New legislation announced by the European Union aims to increase the competitiveness amongst apps such as Facebook’s WhatsApp and Messenger, and Apple’s iMessage. But the changes put in place may result in messages becoming more susceptible to attackers. Compromising the privacy of those that use apps such as WhatsApp.
The Digital Markets Act
The new Digital Markets Act is expected to come into effect in October this year. Although, companies will have a staggered period in which to adjust to the obligations laid out.
The goal of the new act is to curb the power of Big Tech in Europe, by attempting to make the market more competitive. It plans to achieve this by allowing smaller companies to become more involved. Specifically via the creation of a more open platform through which the dominant apps must be interoperable with smaller apps.
The problem is that this means end-to-end encrypted services will have to interact with less secure protocols. So apps like WhatsApp would have to remove or significantly weaken its end-to-end encryption and so compromise the privacy of messages. Which also happens to currently be one of the apps most promoted features.
Yet, should any company fail to comply they could face fines of up to 10% of their global turnover in the preceding financial year.
What Does End to End Encryption Mean?
End-to-end encryption is a safety feature which provides privacy of communication. Essentially it ensures that messages sent and received are only viewable by the sender and recipient. Protecting the messages from potential attackers.
Can it Be Done Without Compromising WhatsApp Privacy?
The new Digital Markets Act did suggest that companies decrypt messages and then re-encrypt them between platforms. However, experts say that this would create a soft spot in the security which attackers could break through.
Matthew Hodgson, the founder of Matrix, a secure, open-source communication standard project has in the meantime made some alternative suggestions. Listing several possibilities to keep messages private while ensuring platforms are interoperable. Some of which include client-side bridges and having the gatekeepers switch to an open, decentralised encryption protocol.