Security experts say new EU rules will harm WhatsApp encryption
On March 24, EU governing bodies announced they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA). Seen as an ambitious law with far-reaching implications, the most glaring measure in the bill would require that every major tech company — defined as a market capitalization of over €75 billion or a user base of over 45 million people in the EU — should that are interoperable with smaller platforms. For messaging apps, that would mean merging end-to-end encrypted services like WhatsApp with less secure protocols like SMS – which security experts fear will undermine hard-won gains in message encryption.
The main focus of the DMA is a class of large technology companies called “gatekeepers,” defined by the size of their audiences or revenues and, by extension, the structural power they can wield against smaller competitors. With the new regulations, the government hopes to “break open” some of the services of such companies to allow smaller companies to compete. That could mean users can install third-party apps outside of the App Store, and third-party vendors rank higher in Amazon searchesor require messaging apps to send texts over multiple protocols.
But this could pose a real problem for services that promise end-to-end encryption: the consensus among cryptographers is that it will be difficult, if not impossible, to maintain encryption between apps, with potentially huge consequences for users. Signal is small enough not to be affected by the DMA provisions, but WhatsApp – which uses the Signal protocol and is owned by Meta – certainly would be. As a result, some, if not all, of WhatsApp’s end-to-end message encryption could be weakened or removed, robbing a billion users of private message protection.
Given the need for precise implementation of cryptographic standards, experts say there is no simple solution that can reconcile security and interoperability for encrypted messaging services. In fact, there would be no way to merge different forms of encryption in apps with different design features, said Steven Bellovin, an acclaimed Internet security researcher and professor of computer science at Columbia University.
“Trying to reconcile two different cryptographic architectures just isn’t possible; one side or the other will have to make big changes,” Bellovin said. “A design that only works when both parties are online looks very different from a design that works with saved messages…. How do you make those two systems work together?”
Making different messaging services compatible can lead to a design approach with the lowest common denominator, Bellovin says, where the unique features that made certain apps valuable to users are stripped away until a shared compatibility level is reached. For example, if one app supports encrypted communication between multiple parties and the other does not, maintaining the communication between them would usually require removing the encryption.
Alternatively, the DMA proposes a different approach — equally unsatisfactory for privacy advocates — in which messages sent between two platforms with incompatible encryption schemes are decrypted and re-encrypted as they pass between them, thus reducing the chain of “end- to-end” encryption is broken and a vulnerable point for interception by a bad actor.
Alec Muffett, an internet security expert and former Facebook engineer who recently helped Twitter launch an encrypted Tor service, said: The edge that it would be a mistake to think that Apple, Google, Facebook and other tech companies made identical and interchangeable products that could be easily combined.
“If you go into a McDonald’s and say, ‘In the interest of breaking corporate monopolies, I demand that you add a sushi platter from another restaurant to my order,’ they would rightly stare at you,” Muffett said. “What happens if the requested sushi arrives by courier at McDonald’s from the supposedly requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the carrier legit? Is it safely prepared?”
Currently, each messaging service takes responsibility for its own security — and Muffett and others have argued that by demanding interoperability, users of one service are exposed to vulnerabilities that may have been introduced by another. Ultimately, overall security is only as strong as its weakest link.
Another concern raised by security experts is the problem of maintaining a coherent ‘namespace’, the set of identifiers used to identify different devices in a network system. A basic tenet of encryption is that messages are encrypted in a way that is unique to a known cryptographic identity, so proper identity management is fundamental to maintaining security.
Not all security experts have reacted so negatively to the DMA. Some of the objections previously shared by Muffett and Stamos have been addressed in a blog post from Matrix, a project aimed at developing an open-source, secure communication standard.
The post, written by Matrix co-founder Matthew Hodgson, acknowledges the challenges associated with mandatory interoperability but argues that they are outweighed by the benefits that will come from challenging the tech giants’ insistence on closed messaging ecosystems. .
“In the past, gatekeepers have reduced the effort of [interoperability] if not worth it,” Hodgson told The edge† “After all, standard procedure is to build a walled garden, and once you’ve built one, the temptation is to try and trap as many users as possible.”
But since users generally like to trust and centralize a social graph in one app, it’s unclear whether the imposition of cross-platform messaging from above is mirrored by demand from below.
“iMessage already has interop: it’s called SMS and users really don’t like it,” says Alex Stamos. “And it has really bad security features that are not explained by green bubbles.”