EU prepares to slap WhatsApp and others, but security experts are concerned

Digital Markets Act could break the encryption of secure messaging services

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security experts are growing concerned about the potential implications of the EU’s newDigital Markets Act(DMA) and the effects it could have onWhatsAppand othersecure messaging services.

For those unfamiliar, the DMA aims to reign in big tech platforms in Europe so that smaller companies can better compete with Meta,Google,Microsoftand others.

As part of the new bill, large tech companies with a market capitalization of over €75bn and a user base of more than 45m in the EU would be required to create products that are interoperable with smaller platforms. While this will likely be fine foronline collaboration toolsandoffice software, there are a number of security risks for messaging services likeWhatsAppthat included end-to-end encryption as part of their offerings.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a£100 Amazon gift card(or equivalent in USD). Thank you for taking part.

Click here to start the survey in a new window«

The EU hopes that the DMA will help smaller competitors by breaking open some of the services provided by large tech giants that are considered gatekeepers due to the size of their customer base as well as their revenue. As a result,iPhoneusers could potentially be able to install third-party apps outside of the App Store, outside sellers may soon rank higher onAmazon’secommerce platformand messaging apps would be required to allow users to send messages across multiple protocols, according to anew reportfromThe Verge.

End-to-end encryption concerns

The DMA poses a serious problem for secure messaging services that included end-to-end encryption as part of their offerings.

Cryptographers agree that it will be difficult or even impossible to maintain encryption between apps which could put users at risk of having their messages and data exposed. WhileSignalis small enough that it likely won’t be affected by the EU’s new legislation, WhatsApp, which uses theSignal protocol, will likely need to change how its platform works.

As cryptographic standards need to be precisely implemented, security experts that spoke withThe Vergewarned that there is no easy way for secure messaging apps to provide both security and interoperability to their users. Essentially, different forms of encryption with different design features can’t easily be fused together to comply with the DMA.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

EU is one step closer to reining in Apple, Google and other tech giants

The EU is getting a whole lot tougher on Big Tech

Your next iPhone may finally lose Lightning for USB-C because of new law

Internet security researcher and Columbia University computer science professor, Steven Bellovin provided further insight on the matter in a statement toThe Verge, saying:

“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes. A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”

As it stands now, every messaging service is responsible for its own security but by making them interoperable, users of one service could be exposed to vulnerabilities that may exist in another messaging platform.

Thankfully, there’s still time for either the EU to reverse course or for secure messaging app providers to devise a way to make their services interoperable with smaller competitors as Digital Markets Act won’t be implemented before next year.

ViaThe Verge

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review