The French government allegedly planted a backdoor in PGP, the most widespread of cryptographic software... This so-called "scoop", revealed during a “special paranoid night” on Canal Plus, a leading french TV channel, was in fact pure disinformation.
The French government allegedly planted a backdoor in Pretty Good Privacy (PGP). In other words, the French State would have the means of deciphering messages encoded with the most popular cryptographic software that ever existed... This so-called revelation was broadcast during “Tous Paranos” (“Everybody’s a paranoid”), a program broadcasted several times since january 15th on Canal Plus, a leading french TV channel - and a Vivendi-Universal subsidiary. A man named Frederic Braut was introduced as the chairman of the French branch of Network Associates Inc (NAI), the distributor for PGP. In a part of the program entitled "Tous fliqués" (“Crawling with cops”), Braut claimed : "The French State owns the keys of decryption which allow to analyze this product (sic) and to decipher it (...) it is a legal obligation."
Too much paranoia kills paranoia
Contacted by Transfert, NAI France deciphers this mock "scoop" : "The company has no chairman in Paris. Frederic Braut is actually in charge of the computer virus department. He was the only person available on the day of the interview. He is not a technician, and instead of saying ’source code’, he said ’decyphering key’." NAI actually provides the government with the source code, plus the binaries and the executables of PGP versions higher than 128 bits (the limit currently set by the French law - a project of complete liberalization should come before the Parliament into 2001). This point makes it possible for the authorities to check that what is sold is in conformity with the sources, and that no backdoor is planted. Stéphane Haumant, the reporter from Canal Plus who interviewed Braut, actually got a phone call from the press office of NAI shortly after the interview, which stated that Frederic Braut made a mistake when he spoke of handing-over the keys to the government. Contacted by Transfert, Haumant answered : "I did not question the words of a guy who was introduced to me as director of the French subsidiary of NAI..
Umpteenth text analysis
Cryptographers of all countries, who for years have been fighting this kind of rumors - which boost paranoia among them and spoils the image of PGP - are at the verge of breaking down when told that a french representative of NAI "revealed" the presence of a backdoor in Pretty Good Privacy. According to NAI, Phil Zimmerman, the creator of PGP, will publish an "open letter" as soon as possible to neutralize the blunder, and kill, once more, the rumor. In addition, french OpenPGP’s website, which put the interview online, provides an umpteenth text analysis : "Until further information is available, the official versions of PGP do not carry a backdoor for an unspecified government. Thus, this is precisely an other “paranoid rumor”." For years, persistent stories have mentionned an alleged "backdoor" that would allow the US intelligence agencies to decipher encoded messages. In fact, this has never been proven. On the contrary, everything shows that to date, PGP is (with GnuPG, its "free" version), the most reliable of popular cryptographic softwares.