- New EU laws will force messaging platforms to work with each other.
- Apple, and FaceBook won’t want to give up their platform lock-in.
- Secure interoperability is possible, but not without a total redesign.
The EU may force WhatsApp, Signal, iMessage, and other message services to interoperate. It sounds like a dream, but it could end up a nightmare.
A new EU law, the Digital Markets Act (DMA), is designed to make it possible for small players to compete against the incumbent giants of the tech industry. One part of this law stipulates that users should be able to send messages to each other, regardless of which messaging app they use. But this could have rather severe consequences in terms of security and privacy, which are—ironically—another focus of the DMA.
“The greatest difficulty in interoperability is agreeing on a common protocol, common code, and means to integrate the different technologies or build a new technology,” global cybersecurity assessor Andy Rogers told Lifewire via email. “We must standardize the technology so that everyone works on the same sheet of music. When you decide to integrate a technology that is standardized with your own, like iMessage did with SMS, you can sometimes end up with a kludge of sorts because you’re integrating two technologies that weren’t intended for each other.”
Messaging platforms are valuable because they have considerable lock-in. If you, your friends, and your work contacts all use WhatsApp, for example, there’s no way you’re going to move to Signal. We get around this now by having all the messaging apps on our devices and using whichever we need, depending on who we’re talking to. The DMA would force platform vendors like Apple and Facebook to make their services work with each other.
The idea is that you could choose to use WhatsApp for its superior group chats but still include iMessage-using contacts in the conversation. They wouldn’t have to install the Facebook-owned app at all.
When you decide to integrate a technology that is standardized with your own… you can sometimes end up with a kludge of sorts…
The problems here are utility and security. Apple, WhatsApp, and Signal all use end-to-end encryption to keep the contents of your messages completely private. It is impossible for the platform providers to see your messages. How, then, could encryption survive this interoperability?
Another problem is that those same platform providers will surely make it as annoying as possible to hook up your various chat accounts. Apple has been willing to pay over $5 million per week to Dutch authorities rather than open its App Store payment system for dating apps.
WhatsApp might not be able to see inside your messages, but it sure knows who you send them to, when, and what groups you are a part of. You can bet that Apple won’t want its iMessage users’ metadata to be sucked up by Facebook, and you can bet that Facebook won’t want anyone to connect to WhatsApp with any kind of anonymity.
By allowing interoperability, you remove the platforms’ lock-in and make them far less valuable to their owners.
Is It Even Possible?
iMessage already incorporates SMS into the same app as iMessages, so in theory, it could also support WhatsApp, Telegram, and so on. But it wouldn't be pretty.
“Over the weekend, cryptography experts sounded the alarm about this idea, saying that platforms might not be able to do this in a way that leaves messages encrypted,” writes tech journalist Casey Newton in his Platformer newsletter. “It’s clear that, to the extent that there might be a way for services like iMessage and WhatsApp to interoperate and preserve encryption, that way has yet to be invented.”
Security-wise, it’s certainly possible to make encryption interoperable, but it would have to use a common standard. “We already have a fantastic technology that is proven time and time again for encryption,” says Rogers. “Public Key Infrastructure (PKI) has been used for almost five decades and is still being used today.” It’s the security behind the little lock in your web browser’s URL bar.
But that would require a lot of work to implement. Perhaps we'll end up with interoperability, but only with unencrypted messages and only with the minimum of support. And who wants that, apart from the big tech companies the DMA is supposed to tame?