Inspired by the EU: Sweden eyes open standard for encrypted chat services

Replacing emails and phone calls

Kenneth Edwall, a government employee and member of the eSam working group on the project, told Computer Weekly that one of the aims of the proposal is to make it possible for government departments to communicate more efficiently.

“We as agencies need to collaborate with each other,” he said. “Having email is not the best tool, and having phone calls is not a good method either.”

When eSam first began evaluating collaboration technology in 2021, government departments in Sweden had standardised on Skype for Business as a collaboration tool across government.

The tool was easy to use, and it was possible for government employees to collaborate with colleagues by searching on their email and initiating a chat.

They deployed Skype in a decentralised way, giving agencies the freedom to buy the service from suppliers or deploy it on their own datacentres.

This created a robust, decentralised network, said Edwall. “If you have 100 different deployments of Skype, it’s hard to target them all in a cyber attack,” he added.

Multiple messaging services

Since then, partly as a result of Microsoft phasing out Skype in favour of its Teams software, government departments have taken up a range of incompatible messaging apps. They include Rocket.chat, Teams, Zoom, open source platform Mattermost, video platform Jitsi Meet, and Element.

“We are now seeing at least five or six messaging tools being chosen by authorities today, and if it continues, we are going to have a big mess of fragmented systems,” said Edwall. “There is no open protocol that allows them to interoperate with each other.”

Imagine taking email and splitting it among five or six different email suppliers, each of which was incompatible with the other. “That is what we have today with messaging,” he added.

This means government employees in Sweden are having to learn several collaboration tools so that they communicate with people in other parts of government.

The security risks 

The apps pose security risks as collaboration tools fall outside security safeguards, and when people leave their jobs, they may still be connected to government-focused chat groups.

In January this year, eSam began a review to look at how to solve these problems. One option was to do nothing and leave it to technology providers to develop interoperable messaging services, but it ruled that out.

“We don’t believe that the entire market wants to be interoperable,” said Edwall. “We believe that some of the larger vendors have an incentive not to be interoperable with other vendors.”

Another idea was for Swedish government departments to standardise on a propriety platform, such as Zoom or Microsoft teams. However, under Swedish law, government departments can not legally chose to buy technology from a favoured supplier. Each contract has to go out to tender.

Federated open source messaging

Eventually, eSam settled on an open-source federated messaging standard that allows government departments to build interoperable collaboration platforms, either in-house, or bought in from a provider.

“The key is we are not taking sides in regards to public cloud, private cloud or on premise,” said Edwall. “We are not taking sides on proprietary or open source solutions, but we want them all to have the same open protocol that allows them to interact with each other.”

The eSam members looked at a variety of options, including the Matrix protocol, Signal, XMPP and others, before deciding on Matrix.

“We had meetings with other public sector authorities in the EU [European Union] and we realised that most of the authorities we talked to were looking at the Matrix protocol,” he said. “Some of them were already in it and others were evaluating it.”

For eSam, Matrix offers a number of advantages. First, it is federated, which means the Matrix network relies on decentralised nodes. If one fails, or is hit by a cyber attack, messages can still re-route to the right destination.

Second, different government agencies can chose to deploy the technology in different ways. “You can also decide who you want to deploy our setup,” said Edwall. “You could use public cloud services or private on-premise services.”

European governments are using Matrix

Matrix is widely used by the public sector in France, Switzerland – where it has been championed by Swiss Post – and Germany. The European Commission and the Netherlands also have plans to roll out the technology.

The team has prepared a report that it will present to the eSam board in November.

Its recommendations are to build on open standards and protocols to ensure government agencies can avoid being locked into one supplier, and to give organisations the ability to choose how they want to deliver technology, either through public cloud, private cloud, on-premise systems or third-party suppliers.

If the plan is approved, the move to Matrix-based messaging is likely to take years – or even decades.

“We don’t want authorities to just throw out their current communication, because they might have a five or 10-year contract,” said Edwall.

“We want the market to shift so the vendors understand what they gain from using an open standard, similar to the open standards we use in email,” he added. “We want the market to understand that they should start adapting their products.”