The Swedish Armed Forces (Försvarsmakten) have decided to standardize the use of the encrypted messaging app Signal for non-classified communications via mobile phones.
The Swedish military would likely have to reevaluate their use.
As good as Signal is for the average non-technical person, organizations with resources would be far better served by hosting their own, using something like XMPP with encryption, with servers only permitting connection from their own compiled clients, run in a container on the phone, which have been available since at least 2010.
No business I’ve worked for would accept Signal as a solution, in part because you have little control over it.
Wire (https://wire.com/) uses the same OTR / double-ratchet encryption primitives as Signal, but focuses more on self-hosting, and supporting organizations that want to self-host (for whatever reason).
I believe GNU Jami, well-deployed is capable of Signal’s level of security while being self-hosted.
I don’t believe a bill will be introduced.
The Swedish military would likely have to reevaluate their use.
Frankly the military should re-evaluate.
As good as Signal is for the average non-technical person, organizations with resources would be far better served by hosting their own, using something like XMPP with encryption, with servers only permitting connection from their own compiled clients, run in a container on the phone, which have been available since at least 2010.
No business I’ve worked for would accept Signal as a solution, in part because you have little control over it.
I mean signal is used for non-secret non-sensitive communications.
It’s like hey we have a formation here at this time.
Hey we have inventories here.
It’s good enough for basic stuff. No one will be using signal for anything higher than unclassified.
Also phones are often not issued to soldiers so I doubt most are going to install a military related/developed app onto it.
Wire (https://wire.com/) uses the same OTR / double-ratchet encryption primitives as Signal, but focuses more on self-hosting, and supporting organizations that want to self-host (for whatever reason).
I believe GNU Jami, well-deployed is capable of Signal’s level of security while being self-hosted.
It’s only for non classified information. Sweden has other encryption schemes for communication.
Still, they don’t control it. Which means support is a real problem.
They’re not even paying for a service, which would give you contractual commitments.
Sure, but it’s not like the security of the state is at stakes.
Nato and some Swedish agencies already use Matrix, Försvarsmakten should help standardize.