Macron's Pick of Encrypted Messaging App Isn't What You'd Think

(Bloomberg) -- French President Emmanuel Macron uses the same encrypted iPhone messaging app once favored by the so-called Islamic State.

Telegram Messenger, the chatting software that’s backed by Russian entrepreneur Pavel Durov and attracts consumers with features such as messages that self-destruct, is also the go-to for French officials including the president, people familiar with the matter said.

Macron and his circle of advisers started using Telegram in 2016, in the early days of his bid for the top office, and they’ve stuck with it for day-to-day exchanges about work planning and practical matters, the people said, asking not to be named discussing private operations.

Along with Facebook Inc.’s WhatsApp in some cases, key officials interviewed by Bloomberg News said ease of use, habit and no extra cost are reasons for using Telegram. They also insist on being cautious about the kind of data they share there: only information they say is neither sensitive, classified, nor posing a security risk. Exchanges would otherwise go through high-security hardware like cryptophones specifically built for government, a French official said, asking not to be named as per government policy.

A government official said the messaging services are never used to exchange strategic or confidential information, but only used for logistics and technical information.

But even when it’s used to discuss seemingly trivial things, there are questions about whether instant-messaging software made for the greater public is the most appropriate for people running a country. The U.S. debated that matter last year regarding Hillary Clinton’s use of a private email server when she was secretary of state, while revelations that German Chancellor Angela Merkel’s phone conversations were tapped prompted a surge in products and services built to boost telecommunications privacy.

Telegram also holds a controversial place in the pantheon of messaging apps that includes WhatsApp, iMessenger and Signal. In October Telegram was fined 800,000 rubles ($14,000) for not providing the Russian Federal Security Service with data necessary to decode messages, Interfax reported citing a court ruling.

Islamic State also used the encrypted Telegram Messenger service to connect with supporters, prompting the app to remove multi-user “channels” that members complained were promoting the terrorist group.

“There’s a natural arbitrage between cost, risk and ease of use, depending on the kind of information that’s being communicated and the level of potential threats,” said Herve Debar, a professor at Telecom SudParis and head of the University’s networks and telecommunications department. “In the case of high-level government, it can be difficult for those involved to distinguish sensitive data from information that doesn’t need extra protection.”

Telegram and Facebook did not respond to a request for comment.

Baby Pandas

While there are times when secrecy is an obvious requirement --things that fall into the utmost confidential categories still warrant using hard copies and physical vaults at France’s key posts-- there are also trickier cases. The logistics of the first lady’s visit this month to a baby panda at a zoo in the Loire Valley were sorted out over Telegram by government teams, the people said. The data, while trivial to some, could attract unwanted attention insofar as public figures like the president and his spouse are concerned.

“Politicians should use certified tools for work communications -- tools that are made by security experts, not companies like Facebook whose business relies on advertising and data collection,” said Laurent Delaporte, Chief Executive Officer of cybersecurity adviser Akerva.

To cater to the privacy needs of government members, but also corporate executives and others handling sensitive data at work, security companies are joining a heap of developers building messaging tools tailored to professionals. They’re going after a market already crowded by the likes of Microsoft Corp. and Alphabet Inc. to Slack Technologies Inc., by trying to differentiate with added security layers.

French state-backed defense company Thales SE has an encrypted instant-messaging app called Citadel, which it launched this year and it’s been pitching to customers with selling points including the company’s military expertise, a seal of approval from France’s national cybersecurity agency, and storing data locally. It has added about a dozen paying customers in about a year and has several tens of thousands of users. Some groups in the French army are currently trying out the software as part of a test phase, according to the defense minister’s office.

“There’s a realization among professionals that there are risks to using free, accessible and fun tools -- they don’t know where the data is transiting, where it’s stored, or who exactly has access to it,” said Laurent Duquesne, who started the Citadel project within Thales and is now running it out of the company’s startup incubator in Paris.

©2017 Bloomberg L.P.