By March 2024, instant messaging and real-time media apps operated by large tech platforms in Europe will be required to communicate with other services, per the EU’s Digital Markets Act (DMA).
How that will happen remains an unresolved technical and social challenge.
In a preprint paper, “One Protocol to Rule Them All? On Securing Interoperable Messaging,” University of Cambridge doctoral candidate Jenny Blessing and security engineering professor Ross Anderson observe that the DMA is now law in Europe and messaging gatekeepers will need to comply, though it won’t be easy.
“Designing a system capable of securely encrypting and decrypting messages and associated data across different service providers raises many thorny questions and practical implementation compromises,” they say in their paper.
According to Blessing and Anderson, making encrypted end-to-end communication services interoperable will require novel protocols and processes, both technical and social, in order to be simultaneously secure and usable.
“Interoperability doesn’t just mean co-opting existing cryptographic protocols so that one service provider can pass messages along to another – it encompasses the many supporting features and protocols that make up contemporary E2EE applications,” the boffins argue.
“The resulting complexity of the system may inherently compromise the level of security due to the increased number of moving parts, just as key escrow mechanisms endanger cryptography even if the escrow keys are kept perfectly secure.”
The DMA, they observe, calls for interoperating services to maintain security, but that’s complicated. It’s not just the end-to-end key exchange protocol in an encrypted comms app. A service may rely on a proprietary E2EE protocol that doesn’t support forward secrecy (used to safeguard past messages) or doesn’t rotate keys regularly. What constitutes grounds for refusing to interoperate?
Then there are the non-technical issues – how services cooperate with one another to tackle spam and abuse, how they deal with vulnerabilities and outages. Interoperability, the researchers argue, represents a dramatic expansion of the trust surface for messaging users, who now have to consider the practices and policies of gatekeeper partners.
Interoperability goal makes security more complex
Blessing and Anderson say there are two broad ways to approach message platform interoperability, a common protocol or platform-based open APIs for third-party connectivity.
Leading contenders for a common protocol include Matrix, Signal, and the IETF’s MLS (Messaging Layer Security), the two computer scientists say. But variations in implementation – Signal, WhatsApp, Viber, Facebook Messenger, and others rely on different versions of the Signal protocol – make standardization difficult.
Given concerns that innovation is easier with a centralized, unfederated protocol than a federated, distributed scheme, Blessing and Anderson see platform API bridges as the more likely scenario, at least in the short term. Under this scenario, platforms would maintain their own E2EE protocols and offer a client-side interface for other messaging services to connect over a bridge.
But this approach also has challenges because gatekeepers – large platform providers – would need to create bridges for each different message provider and, as the boffins observe, this has security implications.
What’s more, these APIs can’t be entirely open due to the sensitive nature of the messages being handled. “Service providers will need a fair amount of latitude in their ability to deny access requests to continue to guard against malicious data scraping and mining, regardless of whether interoperable [messaging] is implemented through client-side bridging or an open standard,” the researchers argue.
Blessing and Anderson step though the many technical hurdles and cite the difficulties Meta had beginning WhatsApp and Facebook Messenger together as a harbinger of the difficulties awaiting those carrying out the EU’s interoperability mandate.
But it’s the social obstacles that may prove harder to solve, they suggest, noting that some users so despise Meta that they won’t use WhatsApp and ask friends to use Signal while others, such as those in Ukraine, consider Telegram to be a tool of the Russian government.
“Interoperability without robust moderation and interface design to make platforms pleasant to use is a nonstarter,” the pair conclude. “Giving users a choice between platforms without giving them a platform they would want to spend time on is no choice at all.” ®