Whatsapp and others against the new EU rules: impossible to maintain security

There are two words in the Digital Markets Act (DMA) announced last week by the European Parliament that they are raising, unsurprisingly, a chorus of criticism by the large web companies.

One is “gatekeeper“, that is, those companies (such as Google, Meta and Apple in fact) that have a market capitalization of at least 75 billion euros and a base of at least 45 million users active in the old continent, the other is interoperability.

Gatekeepers, according to the DMA, must ensure interoperability of their own messaging services with others platformsand this according to the security experts of the sector, or at least to think badly the part of them most directly connected to these companies, is irreconcilable with safety.

The point is encryption end-to-end. To be in compliance with the DMAWhatsApp (unlike Signal, much smaller) should in fact share its own security protocols but this, according to experts such as Steven Bellovin, acclaimed Internet security researcher and computer science professor at Columbia Universityit is not possible as there is no way to merge different forms of cryptography together between apps with different design features.

In addition, each messaging service assumes the responsibility for your own safety and second Alec Muffettsecurity expert and former Facebook employee, requiring interoperability, users of one service are exposed to vulnerabilities that may have been introduced by another, as the general safety is only as strong as the weakest link in the chain.

So far the critics, but there are those disagrees. Between these Matrixa project focused on developing one communication standard secure and open source, which in a post explains how the challenges deriving from mandatory interoperability are overcome by the advantages of countering the monopoly of the web giants. The challenge is open.

The Verge