The newest law designed to rein in Big Tech aims to make all your favorite messaging apps work seamlessly together. Sounds great, right? Well, we have some bad news.
Every day, billions of messages are sent using end-to-end encryption. Millions of people use iMessage, WhatsApp, and Signal to chat with friends, family, and colleagues, and those conversations are all automatically protected by strong encryption. But it’s not possible to send a message from one encrypted app to another. If you use Signal and your friends only use WhatsApp, someone has to compromise.
Under the European Union’s wide-ranging Digital Markets Act (DMA), which European lawmakers approved last week and is expected to be implemented this year, the owners of messaging apps will be required to make them interoperable if another company requests that they do so. As a result, the largest messaging platforms—including WhatsApp, Facebook Messenger, and iMessage, which the DMA designates as gatekeepers—will have to open up to rivals.
“Users of small or big platforms would then be able to exchange messages, send files, or make video calls across messaging apps, thus giving them more choice,” the lawmakers said in an announcement. Under the plans, Signal could ask to work with Messenger, for instance. Or Meta could request that WhatsApp be made compatible with iMessage—a logistical challenge even if Meta and Apple weren’t actively feuding, but one EU lawmakers say is worth solving.
Proponents of interoperability say the law will give consumers more choice and will allow third-party clients to build out extra functions. And while MEP Andreas Schwab, the lead negotiator for the DMA, says that the politicians are not looking to weaken encryption, cryptography experts are concerned the proposals will not be technically possible without compromising end-to-end encryption, potentially putting those billions of messages we send each other every day at risk.
While end-to-end encryption has become seamless for people using messaging apps, no two apps implement encryption identically. WhatsApp uses a custom version of the Signal encryption protocol, for example, but users still can’t message each other across the apps. And while Apple’s iMessage is interoperable with SMS, these standard text messages aren’t encrypted.
Many cryptographers and security experts have already pointed out flaws in Europe’s plan. “Interoperable E2EE [end-to-end encryption] is somewhere between extraordinarily difficult and impossible,” Steve Bellovin, one of the world’s leading cryptographers and a former chief technologist at the Federal Trade Commission, tweeted on Friday.
“When you start talking about different companies exchanging encrypted communications with one another, there are many serious considerations here that are extremely difficult to resolve,” says Nadim Kobeissi, an applied cryptographer and founder of decentralized publishing platform Capsule Social. “It is very likely that there will be a serious degradation of the cryptographic techniques that will be necessary in order to accommodate this proposal,” Kobeissi says.
The proposals put forward as part of the DMA—which has yet to be fully published—don’t include technical details on how interoperability would work, but officials say the changes should be rolled out over a number of years. Basic features such as messages between two people should be implemented three months after a tech company is asked to provide them; audio and video calls have a four-year deadline.