| |
In public administration - but also in authorities and organizations with security tasks (BOS / BORS) - the use of messengers is being worked on or in some cases different solutions are already in use. What they all have in common is the understandable desire to exchange information easily and securely.
Unfortunately, the situation with “chat” is that although there are publicly accessible and manufacturer-independent systems - as is the case with e-mail, telephone or mobile telephony - there is no company with a corresponding advertising budget in the background.
This in turn means that, due to a lack of knowledge, companies rely on glittering (advertising) statements and spend a lot of money twice or even more on special developments that do not benefit the public but are company property and can only be used for a fee. This makes the market very lucrative.
As a result, there are many different projects in this important area in particular, but they are not federated or not compatible with each other. It is also not known (to me) whether it is possible to communicate with users of the respective system outside the administrative unit. I would be grateful for any information in this regard.
To illustrate the diversity and confusion, here is an overview of the messengers currently known to me, in use or planned in public administrations and “BOS”. Here alone there are already
Federal police: “MOKA” (Chatstandard ’XMPP”) - open source, free, centralized
“A messenger service based on the open protocol standard XMPP (Extensible Messaging and Presence Protocol) is currently in trial operation at the Federal Police. This standard also enables the linking of different messenger services (similar to e-mail, keyword: federation capability), so that the Federal Police does not see any need for the introduction of an inter-agency messenger service. Instead, there could be a binding commitment to a protocol standard such as XMPP, so that inter-agency messenger communication with (possibly) different messenger solutions becomes possible (comparable to email communication). The Federal Government will evaluate these assessments of the Federal Police upon completion of the trial operation and, if necessary, examine further measures.”
Source: Federal Government response to Police in the digital age (external) from 14.11.2019
See also: Federal Government response to Digital radio and operational communication (external) from 11/09/2018
Last mentioned by the Federal Police in the Annual Report 2020 (external) on page 48 of 02.11.2021
But: Presumably no federation with other servers is possible. Please inform me or send me a correction message if this is the case.
Federal Criminal Police Office: “SE network” (SE = special units) - non-free, centralized, company property
“The BKA was commissioned by AK II to provide a central operational communication and support system (EKUS) for the special units of the federal and state police forces. AK II specified the “SE-Netz” software from the Fraunhofer Institute for Transportation and Infrastructure (Fh-IVI) as the product. The central system is currently being set up at the BKA, the data connection of the EKUS participants and the upgrading of the product with regard to central system functionalities by the manufacturer.”
Source: Federal Government response to Police in the digital age (external) from 14.11.2019
Cf. also: Reply of the Federal Government to Digital radio and operational communication (external) of 11/09/2018
Federal Armed Forces:
** “BwMessenger” (Matrix protocol - free, central, open source)
Sources:
heise.de (external) from 24.12.2019
bwi.de (external) from 18.11.2020
But: Only used within the Bundeswehr; no interoperability; no federation with other servers; no use of bridges to other systems. Please inform me or let me know if this is the case.
Various ministries: “Wire Bund”
Cross-references: recommendation (see below), quick overview of messenger systems
Sovereignty and security and freedom. Free messenger for the public sector.
BundesMessenger is a secure messaging platform for the public sector.
The Messenger of the German Armed Forces (BwMessenger; see above) was used as a blueprint for the messenger offered to authorities in Germany on the basis of Matrix.
Already during the beta phase (approx. 2022) was formulated here at Freie-Messenger:
Unfortunately, the beta phase was not used for this and the BundesMessenger is still a secluded messenger island without interoperability. Confirmed by BWI on request in June 2025:
at the current time, federation with non-federal messenger instances is not yet planned. However, this is technologically possible.
Answers to questions such as …
… would also be important and interesting to know today and after the beta phase has been completed. After all, interoperability is a political requirement and citizens’ tax money is used for the use of the BundesMessenger by public authorities. The general “demand” directed at others should become a concrete “goal” in its own right!
“Sovereignty, security and freedom. Free messengers (only) for the public sector” is good.
“Sovereignty and security and freedom. Free messengers for all (including citizens)” would be better.
Source: https://messenger.bwi.de/bundesmessenger (external; 15.06.2025)
Baden-Württemberg: Threema (non-free, central, company property)
With the Messenger pilot project, the Ministry of Education is testing the educational use of the instant messenger “Threema” for schools in Baden-Württemberg. A total of 13 schools are taking part in the project. “We want to use the digital form of communication where it makes sense from an educational and organizational perspective”_
Source: km-bw.de (external) from 22.11.2019
Bavaria:
** “TeamWire” (non-free, central, company property)
Source: stmi.bayern.de (external) from 16.05.2017
Source: heise.de (external) from 05/2017
** “ByCS-Messenger” (free, central, based on Element/Matrix, no interoperability, no matrix-internal federation)
There is no mandatory use for students - teachers may be required to use it for official communication.
From the terms of use: “Use for private purposes is not permitted.”_
Source: bycs.de (external) from 04.02.2024
But: No interoperability and presumably here too, as with the other ‘large’ Matrix instances, no federation (communication between users of different Matrix instances) is activated and thus prevented. Please inform me or send me a correction message if this is the case.
Rhineland-Palatinate: “poMMes” (non-free, central, company property)
Short for polizeilicher Multimedia Messenger - is a messenger developed by the Police Headquarters for Operations, Logistics and Technology (PP ELT) in Mainz
Source: e-recht24.de (external) from 31.05.2019
Lower Saxony: “NIMes” (non-free, central, company property; basis: “Stashcat”)
Source: polizei.niedersachsen.de (PDF file; external) proPolizei issue 04/2018
North Rhine-Westphalia: “Logineo” (free, central, based on Element/Matrix, no interoperability, no Matrix-internal federation)
In NRW, schools can use Matrix via the state server (Logineo NRW Messenger) with linked Jitsi.
Source: NRW Ministry of Education (external)
But: However, there is nothing; the instances are isolated. There are said to be considerations to open up the instances to such an extent that at least communication between teachers from different schools is possible. However, it remains to be seen whether this will actually happen. The instances are also severely restricted in other respects: Teachers can open class chats; pupils have no way of communicating with each other independently.
Schleswig-Holstein and Hamburg: “Element Matrix“ (free, central, based on Element/Matrix, no interoperability, no matrix-internal federation)
Dataport, a major IT service provider for public administration in Germany, will soon begin using a matrix-based solution for open source collaboration with 500,000 users in public offices and educational institutions in Schleswig-Holstein and Hamburg. The deployment, which aims to improve the region’s digital sovereignty, will also include secondary schools and educational institutions in time for the start of school in September. As far as we know, this is the largest single implementation of messaging and collaboration in the world with 500K users.”
Source: element.io (external)
About: No interoperability and presumably, as with the other ‘large’ Matrix instances, no open federation (communication between users of different Matrix instances) is activated and thus prevented. Please inform me or send me a correction message if this is the case.
Hessen: “HePolChat” (non-free, central, company property; basis: “Stashcat”)
Town halls, counties, TV and radio stations, press, etc. often use
- “WhatsApp” (!) (non-free, company property) and sometimes
- “Telegram” (non-free, company property).
Here too, at least the additional use of public chat standards in communication would be appropriate.
At European level, NATO at least uses the free chat standard (XMPP). But: Here, too, no federation is probably activated.
The solutions from commercial providers mentioned so far are not exhaustive. There are others such as govchat (external) (non-free).
Free software (=free chat) is demanded or recommended by various authorities at all levels:
Federal Ministry of Justice (BMJV)
Demand for opening and decentralization of messenger services
Federal Data Protection Commissioner
“I regularly advise authorities and companies under my supervision not to use WhatsApp for internal communication. In my view, the federal authorities should develop their own data protection-friendly messenger or participate in the further development of a free messenger, which could then gradually be opened up for communication with citizens. Of course, development on an open source basis is particularly suitable here.”
Source: Personal letter from BdDI dated 29.10.2019
Data protection officers from other areas
But data protection officers from the business or churches also recommend free chat. Here is an example from the church:
“The development, use and operation of a separate messenger service in the church and diaconia based on established and freely accessible protocols on federal servers would be a good idea from the point of view of the Commissioner for Data Protection of the EKD would be the best solution and is therefore recommended.”
Sources:
Parties stand for open source code
Almost all parties agree that “public money - public code” (external) should be an important part of IT decisions. Software developed with public money should benefit everyone as free software. Now even the CDU has joined in and included this in its party conference resolution in November 2019:
“The open and jointly developed standards of the Internet and the open interfaces are the principles that we use for the digitalization of Germany. Only through openness can competition arise, only through openness can new players challenge the top dogs in competition. Therefore, the following will apply to all (public) digitalization projects in Germany in future: the awarding of contracts and funding will be tied to compliance with the principles of open source and open standards. Software financed by public funds should serve all citizens. In addition, free and open APIs should facilitate access for independent developments.”
1st Federal Government
A few days after the party conference decision, Chancellor Merkel underlines the demand in the general debate in the Bundestag:
”… But that means first of all that I have everything digitized, that I know what I have. We are in favor of this, and I am looking at Nadine Schön right now, that we do this as openly as possible, in the ‘open data’ area - as ‘open source’ - that it is transparent. But ladies and gentlemen, we still need a cultural change in Germany that understands that this is urgent. And I have the impression that we are much, much too slow in this respect. And that we as members of parliament should be the ambassadors, so to speak, ‘don’t sleep through this time’, otherwise value creation models will pass us by and we will become an extended workbench - that is my great concern, but I believe that as a federal government we are now on the right track. …”
Source: Video from invidio.us (external)
1 Education
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate has published a leaflet on data protection in schools. It states, among other things:
“For school communication between teachers and pupils, schools have access to a state-owned, free learning platform based on Moodle: http://lernenonline.bildung-rp.de (external) This guarantees data security through the use of a state-owned server. If a teacher considers it necessary to communicate with parents and pupils via Messenger, only European providers that offer end-to-end encryption can be considered (e.g. Wire, Hoccer, Pidgin/OTR, Chiffry or Threema).”
Source: Leaflet as of Nov. 2019
note:
The publisher has been informed that Wire has moved its headquarters to the USA, Hoccer is not recommended for children (addendum: Hoccer discontinued its service in May 2020!), Pidgin is only one possible program of a free messenger system, Chiffry is only free in a very limited basic version and Threema is also not free. In addition, most of them are not open source. Furthermore, the phrase “European providers” is used. This can
providers from Ukraine, Moldova and Belarus, among others.
The suggestion was made to use a neutral formulation such as “Within the scope of the GDPR + E2EE + open source of server and client” instead.
More on messengers in education: >> here << (german)
Hospitals
In the “Technical data protection requirements for messenger services in hospitals” it is recommended:
“The use of open communication protocols (e.g. XMPP) should be at least optionally possible to enable communication with other messenger services.”
Source: Conference of the independent federal and state data protection supervisory authorities of 07.11.2019
Police environment
In the environment of professional secrecy carriers, there are more and more reports about free (and secure!) solutions. For example, in the detailed article “Secure messengers for the police”
Free messengers
Millions of taxpayers’ money is being lost as a result of such an unstructured and ill-considered (out of necessity) approach to a wide variety of projects. In addition, the public sector is entering into a dependency that can hardly be resolved without necessity. From the point of view of mandatory data protection regulations, systems whose functions require the administration to blindly rely on the statements of commercial providers must also be regarded as questionable.
As with e-mail, telephone or mobile telephony, free exchange should also be a matter of course with chat - this is possible. All functions of commercial products can also be implemented on the basis of standardized protocols. To this end, the messenger competence of decision-makers must improve and lobbyists must be put in their place.
In all considerations, one basic idea should therefore hover over everything: taxpayers’ money should not be invested in projects that result in dependence on manufacturers. Better formulated:
| Public money -> public program code and public data |
| Taxpayers' money should only be invested in projects that are independent of manufacturers. |
In contrast to private use, where a clear recommendation can be made, this is not so easy in the public sector.
Matrix is currently used because it is optimal for the reliability of chat rooms. However, since the entire chat history is synchronized on all servers of the participants involved in the conversation when federation is activated, this is problematic in terms of data protection law (keyword “order data management”). Therefore, the use of a bridge to the international standard protocol for chat (“XMPP”) is not only a good idea, but also highly recommended.
I therefore currently recommend the combination of the XMPP and Matrix protocols: “X[M]PP”.
Cross-reference: Interoperability