Jump to content

Inside the French government’s mission to develop an encrypted messaging platform


Recommended Posts

Recent years have seen a step-change in French government operations. An unprecedented modernisation agenda has created new ways of working for officials and civil servants alike.

 

lBFpZMG.png

 

As part of a drive for more efficient and effective collaboration, the Interdepartmental Digital Directorate (DINUM) set out in late 2017 to develop a secure messaging service for members of the government to communicate safely.

 

Mainstream messaging applications, such as Signal, Telegram and WhatsApp, were not deemed suitable for a government-wide messaging solution. These centralised, proprietary apps would keep French government data within their own systems.

 

“They offer little transparency,” says Jérôme Ploquin, project director at the State Digital Directorate, Prime Minister’s Services.

 

“We didn’t know about what backdoors might be in place. We couldn’t be sure about the quality of the end-to-end encryption, nor audit the solutions. Data would be off our own servers, and probably out of the country. The Patriot Act creates ambiguity, and the providers’ business models were not suitable for government use. We saw them as consumer-grade solutions.”

The search for a unique solution

DINUM, in partnership with France’s National Agency for Information System Security (ANSSI), scoured the world for potential solutions. “Ownership and digital sovereignty” topped the list of daunting selection criteria. Confidentiality and security were also critical, as was usability for a system that would be used by the country’s highest officials and hundreds of thousands of civil servants. For a system that would need to scale across France’s entire civil service and – eventually – its respective ecosystems, it also had to be open, interoperable and support a huge number of users.

 

Although DINUM wasn’t looking for an open source solution specifically, it discovered Matrix; a decentralised communication protocol developed with interoperability and privacy in mind. Element, whose founders also lead the open source Matrix project, helped DINUM deploy the Matrix-based Tchap solution.

A new generation of messaging and collaboration

Matrix is an open network for secure, decentralised communication. It is the foundation for a completely different approach to real time collaboration.

 

Being decentralised enables people and organisations to host their own conversations; keeping data within their control (via on-premise hardware, private cloud, or cloud provider) rather than being stored by the service provider. That instantly delivered Tchap’s need for ownership and data sovereignty.

 

An open protocol, Matrix-based systems interoperate seamlessly. That gave Tchap the ability to federate across every organisation within the French public sector. Each organisation can simply be added to the solution, and instantly be able to easily communicate and collaborate with other departments. Scalability and interoperability were clearly addressed by Matrix.

 

Matrix also supports genuine end-to-end encryption – meaning that messages can only be decrypted by the people participating in the conversation – based on the Double Ratchet Algorithm, open sourced, and subject to cryptographic review by NCC Group. That gave Tchap the assurances it was looking for around security.

 

“Despite Matrix being a relatively new protocol, it was technically advanced and had a large, active open source community. It was proven, and really quite mature,” says Ploquin.

“The flagship client app, Element, was still very new and we decided to use that as a base for our client app across Android, iOS and web,” explains Ploquin.

 

“We wanted to reflect the French government’s colours in the user interface and simplify some aspects to tailor it for widespread use across a collection of organisations with potentially over five million people. We also wanted an antivirus to protect against external threats.”

Explosive growth

Tchap Agent went live in April 2019 and was rolled out across all ministries. By March 2020 Tchap had around 80,000 daily active users, making it one of the world’s largest deployments of a collaboration tool; the sheer size of the user base reflecting just how many different organisations the Matrix-based solution was able to support.

 

Within weeks, the user base doubled to 160,000 as the coronavirus pandemic saw the vast majority of France’s civil service switch to home-based working. Tchap scaled easily, and enabled France’s public sector to adjust quickly to an unprecedented ‘new normal’.

Universal secure collaboration

“Tchap is an excellent example of what we describe as universal secure collaboration,” explains Element’s co-founder and chief operating officer, Amandine Le Pape.

 

“Universal means that it is open, and therefore easy to federate across different organisations. Any Matrix-based client is instantly interoperable with it, and it can also be bridged into other open protocols like IRC, or into proprietary systems such as Slack.

 

“It takes a completely different approach to the vast majority of messaging and collaboration; self-hosting data, decentralisation, end-to-end encryption and cross-signing to verify participants as well as supporting the usual protections such as anti-virus.

 

“And, more than just a messenger, it is a complete collaboration tool that allows secure file sharing, screen sharing and all types of possibilities around integrations and connectivity.”

A new beginning

Tchap has enjoyed positive feedback as it has rolled out across the public sector, with over 80 per cent of users saying it has delivered big benefits. “Like any project, particularly for a public one of this size, there have been twists and turns,” says Ploquin. “We had teething troubles, a security scare, and the inevitable changes in requirements.

 

“We also scaled from 80,000 to 160,000 daily active users almost overnight, and have seen people adopt and adapt Tchap in the most delightful of ways. Human beings are at their best when they communicate, and Tchap allows them to do that in new and previously unthinkable ways.”

 

The G7 in Biarritz, for example, in August 2019, was an early demonstration of Tchap being used to manage a high-security event. It is now routine for the emergency services to coordinate through Tchap to ensure more effective working in response situations.

 

The impact of Tchap – bringing together communities of people with shared goals – is perhaps the most satisfying thing for Ploquin:

 

“We’re seeing people from a wide range of organisations participate in rooms dedicated to particular topics; from our ambassadors in Africa coordinating their response to the pandemic, to best practice discussions around challenges such as cybercrime. People are proactively sharing their knowledge, helping everyone to improve what they do.”

 

Tchap’s rollout continues, with the current focus on the regions, and France’s principalities. That will take Tchap’s user base to around 300,000 people, although there is little to stop the system being adopted right across France’s public sector.

 

“Although Tchap is already a huge deployment, in many ways we’re just getting started. We want to encourage Tchap users to innovate with how they use the platform. From hospitals to education, we imagine enabling all sorts of new uses as people better understand the power and flexibility that Tchap offers.”

 

Source

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...