WhatsApp – the most popular messaging app on the planet – could be under threat from new legislation introduced by EU lawmakers, security experts have cautioned. For years, Facebook-owned WhatsApp has prized itself on the security of its messaging platform, thanks to its much vaunted end-to-end encryption which ensures only you and the recipient can see the content of a message. Even if its intercepted on its path from your smartphone to their device… nobody else can decipher it. That includes those who work at parent company, Facebook.
However, security experts now fear this market-leading feature could be hampered, thanks to new rules announced by the EU. The Digital Markets Act (DMA) will massively shake-up how Big Tech operates and offers a path for smaller companies to compete with the industry’s biggest players.
These “gatekeepers”, as the EU lawmakers refer to them, in areas such as social networking and search engines will all be targeted by the measures. And there’s one specific rule that will impact WhatsApp – namely the leading messenger being compelled to be interoperable with smaller platforms, if this is requested.
This would also impact other apps such as iMessage and Facebook Messenger and would mean messages, files and video calls would all need to be able to be exchanged between the biggest messenger apps around as well as smaller ones.
Explaining how this works online, the EU said: “EU lawmakers agreed that the largest messaging services (such as WhatsApp, Facebook Messenger or iMessage) will have to open up and interoperate with smaller messaging platforms, if they so request.
“Users of small or big platforms would then be able to exchange messages, send files or make video calls across messaging apps, thus giving them more choice. As regards interoperability obligation for social networks, co-legislators agreed that such interoperability provisions will be assessed in the future.”
While this might sound exciting on paper …security experts have warned that this could make it difficult, or even impossible, to ensure that end-to-end encryption remains between different apps.
Because of how precise cryptography needs to be, there is no simple way to keep the same level of encryption that WhatsApp users currently enjoy between users of WhatsApp and a smaller messenger.
Speaking to The Verge, Steven Bellovin – a professor at Columbia University – said: “Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes. A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”
While Alex Stamos, the former chief security officer at Facebook, added: “There is no way to allow for end-to-end encryption without trusting every provider to handle the identity management… If the goal is for all of the messaging systems to treat each other’s users exactly the same, then this is a privacy and security nightmare.”
Besides the impact on end-to-end encryption, Cathcart added the measures outlined in the DMA could lead to an increase in spam and misinformation.
WhatsApp and other messengers concerned about the DMA now face a tense wait to see if the legislation gets the all clear.
After the legal text for the DMA is finalised it will need to be approved by both the European Parliament and Council. Then, it will come into force 20 days after its publication in the EU Official Journal and the rules will apply six months after.
Published at Wed, 30 Mar 2022 17:01:00 +0000