> The use of the WhatsApp, Signal and Telegram messenger services for military purposes in the Swiss armed forces is to be banned.
Key part being "for military purposes". To me it is bizarre that these apps were being used in the first place. Does a national military really not have better/more secure ways to communicate internally than off-the-shelf messaging apps?
I wonder if it's because of the quirky Swiss military setup where evertyone is basically enlisted as a reservist. I would imagine that the local village will have monthly drills and that they have to organize them somehow. Using WhatsApp/Telegram/Signal might be useful for them as they might already use them for other purposes and everyone has it installed.
No, it's a real army with normal bureaucracy, not a village militia.
You get your orders for your once a year repetition course about 3 months before, then show them to your HR department, who arranges for you to have paid time off, paid by the unemployment insurance or something. Then you go do it and come back to work. Your colleagues pick up your tasks while you are gone because you'll do the same for them later (and good teams value cross training anyway). Source: I was a team lead on a team with active Swiss army soldiers.
While you are doing exercises, you have access to all the normal army comms stuff, including presumably encrypted digital HF radio for voice and data, satellite days, VHF radios, etc.
This order is saying, "don't use commercial products, use the military comms systems we give you".
Kind of too bad they didn't give an exception for Signal though... :)
I love Signal and use it as my only messenger, but there's no guarantee the server side code is as secure as they say. For a private citizen like myself it certainly looks secure enough (eg in their warrant responses), but I wouldn't want a state to bet it's security on Signal's honesty.
The promise of end to end encryption is that even if the server side put what it sees of your messages on a billboard in Times Square, nothing bad would happen.
I suspect their objections come from traffic analysis (adversary sees that phone A sends messages to a lot of others→must be a commander or so; a burst of traffic among phones marked as commanders in an unexpected moment→something is being planned, etc.). Also, availability if Internet of cell coverage is cut by the adversary.
This would be a pretty cool advertisement, streaming server logs from production in Times Square. A foolish risk, perhaps, but imagine the buzz.
I love it!
Especially if in response to some claimed attack on the public logs the company would say, "hah, hah, JK, the stream has been xor'd with /dev/random all along anyway".
Casually available apps can be used on-base as well.
Speaking from experience of the British Army, these are used mainly for admin stuff within sub units in barracks. eg. A Sergeant wants his soldiers to parade at 08:00 tomorrow
Whereas these would never (usually) be used 'in the field'
I worry that this 'admin stuff' can actually leak quite a lot of information.
For example, to an adversary able to see the direct one to one social messages between a platoon of soldiers can probably easily figure out social dynamics, who might be most easily bribed, etc.
> worry that this 'admin stuff' can actually leak quite a lot of information.
Hence why they put a limit on the usable chat systems.
The worry also should extend to private conversations between to military members.
But you can't really or them all the time to use military controlled apps, that in practice just doesn't work out. So limiting them to commercial but reasonable secure solutions which are under a local jurisdiction is a reasonable good solution.
A public accessible Swiss military payed Signal fork probably would be an better solution tbh., but Threema isn't bad either. Just not quite as good as Signal.
They can do that by looking at their public Facebook and Twitter lol
Whilst I agree with you on principle the thought of an adversary combing data in order to bribe Private Bloggs of the Loamshire Rifles is comical
> Whereas these would never (usually) be used 'in the field'
You don't want people to get into bad habits.
Good thing they're not allowed to take mobiles on actual operations
I don't know if there's some misunderstanding here - they weren't (I presume) using these apps for tactical comms. They're used for basic office and social messaging. Things like 'are you in tomorrow?' that you might send by clear phone call or civilian email anyway. The Swiss army of course have a full suite of encrypted tactical and operational UHF, VHF, HF, TacSat, etc.
So what's the difference between a civilian email and Signal?
Presumably civilian email use for official communications is either less significant than Signal/WhatsApp/Telegram, or an official policy against civilian email use already exists and this is a clarification/extension of that policy.
Also people tend to be more "chatty" on messengers and tend to think less what they write, hence much more chance of an accidental inclusion of sensitive information.
Well, WhatsApp is famously used by politicians all over the world. I would guess that the military do have secure encrypted means of communications but these are probably to be used at actual military operation and are probably very inconvenient to use. On the other hand, it's very convenient to communicate with your social circle and professional using the same device even the same app.
By military purposes they probably don't mean to message buddies to break the door during an operation, for this they will use proper military gear. However you can imagine military personel discussing military stuff on WhatsApp etc. Stuff like scheduling things, clarifying information, discussing classified stuff to form an opinion or make a decision.
> secure ways to communicate internally than off-the-shelf messaging apps
Some of the better of the shelf apps are as or more secure then many of the military internal developed solutions of many militaries. At lest when applied to use-cases outside of war zones and similar.
I mean there are top of the line security experts all around the world directly and indirectly contributing to apps like Signal. On the other hand the amount of scrutiny a proprietary military app will receive is limited.
But more important "for military purposes" includes a lot of situations you might not have considered.
Like more or less all communication done between two active members of the military, even if of duty, as long as work content might pop up in the conversation.
Or like they sending a member on break a message that due to weather forecast there is a good chance they will have to interrupt your brake for helping with "disaster relive" (which can e.g. include removing snow after some unusual heavy snow fall, or helping with cleanup after a avalanche). To just name some situations.
I’m sure they have encrypted radio channels but P2P comms for non-war situation without having to pull out a 200 watt radio is probably lacking.
On hardened physical crypto radios I presume - rather than on consumer-grade apps.
Or, more likely, watches.
So, two to three orders of magnitude smaller than the US's budget depending on how you count... $5B is pocket change for the US military. Don't be pedantic.
i'm swiss, our army is a joke, especially when it comes to IT. a 4+B CHF joke tho.
while i support the use of swiss secure solutions for critical stuff, it should be noted our beautiful militia is mostly there for a reason: allow male teenagers to become men, namely 1) play with explosives, 2) get drunk and 3) loose their virginity with prostitutes.
they will probably allow back these apps for military operations when they discover these are more secure than their proprietary communication systems.
can't wait they get their F35..
Swiss Army Bashing, count me in!
You're completely right, unfortunately. For a country that prides itself with its neutrality, we sure do like our armed boy scout club.
I do have hopes though that their F35 plans won't work out; the last vote was extremely tight, if it was already clear back then that they'd go for the F35, I'd wager they would have lost.
i think Neutrality died when the Crypto AG story came out.
being CIA's back office and being "neutral" is a quite interesting standpoint..
regarding F35 it's quite possible this get canceled, indeed it was close.
this plane choice seems also really bad. it doesn't turns well due to low lift (perfect in mountains ranges, especially when you already crash a jet every few years on a cliff), "hi-tech" sensors platform with a little less than a million bugs (perfect for the reasons above) and probably a maintenance nightmare due to stealth and other gimmicks.
wouldn't be surprised F35 maintenance double our army budget.
oh yeah and badly negotiated contracts so peanuts for our beautiful local weapons manufacturers (not that i like them btw).
You guys do have awesome air force exercises at the Axalp range! Can't deny that..
They've been trying to up their game since the 2016 cyber attacks, I know the army tried to hire top security and cryptography experts. I don't know if they're very successful though, the intersection of (Swiss citizen, PhD level in infosec, willing to work for the military) is probably fairly small.
Yeah, I saw the Swiss Army recruiting desk at a Swiss security trade show.... lots of polite conversation, not a lot of "conversions", I'd say. Also, worked in an EPFL lab dedicated to security with a crushing majority of non-Swiss PhD candidates.
Yep, all of this is unfortunately true. The whole thing is a sad joke, both the militia and the professional army.
I thought the Swiss Army was extremely well-regarded? It has a good reputation in the UK. I worked with one of your Grenadiers once and he was very professional and competent.
It's the same for almost everything associated with the country, what you see from the outside has very little to do with the actual thing. The country has been very good at developing the "swiss brand", generally speaking.
In practice the swiss army is a giant live action role-play, where young males go to be paid for playing with firearms and be drunk together.
Note that you can be very professional while larping, it's not contradictory.
So the "killer feature" that the Swiss Army used to justify Threema over Signal and the others is that it's Swiss based and not US based like the others, not a technical feature that guarantees better proven security.
I don't blame them one second for going local, but then if security and ownership of your comms is what you're after, why not set up your own Matrix server for comms for your military personnel like every European country (I think), and instead purchase Threema licenses?
I feel this is basically a form of corporate sponsorship/handouts from the government/defense sector in disguise, to support a local champion (basically how the US defense sector propped up Silicon Valley in its inception).
It’s a military reason.
In the event of war you want complete control of comms systems for your military.
This makes sense to me! I think it would be foolish of any army to use a comms system another country controls.
There are multiple reasons, and that would be one of them. Another reason is legal/regulatory:
Most government and military employees (especially in countries that at least want to have the appearance of opposing corruption) have specific record keeping requirements. If you use unofficial channels for official communications, you are almost certainly violating those rules and laws. "Where's lunch today?", not an issue. "Let's discuss these budget items and make a decision", that's an issue.
I don't know Swiss laws and rules, but I'd be surprised if they permitted, say, coordination of movement of military assets (in country, peace time) via unofficial, unrecorded methods.
If they run on iOS or Android, you'd better make sure the US isn't on the other side of that war.
> ultimately just politics 101
In the same way that war is just politics by other means, yes.
Wars are about logistics. If you think business is hard with the current disruption of our just-in-time economy when most actors are actually trying to cooperate, think about your competitor subverting, buying or bombing your third party communications service providers.
How is not releasing all your communications away to a different country "just politics"?
This comment made me really curious what my countries military uses and I need to say I am pleasantly surprised that the German military’s messenger seems to be done in house and based on Matrix.
> fundamentally incompatible with software freedom
Was software freedom a goal?
It's very unlikely that those are concerns for the Swiss army.
There are lots of people who know how to audit binaries.
It’s not as if auditing source code is something that most people can do.
My first thought was "great, all those are proprietary* and centralized. maybe they'll use XMPP or Matrix", but I see people mentioning Threema. I'm not familiar with it. A glance at Wikipedia shows the protocol is MIT and the apps are AGPL, so that sounds good anyway.
Signal may not exactly be proprietary, but they won't put it on F-Droid, so...
Telegram has a free-ish client but not a server
Congratulations to Threema for getting the whole Swiss army to standardize on your software.
Let's hope this turns out better than with Omnisec.
Omnisec AG was a swiss company with (hidden) ties to US intelligence services  that produced manipulated encryption devices. Switzerland's military was also using Omnisec hardware and I doubt they received the "proper" ones.
I was wondering why Signal suggests a 6 digits passphrase by default. Even with a good key derivation algorithm, it’s trivial to brute force in a very short time.
"trivial" means exactly what?
I ask because it's not trivial to clone the memory of a phone and have a network of simulators capable of simultaneously enumerating each combination, to stave off slowed-next-attempt policies etc.
It's trivial as long as there are companies selling one-click solutions to do it.
If your budget is in the upper upper 5 digits range, it's trivial.
If a serious attacker is set on getting your stuff, it's just a matter of time and money. It's down to how much the data is worth for the attacker.
The brute force is trivial once you got the data, no pass phrase would be as secure. I think in this case a for loop on a single laptop would be fast enough.
but the os builds insert an increasing delay before allowing a next attempt.
like the first iteration of the for loop runs at time 0, fails;
second iteration gets to start 10 seconds later, fails;
third iteration gets to start 1 minute later, fails;
fourth iteration gets to start 1 hour later, fails;
and so on.
But this doesn’t matter if you extract the data from the phone first.
right, but having done this in a previous role, over a decade ago, for legit non state level reasons, it requires custom hardware to even start the conversation.
That's for the phone itself, isn't it? So there would have to be some sort of hardware enclave involved that would rate limit guessing.
Signal has no end point security past the phone so they would want the phone security to be as good a possible.
It is not just for the phone, the passphrase you set is also used to encrypt your data on the signal servers. Signal claims to use intel SGX to secure the passphrase on their servers, though.
> The annual fees charged to Threema users will be paid by the army, but critics say there are no sanctions planned for army members who continue to use other messenger tools.
That doesn't sound like they've banned it at all.
At least Threema doesn't require your phone number. Such a requirement is absolutely ridiculous as a sign in option.
I also heard all three of these messengers WhatsApp , Signal  and Telegram  have a cryptocurrency projects too for their users. So now they are automatically involved in promoting ponzi scam-coins as well, which Threema has none of that.
Great choice for the Swiss Army to use Threema then.
I dont think the army permits transferring confidential information via privately owned phones, or via foreign companies, before. And neither does it now.
Note that we have mandatory military service. Every year thousands of new recruits will perform military service for around half a year. After that, they have to attend three weeks of military service yearly (refresher). This always requires organization; when to arrive in the barracks, equipment to bring, request for leave, corona updates etc. Also coordination at which McDonalds to stop at the freeway.
Same for professional army members. They need to communicate somehow, without using super encrypted email or radios (schtichwort "fill guns", super).
Military IT is also as you expect (old and cumbersome).
Most people are focusing on security in the comments, but I think that's missing a more important point.
First, all developed-nation military forces have internal, "secure" tactical and strategic communication networks for classified (e.g. Secret, Top Secret) data. So something like WhatsApp, Signal, Telegram, or Threema would only be used for unclassified, administrative communications as others have already mentioned.
But there are still controls required for unclassified, administrative communications. Speaking as a US military officer who works in IT, we have to think about data ownership and retention for things like investigations and compliance with FOIA requests. It's impossible to do that if everyone is using personal accounts on communications services that we don't control. I'm not sure how much control the Swiss government can exert over Threema, but it's presumably more than they can control services hosted outside of their borders. This article from last summer explains why the US Defense Digital Service Director got in trouble for using the Signal app for official business: https://www.nextgov.com/cio-briefing/2021/06/defense-digital...
> WhatsApp, Signal and Telegram
WhatsApp and Telegram I can understand but Signal is a bit strange, they probably could just have setup some way to have "Swiss army compiled" version of Signal which IMHO would be more safe then Threema.
While I do use Threema and like it's decoupling from phone numbers it has problems including Salamander attacks on their group chats and a very easily DDOS able account creation system.
Furthermore most other users I meet did for a long time not know about the importance of Threema Id backups, often until they switched phones and lost their Threema Id...
Generally from what I can tell it _seems_ (i.e. speculation) to be developed from experienced software engineers, but missing some "full-on security experts/researchers(1)" and there is in my experience a subtle but for this kind of things important gap between a senior engineer with a lot of security expertise and a non-junior full-on security expert/researcher.
(1): What I mean hear is a bit tricky to define. First security experts and researchers are not necessary the same then different people have different field of expertise and skill level, so just doing it full time isn't necessary enough.
I hope the UK Government/Parliament see this and also ban the use of WhatsApp, it seems everything for back room dealing to anonymous briefing of journalists happens via it.
Every scandal over the last few years always seems to either start or end with screenshots of WhatsApp conversations.
This is fantastic. Switzerland needs to use something within its jurisdiction, threema is an excellent choice.
The title is a bit misleading, at first glance it seems as if the military banned encrypted communications for soldiers' personal communication. No, this only applies to mile Gary communications, and is to allow swiss sovereignty over the services they use.
Back in 2018, there was an article about fitness apps like Strava exposing secret military locations:
Guess you could say the Swiss Army took the knife to them.
I'm surprised anyone on this website would care about this information, the swiss army is quite meaningless and mostly driven by politics.
[flagged] misleading title
Why isn't there an ergonomic & secure communications app?
So what are they using instead?
Only Threema is allowed now.
At the latest since Crypto AG, Switzerland can no longer be trusted.
Is the Army giving everyone a personal device to run Threema on? That's why people use WhatsApp - because people already have it on their phones. If the Army wants people to install a special app people are likely to ask them to provide the device.
I don’t think that’s common at all outside the US. I’d argue that even suggesting that would get you blank stares for its absurdity.
I don’t think anyone has been expecting a paid-for device for the past two years just because to work you have to install Zoom, even in the US.
> I don’t think anyone has been expecting a paid-for device for the past two years just because to work you have to install Zoom.
Most employees have to buy their own work tech devices outside of the US?
To some extent, yes. My employer is a big US-based company, but in my country (Romania) I bought my own phone, external monitors, mouse etc. If you are high ranking or well connected you get some of these via internal IT supply system, but the quality is very basic, ex. they expect developers to work on $125 monitors - what the fine art of magic can you do with that? Managers have iPhones paid by the company, company cars, etc. but most working people have to find a way to work on their own.
There are companies that provide some budget for work equipment, but unless it is mandatory by law the budget and quality of equipment varies a lot, from good to terrible or none.
If you’re at the office no, but I suppose you only get a company phone if your job is to communicate.
Zoom's not going anywhere near my personal devices. Nor is MS Teams, or any other communicator with work credentials.
We (big employer in the UK) can order paid-for devices on the corporate purchasing system. It works out best for everyone: they can control the device, I can turn it off at the end of the day, and nobody has to see my reaction when they say "oh yeah, now we can remote-brick your personal phone."
Yes, always buy or use your erased previous device for applications that require work credentials.
When WFH became more widespread at the office in 2020, the local mgmt team told everyone to enter all sorts of information into a spreadsheet like their IMEI number, etc. Then people discovered after the fact that their personal devices were now managed devices. Cue surprised faces.
MDM rejects bootloader unlocked devices, so even if you have extra devices you might not be able to use them because of that or the OS version being too low to please them. A good alternative if available, is to use Citrix Receiver instead, it doesn't require MDM and doesn't require permissions. It does require an RSA keyfob.
I think it's more of "if you want to use such an app on your own phone while doing military service, you are allowed to use only X". Same situation exists in companies where BYOD policies have limitations.
I don't have WhatsApp on my phone, it not part of the Android standard apps.
I'm sure there's some corner cases, but every soldier I've ever interacted with already had it on their phone for personal use. That's how it's become so commonly used.