The Swiss army has banned foreign instant messaging apps such as Signal, Telegram, and WhatsApp and only allows its members to use the Threema messaging app, which is developed in Switzerland.
Threema is the instant messenger designed to generate as little user data as possible. All communication is end-to-end encrypted, and the app is open source. Threema does not require users to provide a phone number or email address upon registration, this means that it is impossible to link a user’s identity through this data.
The app could be used after paying once a subscription, the company states that this payment covers the development of the Threema apps and the maintenance of the server infrastructure.
The Swiss army will cover the annual subscription to its personnel.
“In the army it is now called: Threema for everyone – Threema pour tous – Threema per tutti. With this in mind, the army staff sent an email at the end of December to instruct all commanders and chiefs of staff to use the Threema messenger app for business communication with private smartphones from now on.” reported the Swiss Tagesanzeiger. “In the letter that this newspaper has, it says: «All other services are no longer permitted. “In future, the army will forbid its relatives from exchanging information with one another via Whats app, signal or telegram and from disseminating official instructions via these channels.”
Recently media shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps.
The document analyzes lawful access to multiple encrypted messaging apps, including iMessage, Line, Signal, Telegram, Threema, Viber, WhatsApp, WeChat, or Wickr.
The above document, dated to January 7, 2021, was obtained through a FOIA request filed by the US nonprofit organization Property of the People.
The information reported in the training documents provides an up to date picture of the abilities of law enforcement in accessing the content of popular messaging apps.
Feds cannot access the message content for Signal, Telegram, Threema, Viber, WeChat, and Wickr, while they can gain limited access to the content of encrypted communications from iMessage, Line, and WhatsApp.
Anyway, depending on the single encrypted messaging apps, law enforcement could extract varying metadata that could allow unmasking the end-users.
Swiss officials also pointed out that Threema isn’t subject to the U.S. Cloud Act, which applies to all electronic communication service or remote computing service providers that operate in the U.S.
“The United States enacted the Clarifying Lawful Overseas Use of Data (CLOUD) Act in March 2018 to speed access to electronic information held by U.S.-based global providers that is critical to our foreign partners’ investigations of serious crime, ranging from terrorism and violent crime to sexual exploitation of children and cybercrime.” states the U.S. Cloud Act. “The CLOUD Act is designed to permit our foreign partners that have robust protections for privacy and civil liberties to enter into bilateral agreements with the United States to obtain direct access to this electronic evidence, wherever it happens to be located, in order to fight serious crime and terrorism.”
Being a user of Threema himself, Steiger added that the Swiss army’s move is in the right direction but is not going all the way.
What is strange is while the Swiss Army is asking military personnel to use Threema as private users instead of using the business version known as Threema Work.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, instant messaging)
[adrotate banner=”5″]
[adrotate banner=”13″]