EU prepares to slap WhatsApp and others, but security experts are concerned
For those unfamiliar, the DMA aims to reign in big tech platforms in Europe so that smaller companies can better compete with Meta, Google, Microsoft and others.
As part of the new bill, large tech companies with a market capitalization of over €75bn and a user base of more than 45m in the EU would be required to create products that are interoperable with smaller platforms. While this will likely be fine for online collaboration tools and office software, there are a number of security risks for messaging services like WhatsApp that included end-to-end encryption as part of their offerings.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
The EU hopes that the DMA will help smaller competitors by breaking open some of the services provided by large tech giants that are considered gatekeepers due to the size of their customer base as well as their revenue. As a result, iPhone users could potentially be able to install third-party apps outside of the App Store, outside sellers may soon rank higher on Amazon’s ecommerce platform and messaging apps would be required to allow users to send messages across multiple protocols, according to a new report from The Verge.
End-to-end encryption concerns
The DMA poses a serious problem for secure messaging services that included end-to-end encryption as part of their offerings.
Cryptographers agree that it will be difficult or even impossible to maintain encryption between apps which could put users at risk of having their messages and data exposed. While Signal is small enough that it likely won’t be affected by the EU’s new legislation, WhatsApp, which uses the Signal protocol, will likely need to change how its platform works.
As cryptographic standards need to be precisely implemented, security experts that spoke with The Verge warned that there is no easy way for secure messaging apps to provide both security and interoperability to their users. Essentially, different forms of encryption with different design features can’t easily be fused together to comply with the DMA.
Internet security researcher and Columbia University computer science professor, Steven Bellovin provided further insight on the matter in a statement to The Verge, saying:
“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes. A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”
As it stands now, every messaging service is responsible for its own security but by making them interoperable, users of one service could be exposed to vulnerabilities that may exist in another messaging platform.
Thankfully, there’s still time for either the EU to reverse course or for secure messaging app providers to devise a way to make their services interoperable with smaller competitors as Digital Markets Act won’t be implemented before next year.
Via The Verge
Go to Source