The interview
Q: What is your name?
My name is Thomas Baignères, I'm the CEO of Olvid, a company launched in 2019, but based on a much older project.
Q: What is your product?
Olvid is an instant messaging application running on IOS and Android. It's like Telegram or Signal in that it has end-to-end encryption, which means encryption on outgoing phone and decrypted only on operator phone. Olvid thus creates secure channels between phones.
Q: Is it SaaS? PaaS? IaaS? Other?
It's an application, so SaaS.
Q: Are you a market leader? Who do you consider leader in your market? Does GAFAM play any role in your market?
We would like to become the European truly secure messaging solution. Then we will see further.
Q: What are the unique selling propositions of your product? Is your solution different or better than competing solutions?
Competing architectures use one central server for all users. For example, Whatsapp has 2.7 billion users, in one directory... with all cryptographic data stored in one place on US soil. Users are doing their conversations with one digital identity and Whatsapp as "trusted third party" that stores everything, when it's actually impossible to ensure data security and confidentiality when you are working with onle one directory like Whatsapp/Meta are doing. A directory is the most precious, the most important, the most audited and the most protected asset in a company, because it gives access to everyone and must not be compromised.
Olvid in comparison does not have a central directory or server. We prefer instead to have an end-to-end encrypted messaging system without having to trust anyone. This is made possible by the cryptographic technology from Olvid. We offer free communication without collecting or storing data on a server. Olvid does not ask for any personal data from users, so our business model is not based on selling data to the highest bidder, unlike what Whatsapp is doing.
Our business model is free messaging + paid options (calls for example). We are today deploying Olvid for companies with 1 personal directory on their premise. There is no Olvid server, so only a company has access to its directory. This means no risk of data leakage except if misused by employees, for which we provide training of course. Olvid allows all users to contact each other through this directory. Olvid is a One-click install for System Admin who also has the keys, can revoke directory access and warn contacts if data has been leaked.
Providing a free users solution helped making Olvid famous by word of mouth and brought in many corporate clients.
Q: What are the strong points of your technology?
We do lot of public research in crypto but lacked some elements in the past. We also tried to depend as little as possible on free third party code to avoid possible security holes (for example the IOS GNU MP math library to code crypto algos).
Q: Can you name users or clients of your solution? Preferably in the CAC40, DAX30, Fortune500, European governments?
We have about 100.000 active users, including various CAC40 companies, large companies and SMEs. The French Defense Ministry is using Olvid, but I can't give you exact statistics on number of clients.
Q: Do you have a success case among these clients?
French special forces police. It is one client which we won through word of mouth, who also required servers and secure communication. Since working with the French special forces police, the Ministry of Justice also started using Olvid.
Q: What European policies do you suggest to ensure sustainable development of your technology and its adoption?
The European Commission uses Signal or Telegram instead of European solutions. Our public institutions keep using foreign solutions while Olvid even has ANSSI approval (Agence Nationale de la Sécurité des Systèmes de l'Information - French National Agency for the Security of Information Systems), follow all EU laws and regulations.
However, I do not believe in imposing laws but rather in providing incentives. Our products must be better in order to be successful. And we must work to stop European technologies from being despised. If European solutions would get a fair chance and evaluation, we would have the possibilities to show abilities and continue to improve. But without these type of users, there is no testing and no feedback, it's a vicious cycle that helps the Signals and Telegrams.
We also need to be aware of the security risks of competitors: Whatsapp has a lot of publicity but does not talk about its Trusted Third Party server and how users interests are not being protected.
Europe has been very active on many fronts, for example with regards to digital identity management (e.g. Digiposte by La Poste), but the equivalent is still missing for messaging. We already work in this regard trying to partner with digital ID managers, but it is complicated due to security requirements and not having a European umbrella regulation.
Q: To what extent are the interoperability projects financed by France and Europe likely to guarantee the development of European cloud technologies?
Interoperability is a very complex topic, because everyone implements different technologies and uses different security standards. We are also not sure how much security will be compromised when providing interoperability. We thus prefer our users to have the final choice and only provide a a minimum of interoperability between messaging and ID Manager, for example with the eIDAS standard (https://www.ssi.gouv.fr/entreprise/reglementation/confiance-numerique/le-reglement-eidas/).