information comes to you, you say to yourself, no I read it wrong, it’s not possible! Then you try to cross-check the information and it is confirmed. And then you wonder if those who lead us are really using this wonderful instrument that nature has given them, their brain!
Culpable aberration bordering on intelligence with the enemy!
There are really situations that would lend themselves to tragi-comedy if the current situation with the war at the gates of Europe were not there to remind us that our inconsistency could cost us dearly!As you will surely have noticed, there is currently a conflict between Ukraine and Russia. Russia is the aggressor and we have chosen to support Ukraine and to apply heavy economic sanctions to Russia.And what do you think the government and the national representation are doing? They are using #telegram, the Russian messenger hosted on servers in Russia! And do you think anyone is wondering, with a few rare exceptions? No. You will object that, it is secure. But according to cyber security experts, the problem with #Telegram is that the servers involved in the communication chain of this solution are in Russian hands. Any memory dump allows them to access almost all the data. The major risk is the knowledge of the contact books of each other, as well as the metadata related to the different calls.
We are therefore offering the Russians the possibility of having access to all the exchanges made and worse, to all the address books. And one can imagine that these operations are carried out without our knowledge, which could mean that the worst has already happened…
Why this casualness?
It is a difficult answer to give. Indeed, there are French solutions like #olvid or #citadel (Thales), why not use them?
The explanations that come to me are of several kinds.
First of all, by dint of systematically denigrating what comes from French engineering to swoon over solutions that are often American, here Russian but also Chinese, getting French solutions adopted within the administration becomes complicated.
Then, comes the ideology of the current government under the impulse of the president, the start-up nation with a management mode “corporate” (large company). For those who work in these organizations, it is clear that efficiency and rationality are not necessarily what is implemented by its leaders who are fed with beautiful PowerPoint presentations, filled with vague but ineffective concepts, and promises that are rarely kept. Just look at the way decisions are made about the implementation of many information systems…
The third and last point is the lack of a culture of secrecy and security, especially among our executives and politicians… In the past, I have seen that some executives went to China with their everyday computer, with all the confidential information on it… And our political staff is at the same level of acculturation, i.e. close to the absolute zero.
Yet, often, the measures to be taken are simple common sense based on a benefit/risk assessment, but is this too much to ask?
What lessons can be learned outside of Telegram ?
Our lack of consideration for geopolitical risk in our political and business decisions is distressing. The use of #Telegram is in fact the symptom of a deeper evil that eats away at our entire way of operating.
Let’s be honest, we are all responsible, who takes measures to protect his data, how many times have I heard “I have nothing to hide” … Who makes sure to have deployed the latest updates of the various publishers, who equips himself with a real anti-virus (not a free one, it pumps your personal data …) or a vpn? Who makes sure not to accept or to empty the famous cookies, these tracers of your activity on the Internet?
Which companies are concerned about technological choices and their impacts in case of crisis? Computing or digital technology is increasingly seen as a commodity, and decisions are made solely on the basis of form, cost and, above all, fashion. We must satisfy the “millennials” by bringing private uses into the professional world. But who of the security aspects of the information, industrial espionage exists! What about the risk of technological dependency and the impact in case of geopolitical crisis? Most of the companies think that having contracted protect them from the hazards, however in case of conflict will the contracts still be respected?
Who can object to our almost total dependence on American solutions? Here, it is the Russians who are our adversaries, but if the Americans become one day, they will not need to cut the sea cables to cut us the access to Internet, they alone manage the domain names! Think of the economic impact this could have. It is the same for our foreign dependence on network equipment, whereas Europe and France were still very efficient in these fields 10 to 15 years ago!
The time of innocence is over, it is urgent that our political actors (government and national representation) get a grip! They must imperatively pass on a sovereign and French messaging! It would be stupid to leave a risk to embrace another one!
This change must be forced and any use of solutions not validated by the ANSSI should be penalized. Moreover, I am surprised that the ANSSI, which issued a justified alert on the use of the #Kapersky antivirus, has not yet given its opinion on #Telegram.
It is therefore time that we use existing French solutions such as #citadel from #Thales, or according to my personal preference to #olvid whose security is totally decentralized.