WhatsApp – the most popular messaging app on the planet – could be under threat from new legislation introduced by EU lawmakers, security experts have warned. For years, Facebook-owned WhatsApp has been committed to the security of its messaging platform, with its much-vaunted end-to-end encryption that ensures only you and the recipient can see the content of a message. Even if it is intercepted on its way from your smartphone to its device… no one else can decipher it. This includes those who work at the parent company, Facebook.
However, security experts now fear that this market-leading feature will be hampered, thanks to new rules announced by the EU. The Digital Markets Act (DMA) will massively disrupt the way Big Tech works and give small businesses the opportunity to compete with the biggest players in the industry.
These “gatekeepers”, as EU lawmakers call them, in areas such as social media and search engines will all be targeted by the measures. And there is one specific rule that will impact WhatsApp – namely that the main messenger is required to be interoperable with smaller platforms, if required.
It would also impact other apps such as iMessage and Facebook Messenger and would mean that messages, files and video calls should all be able to be exchanged between larger messaging apps and smaller ones.
Explaining how it works online, the EU said: “EU lawmakers have agreed that the biggest messaging services (such as WhatsApp, Facebook Messenger or iMessage) will have to open up and interact with platforms smaller couriers, if requested.
“Users on small or large platforms could then exchange messages, send files or make video calls via messaging apps, giving them more choice. Regarding the interoperability obligation for social networks , the co-legislators have agreed that these interoperability provisions will be assessed in the future.”
While that might sound exciting on paper…security experts have warned that it could make it difficult, if not impossible, to ensure that end-to-end encryption remains between different applications.
Due to the precision of cryptography, there is no easy way to maintain the same level of encryption that WhatsApp users currently enjoy between WhatsApp users and a smaller messenger.
Speaking to The Verge, Steven Bellovin – a professor at Columbia University – said: “Trying to reconcile two different cryptographic architectures simply cannot be done; one side or the other will have to make major changes. design that only works when the two online parties will be very different from those that work with stored messages… How do you get these two systems to interact?”
While Alex Stamos, the former head of security at Facebook, added, “There’s no way to allow end-to-end encryption without trusting each vendor to handle identity management. …If the goal is for all messaging systems to treat each other’s users exactly the same, then that’s a privacy and security nightmare.”
WhatsApp boss Will Cathcart also said the measures outlined by the DMA could “break or seriously infringe on privacy”.
Besides the impact on end-to-end encryption, Cathcart added that the measures outlined in the DMA could lead to an increase in spam and misinformation.
WhatsApp and other messengers concerned about AMD are now facing a tense wait to see if the legislation gets the green light.
Once the legal text of the DMA is finalised, it will have to be approved by both the European Parliament and the Council. Then it will enter into force 20 days after its publication in the Official Journal of the EU and the rules will apply six months after.