The European Union’s Digital Markets Act (DMA) allows new messaging services to demand interoperability (the ability to exchange messages) from the internet’s largest messaging services (like WhatsApp, Facebook Messenger, and iMessage). Interoperability is an important tool to promote competition and prevent monopolists from shutting down user-empowering innovation. But an interoperability requirement for messaging services that are end-to-end encrypted raises particularly thorny security and privacy concerns, and those concerns need to be addressed before interoperability requirements are enforced against those services. Looking into these concerns will take years—much longer than the text of the DMA currently envisions—but we have some thoughts on where to start.
The DMA’s Interoperability Rule
The DMA is a complex new law aimed at addressing the “gatekeeper” power of Big Tech firms. While some of the final details of the DMA are still in flux, negotiators from the EU Parliament and the Council of Europe have reached a “political agreement.” The drafters considered several proposals relating to interoperability, including rules that would cover gatekeepers’ social networking services as well as messaging apps. But the compromise between the EU lawmakers that’s on the way to becoming law only includes an interoperability requirement for messaging apps. Specifically, the giant gatekeepers will be required to make their messaging services interoperable with other messaging apps at the request of competing developers. Negotiators have agreed to assess the feasibility of including an interoperability requirement for social networking as part of a future review of the DMA.
The DMA’s interoperability rule will apply to “number-independent” messaging services that are part of “gatekeeper” platforms, meaning platforms with the power to control other companies’ access to customers. This probably includes messaging apps from Apple, Google, Meta Platforms (e.g., Facebook Messenger, WhatsApp, Instagram Direct Messenger), and Microsoft. Of these, only WhatsApp, Apple’s iMessage, and Android Messages currently offer end-to-end encryption modes, but these services together have billions of users. These services will be required to make “end-to-end text messaging,” including various kinds of media attachments, interoperable on request by a competing service, within three months of a request. Group texts will need to be interoperable in two years, and voice and video calls in four.
Why Interoperability Matters
Recall that the goal of interoperability is to make it easier for people to leave Big Tech platforms for competing platforms, without hampering their ability to communicate with anyone who chooses to remain within Big Tech’s walled gardens. Interoperability dismantles one of the biggest barriers faced by users who want to leave the tech giants’ platforms: the choice between changing to a platform you prefer or staying behind on a platform where all your friends, communities, and customers are.
That gives new services a chance to compete—by offering better protections for users’ privacy and security, new features, and better terms of service. Having multiple services for users, especially vulnerable users, to choose from may help protect against improper governmental surveillance and censorship. And once users can easily stroll away from Big Tech’s walled gardens, the market will give today’s giants a much stronger push to treat their users right, from continuing to improve users’ security to resisting governments’ demands for surveillance to eschewing surveillance-based business models.
Messaging Is A Tough Place To Start
While interoperability is important, mandating it for encrypted messaging services presents some of the most difficult technical and policy challenges. Most critically, interoperability obligations must not weaken end-to-end encryption in services like WhatsApp and iMessage, or undermine security in ways that otherwise break the promise of end-to-end encryption, such as adding client-side scanning of messages. Keeping that promise is particularly important because strong security and encryption are vital to protecting and preserving human rights. Not only does encryption in messaging enable the rights of expression and association for the users, but it is also critical to protecting human rights defenders who depend upon strong security while opposing or exposing abuses in dangerous environments.
Many security experts agree that requiring interoperability without unacceptable tradeoffs in security or privacy is a very high hurdle, one that might turn out to be insurmountable. Not all of the challenges involved are strictly technical—platforms are right to pay attention to combatting impersonation and maintaining usability so that the broadest possible range of users continues to have ready access to state-of-the-art secure communications.
Demanding that vendors of encrypted messengers figure out how to simultaneously open up their service to interoperators and maintain security is a tall order, even though the demand is limited to very large, well-funded companies like Apple and Meta Platforms (Facebook). As applied to encrypted messaging, interoperability could encompass a range of approaches from simply requiring users to be able to connect to a service with the client of their choice, all the way to a fully federated model akin to email. These approaches would have vastly different effects on security. A technological solution that is simple to express in legislative terms can have unintended consequences, such as creating incentives for companies to compromise on the security of users’ communications. As with recent US proposals for law enforcement access to encrypted data, policymakers need to safeguard users’ access to truly secure communications.
At the same time, dominant companies should not be able to exclude rivals and maintain their dominant position by making bad-faith claims about security requirements, or by employing requirements that unnecessarily exclude smaller rivals. Security should not be used as a smokescreen to protect anticompetitive behavior. This too is something we’ve seen before.
How The EU Could Get There
The details of how the European Commission implements the DMA will make a huge difference in whether there can ever be secure interoperability in encrypted messaging. EFF has three initial recommendations.
First, the implementing rules should strengthen the security-protective exception for encrypted messaging. The agreement reached by the EU lawmakers requires that “[t]he level of security, including end-to-end encryption where applicable, that the gatekeeper provides to its own end-users shall be preserved across the interoperable services.” This is an important requirement, but it does not go far enough. To avoid ambiguities, implementing rules should clarify that the word “preserved” encompasses both ensuring that connecting services must live up to the gatekeeper’s level of security and allowing for continued progress in security and privacy. The Commission should make clear that any service that breaks the promise of end-to-end encryption through any means—including by scanning messages in the client-side app or adding “ghost” participants to chats—will not be able to demand interoperability.
Second, making encrypted messaging interoperable simply cannot happen in the timeframe envisioned by the DMA if it has any hope of resolving the significant technical and policy hurdles. The DMA’s time limits on gatekeepers to provide interoperability—three months after a request in the case of one-to-one encrypted messaging; and within two years for group messaging—are far too short. By comparison, Meta Platforms (Facebook) announced plans to interconnect and encrypt three of its own messaging products in March 2019, and this project is still not complete. Getting interoperability right would require participation by a much larger group of stakeholders as part of a standards-setting and governance process and would therefore likely move at an even statelier pace. Based on the public text of this and other sections of the DMA, we hope that the Commission will have adequate flexibility to delay enforcement of the interoperability requirements—even for very long periods—until security concerns can be fully worked out. For end-to-end encrypted messaging, it’s worth taking the time necessary to ensure we get it right.
Third, gatekeepers and the Commission need more tools to make good on their stated goal of preserving security in interoperable systems. The DMA says that the gatekeeper can take “duly justified” and “strictly necessary and proportionate” measures to ensure the preservation of security. To implement this, both gatekeepers and the Commission should have the ability to request necessary information from third parties who seek to make their messaging apps interoperable, to ensure that those services keep the promise of end-to-end encryption. Interoperability requirements should not be enforced until any questions about users’ security have been resolved.
EFF will carefully analyze the final text, which is now subject to formal approval by the EU lawmakers. Once adopted, EFF will continue to engage with the European Commission on the implementation of the DMA. And of course, we will continue to monitor the actual realities of user experience. For instance, we will watch both for when DMA requirements are being misused to undermine security and for when security requirements are being misused to undermine competition. Interoperability requirements on other services besides messaging, such as social networks and app stores, may be more feasible to implement in the short term.
At bottom, while EFF strongly supported, and continues to support interoperability in the DMA, we recognize that the move toward it, especially in the area of secure messaging, requires care. Specifically, we must ensure that our future ensures both strong security in messaging and robust competition to provide services to users. Or, stated in the reverse: we must ensure that we neither allow interoperability to be an excuse to reduce security nor allow unfounded claims of security needs to become an excuse to insulate a company from market competition.
While we are clear-eyed about the challenge, we are hopeful that we can meet both of these two critical values.