Does corporate messaging and collaboration demand decentralisation?

Decentralisation is a grassroots movement in response to the lack of control that centralisation has created. Amandine Le Pape explores

Organisations are struggling with how employees and external partners communicate. They were wrestling with the issue before the global pandemic but, with many workforces now regularly working outside of a traditional office, it has become a burning issue.

Email, the old stalwart, is slow and cumbersome. The fact email still exists – and is often the primary form of communication – demonstrates the failings of instant messaging, corporate communities, messaging apps, and collaboration tools.

The painful success of messaging apps

Of all the alternatives, messaging apps – such as WhatsApp, Signal and Telegram – have seen the best end-user adoption. Because they are consumer apps, employees find them quick and easy to use. They can set themselves up, find and add the people they work with (internal and external) and start being productive. They even feel like responsible corporate citizens, because some of these messaging apps are end-to-end encrypted, so employees feel they are not risking company data falling into the wrong hands.

Of course, the downsides of messaging apps are all too obvious to the IT function. For starters, it’s shadow IT of the highest order; leaving employees and external partners discussing company business with zero control, oversight or auditing.

Worse, consumer-grade free messaging apps are centralised systems whereby the service provider owns the entire IT stack. As we know, the cost of ‘free’ is that the users are the product. The service provider can mine data to learn more about – and profit from – their users.

Housing so much data, centralised service providers are vulnerable to both criminal and government interest, prompting multiple attacks and efforts to implement routine surveillance. This brings us to the question of data ownership, residency and jurisdiction.

A global centralised messaging app provider has a headquarters, and needs a home for its servers. In most cases that’s Silicon Valley firms in the US, but it could be anywhere, for example China for WeChat. From a government point of view, that’s a single throat to choke in terms of creating a regulatory system to allow lawful access on a level that provides a cheap way to routine surveillance. From an attacker’s perspective that’s a huge honeypot. As if that’s not unsettling enough for consumers, it’s a huge red flag for businesses, other governments and NGOs.

The equally painful failure of collaboration tools

Collaboration tools live in the enterprise IT world, so you’d expect them to be fit for business. Yet there is a market failure which stems from them being born as internal-only proprietary tools that create enterprise-grade walled gardens.

Organisations are complex ecosystems and interdependent. They include employees, stakeholders, partners, customers, contractors, freelancers and various other external parties.

Modern collaboration, therefore, cannot possibly require each and every organisation to subscribe to the same software provider and then have the IT function oversee each and every collaboration set-up.

The success of messaging apps is because people – AKA employees – operate far faster than IT functions. If employees are going to collaborate effectively they need a system that they can administer themselves, just like they do with a messaging app.

Some vendors like Microsoft Teams and Slack have engineered ways to allow external collaboration, but it remains proprietary, restricted and cumbersome to manage. Slack Connect is a far cry from an open system that employees can manage independently.

Beyond the practical downfalls of traditional collaboration tools, there are also two structural issues to consider. The first is security. Traditional collaboration tools do not support end-to-end encryption and instead focus on data being encrypted ‘in transit and at rest;’ which means it’s not encrypted at times when it’s on the service provider’s own servers (to enable traditional search that cannot handle encryption, for example).

While that may not concern an SME, it’s a major problem for global organisations, governments or any other organisation that has to consider the value of its intellectual property.

Which brings us back to the foundation issue of centralised systems for communication. Once again, as a single throat to choke a Slack or Microsoft is vulnerable to criminal and government interest. Centralised systems are simply not a good model for private communication.

The very public encryption battle

If the threat of routine surveillance sounds a little hysterical, one need only cast an eye to the US where regulation is clearly moving towards weakening encryption. The EARN IT Act and the Lawful Access to Encrypted Data Act of 2020 (LAED) demonstrate the determined push to ensure some level of ‘backdoor’ third party access to encrypted systems.

Simultaneously GDPR, the California Consumer Privacy Act and the recent ECJU ruling invalidating Privacy Shield shows just how passionate many people are about their right to privacy.

Element’s point of view is that end-to-end encryption is an undoubted positive. It provides the 99.9 percent of people and organisations that are decent and honest protection against the 0.01 percent that aren’t. It has to be better to serve the 99.9 percent, or they are left vulnerable; and that is who the law is meant to protect.

Besides, the 0.01 percent are able to access open source end-to-end encryption as easily as anyone else and law enforcement have multiple other options – and resources – to pursue those outside of the law. Banning or weakening end-to-end encryption only favours the highly motivated 0.01% that will carry on regardless.

Why the pendulum is swinging towards decentralisation

While traditional messaging apps and collaboration tools have multiple reasons for failing to serve enterprises appropriately, the fundamental common flaw is the centralised model as that results in them being:

• Closed proprietary systems that need to be in place for every person and organisation in an ecosystem.
• Parasitical systems that suck data out of the ecosystem and locks it – and the customer – into the service provider’s proprietary system.
• Dangerous; having harvested so much mouth-watering data, governments, terrorists and criminals are all keen to access them.

In stark contrast, decentralisation based on open standards gives people and organisations the independence to communicate on their own terms. It does this by giving them the choice and flexibility to choose where and how their data is stored and managed: on-premise, a private or public cloud or a dedicated service that preserves the organisation’s data ownership. Such self-sovereignty (being able to own your data and where it resides) gives governments, enterprises and privacy-conscious individuals the confidence to adopt messaging and collaboration as they know their data is safe.

Element operates on Matrix; an open network for secure, decentralised communication. Think of it as the original open web, but for modern day real time communication. An open protocol like email, but one that offers self-sovereignty and end-to-end encrypted security.  With Matrix committed to being an open standard, organisations can pick the app and hosting service they prefer instead of being beholden to a closed platform or a given vendor. To draw a parallel with email again, it’s similar to choosing an email client safe in the knowledge that you can still email anyone else regardless of the email client they might be using. If only that were true of the WhatsApps and Slacks.

Matrix is just one example of the decentralised future that is evolving to provide an alternative to an overly-centralised web. Decentralisation is a grassroots movement in response to the lack of control that centralisation has created, and it is certainly the only sensible choice for real time communications.