TechnologySecurity Experts say New EU Rules will Damage WhatsApp...

Security Experts say New EU Rules will Damage WhatsApp Encryption

-

- Advertisment -spot_img
FLASH SALES

EU governing bodies has announced that they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA).

Security Experts say New EU Rules will Damage WhatsApp Encryption
Security Experts say New EU Rules will Damage WhatsApp Encryption

The new deal, according to The Verge, seen as an ambitious law with far-reaching implications, the most eye-catching measure in the bill would require that every large tech company — defined as having a market capitalization of more than €75 billion or a user base of more than 45 million people in the EU — create products that are interoperable with smaller platforms.

For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS — which security experts worry will undermine hard-won gains in the field of message encryption.

FREE DELIVERY

The main focus of the DMA is a class of large tech companies termed “gatekeepers,” defined by the size of their audience or revenue and, by extension, the structural power they are able to wield against smaller competitors. Through the new regulations, the government is hoping to “break open” some of the services provided by such companies to allow smaller businesses to compete.

That could mean letting users install third-party apps outside of the App Store, letting outside sellers rank higher in Amazon searches, or requiring messaging apps to send texts across multiple protocols.

Given the need for precise implementation of cryptographic standards, experts say that there’s no simple fix that can reconcile security and interoperability for encrypted messaging services.

Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.

“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes,” Bellovin said. “A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”

Alternatively, the DMA suggests another approach — equally unsatisfactory to privacy advocates — in which messages sent between two platforms with incompatible encryption schemes are decrypted and re-encrypted when passed between them, breaking the chain of “end-to-end” encryption and creating a point of vulnerability for interception by a bad actor.

Alec Muffett, an internet security expert and former Facebook engineer who recently helped Twitter launch an encrypted Tor service, told The Verge that it would be a mistake to think that Apple, Google, Facebook, and other tech companies were making identical and interchangeable products that could easily be combined.

“If you went into a McDonald’s and said, ‘In the interest of breaking corporate monopolies, I demand that you include a sushi platter from some other restaurant with my order,’ they would rightly just stare at you,” Muffett said.

“What happens when the requested sushi arrives by courier at McDonald’s from the ostensibly requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the courier legitimate? Was it prepared safely?”

Currently, every messaging service takes responsibility for its own security — and Muffett and others have argued that by demanding interoperability, users of one service are exposed to vulnerabilities that may have been introduced by another. In the end, overall security is only as strong as the weakest link.

Another point of concern raised by security experts is the problem of maintaining a coherent “namespace,” the set of identifiers that are used to designate different devices in any networked system. A basic principle of encryption is that messages are encoded in a way that is unique to a known cryptographic identity, so doing a good job of identity management is fundamental to maintaining security.

“How do you tell your phone who you want to talk to, and how does the phone find that person?” said Alex Stamos, director of the Stanford Internet Observatory and former chief security officer at Facebook. “There is no way to allow for end-to-end encryption without trusting every provider to handle the identity management… If the goal is for all of the messaging systems to treat each other’s users exactly the same, then this is a privacy and security nightmare.”

The post, written by Matrix co-founder Matthew Hodgson, acknowledges the challenges that come with mandated interoperability but argues that they are outweighed by benefits that will come from challenging the tech giants’ insistence on closed messaging ecosystems.

“In the past, gatekeepers dismissed the effort of [interoperability] as not being worthwhile,” Hodgson told The Verge. “After all, the default course of action is to build a walled garden, and having built one, the temptation is to try to trap as many users as possible.”

But with users generally happy to centralize trust and a social graph in one app, it’s unclear whether the top-down imposition of cross-platform messaging is mirrored by demand from below.

“iMessage already has interop: it’s called SMS, and users really dislike it,” said Alex Stamos. “And it has really bad security properties that aren’t explained by green bubbles.”

newswebbs
newswebbshttps://newswebbs.com
New Webbs is an independent online news platform launched with the aim of connecting the world with the latest news on the web.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

AfDB Says Rising Cost Of Living Could Lead To Social Unrest In Nigeria, Others

The African Development Bank (AfDB) has warned that the escalating prices of fuel and other essential commodities might provoke...

Ibadan Residents Protest Over Economic Hardship

Ibadan, Nigeria - Following high cost of living, food inflation and current economic hardship in the country, the residents...

NGO Relieves Widows With Cash, Food Items In FCT

Abuja, Nigeria -  In a bid to alleviate the current economic challenges in the country, the Touch Me Foundation...

Customs Intercepted 15 Trucks Of Smuggled Foods In Sokoto

Sokoto, Nigeria - The Nigeria Customs Service, on Sunday, said that it intercepted 15 trailers that were fully loaded...
- Advertisement -spot_imgspot_img

South Africa, Cote d’Ivoire, Other Embassies Owing $5.3M Ground Rents In Abuja

Abuja, Nigeria - Foreign embassies and high commissions owed ground rents of $5,368,218 million in 2023, disclosed the Federal...

natnudO Foods, FUNAAB Partner For Entrepreneurial Poultry Project

Abeokuta, Nigeria - Fueled by a shared vision of nurturing future agricultural leaders and boosting Nigeria's food security, natnudO...

Must read

South Africa, Cote d’Ivoire, Other Embassies Owing $5.3M Ground Rents In Abuja

Abuja, Nigeria - Foreign embassies and high commissions owed...

For Every $1 Gains From Tobacco, Country Spends $3 On Healthcare

Lagos, Nigeria - The Federal Government has stated that...
- Advertisement -spot_imgspot_img

You might also likeRELATED
Recommended to you