[johnwayne666]

HN title: "France threatens GrapheneOS with arrests / server seizure for refusing backdoors"

LQDN: "Dans ces articles, la cheffe de la section cybercriminalité du parquet de Paris – à l'origine de l'arrestation de Pavel Durov – menace également les développeurs·es de GrapheneOs. Interviewée, elle prévient qu'elle ne s'« empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice »."

In the (very short) linked article: No mention of arrest, server seizure or backdoor, and a more nuanced take. Loosely translated summary: Some users have a legitimate need to protect their communications. IF we find links with criminal organizations AND there is no cooperation, then we might take action. They're specifically taking the approach of a case by case hack of single phones which might cost up to a million euros. Is this an issue if there's a warrant?

This seems blown out of proportion?

[strcat]

France has made it clear they expect to have a backdoor in end-to-end encryption apps and disk encryption. They've been saying that it's unacceptable not to have a backdoor in a bunch of these news stories they've gotten published by contacting the media. They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.

Le Parisien has 2 articles about this, not only one, and https://archive.is/UrlvK is one of the places they talk about going after us if we don't cooperate with providing them access to devices. It's not possible for us to provide an update which bypasses the throttling for brute force protection so what they're asking isn't even helping them break into specific devices but helping them compromise security for everyone in anticipation of rare cases of criminals using devices. https://news.ycombinator.com/item?id=46038241 explains lack of technical ability to compromise security after the fact. Titan M2 is specifically designed with insider attack resistance so that Google making an update disabling the brute force protection won't be accepted by the secure element without the Owner user successfully unlocking first. We don't have the signing key for the Titan M2 firmware anyway. This is part of our required hardware-based security features which we're working on providing in a Pixel alternative with a major Android OEM working with us right now. We talked to them about the France situation already and it does not negatively impact our partnership. It may be a good idea to speed up an official announcement with them to counter the narrative being pushed by France's law enforcement agencies now.

[cookiengineer]

> France has made it clear they expect to have a backdoor in end-to-end encryption apps and disk encryption.

Note that "France" and "Johanna Brousse" (as the lead investigator lobbying for more agency data access) are not the same, by a couple million people.

Now's the time to get ahead of this. Communicate openly why Open Source matters, what's at stake, and try to ally with existing organizations like the EFF, IETF, Linux Foundation, CCC e.V. and others. They know how to deal with the media, and it's okay to ask for help.

Please let another person check the article from a non-technical perspective, because that's where journalists have a strategical bonus. If the blogpost/article/video/whatever contains too much technological lingo, the masses won't be able to understand it.

Wish you the best.

PS: I hope that you can see that not all people are as messed up as the kiwifarm doxxers. I've seen their "call to arms" to start new swatting attempts etc. Stay safe.

PPS: Don't engage with people that have anime avatars. Just block them. Your time is wasted trying to read or reply to them. Hate is a mind infiltration technique.

[johnwayne666]

I appreciate the answer and the work on GrapheneOS! It seems there's a lot of work going on with the QPR1 release and this French matter doesn't make things easier for the team. Good luck!

[blueflow]

Le Parisien is not the french state. I doubt you had any interaction with the french authorities at all.

You are unable to any legal recourse because none of your rights have been violated (yet).

[johnwayne666]

To be fair, the quote in the second article is from Johanna Brousse who is behind the Durov arrest.

> "Mais ça ne nous empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice."

> “But that won't stop us from prosecuting publishers if links to a criminal organization are discovered and they fail to cooperate with the justice system.” (DeepL)

I understand this can be seen as more threatening even if the whole quote softens this a bit.

[halJordan]

To be even fairer, where in the french legal codes does it say "introduce backdoors!"

I'm all for assuming the worst, but not to the point of putting words in someone's mouth.

[Hizonner]

Only a total idiot would wait to actually be arrested, fined, or even harassed, before doing something about it.

[blueflow]

Maybe he is going to get arrested, maybe we are observing an persecution complex.

[array_key_first]

Given what we know about how most Western nations feel about secure communications, what seems more likely?

The reality is that the west got very comfortable with a world where any and all communication can be trivially wire tapped.

Telephony, messaging, and even the internet - these were not only abused, but abused on such a scale that virtually no data could ever be safe from the eye of the state. Even printed media would leak it's location, etched in microscopic ink.

We, unceramoniously and rapidly, yanked this power out from underneath them. For the first time in a very long time, it is possible to have communication which cannot be surveilled.

Knowing what we know about how governments work, are we shocked that there is push back to this? Frankly, the only reason we aren't seeing more abuse is because the big dogs still permit absolute serveillance. I'm sure at the behest of the state.

Projects like grapheneos and signal represent an existential threat to the current model of citizen serveillance and crime solving. Starving dogs will bite.

[StopDisinfo910]

> They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.

No, they haven’t.

You are letting your paranoia talk by widely amplifying the content of two newspapers articles in media affiliated with the far right.

I’m quite surprised by your reactions to be fair because both SkyECC and Encrochat were actually affiliated with organised crimes. As far as I know, GrapheneOS isn’t.

[strcat]

French law enforcement chose to do interviews with those newspapers and nearly all of the content of those articles is paraphrasing or directly quoting what they said. There's very little input from the journalists into those articles. They treated the claims from the state as facts and conveyed them as such, then posted our responses to vague queries not giving us the details of what was being claimed about us so we could properly respond to it.

[sunshine-o]

France basically always had very good PR portraying the country as "romantic" and a champion of freedom but reality has almost always been very different.

It was very unfree in the 16th century, what led to the French revolution, which was a nightmare, then military dictatorship. The 20th century was not much better and never forget France collaborated very quickly with the third Reich. Then De Gaulle has some sort of soft military dictatorship with a secret police and a total control of the media.

Today their police is very aggressive, their justice system highly politicized. And as always a dominating bureaucracy.

The state is getting more and more aggressive as drugs and violence are rampant.

It is by far the country in Europe I had the worst interactions with the police.

There are a lot of beautiful things to see there but today I try to avoid it for business and leisure.

[seec]

When it comes to freedom, France definitely has it backwards. Now that it is in deep trouble economically, the bureaucracy is claiming for even more soft communism in a very totalitarian way. One needs to understand that the system made some people quite rich, way more than they would have been able on merit alone, thanks to the politics of bureaucracy.

Funnily enough the "far-right" is brandished as a fascist boogeyman when it would be a challenge to actually become more totalitarian.

For those reasons the "state of rights" is losing its legitimacy and criminality is on the rise unsurprisingly. When what you can expect to get out of the system becomes too disconnect from merit, it doesn't make sense to participate as a good actor.

So we now get rising commissars that tries to police speech and behavior any way they can. The police is basically a state militia that spends more time annoying mostly law-abiding citizens for minor offenses that just tow the line, in order to extract as much money out of them as possible. Meanwhile real criminals are out of control and receive laughable sentences from the corrupted justice system when they get caught. Following far-left ideals, criminals are victims that can be given more chances. One elected parliament member got caught buying drugs and basically nothing happened to him. Hard to not see some collusion.

[whimsicalism]

What is cooperation? How are they supposed to unlock the phone?

Unless you're saying 'compelled to use their private keys to publish an update' or something along those lines, in which case I would say the original headline is correct.

[StopDisinfo910]

There is no law allowing the police to do that in France so that can’t be what cooperation means.

In the case of Telegram, it was about providing meta data when subpoenaed and moderating the unencrypted part of the application.

There is little reason to believe it is about anything else here.

Edit: Happy to hear what the people downvoting actually disagree about as usual. At the moment I have read a ton of mud thrown of France here - including someone from GrapheneOS implying they won’t hire from France unless someone relocate which must one of the most hilarious take I have ever read coming from someone from North America - with very little actually substantial shared, which, to be fair, seems to be becoming the norm here.

[mmh0000]

Um.... There's no law doing what now? [0]

  Loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000.[22] 

https://en.wikipedia.org/wiki/Key_disclosure_law#France

[StopDisinfo910]

That’s absolutely not about backdoors and I fail to see how it concerns GrapheneOS.

This law says a judge can compel a key owner to decrypt something as part of an investigation.

This doesn’t in any way creating backdoor in encryption setup nor does it cover developer of encrypted system.

Did you go fishing for any law supporting your point and hoped that brandishing one which looked vaguely similar to what you were looking for would work? Because it sure looks like you did.

[goku12]

What exactly are you trying to prove here? Preemptive precautionary measures are definitely warranted in case of projects like these if the authorities demonstrate any sort of hostilities - especially from one with prior history of taking such actions.

Unlike the laws of physics, human laws encompass deliberate ambiguity meant for them to be escaped (with loopholes) or to be stretched as far as possible, without raising any alarms at the time of instituting them. The main purpose of the courts is to interpret the laws somewhat consistently in the face of such ambiguities. I can easily see how this particular law can be interpreted liberally enough to mandate backdoors. Your pedantic interpretation is not something they are going to care about or abide by. In the worst case, they'll just take the 'shoot first, ask later' approach. They'll just do what they like an then try to justify their actions when challenged. This has been the norm with even non-authoritarian administrations for ages. But the entire EU has been demonstrably gravitating towards this dystopian reality with their attempted chat control law.

Do you want the Graphene team to ignore any such possibilities and just stay put? In which world does that make any sense? And what's your point in brushing aside practically everyone else's concerns?

[StopDisinfo910]

> What exactly are you trying to prove here? Preemptive precautionary measures are definitely warranted in case of projects like these if the authorities demonstrate any sort of hostilities - especially from one with prior history of taking such actions.

It's pretty obvious from the start what I'm saying.

GrapheneOS is saying France is threating them and wanting a backdoor in the OS. This is absolutely not the case. A couple of articles talking about your project in far right newspapers one antidrug investigator saying they will indict the project if there is a link with organised crime is not at all the same thing that being threatened by a country, let alone being act to compromise your product when there is zero legal basis for anyone in France to do so.

> Unlike the laws of physics, human laws encompass deliberate ambiguity meant for them to be escaped (with loopholes) or to be stretched as far as possible, without raising any alarms at the time of instituting them. The main purpose of the courts is to interpret the laws somewhat consistently in the face of such ambiguities. I can easily see how this particular law can be interpreted liberally enough to mandate backdoors. Your pedantic interpretation is not something they are going to care about or abide by.

There is no loophole nor pedantic interpretation here. France has no law compeling software developers to add backdoor to their product period. Quoting another unrelated law doesn't change this fact.

> This has been the norm with even non-authoritarian administrations for ages. But the entire EU has been demonstrably gravitating towards this dystopian reality with their attempted chat control law.

You are arguing in the same sentence that Europe is untruthworthy because they are trying to pass a law allowing chat interception and that law actually doesn't matter. So what is it? The truth is France respects its own laws and there are currently no law allowing backdooring. The reality of the evolving European regulation is a separate issue entirely.

> Do you want the Graphene team to ignore any such possibilities and just stay put? In which world does that make any sense? And what's your point in brushing aside practically everyone else's concerns?

GrapheneOS is free to do whatever they want. I'm free to point out that their current scare mongering regarding France is baseless.

[miohtama]

And how do you hack a single phone without a backdoor in every phone?

[foxyv]

You use the signing keys for GrapheneOS to push an update to a single user.

[strcat]

That doesn't offer a way to bypass disk encryption for data protected by the per-profile lock method. GrapheneOS cannot bypass the brute force protection implemented by the secure element. Google cannot bypass the brute force protection either because they designed the Titan M2 to require the Owner user successfully unlocks in order to update it. Weaver + insider attack protection for the secure element are among our hardware security requirements (see https://grapheneos.org/faq#future-devices for a list) which are being implemented by an OEM we're working with to provide a Pixel alternative. Weaver has a table of user authentication tokens mapped to random tokens used as part of the final key derivation. The authentication token is made with a hash of the initial key derived from scrypt, then the final key derivation in TrustZone combines both with hardware-bound key derivation to get the key derivation key. Weaver implements very aggressive time-based throttling. We have the original delays documented at https://grapheneos.org/faq#encryption but it ramps up faster now.

Aside from that, people can use a strong diceware passphrase on GrapheneOS due to us massively raising the character limit from 16 to 128. This is far more usable on GrapheneOS because people can combine it with fingerprint+PIN secondary unlock instead of fingerprint-only secondary unlock. 5 attempts are allowed for fingerprint unlock and the 2nd factor PIN being entered incorrectly counts towards that so even a random 4 digit one works well. That's convenient to use with the passphrase only having to be entered 48h after the last successful passphrase unlock and after reboot.

We also won't do it and cannot be forced to do it under Canadian laws. France's laws are going to be as relevant to us as North Korean laws once we've finished replaced our OVH servers in Beauharnois, Canada with a Canadian provider. France could currently force OVH to mess with our static website or mail server but we haven't done anything illegal so it would be outrageous and a diplomatic incident due to violating Canadian sovereignty during a time period when foreign server hosting companies being subject to foreign law is already in a recent news cycle. We're not waiting around for them to hijack our website though.

[lucb1e]

That's all great but what prevents the OS from reading the /dev/input/* device that corresponds to the touchscreen while they enter that password? Or, XKCD#1200 style ("they can get my browser and app data but at least they can't get my disk password") reading all data after 'disk' unlock

Assuming Canada is like most countries and there exists an agency (or laws can be passed to create an agency) which has the authority, optionally after running it by a judge, to compel an entity to secretly implement a backdoor of their choice and they hand such an order to Google, Shiftphone, GrapheneOS, LineageOS, Samsung, or anyone else that is operating within their jurisdiction. Not meaning to single you out, but needing to trust your OS' updates does seem fundamental for a practically workable threat model. Unless you trust your vendor to prefer going out of business and destroying the keys on the way out, over implementing a backdoor for 1 user and tripping the warrant canary (many people will have that level of trust in GrapheneOS but not, say, Samsung; it's a tall ask of any vendor though)

[foxyv]

You cannot bypass the disk encryption until the user signs into their phone. After that they are toast.

[LMYahooTFY]

How is this different from a backdoor in every phone?

Some authority compels me to give them signing keys so now they can push anything they want, to any device they want?

[strcat]

They can't bypass disk encryption that way:

https://news.ycombinator.com/item?id=46038241

It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.

[LMYahooTFY]

Well that's really good to know.

Been a happy user of Graphene since the Copperhead days. Thanks for all the work you do. I know you've endured a ton of shit.

[SSLy]

Just wanted to say: don't listen to people who say you're crass or wrong. GrapheneOS' actions and words are great and a boon.

[Hizonner]

Once they've established a rule that you have to help them in all cases, what stops them from forcing you to push an update to a phone while the user still has it, to collect information from the phone while actually unlocked and in use?

[strcat]

We won't comply with illegal demands, so how would they force us to do it?

GrapheneOS System Updater doesn't identify the device or user to the server. A massive portion of GrapheneOS users are using a VPN and some are using Tor so many of the IP addressed are VPN/Tor exit IPs shared between people. How would an update be targeted to a specific phone?

[albuic]

French laws... A warrant is needed !

[foxyv]

Is this rate limiting on the number of data key decryption calls by the HSM to prevent full data exfiltration? Or, is it rate limiting PIN attempts?

[strcat]

It's rate limiting on key derivation attempts. A key is made via scrypt from the passphrase. A hash of this key is used as an authentication token to obtain a random token from the secure element for the final hardware-bound key derivation to use as an additional input. Passing the wrong authentication token results in rapidly increasingly throttling. We documented the previous less aggressive ramp up at https://grapheneos.org/faq#encryption but it actually ramps up a lot faster now to make 4 digit PINs less horrible, although we still strongly recommend 6 random digits as the minimum.

Secure element updates don't only need to have a valid signature and greater version. They also require the Owner user to authenticate successfully after booting in order for it to be accepted. This is what they refer to as insider attack resistance, since it protects against them being coerced by a government into removing the brute force protection for a locked device via an update.

[foxyv]

Functionally, there is very little difference. This is why, I imagine, GrapheneOS is pushing back.

[miohtama]

Please read what you just typed.

[foxyv]

Okay, read it. Now what?

[lucb1e]

And?

[whynotmaybe]

With a know bug in a product that you didn't disclosed.

https://web.archive.org/web/20221124085649/https://www.washi...

[raverbashing]

I agree

The thread linked is much more balanced than the title given

[delusional]

> This seems blown out of proportion?

Par for the course on hacker news.