Senators Ron Wyden and Eric Schmitt push for sovereign, end-to-end encrypted and interoperable communications
This week the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies in New Zealand, Australia and Canada began advocating for the use of end-to-end encrypted (E2EE) communications.
The move is in reaction to law enforcement backdoors in the public telephone network - including AT&T, Verizon and T-Mobile - being hijacked by Salt Typhoon; a cyberattack group believed to be operated by the Chinese government.
Jeff Greene, executive assistant director of cybersecurity at CISA urged Americans to “use your encrypted communications where you have it,” adding that “we definitely need to do that, kind of look at what it means long-term, how we secure our networks.”
After recent years in which many governments have often advocated for backdoors into end-to-end encrypted systems to enable mass surveillance and ease law enforcement, it’s enlightening for the US to now encourage the widespread use of end-to-end encryption as an urgent requirement to improve national security.
The call for Matrix
In a letter to the Department of Defense, senators Ron Wyden and Eric Schmitt ask for an investigation into the “failure to secure its unclassified telephone communications from foreign espionage, risking serious harm to U.S. national security.”
The letter continues to highlight that “the continued use of unencrypted landline phones and platforms like Microsoft Teams undermines secure communication at DoD as they are not end-to-end encrypted by default.”
The senators cite “a potentially more secure superior communications platform, known as Matrix, which is end-to-end encrypted by default, interoperable, not controlled by any one company, and widely used by multiple NATO allies.”
In an appendix, the senators highlight the US Navy’s successful use of Matrix on 23 ships. In particular it highlights the digital sovereignty and resiliency benefits of decentralised Matrix federation and mesh networking.
The need for end-to-end encryption
End-to-end encryption keeps communication secure by ensuring that only those in the conversation are able to read messages. Even if a server or network is compromised, a third party is unable to view the communications. This is substantially different from ‘encryption in transit and at rest’ which leaves data vulnerable to third parties.
Various governments have tried to legislate to undermine end-to-end encryption, which Element has always stoutly resisted and will never accept; even if that results in being banned in certain countries. The current negotiations regarding Chat Control in the EU further validate our concerns, with its imminent threat of EU wide mass surveillance. Our position is that well-intended backdoors to counter abuse will always end up exploited by attackers. And it is indeed the lawful intercept backdoors in the public telephone network that Salt Typhoon has exploited.
The dangers of centralised technology
Governments are increasingly concerned about the vulnerability of centralised communications platforms, such as Microsoft Teams and Slack and consumer messaging apps like WhatsApp or Signal. They are obvious honeypots that attract great interest from rogue nation states. Such systems are also vulnerable to global outages, whether that’s vendor mis-management or the result of nation state activity.
Decentralised technology puts the ownership and control of a communications platform into the end-user organisation’s own hands, either by self-hosting or using choosing a trusted hosting provider.
(view in full size)
The benefits of interoperability
Peace-keeping has always relied upon effective alliances and, in the modern world, that requires sovereign, secure and interoperable communications. Interoperability of one of the key drivers behind NATO ACT’s NI2CE Messenger; an experimental Matrix-based project that aims to complement existing NATO communication solutions with a secure Bring Your Own Device (BYOD) style messenger for ‘unclassified’ use.
Many European countries, and parts of the US Department of Defense, already use Matrix-based systems. As they are all based on the same interoperable open standard, they could all easily federate securely with each party hosting their own data and using their own Matrix-based frontend; for example NATO could use its NI2CE Messenger, while Germany’s Bundeswehr uses its BwMessenger and France uses Tchap.
End-to-end encryption for the public sector
Unlike consumer messaging apps, which are totally unsuited for workplace use, building on top of the open standard Matrix protocol can support large organisations’ oversight and compliance requirements. That is the role for offerings such as Element Server Suite, which enables an organisation to take advantage of end-to-end encryption while maintaining overall control of the system through classic enterprise functionality such as advanced identity and access management.
Secure communication is everything
Anne Keast-Butler, Director General at GCHQ, the UK's signals intelligence agency, described the global geopolitical situation by saying “the intent is sharpening” and that one of the challenges is that GCHQ and similar organisations are: “High side organisations. We’re hard to reach. We need interoperability. To talk to others, and with industry.” In an increasingly volatile world, the need for trustworthy interoperable real time communications has never been greater.
