Element, one of the companies behind decentralized comms platform Matrix, says customers are asking it to insert a protective clause from the encryption-busting element of UK government’s Online Safety Bill (OSB).
Customers include the US Department of Defense.
The Houses of Parliament passed the OSB last month, paving the way for the British administration to debut online child protection laws, and it still includes the notorious spy clause.
Even though the government now admits it is technically unfeasible to scan securely encrypted messages, it retained the ability to “give notice” to E2E comms providers, in theory also including private comms players, that they may, when “proportionate and necessary,” ask to see encrypted messages.
Civil liberty campaigners aren’t best pleased with the direction of travel, and Matthew Hodgeson, Matrix technical co-founder and Element CEO, has himself been a vocal opponent of the encryption component of OSB.
He told us last month: “The government saying ‘no scanning until it’s technically feasible’ is nonsense. Scanning is fundamentally incompatible with end-to-end encrypted messaging apps. Scanning bypasses the encryption in order to scan, exposing your messages to attackers.”
Fast forward and Element said today that customers, especially privacy-conscious ones, are looking for safeguards against message scanning.
Element told The Register: “Our Fortune-100 customers have started to ask us to put clauses in our contracts which assert that we will never put OSB scanning systems in our software in order to protect their privacy.
“Which we would never do anyway, but that we’re having to put it into commercial contracts highlights just how impractical the OSB is on encryption.”
The company didn’t specify which customers have asked for this. The service is popular with users concerned about private and secure communication. Element lists NATO, the United Nations, the US Department of Defence, the German Armed Forces, the Armed Forces of Ukraine, the UK Ministry of Defence, and the French government among its users.
The Electronic Frontier Foundation said last month: “Given the text of the law, neither the government’s private statements to tech companies, nor its weak public assurances, are enough to protect the human rights of British people or internet users around the world.”
Other E2E comms providers had threatened to pull out the UK if the encryption-busting clause wasn’t removed, including Signal.
In related news, Element – one of the suppliers of the software for the Matrix service – today revealed there are 115 million users on the decentralized communications platform, a near-doubling over the last 12 months. The company is also gearing up for a significant upgrade, dubbed Matrix 2.0.
Notable changes in Matrix 2.0 include a new API to speed up login, launch, and sync, aimed at outperforming the likes of iMessage, WhatsApp, and Telegram. Such a speed increase would certainly be welcome – in our testing, the original service tended to feel sluggish compared to the competition.
Other enhancements include faster room joins – achieved by incrementally loading the room – and native group VoIP. The latter, which will see scalable group and video calling implemented on top of Matrix, will be particularly welcomed by organizations looking for an alternative to traditional conferencing solutions.
More useful for administrators is native support for OpenID Connect authentication, which will make life easier for integrating Matrix into an enterprise environment.
Unsurprisingly, considering its support for the Matrix project, Element is first out of the gate with Element X. This speedy, stripped-down messenger also previews what is coming next year when the full Element app gets a rewrite.
Of the new app, Amandine Le Pape, COO of Element, said that day-one retention was up by more than 20 percent, mainly due to the Matrix 2.0 improvements.
Research from Forrester Consulting – commissioned by Element – showed that while most IT leaders across enterprises and the public sector were keen on end-to-end encryption, sovereignty, and federation, just over half reported that their employees tended to use unsanctioned and consumer-grade messaging apps.
Unsurprisingly, Element noted that the Matrix protocol was eminently suitable for the needs of enterprises in a way that proprietary or centralized products such as Slack or Teams were not. That said, it can be challenging to avoid Microsoft’s messaging platform if you’re a Microsoft 365 customer.
Hodgson said: “Matrix is becoming the core fabric of real-time communications, sitting at the heart of interoperability initiatives such as the EU’s Digital Markets Act.” ®