Swedish government departments are considering deploying “open web” encrypted messaging services as an alternative to proprietary collaboration tools.
Around 40 Swedish government agencies are collaborating on a project that will allow them to roll out a secure messaging service between government departments.
The initiative comes as European governments accelerate the adoption of “sovereign” technologies that allow them to be less reliant on “siloed” software from technology providers.
This trend has received new impetus as a result of the war in Ukraine and the growing political turmoil in the United States.
A membership organization of government agencies interested in digital technologies. ESam proposed developing a government messaging service based on Matrix, an open network offering secure, decentralized messaging.
Replacing email and phone calls
Kenneth Edwall, a government official and member of the eSam working group on the project, told Computer Weekly that one of the goals of the proposal is to enable government departments to communicate more effectively.
“We as agencies need to collaborate with each other,” he said. “Email is not the best tool, and phone calls are not the best method either.”
When eSam first began evaluating collaboration technology in 2021, Swedish government departments were standardizing Skype for Business as a government collaboration tool.
The tool was easy to use, and government employees could collaborate with colleagues by searching their email and initiating a chat.
They deployed Skype in a decentralized manner, giving agencies the freedom to buy the service from providers or deploy it in their own data centers.
According to Edwall, this created a reliable decentralized network. “If you have 100 different Skype deployments, it's difficult to attack them all in a cyber attack,” he added.
Multiple messaging services
Since then, partly as a result of Microsoft's abandonment of Skype in favor of its Teams software, government departments have begun using a number of incompatible messaging apps. These include Rocket.chat, Teams, Zoom, an open source platform. most importantvideo platform Jitsie MeetingAnd Element.
“What we're seeing today is that authorities have chosen at least five or six messaging tools, and if this continues, we're going to have a big mess of fragmented systems,” Edwall said. “There is no open protocol that allows them to communicate with each other.”
Imagine taking your email and splitting it between five or six different email providers, each incompatible with the other. “That’s what we have today with messaging,” he added.
This means that government employees in Sweden have to learn multiple collaboration tools so they can communicate with people in other parts of the government.
Security risks
The apps pose a security risk because collaboration tools go beyond security measures, and when people leave work they may still be connected to government chat groups.
In January of this year, eSam began analyzing ways to address these issues. One option was to do nothing and let technology vendors develop interoperable messaging services, but that was out of the question.
“We don’t think the entire market wants to be compliant,” Edwall said. “We believe that some large suppliers have an incentive not to engage with other suppliers.”
Another idea was for Swedish government departments to standardize their work on an appropriate platform such as Zoom or Microsoft Teams. However, according to Swedish law, government departments cannot legally buy technology from a preferred supplier. Every contract must be put out to tender.
Open Source Federated Messaging
Ultimately, eSam settled on an open-source federated messaging standard that allows government agencies to build interoperable collaboration platforms either in-house or purchased from a vendor.
“The key is that we don't take a position on public cloud, private cloud or on-premises storage,” Edwall said. “We don't take sides on proprietary or open source solutions, but we do want them all to have the same open protocol that allows them to interoperate with each other.”
eSam members considered many options, including the Matrix protocol, Signal, XMPP and others before settling on Matrix.
“We had meetings with other EU public sector bodies. [European Union] and we realized that most of the authorities that we spoke to were looking at the Matrix protocol,” he said. “Some of them were already in it, and others were evaluating it.”
For eSam, Matrix offers a number of benefits. First, it is federated, meaning that the Matrix network relies on decentralized nodes. If someone fails or suffers a cyber attack, messages can still be redirected to the correct destination.
Second, different government agencies may use this technology in different ways. “You can also decide who you want to deploy our installation to,” Edwall said. “You can use public cloud services or private on-premises services.”
European governments use Matrix
The matrix is widely used by the public sector in France, Switzerland, where it is supported Swiss Post – and Germany. The European Commission and the Netherlands are also planning to introduce this technology.
The team has prepared a report that will be presented to the eSam board of directors in November.
His recommendations are to rely on open standards and protocols to ensure that government agencies are not locked into a single vendor, and to give organizations the ability to choose how they want to deliver technology: through public cloud, private cloud, on-premises systems or third-party providers.
If the plan is approved, the transition to matrix-based messaging will likely take years—or even decades.
“We don't want the authority to just abandon their current messaging because they might have a five-year or 10-year contract,” Edwall said.
“We want the market to change so that vendors understand what they get from using an open standard, similar to the open standards we use in email,” he added. “We want the market to understand that they need to start adapting their products.”
