Three ways the European Union might ruin WhatsApp
WhatsApp chief Will Cathcart on how the Digital Markets Act could upend encryption, privacy, and product design
Today, let’s talk about Europe’s aggressive move to require big online messaging services to be interoperable, and see how WhatsApp is thinking about the contradictory mandates it’s receiving from regulators.
In Europe, two big ideas currently hold sway among the people regulating technology companies. One is that it should be easier to compete with tech giants, and that a good way to accomplish this is to force their services to play nicely with others. Two is that users’ data privacy is of paramount concern, and any data sharing between corporations is to be treated with the utmost suspicion.
It’s unclear the extent which regulators realize that, in hugely important ways, these ideas are often in conflict. But at the moment they are on an absolute collision course, and it doesn’t feel hyperbolic to say that the future of end-to-end encryption hangs in the balance.
I have now written about global threats to encryption enough here that I feel like a somewhat tedious party guest, always steering the conversation back to my pet issue no matter what else is happening elsewhere. But the aftermath of Russia’s invasion of Ukraine, in which Moscow police stopped antiwar protesters and rifled through the messages on their phones, offered only the latest illustration of why it all matters: the ability to communicate privately in a world of ubiquitous expanding surveillance and data retention is of real, practical importance to almost all of us.
On Thursday, European officials reached an agreement on the Digital Markets Act, a landmark piece of legislation that would reshape the ways in which tech giants compete with their rivals. The act applies to what it calls “gatekeepers” — defined as any platform that has a market capitalization of €75 billion, or more than €7.5 billion in European revenue. So: yes to WhatsApp and iMessage; no to Signal and Telegram.
Among many other provisions, the DMA would likely bar Amazon from using data from its third-party sellers to inform its own product development, and require Android to offer users alternatives to Google search and email.
I say likely because the current text of the agreement is not available for public inspection. I never feel more at risk of making an error than I do writing about the European Union’s legislative process; the last time I did so I had to publish corrections two days in a row. But my understanding is that what has been agreed upon is essentially a rough framework for the eventual law, and the final text is still forthcoming.
Meanwhile, legislation is now being crafted in working groups; some of the language they are considering is leaking out and being posted to Twitter by various parties. Those leaks, combined with past public statements and previous draft legislation, is how we know anything about Europe’s plans for messaging apps.
For example, what we know about the DMA’s plans for interoperability comes in part from Benedict Evans tweeting language from the draft proposal:
"Allow any providers of [messaging apps] upon their request and free of charge to interconnect with the gatekeeper’s [messaging apps]. Interconnection shall be provided under objectively the same conditions and quality that are available or used by the gatekeeper, its subsidiaries or its partners, thus allowing for a functional interaction with these services, while guaranteeing a high level of security and personal data protection.”
Over the weekend, cryptography experts sounded the alarm about this idea, saying that platforms might not be able to do this in a way that leaves messages encrypted. As Alex Stamos of the Stanford Internet Observatory put it to me: “Writing the law to say ‘You should allow for total interoperability without creating any privacy or security risks’ is like just ordering doctors to cure cancer.”
Given the need for precise implementation of cryptographic standards, experts say that there’s no simple fix that can reconcile security and interoperability for encrypted messaging services. Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.
“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes,” Bellovin said. “A design that works only when both parties are online will look very different than one that works with stored messages .... How do you make those two systems interoperate?”
Disdain for the new requirements is not universal; Matrix, a nonprofit organization working to build an open-source standard for encrypted communication, published a blog post Friday explaining some possible technical paths forward.
But it’s clear that, to the extent that there might be a way for services like iMessage and WhatsApp to interoperate and preserve encryption, that way has yet to be invented.
At the very least, it hasn’t yet been built.
Owing in large part to the confusion over what exactly is being proposed, platforms have so far had little to say about the DMA and interoperability. (The giants lobbied against the DMA heavily, but apparently without much success.) Apple and Google did not respond to requests for comment from me.
But on Monday afternoon, I spoke to WhatsApp chief Will Cathcart over Zoom. End-to-end encryption has become WhatsApp’s signature project under Cathcart, both on the product side (it rolled out encrypted backups last fall) and the policy side (fighting an ongoing legal battle to preserve encryption in India).
I asked how he was feeling about the DMA as he understands it so far.
“I have a lot of concerns around whether this will break or severely undermine privacy, whether it'll break a lot of the safety work we've done that we're particularly proud of, and whether it'll actually lead to more innovation and competitiveness,” Cathcart said.
It’s easy to dismiss these concerns as self-interested: of course WhatsApp is going to oppose opening its doors to allow other apps to integrate themselves into its own user experience. But when I pressed Cathcart on WhatsApp on what would be so bad about it, his answers offered plenty of things regulators and everyday WhatsApp users to worry about.
Spam. The centralized nature of WhatsApp lets it identify and remove spam before it hits your phone; it removes millions of accounts each month for trying. Third-party services that connect to WhatsApp might not be as aggressive, or might openly accept spam. “We've seen a lot of apps that just go out and market themselves as bulk messaging on the WhatsApp network,” Cathcart said. “What happens when one of those comes in wants to interoperate?”
Misinformation and hate speech. WhatsApp adopted forwarding limits to limit the viral spread of messages there after it was used to promote election hoaxes and violence; third-party services may be under no obligation to do so. Would a WhatsApp forwarding service be allowed to use the API? Would WhatsApp be required to let it?
Privacy. WhatsApp can guarantee users end-to-end encryption, and that its new disappearing messages actually get deleted, because it can see the entire chain of communication. It won’t be able to see what third-party apps do with messages after they’re delivered, though, raising fears that users could be exploited.
How much of this do European regulators understand?
“It's really hard to say without being able to see what they decided,” Cathcart said. “I don't know. Did they consult extensively with security experts? The reactions from a bunch of security experts that I've seen suggests that those experts, at least, weren’t consulted.”
It’s also worth asking what interoperability will actually do to make the messaging market more competitive. Email is an open, interoperable standard and has been for decades; but today, Apple, Google, and Microsoft own around 90 percent of the market. Meanwhile, the market for messaging apps is much more dynamic even without interoperability: it includes apps from Meta, Telegram, Signal, Snap, and others.
In part that’s because companies can add features more quickly when they don’t have to create open APIs to support them. Notably, Snap said two years ago that mandated interoperability would be “an own goal of huge proportions” for regulators, “since the end effect would be to ossify the market, foreclosing it to innovative newcomers.”
All that said, I’m not totally immune to the lure of interoperability. As someone who spends most of my day switching between inboxes, the idea of having fewer places to send and receive messages has clear appeal. And I’m open to the idea that upstarts could use access to APIs from iMessage, WhatsApp and the like to put innovations in front of users faster than the typically slower-moving tech giants, and grow more quickly as a result.
But Europe’s simultaneous push for increased competition and maximum user privacy feel like a clear case of one hand not knowing what the other is doing. The fact of the matter is that almost no one I have read or spoken with believes you can do both, at least not in the way that the EU has proposed. And any solution that materializes may open up worrisome new vulnerabilities around privacy, misinformation, hate speech, and other danger zones.
Regulation is always a matter of attempting to solve old problems without trying to create too many new ones in the process. But doing that successfully requires developing a deep technical understanding of the issues at stake, and discussing them with experts in public. So far, the European Union hasn’t shown much evidence of doing either.
For encrypted messaging to have a real future, that’s going to have to change, and soon.
The United States and European Union reached a preliminary deal to allow Europeans’ data to be stored in America, a vital step in preserving a global internet. Meta had previously said it might pull out of Europe if a deal could not be struck. (Daniel Michaels and Sam Schechner / Wall Street Journal)
Google ordered content moderators to avoid using the word “war” in its products in Russia to comply with censorship laws. Necessary to remain operating in the country, but unfortunate nonetheless. (Sam Biddle and Tatiana Dias / The Intercept)
Spotify ended operations in Russia over its invasion of Ukraine. (Jem Aswad / Variety)
How Nokia helped to build and enable Russia’s surveillance apparatus. “It worked with state-linked Russian companies to plan, streamline and troubleshoot” systems to intercept communications, documents say. (Adam Satariano, Paul Mozur and Aaron Krolik / New York Times)
The global umbrella organization for securities regulators released a report calling for more scrutiny of decentralized finance companies. Notable: ““Most DeFi protocols rely on centralization in one or more areas, and there are protocols that have a hidden centralized authority and are decentralized in name only,” the report says. (Miles Kruppa / Financial Times)
Two men were charged with fraud and money laundering in an alleged $1.1 million crypto “rug pull” scam. An apparently necessary reminder that stealing money is illegal even if it’s crypto money. (Adi Robertson / The Verge)
A look at Eric Schmidt’s influence over the White House Office of Science and Technology Policy. A foundation he controls pays the salaries of a dozen people there, raising ethical concerns. (Alex Thompson / Politico)
A whistleblower tied Microsoft to hundreds of millions of dollars in bribes. Microsoft says it previously investigated and addressed the incidents. (Russell Brandom / The Verge)
AppleTV+’s CODA became the first film from a streaming service to win Best Picture at the Oscars. As it turned out, this would not be the most interesting thing to happen at the Oscars this year. (Todd Spanger / Variety)
To get into hot crypto deals, venture capitalists are giving up their traditional board seats. Excited to see how this works out for them. (Miles Kruppa / Financial Times)
Museums are cashing in on NFTs. Auctions are making millions of dollars off art work held in museums’ permanent collections. (Scott Reyburn / New York Times)
Stanford researchers discovered at least 1,000 fake LinkedIn profiles that use AI-generated photos to spam potential clients. Every season someone writes a piece about how “actually, LinkedIn is the best social network,” and now we can just reply with this. (Shannon Bond / NPR)
A profile of Rumble as it works to help build an alternative right-wing social media universe. Among other things, the company is providing technical assistance to Trump’s Truth Social. (Jeremy W. Peters / New York Times)
Google Fiber workers in Kansas City voted to form a union. (Lauren Kaori Gurley / Vice)
Apple awarded bonuses of up to $200,000 in stock to select engineers as part of a talent retention effort. (Mark Gurman / Bloomberg)
Those Oscar tweets
Talk to me
Send me tips, comments, questions, and encrypted texts: firstname.lastname@example.org.