EU prepares to slap WhatsApp and others, but security experts are concerned

WhatsApp Web
(Image credit: Shutterstock)

Security experts are growing concerned about the potential implications of the EU's new Digital Markets Act (opens in new tab) (DMA) and the effects it could have on WhatsApp (opens in new tab) and other secure messaging services (opens in new tab).

For those unfamiliar, the DMA aims to reign in big tech platforms in Europe so that smaller companies can better compete with Meta, Google, Microsoft and others.

As part of the new bill, large tech companies with a market capitalization of over €75bn and a user base of more than 45m in the EU would be required to create products that are interoperable with smaller platforms. While this will likely be fine for online collaboration tools (opens in new tab) and office software (opens in new tab), there are a number of security risks for messaging services like WhatsApp that included end-to-end encryption as part of their offerings.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

The EU hopes that the DMA will help smaller competitors by breaking open some of the services provided by large tech giants that are considered gatekeepers due to the size of their customer base as well as their revenue. As a result, iPhone (opens in new tab) users could potentially be able to install third-party apps outside of the App Store, outside sellers may soon rank higher on Amazon's ecommerce platform (opens in new tab) and messaging apps would be required to allow users to send messages across multiple protocols, according to a new report (opens in new tab) from The Verge.

End-to-end encryption concerns

The DMA poses a serious problem for secure messaging services that included end-to-end encryption as part of their offerings.

Cryptographers agree that it will be difficult or even impossible to maintain encryption between apps which could put users at risk of having their messages and data exposed. While Signal (opens in new tab) is small enough that it likely won't be affected by the EU's new legislation, WhatsApp, which uses the Signal protocol (opens in new tab), will likely need to change how its platform works.

As cryptographic standards need to be precisely implemented, security experts that spoke with The Verge warned that there is no easy way for secure messaging apps to provide both security and interoperability to their users. Essentially, different forms of encryption with different design features can't easily be fused together to comply with the DMA.

Internet security researcher and Columbia University computer science professor, Steven Bellovin provided further insight on the matter in a statement to The Verge, saying:

“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes. A design that works only when both parties are online will look very different than one that works with stored messages .... How do you make those two systems interoperate?”

As it stands now, every messaging service is responsible for its own security but by making them interoperable, users of one service could be exposed to vulnerabilities that may exist in another messaging platform.

Thankfully, there's still time for either the EU to reverse course or for secure messaging app providers to devise a way to make their services interoperable with smaller competitors as Digital Markets Act won't be implemented before next year.

Via The Verge (opens in new tab)

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.