TechnologySecurity Experts say New EU Rules will Damage WhatsApp...

Security Experts say New EU Rules will Damage WhatsApp Encryption

-

- Advertisment -spot_img
TV AND SOUND SALE

EU governing bodies has announced that they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA).

Security Experts say New EU Rules will Damage WhatsApp Encryption
Security Experts say New EU Rules will Damage WhatsApp Encryption

The new deal, according to The Verge, seen as an ambitious law with far-reaching implications, the most eye-catching measure in the bill would require that every large tech company — defined as having a market capitalization of more than €75 billion or a user base of more than 45 million people in the EU — create products that are interoperable with smaller platforms.

For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS — which security experts worry will undermine hard-won gains in the field of message encryption.

FREE DELIVERY

The main focus of the DMA is a class of large tech companies termed “gatekeepers,” defined by the size of their audience or revenue and, by extension, the structural power they are able to wield against smaller competitors. Through the new regulations, the government is hoping to “break open” some of the services provided by such companies to allow smaller businesses to compete.

That could mean letting users install third-party apps outside of the App Store, letting outside sellers rank higher in Amazon searches, or requiring messaging apps to send texts across multiple protocols.

Given the need for precise implementation of cryptographic standards, experts say that there’s no simple fix that can reconcile security and interoperability for encrypted messaging services.

Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.

“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes,” Bellovin said. “A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”

Alternatively, the DMA suggests another approach — equally unsatisfactory to privacy advocates — in which messages sent between two platforms with incompatible encryption schemes are decrypted and re-encrypted when passed between them, breaking the chain of “end-to-end” encryption and creating a point of vulnerability for interception by a bad actor.

Alec Muffett, an internet security expert and former Facebook engineer who recently helped Twitter launch an encrypted Tor service, told The Verge that it would be a mistake to think that Apple, Google, Facebook, and other tech companies were making identical and interchangeable products that could easily be combined.

“If you went into a McDonald’s and said, ‘In the interest of breaking corporate monopolies, I demand that you include a sushi platter from some other restaurant with my order,’ they would rightly just stare at you,” Muffett said.

“What happens when the requested sushi arrives by courier at McDonald’s from the ostensibly requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the courier legitimate? Was it prepared safely?”

Currently, every messaging service takes responsibility for its own security — and Muffett and others have argued that by demanding interoperability, users of one service are exposed to vulnerabilities that may have been introduced by another. In the end, overall security is only as strong as the weakest link.

Another point of concern raised by security experts is the problem of maintaining a coherent “namespace,” the set of identifiers that are used to designate different devices in any networked system. A basic principle of encryption is that messages are encoded in a way that is unique to a known cryptographic identity, so doing a good job of identity management is fundamental to maintaining security.

“How do you tell your phone who you want to talk to, and how does the phone find that person?” said Alex Stamos, director of the Stanford Internet Observatory and former chief security officer at Facebook. “There is no way to allow for end-to-end encryption without trusting every provider to handle the identity management… If the goal is for all of the messaging systems to treat each other’s users exactly the same, then this is a privacy and security nightmare.”

The post, written by Matrix co-founder Matthew Hodgson, acknowledges the challenges that come with mandated interoperability but argues that they are outweighed by benefits that will come from challenging the tech giants’ insistence on closed messaging ecosystems.

“In the past, gatekeepers dismissed the effort of [interoperability] as not being worthwhile,” Hodgson told The Verge. “After all, the default course of action is to build a walled garden, and having built one, the temptation is to try to trap as many users as possible.”

But with users generally happy to centralize trust and a social graph in one app, it’s unclear whether the top-down imposition of cross-platform messaging is mirrored by demand from below.

“iMessage already has interop: it’s called SMS, and users really dislike it,” said Alex Stamos. “And it has really bad security properties that aren’t explained by green bubbles.”

newswebbs
newswebbshttps://newswebbs.com
New Webbs is an independent online news platform launched with the aim of connecting the world with the latest news on the web.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Sharebeta Expands National, Global Reach with Acquisition of Nigeria’s Ace Sports Marketing

Lagos, Nigeria - Sharebeta—a proudly Nigerian marketing communications and audio-visual production company is taking bold strides toward shaping the...

Origin Tech Group: Working Hard to Help Shore up Nigeria’s Food Independence

As Nigeria celebrates her 64th Independence anniversary, the Greener Hope Large Scale Mechanisation Agriculture Productivity Programme (GHAPP), a groundbreaking initiative aimed...

Excitement Soars as Nigeria, UAE Strengthen Ties with Flight Resumptions

Lagos, Nigeria - On Independence Day, October 1, 2024, Nigeria not only celebrated 64 years of freedom but also...

PR Fest 2024: A Celebration Of Creativity, Culture, and Communication

Lagos, Nigeria - The maiden edition of PR Fest, a weeklong celebration of Public Relations, creativity, and culture, concluded...
- Advertisement -spot_imgspot_img

Bigi Brands Sponsor Test Fest 2024 for Young Nigerian Tech Professionals

Lagos, Nigeria - As part of its support for worthy initiatives through credible platforms, the Bigi Carbonated Soft Drink...

FIPAN Elects Dr. Ayoola Oduntan as New President

The Feed Industry Practitioners Association of Nigeria (FIPAN) is pleased to announce the election of Dr. Ayoola Oduntan as...

Must read

- Advertisement -spot_imgspot_img

You might also likeRELATED
Recommended to you

MEN'S FASHION
DEFACTO OFFICIAL STORE