The EU recently announced that it has reached agreement on broader legislation to target Big Tech in Europe, known as Digital Markets Act. Seen as an ambitious law with far-reaching implications, the most eye-catching measure in the law would require every major tech company to create products that are interoperable with smaller platforms.
For messaging apps, this would mean let end-to-end encrypted services come WhatsApp mix with less secure protocols like the SMS. But security experts fear that this could undermine hard-earned gains in the field of message encryption.
Digital Markets Act: what effects could it have on WhatsApp?
The main focus of DMA is one class of large tech companies called gatekeepers; these are defined by the size of their audience or theirs enter and, by extension, the structural power who are able to exercise against smaller competitors.
Through the new regulations, the government hopes to open up some of the services provided by these companies to enable smaller businesses to compete. This means, among many other hypotheses, allowing users to install third party applications outside the App Store; allow external vendors to rank higher in Amazon searches; request messaging apps for send texts through multiple protocols.
However this could create a real problem for the services that promise the end-to-end encryption. The consensus among cryptographers is that it will be difficult, if not impossible, maintain encryption between appswith potentially huge implications for users.
Cryptography at risk
Signal is small enough not to be affected by the provisions of the Digital Markets Act. However WhatsApp – which uses the Signal protocol and is owned by Meta – it certainly would be. There is a risk that the whole end-to-end encryption of WhatsApp come weakened O removedrobbing one billion users of protections of private messaging.
Experts state that there is no simple solution that can reconcile the safety and theinteroperability of encrypted messaging services.
Indeed, there would be no way to merge different forms of cryptography together among apps with different design features. Steven Bellovinan acclaimed internet security researcher and computer science professor at Columbia University, said:
Trying to reconcile two different cryptographic architectures simply cannot be done; one side or the other will have to make big changes. A project that only works when both parties are online will be very different from one that works with stored messages. How do you make these two systems interact?
Making different messaging services compatible can lead to a approach to the design of the lowest common denominatorsays Bellovin. In this case, the unique features that have made some applications precious for users they are attacked until they reach a shared level of compatibility. For example, if an app supports the encrypted communication with several parties and another not, the abandonment of the is required to maintain communications cryptography.
Is there another approach?
Alternatively, the DMA suggests another approach (unfortunately just as unsatisfactory for privacy advocates). In this alternate approach, messages sent between two platforms with incompatible encryption schemes I’m decrypted e re-encrypted when they pass between them. As a result, the end-to-end encryption chain would be broken, creating a point of vulnerability for interception by malicious users.
Alec Muffettan internet security expert, said it would be a mistake to think Big Tech is building it identical products e interchangeable which could be easily combined. Regarding this, Muffett stated:
If you went to a McDonald’s and said, ‘In the interest of breaking corporate monopolies, I ask that you include a plate of sushi from some other restaurant with my order’, they would rightly just look at you. What happens when the requested sushi arrives by courier at McDonald’s from the apparently requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the courier legitimate? Was it prepared safely?
Leave a Reply
View Comments