The recent news story about a group chat where military information was leaked to a journalist due to human error shows that strong encryption isn’t sufficient for a corporate – let alone governmental – messaging service.
These days, all communication platforms that are considered secure employ end-to-end encryption. This means that only the sender and the recipient(s) of a message – i.e., the “ends” – are able to read said message. If, however, one of the ends shouldn’t be a recipient in the first place, even the most powerful encryption becomes useless.
Apparently, that’s exactly what happened to U.S. national-security leaders: they accidentally added an uninvolved third-party to a highly sensitive group chat about a military strike in Yemen.
This incident raises a whole host of questions. Many of them are out of scope for us to answer, but some are right in our wheelhouse, first and foremost: What types of measures can prevent something like this from happening?
1. Verification Levels
In Threema Work, so-called “verification levels” indicate what type of contact a user is dealing with. For example, the contact could be stored in the user’s local address book (two orange dots), they could be someone the user doesn’t know (one red dot), or they could be an internal company contact (blue dots).
Besides, when a Threema Work user creates a new group chat, they’re presented with two separate contact lists: one containing internal company contacts only, and one containing all contacts (both internal and external). To make sure only internal contacts are added to a group chat, users can simply select the tab with internal company contacts only.
2. Closed User Groups
Threema Work allows administrators to restrict communication to internal contacts. This is to say that only users within the same Threema Work subscription are able to communicate with each other, and it’s impossible to send or receive messages to/from external users. Thus, there’s no way for external users to join internal group chats to begin with.
3. On-Premises Solution
Threema OnPrem is the self-hosted version of Threema Work. All data is stored and handled on the organization’s own server, which translates to complete data ownership and full control over every aspect of the communication tool. In a self-contained chat environment like this, communication is restricted to internal contacts from the outset, making it an ideal solution not only for professional use in industrial companies but also for public authorities, law enforcement, and the military.