Last week the authorities of theEuropean Union have announced that they have reached an agreement which aims to target the Big Tech operating in the Old Continent: we are talking about the Digital Markets Act (DMA)a bill considered by insiders to be ambitious to say the least.
In practice, on the basis of that project, every technology company with a capitalization of over 75 billion euros or a base of over 45 million European users must create interoperable products with smaller platforms and, as far as messaging apps are concerned, that would mean that services with encryption end-to-end how Whatsapp they should “mix” with less secure protocols such as SMS.
The risks for WhatsApp and other messaging apps
The idea behind the Digital Markets Act is to allow even the smallest companies to be able to compete with the giants of technology and examples of this greater freedom are represented by the possibility for users to install third-party apps outside the App. Apple’s Store, from the ability to allow external sellers to rank higher in Amazon searches or the ability to require messaging apps to send messages across multiple protocols, which are currently unattainable.
In the field of instant messaging apps, the effect of the Digital Markets Act may have huge repercussions and WhatsApp users risk finding themselves suddenly deprived of the protection currently guaranteed by the encryption system end-to-end to whom the service is entrusted.
The cryptographic experts they don’t seem to have doubts in this regard: there is no solution that can allow you to merge together different forms of encryption between apps with different design characteristics and this means that to reconcile two different cryptographic architectures it will be necessary for one of them to make major changes.
Alternatively, the DMA also suggests another approach, which is deemed equally unsatisfactory by security experts: messages sent between two platforms with incompatible encryption schemes should be decrypted and re-encrypted as they pass from one platform to another, thus breaking the chain of communication. cryptography end-to-end And creating a point of vulnerability for interception by the attacker on duty.
Basically, if each messaging service currently takes responsibility for its own security, interoperability between them risks exposing the users of one service to vulnerabilities that may have been introduced by another.
In the coming months, the debate on the Digital Markets Act and the possible repercussions on end users will be increasingly heated. We will see what the solutions will be.