Swiss Army Backs Home-grown IM Service Amid Privacy Concerns

The Swiss army has told its ranks to stop using foreign instant-messaging services like WhatsApp, Signal and Telegram for official communications. Instead, it's opting for a Swiss alternative -- in part over concerns about legislation in Washington that governs how U.S. authorities can access information held by tech companies. From a report: Army leaders, in a letter to top commanders last month, called for use of the Swiss instant messaging service Threema, and a promotion for the service was posted Dec. 29 on the Swiss army's page on Facebook, which, like WhatsApp, is owned by the U.S. company now known as Meta. Officials have cited an enhanced need for secure communications as Swiss soldiers have fanned out to support the response to the COVID-19 pandemic in the Alpine country. A letter sent to army chiefs last month said Threema "must be used for all service communications," adding that "no other messaging service will be authorized."

Honestly they're doing the right thing

[Baconsmoke]

You're kind of foolish if you allow your military to use IM that is hosted in other countries. It is by nature high risk to do so.

Re:

[Valgrus Thunderaxe]

Yeah. I don't understand why this is even controversial? Of course you want to do this in house?

Re:

[feufeu]

I'd say you're kind of foolish if your military has to rely on any IM service to get it's job done.

BTW Threema certainly is swiss grown, but not home-grown in a way that has anything to do with the country's military. It just happens to be swiss, so the headline is a little misleading.

Re:

[Kokuyo]

You don't want it "homegrown" as in made by the military.
You have NO idea just how incompetent this military is. Nothing good would come out of a software project launched by this organization.

That being said, being able to go grab someone by the neck if things go bad seems like a good idea.

Re:

[feufeu]

I have been in the military and I fully agree with you the military grown stuff but that's true for *any* publicly funded project.

Controlling the servers the stuff runs on seems like a good idea in this case.

Re:

[tlhIngan]

I'd say you're kind of foolish if your military has to rely on any IM service to get it's job done.

Why? Communications is a backbone to the military - that's why they were the first to adopt radios on the battlefield. But voice communications, while great, has limitations, which is why there's the phonetic alphabet and other workarounds to the problem.

Having an IM solution is perfect in a world where it's quicker to specify things as text, like say, a list of instructions. And if it's secure, it's a way to

Re:

[feufeu]

You're right. I should have said internet service...

Re: Honestly they're doing the right thing

[backslashdot]

But it is not end-to-end encrypted, meaning when (not if) their central service is hacked their entire army becomes Swiss Cheese.

Australia and UK

[Canberra1]

Australia and the UK have already allowed National Health data to go into the cloud for the sake of saving a few pennies. Now one can interrogate generals and the like when they get dementia and tease out a few secrets. Or blackmail politicians who got STD's and the like. Plus, ever since Clinton-gate, politicians use alternate media because the provided ones may embarrass them one day. The Swiss have rightfully concluded 'not up to scratch'.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Makes sense

[jellomizer]

What makes a man turn neutral? Lust for gold? Power? Or were you just born with a heart full of neutrality?

I hate these filthy Neutrals, Kif. With enemies you know where they stand but with Neutrals, who knows? It sickens me.

Oh I miss Futrarama, it never got the credit it was due.

Self-hosted, not home-grown

[dave314159259]

The application doesn't need to be home-grown (developed internally), but it *does* need to be self-hosted (including self-signed certificates, keys, etc), with no dialing home to the vendor and no dynamically-loaded dependencies.

What could go wrong?

[fuzzyfuzzyfungus]

Thankfully good, homegrown, Swiss technology has never turned out to be a de-facto subsidiary of the CIA [wikipedia.org] before; so this should work out perfectly for them.

All jokes aside, this use case seems like a situation where you might hire some contractors to assist with the implementation; but where you wouldn't really want to trust anyone but yourself to have control over the system itself. Even in the case of protocols designed to make it architecturally impossible for the operator to violate the confidentiality of user messages there's still all that juicy metadata concerning who is communicating with who, when; and the fact that anyone who can push a client update is in the position to just backdoor the client and grab data that way if they are willing to take the risk of being discovered.

Re:

[Beryllium Sphere(tm)]

Another phrase for that juicy metadata is "traffic analysis".

Threema isn't "homegrown".

[Qbertino]

It's a regular company offering an IM service.
It's simply based in Switzerland and not the US (such companies do exist, believe it or not).

Threema is actually pretty good, I use it myself.
You should check it out: https://threema.ch/ [threema.ch]

It seems to also be open source

[rduke15]

I don't think "homegrown" is the main reason. What makes it suitable is that it is open source and can be self-hosted on your own servers. Or so they claim, at least. I have not found their source code, but haven't searched for it much either.

Re:

[rduke15]

Ah, actually found it. The source is on Github: https://github.com/threema-ch/ [github.com] linked from their page here: https://threema.ch/en/open-sou... [threema.ch]

Swiss Army IM

[fahrbot-bot]

There's a knife joke in here somewhere, but I can't find it.

Re:

[Beryllium Sphere(tm)]

What kind of soldier uses a messaging app from Facebook for military communications?

A Swiss Army naif.

Swiss Army?

[jfdavis668]

It will probably have a fold out cork screw, bottle opener and scissors.

End-to-end encryption?

[jeromef]

Sounds like a reasonable thing to do... although, aren't Signal and Telegram supposed to implement true end-to-end encryption? (the provider not having the keys?)

Re:

[HiThere]

Perhaps the problem there is with the phrase "supposed to". It's really much better if you can ensure that that's true, and with a local company that's a lot easier.

Re:

[Beryllium Sphere(tm)]

Suppose they are, and suppose you can trust them not to sabotage the software under "national security" pressure.

A large vulnerability remains:
https://en.wikipedia.org/wiki/... [wikipedia.org]

Seems pointless

[Rysc]

You don't need home-developed, you just need locally-controlled. For that Jabber is all fine. As much as I think XMPP has problems as a protocol, it solves all of the issues you might have from a defense point of view.

Holey Emmentaler!

[dsgrntlxmply]

Switzerland's best known product is full of holes, so why not this one as well?

Swiss encryption

[helsinki92]

I wonder if they are subcontracting Crypto AG to build this for them?