In an increasingly volatile world, governments turn to Element and Matrix
It feels as though 2024 was a year that highlighted the need for a new era of communications.
To cite just a few examples, Russia intercepted German military discussions about providing Taurus missiles to Ukraine through a security lapse during a WebEx video conference call. A weakness exploited through a lack of interoperability between systems, and reliance on the unencrypted phone network to bridge the gap.
Salt Typhoon exploited law enforcement backdoors in the US public telephone network to gain access to call detail records and unencrypted communications. Highlighting the importance of end-to-end encryption.
Disney suffered a cyberattack via its internal Slack channels which exploited weak access controls and possibly insider information. Multiple cyberattacks on Snowflake highlighted the danger of data aggregation created by centralised systems, with Snowflake customers including Ticketmaster, Santander and AT&T all suffering data breaches as a result.
An increasing number of governments, most recently in Scotland, have moved to officially ban WhatsApp and all other ‘non-corporate’ messaging solutions in a bid to improve "standards of openness, transparency, and accountability."
Decentralisation comes to the fore
The inherent weakness of centralised systems was demonstrated throughout the year, with notable global outages including all Meta platforms in March, WhatsApp in April, Microsoft 365 in June, the Crowdstrike debacle in July and another Meta platforms outage in December. Meanwhile the internet, being decentralised, is relatively resilient to attacks on backbones such as the sabotage of a link between Germany and Finland, and numerous other attacks that lead to events like the robust escorting of a Russian ship out of Irish waters that are of major concern to NATO. But an equivalent deliberate cyberattack on a centralised service, whether it’s a WhatsApp, Slack or hyperscaler, would clearly be catastrophic.
In his first major speech as NATO Secretary General, Mr Mark Rutte called on allies to “shift to a wartime mindset and turbo charge our defence production and defence spending.”
Elsewhere Anne Keast-Butler, Director General of the UK's intelligence agency GCHQ, said that “intent is sharpening” in geopolitics. On the theme of centralisation, she highlighted “points of data aggregation” and described them as “double-edged” in that they are great places to search for data, but aren’t great for “resiliency”. No surprise then that, when talking about the need for defenders to be more resilient than attackers, Keast-Butler described decentralisation as “interesting”. She also touched on interoperability, describing GCHQ as: “High side. We’re hard to reach. We need interoperability. To talk to others, and with industry.”
Across 2024 it’s been increasingly obvious that the world is moving towards decentralised, digitally sovereign and interoperable communications that are end-to-end encrypted. That shouldn’t be a surprise; it’s what Forrester Consulting reported in its Future of Secure Communications study in 2023.
Preferred capabilities for a new communications platform
Matrix is that new era of communication
Governments and defence organisations need digitally sovereign, secure and - crucially - interoperable communications. It can only be delivered by the decentralised Matrix open standard, and the demand for Matrix is palpable.
In a letter to the Defence Department, US senators Ron Wyden and Eric Schmitt urged for the rapid adoption of Matrix, to improve security and sovereignty in military communications. They criticised the reliance on insecure platforms like Microsoft Teams, highlighting Matrix's advantages in interoperability, security and resilience, and its successful use by the US Navy and many NATO allies. It’s advice that’s echoed in The Forrester Wave: Secure Communications Solutions, Q3 2024 report in which traditional applications such as Microsoft Teams, Slack, WebEx and consumer messaging apps like WhatsApp and Signal don’t even feature.
Trailblazers dazzle at The Matrix Conference
September saw the first Matrix Conference; a congress for those using, developing and building on Matrix. Many of our customers and partners presented in the Element sponsored public sector track including:
- Allied Command Transformation (ACT), NATO's Strategic Warfare Development Command
- DINUM, the French government’s digital ministry
- Gematik, Germany’s national agency for the digitalisation of the healthcare system
- Försäkringskassan, the Swedish Social Insurance Agency
- ZenDiS, Germany’s Center for Digital Sovereignty and developer of openDesk
- Ridgeline International, a pioneer in data privacy and secure infrastructure solutions
- Tele2, the Swedish network operator
It was a wonderfully expansive event, where people shared best practice, learnings and practical insights. People running massive Matrix-based deployments in the public and private sector mixed with systems integrators, service providers, other open source firms and a huge cross-section of the Matrix community. Almost every presentation was standing room only, and discussion spilled out into Berlin’s surrounding bars and restaurants as the evenings arrived.
Element was able to meet many customers and partners we’ve only previously seen online, and we took every opportunity to deep dive into customer and end user feedback, roadmap requests and product ideas. All the public sector presentations from The Matrix Conference are available online (and a full listing here), but to enjoy the relaxed atmosphere and IRL fun you’ll have to attend The Matrix Conference planned for France in 2025.
Squircling the cutting edge of communications
Building a decentralised, secure and interoperable communications platform is incredibly complex as it has to support millions of completely separate servers and frontends that use a wide variety of FOSS and commercial software solutions across a zero trust decentralised network. It also needs to support all types of users and use cases, from massive government deployments to individuals.
All of that complexity needs to be neatly packed away, out of sight, to ensure end-users have a beautifully smooth and intuitive user experience. Admins, too, need to feel at ease with such an essential platform to ensure its configured and managed to best effect. We’ve made huge strides in 2024 to transform a revolutionary approach to real time communications into something that’s easily deployed, managed and enjoyed by end-users.
In our concerted effort to squircle the cutting edge of communications, we’re particularly proud of:
Element X, our next generation app
We’re delighted to have launched Element X in 2024. Under the hood, it’s the first app to take full advantage of Matrix 2.0 - which makes it around 20,000 times faster than its predecessor. It has also been completely reimagined to offer a beautifully smooth user experience, surpassing mainstream messaging apps.
The sheer performance muscle behind Matrix 2.0 means Element X is as fast as the best mainstream messaging apps, despite the complexities of decentralisation. Element X now benefits from instant sync, instant login and instant launch. Radically improved encryption performance (thanks to matrix-rust-sdk-crypto and the Invisible Encryption initiative) has simplified verification and almost eliminated ‘unable to decrypt’ errors thanks to a new common cryptographic library written in Rust. Voice and video has been transformed by integrating Element Call to provide native Matrix-powered end-to-end-encrypted voice and video conferencing. The use of Matrix Authentication Service (MAS) means Element X supports next generation authentication, including login via QR code.
As a next gen app, Element X needs a Matrix 2.0 server for peak performance. All new Element customers (as in, large organisations) use Matrix 2.0-ready Element Server Suite, and can enjoy full throttle Element X. Existing large customers will be able to migrate smoothly from the classic mobile Element apps around the end of Q1 25. The matrix.org free public server is expected to fully support Element X by March 2025.
Element X really is a leap forward, and not just in terms of performance. It has all the basics (share button, attachments, location sharing, voice messages, polls etc) and an increasing number of value adds including native Element Call integration, with full Picture in Picture, ability to share media and links directly into Matrix rooms, the upcoming long-awaited media gallery, single-link QR code login and consistent secure authentication across all platforms.
Synapse Pro, delivering huge efficiencies for massive deployments
The unique capabilities of Matrix make it the obvious choice for huge-scale (aka nation-scale) government use. The German healthcare system, for instance, is currently implementing a nationwide Matrix-based federation to transform patient care. It will be used by more than 150,000 healthcare organisations and serve 74M public insured citizens. Even though it’s decentralised, there will be instances that support millions of people.
Groundbreaking optimisations within Synapse Pro reduce resource requirements by up to 80% or more, radically rewriting the economics of massive deployments. Of particular relevance to service providers, shared microservices power high density multi-tenant deployments bringing economies of scale benefits to thousands of smaller deployments. Savings are also made by eliminating redundant data within server deployments and sharing infrastructure between services.
Just as transformational is automatic elastic scaling for load management, efficient resource usage, and eliminating the need for server restarts. Elastic scaling also enables high availability, both within a deployment as well as enabling failover across multiple datacenters, improving uptime and network resilience as well as ensuring zero downtime maintenance derived from rolling updates.
Synapse Pro is available from Element under a commercial licence, which in turn will help fund our open source work - ensuring that the open source Synapse and Element projects grow even faster.
Element Server Suite (ESS) continues to mature
The Element frontends are, of course, free. Synapse is an open source Matrix homeserver implementation, written and maintained by Element, and available for ‘free forever’ community use. But Synapse alone is not enough for large workplace deployments as it lacks the enterprise functionality that such organisations require.
Element Server Suite (ESS) is Element’s core revenue-generating product, and where we’re investing considerable time and energy. The revenue from ESS funds everything else we do, including our contributions to Matrix.
The ESS backend professionalises Matrix for workplace use. It includes a whole series of enterprise requirements, from improved administration to advanced identity and access management and compliance. The addition of Synapse Pro, with its huge cost savings, makes Element Server Suite (ESS) the most cost effective way to run a large workplace Matrix deployment.
During the course of this year, we have developed Element Server Suite significantly to raise performance, ease of use and deployment flexibility to meet the evolving needs of our biggest customers.
Some of our biggest milestones include:
- The LTS release in April which enhanced the update experience, improved server health monitoring and improved the way media is managed
- In May we introduced MSI builds for Windows enabling automated deployments at scale
- We rolled out our next-generation authentication (Matrix Authentication Service) in July. This streamlines and standardises the way users log in to our product
- Our October LTS release brought Matrix 2.0 compatibility, unleashing huge performance benefits, enhancing a number of the features including Secure Border Gateways, and ensuring a smoother foundation for secure communications
- And of course Synapse Pro!
ESS is now providing the backbone for an ever-growing number of digitally sovereign communication solutions throughout Europe and the rest of the world. They benefit significantly from the best-in-class Matrix backend, and at a considerably lower cost than building on Synapse alone and maintaining a home-made fork. ESS is now so advanced and efficient that governments and public sector organisations cannot logically justify hosting Matrix deployments through anything else; something that will become ever more evident as we release further improvements throughout 2025 and beyond.
2024 was also the year that Element was awarded ISO/IEC 27001:2022 certification, an acknowledgement of our commitment to the security of our products and operations. It is the globally recognised standard for auditing and establishing criteria for Information Security Management Systems (ISMS) and builds on our Cyber Essentials Plus certification.
ESS for community use
Element Server Suite will offer a self-hosted ‘free forever’ community version (replacing the withdrawn Element Starter offering), launching in the first half of 2025. It will support small to mid-size deployments, using Kubernetes. For those that want to spin up a Matrix 2.0 stack for casual use in the meantime, check out element-docker-demo!
Governments continue to embrace Matrix
There are currently 16 governments that make use of Matrix-based software for their communications. As it's usually the most security-conscious parts of government that pioneer the use of Matrix, we often can’t cite those deployments, but senators Ron Wyden and Eric Schmitt have put the US Navy’s use of Matrix across “23 afloat units and 3 shore sites” into the public domain. We were also able to announce our work with NATO ACT to create NI2CE Messenger as a low-side sovereign messenger to provide a better alternative to consumer messaging apps. Likewise we also announced UNICC, which provides digital solutions and cybersecurity within the United Nations, as a new customer where Element is replacing existing messaging solutions and email.
Element increasingly sells through partners, and across 2024 we announced important partnerships with Tele2, for the Swedish public sector, Ridgeline, with a focus on the US national security and defence market, and Adfinis as a managed service partner in central Europe. Element is also proud to be chosen as the chat component with ZenDiS’ openDesk solution for the German public sector. We’re also partnering closely with Deutsche Telekom for the German TI-Messenger market.
Wrong-headed regulations
Like many companies providing end-to-end encrypted communications, we’ve put a lot of energy into trying to ensure government legislation around the world doesn’t undermine encryption. As demonstrated so spectacularly by the Salt Typhoon attack, well-intended law enforcement backdoors are nothing more than vulnerabilities that bad actors can exploit.
So, as in 2024, we’ll continue to explain the importance of end-to-end encryption, for everyone, and how it works for as long as it is needed for regulators to understand. The EU’s Chat Control, and the UK’s Online Safety Act, undermine end-to-end encryption. The fact is, as geopolitics grows increasingly aggressive, it’s inevitable that the benefits of end-to-end encryption will be protected. It would be far more inspiring if the motivation was an appreciation of the right to privacy, and the societal benefits of ordinary people not being subject to profit-driven data-mining algorithms and surveillance capitalism.
2024 also brought the EU’s Cyber Resilience Act into force, and whilst we applaud its aims to strengthen cyber security and resilience within the EU, the potential impacts on the wider Open Source community remains to be seen. We will continue to monitor this, and any other incoming regulations, for its impacts on Element and the Matrix community.
Revolution isn’t easy; thank you
Pioneering the missing communications layer of the open web isn’t easy. Thank you for sticking with us during our inevitable stumbles on this journey. Nurturing an independent open standard, and a vibrant and healthy ecosystem while also trying to support the FOSS community is a tough gig at the best times. Growing a for-profit company to service the incredibly complex requirements of governments, the public sector and global NGOs is another tremendous challenge. Doing both simultaneously in a year when around 80 countries had national elections that hugely disrupted governments’ spending plans, and in the face of yet another year of economic gloom, has been one hell of a slog.
If you’re benefitting commercially from building on Matrix, please make sure you contribute back to the open source project in one way or another. If you’re a huge public sector organisation, please talk to us about how we can help you. Of course we’d like you to subscribe to Element Server Suite, but there’s loads of other ways to support either us or Matrix directly too.
Despite all the headwinds, thanks to the incredible dedication from everyone at Element, we’ve managed to phenomenally improve both Element and Matrix and push things forward.
A huge thank you for all our customers and partners, and the wonderful support from the open source community at large. Enjoy the holidays and see you next year!