By Matt Burgess
Europe’s Digital Markets Act requires interoperability between popular messaging apps. But experts warn encryption could be compromised.
The newest law designed to rein in Big Tech aims to make all your favorite messaging apps work seamlessly together. Sounds great, right? Well, we have some bad news.
Every day, billions of messages are sent using end-to-end encryption. Millions of people use iMessage, WhatsApp, and Signal to chat with friends, family, and colleagues, and those conversations are all automatically protected by strong encryption. But it’s not possible to send a message from one encrypted app to another. If you use Signal and your friends only use WhatsApp, someone has to compromise.
Under the European Union’s wide-ranging Digital Markets Act (DMA), which European lawmakers approved last week and is expected to be implemented this year, the owners of messaging apps will be required to make them interoperable if another company requests that they do so. As a result, the largest messaging platforms—including WhatsApp, Facebook Messenger, and iMessage, which the DMA designates as gatekeepers—will have to open up to rivals.
“Users of small or big platforms would then be able to exchange messages, send files, or make video calls across messaging apps, thus giving them more choice,” the lawmakers said in an announcement. Under the plans, Signal could ask to work with Messenger, for instance. Or Meta could request that WhatsApp be made compatible with iMessage—a logistical challenge even if Meta and Apple weren’t actively feuding, but one EU lawmakers say is worth solving.
Proponents of interoperability say the law will give consumers more choice and will allow third-party clients to build out extra functions. And while MEP Andreas Schwab, the lead negotiator for the DMA, says that the politicians are not looking to weaken encryption, cryptography experts are concerned the proposals will not be technically possible without compromising end-to-end encryption, potentially putting those billions of messages we send each other every day at risk.
While end-to-end encryption has become seamless for people using messaging apps, no two apps implement encryption identically. WhatsApp uses a custom version of the Signal encryption protocol, for example, but users still can’t message each other across the apps. And while Apple’s iMessage is interoperable with SMS, these standard text messages aren’t encrypted.
Many cryptographers and security experts have already pointed out flaws in Europe’s plan. “Interoperable E2EE [end-to-end encryption] is somewhere between extraordinarily difficult and impossible,” Steve Bellovin, one of the world’s leading cryptographers and a former chief technologist at the Federal Trade Commission, tweeted on Friday.
“When you start talking about different companies exchanging encrypted communications with one another, there are many serious considerations here that are extremely difficult to resolve,” says Nadim Kobeissi, an applied cryptographer and founder of decentralized publishing platform Capsule Social. “It is very likely that there will be a serious degradation of the cryptographic techniques that will be necessary in order to accommodate this proposal,” Kobeissi says.
The proposals put forward as part of the DMA—which has yet to be fully published—don’t include technical details on how interoperability would work, but officials say the changes should be rolled out over a number of years. Basic features such as messages between two people should be implemented three months after a tech company is asked to provide them; audio and video calls have a four-year deadline.
“Making end-to-end encrypted messaging apps interoperable is technically challenging and creates real risks for privacy, safety, and innovation,” Will Cathcart, Meta’s head of WhatsApp, said in a statement. “Changes of this complexity risk turning a competitive and innovative industry into SMS or email, which is not secure and full of spam,” he says. In an interview with tech journalist Casey Newton, Cathcart said the move could cause misinformation problems and moderation issues for WhatsApp. “I have a lot of concerns around whether this will break or severely undermine privacy, whether it’ll break a lot of the safety work we’ve done that we’re particularly proud of, and whether it’ll actually lead to more innovation and competitiveness,” he said.
Apple did not respond to a request for comment about encryption but said it has general concerns that parts of the DMA will create “unnecessary privacy and security vulnerabilities.” Signal did not respond to a request for comment.
Not everyone is against interoperability and end-to-end encryption. Matrix, a nonprofit that’s building an open source standard for encryption, has published multiple blog posts outlining how it believes the EU’s proposals could work. “The main challenge is the trade-off between interoperability and privacy for gatekeepers who provide end-to-end encryption,” the team behind Matrix say.
There are broadly two routes that could allow encryption to work across apps operated by different companies. The first involves tech companies allowing access to APIs that connect to their messaging services—this is the option Schwab and lawmakers are leaning toward. The second involves more radical change: All companies would have to adopt and implement one universal encryption standard.
Neither is easy.
Connecting to an open API could involve a company using a “bridge” that joins the two platforms together. Signal would, for instance, have to implement multiple bridges if it wanted to work with different apps. “Every device has to speak every language, but at least users have the building blocks to get at each other’s messages, rather than then being arbitrarily locked away by the gatekeepers,” Ian Brown, a visiting professor at Fundação Getulio Vargas Law School in Rio de Janeiro, wrote for Interoperability News.
Using a bridge would involve decrypting messages, potentially on someone’s device, and then making them appear in the destination app. Removing the end-to-end encryption would open up a new layer that could be attacked by hackers or malicious actors. “How do you guarantee that the things sitting next to your messaging app are benevolent and not malicious,” says Robin Wilton, director of internet trust at the Internet Society. Kobeissi adds that it’s unclear under the proposals who would manage the exchange of public encryption keys and how cryptographic metadata would be shared between companies. If Signal and iMessage become interoperable, which one changes its encryption to match the other?
One of the biggest unanswered questions is how interoperability would ensure you are chatting with the people you think you are. People use different usernames on each platform, and not knowing who someone is could lead to identity issues, explains Alan Duric, cofounder of encrypted messaging app Wire. “If you’re communicating across Wire and WhatsApp, how can the Wire user be certain that the person they are talking to on WhatsApp is authentic?” he says. “How can they be sure the person they’re talking to is even using WhatsApp at all?” Duric says this can be combated by verifying each user’s identity, which can then help reduce abuse and spam.
Those in favour of interoperability say the best way to do this would be for all companies to adopt one encryption standard and stick to it. These standards already exist—for instance, the Matrix messaging protocol, the XMPP standard, and the upcoming Messaging Layer Security. “If every player in the field—so the gatekeepers but also the smaller player—all connect to the same standard, it ends up being a big glue between the different services,” says Amandine Le Pape, a cofounder of the Matrix standard. This would avoid companies implementing APIs via a piecemeal process, although this isn’t what the European Union has opted for at the moment. “The DMA is just the first step,” Le Pape says.
Getting all messaging apps to use one standard would be a significant, time-consuming challenge. “Potentially, you could just have a situation where everyone switches to Matrix,” Kobeissi says. “But Matrix is a fundamentally different security architecture, not just from an end-to-end encryption perspective, but also from a threat modelling perspective.” Each app faces different potential attacks against it—based on its user base and operations—so moving to one model would require companies to reassess how their users could be compromised.
Companies would have to rebuild their entire encryption systems and change multiple features in their apps, a process that could take years. Take Meta: In 2019, the company said it was going to make Instagram DMs and Messenger end-to-end encrypted by default and integrate their infrastructure with WhatsApp. Three years later, the company is still trying to untangle its systems and add safety features. The transition has been harder than expected—and Meta controls all of the technology involved.
Ultimately, how much companies change may come down to the technical realities and the degree of pressure the European Commission, which will enforce the DMA, puts on them. Like GDPR, the DMA could lead to multimillion-dollar fines for businesses that don’t comply. However, GDPR has been poorly enforced—including a provision that says people should be able to transport their data from one app to another. Tech companies may have no choice if the European Commission enforces the DMA—but that could be the least of their worries.
Feature Image Credit:
By Matt Burgess
Sourced from WIRED