Three ways the European Union might ruin WhatsApp
Illustration by Alex Castro / The VergeWhatsApp chief Will Cathcart on how the Digital Markets Act could upend encryption, privacy, and product design Continue reading…
Today, let’s talk about Europe’s aggressive move to require big online messaging services to be interoperable, and see how WhatsApp is thinking about the contradictory mandates it’s receiving from regulators.
In Europe, two big ideas currently hold sway among the people regulating technology companies. One is that it should be easier to compete with tech giants, and that a good way to accomplish this is to force their services to play nicely with others. Two is that users’ data privacy is of paramount concern, and any data sharing between corporations is to be treated with the utmost suspicion.
It’s unclear the extent which regulators realize that, in hugely important ways, these ideas are often in conflict. But at the moment they are on an absolute collision course, and it doesn’t feel hyperbolic to say that the future of end-to-end encryption hangs in the balance.
I have now written about global threats to encryption enough that I feel like a somewhat tedious party guest, always steering the conversation back to my pet issue no matter what else is happening elsewhere. But the aftermath of Russia’s invasion of Ukraine, in which Moscow police stopped antiwar protesters and rifled through the messages on their phones, offered only the latest illustration of why it all matters: the ability to communicate privately in a world of ubiquitous expanding surveillance and data retention is of real, practical importance to almost all of us.
On Thursday, European officials reached an agreement on the Digital Markets Act, a landmark piece of legislation that would reshape the ways in which tech giants compete with their rivals. The act applies to what it calls “gatekeepers” — defined as any platform that has a market capitalization of €75 billion, or more than €7.5 billion in European revenue. So: yes to WhatsApp and iMessage; no to Signal and Telegram.
Among many other provisions, the DMA would likely bar Amazon from using data from its third-party sellers to inform its own product development, and require Android to offer users alternatives to Google search and email.
I say likely because the current text of the agreement is not available for public inspection. I never feel more at risk of making an error than I do writing about the European Union’s legislative process; the last time I did so I had to publish corrections two days in a row. But my understanding is that what has been agreed upon is essentially a rough framework for the eventual law, and the final text is still forthcoming.
Meanwhile, legislation is now being crafted in working groups; some of the language they are considering is leaking out and being posted to Twitter by various parties. Those leaks, combined with past public statements and previous draft legislation, is how we know anything about Europe’s plans for messaging apps.
For example, what we know about the DMA’s plans for interoperability comes in part from Benedict Evans tweeting language from the draft proposal:
“Allow any providers of [messaging apps] upon their request and free of charge to interconnect with the gatekeeper’s [messaging apps]. Interconnection shall be provided under objectively the same conditions and quality that are available or used by the gatekeeper, its subsidiaries or its partners, thus allowing for a functional interaction with these services, while guaranteeing a high level of security and personal data protection.”
Over the weekend, cryptography experts sounded the alarm about this idea, saying that platforms might not be able to do this in a way that leaves messages encrypted. As Alex Stamos of the Stanford Internet Observatory put it to me: “Writing the law to say ‘You should allow for total interoperability without creating any privacy or security risks’ is like just ordering doctors to cure cancer.”
The problems are straightforward enough; Corin Faife captured some of them here at The Verge:
Given the need for precise implementation of cryptographic standards, experts say that there’s no simple fix that can reconcile security and interoperability for encrypted messaging services. Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.
“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes,” Bellovin said. “A design that works only when both parties are online will look very different than one that works with stored messages .... How do you make those two systems interoperate?”
Disdain for the new requirements is not universal; Matrix, a nonprofit organization working to build an open-source standard for encrypted communication, published a blog post Friday explaining some possible technical paths forward.
But it’s clear that, to the extent that there might be a way for services like iMessage and WhatsApp to interoperate and preserve encryption, that way has yet to be invented.
At the very least, it hasn’t yet been built.
Owing in large part to the confusion over what exactly is being proposed, platforms have so far had little to say about the DMA and interoperability. (The giants lobbied against the DMA heavily, but apparently without much success.) Apple and Google did not respond to requests for comment from me.
But on Monday afternoon, I spoke to WhatsApp chief Will Cathcart over Zoom. End-to-end encryption has become WhatsApp’s signature project under Cathcart, both on the product side (it rolled out encrypted backups last fall) and the policy side (fighting an ongoing legal battle to preserve encryption in India).
I asked how he was feeling about the DMA as he understands it so far.
“I have a lot of concerns around whether this will break or severely undermine privacy, whether it’ll break a lot of the safety work we’ve done that we’re particularly proud of, and whether it’ll actually lead to more innovation and competitiveness,” Cathcart said.
It’s easy to dismiss these concerns as self-interested: of course WhatsApp is going to oppose opening its doors to allow other apps to integrate themselves into its own user experience. But when I pressed Cathcart on WhatsApp on what would be so bad about it, his answers offered plenty of things for regulators and everyday WhatsApp users to worry about.
Among them:
Spam. The centralized nature of WhatsApp lets it identify and remove spam before it hits your phone; it removes millions of accounts each month for trying. Third-party services that connect to WhatsApp might not be as aggressive, or might openly accept spam. “We’ve seen a lot of apps that just go out and market themselves as bulk messaging on the WhatsApp network,” Cathcart said. “What happens when one of those comes in and wants to interoperate?” Misinformation and hate speech. WhatsApp adopted forwarding limits to limit the viral spread of messages there after it was used to promote election hoaxes and violence; third-party services may be under no obligation to do so. Would a WhatsApp forwarding service be allowed to use the API? Would WhatsApp be required to let it? Privacy. WhatsApp can guarantee users end-to-end encryption, and that its new disappearing messages actually get deleted, because it can see the entire chain of communication. It won’t be able to see what third-party apps do with messages after they’re delivered, though, raising fears that users could be exploited.How much of this do European regulators understand?
“It’s really hard to say without being able to see what they decided,” Cathcart said. “I don’t know. Did they consult extensively with security experts? The reactions from a bunch of security experts that I’ve seen suggests that those experts, at least, weren’t consulted.”
It’s also worth asking what interoperability will actually do to make the messaging market more competitive. Email is an open, interoperable standard and has been for decades; but today, Apple, Google, and Microsoft own around 90 percent of the market. Meanwhile, the market for messaging apps is much more dynamic even without interoperability: it includes apps from Meta, Telegram, Signal, Snap, and others.
In part that’s because companies can add features more quickly when they don’t have to create open APIs to support them. Notably, Snap said two years ago that mandated interoperability would be “an own goal of huge proportions” for regulators, “since the end effect would be to ossify the market, foreclosing it to innovative newcomers.”
All that said, I’m not totally immune to the lure of interoperability. As someone who spends most of my day switching between inboxes, the idea of having fewer places to send and receive messages has clear appeal. And I’m open to the idea that upstarts could use access to APIs from iMessage, WhatsApp and the like to put innovations in front of users faster than the typically slower-moving tech giants, and grow more quickly as a result.
But Europe’s simultaneous push for increased competition and maximum user privacy feel like a clear case of one hand not knowing what the other is doing. The fact of the matter is that almost no one I have read or spoken with believes you can do both, at least not in the way that the EU has proposed. And any solution that materializes may open up worrisome new vulnerabilities around privacy, misinformation, hate speech, and other danger zones.
Regulation is always a matter of attempting to solve old problems without trying to create too many new ones in the process. But doing that successfully requires developing a deep technical understanding of the issues at stake, and discussing them with experts in public. So far, the European Union hasn’t shown much evidence of doing either.
For encrypted messaging to have a real future, that’s going to have to change, and soon.