Imagine needing to use a different email account for Gmail, Microsoft and Yahoo just to be able to send messages to the people who use Gmail, Microsoft or Yahoo. That would be annoying; email thankfully lets us use one service to get in touch with people on different services. But that’s an issue for messaging, and one the Digital Markets Act is trying to solve, specifically with “gatekeeper” companies like iMessage and WhatsApp. But making those apps play nicely isn’t simple.
To message a friend, you have to know which app they’re using. Someone might not respond to texts or Signal, but might be addicted to WhatsApp. The DMA, which is closer to becoming law after European authorities signed off on it last week, will require large messaging platforms like iMessage and WhatsApp to open up to smaller networks (if the platform requests it). That means your iMessage text could be received by someone who only uses Signal, for instance.
“The largest messaging services (such as [WhatsApp], Facebook Messenger or iMessage) will have to open up and interoperate with smaller messaging platforms, if they so request,” EU lawmakers agreed. “Users of small or big platforms would then be able to exchange messages, send files or make video calls across messaging apps, thus giving them more choice.”
Sounds great, right? Interoperability supporters are celebrating the new rules, but those advocates and security experts alike also have questions: How would this work, exactly? Where will user data be stored? What does this mean for end-to-end encryption?
Researcher Carla Griggio has studied interoperability at Aarhus University’s Department of Computer Science and said the DMA is essentially about letting users have the freedom to decide where they want to communicate without being cut off from the people who choose to use a different messaging platform.
“Having this law ask at least the biggest platforms to open up would allow you, for example, to choose to stop using WhatsApp if you wanted without being cut off from communication with the people that still choose to use WhatsApp,” she said.
But Griggio said it’s still unclear whether people will be able to control who reaches them where. “How are we still going to have control over where we communicate with whom?” she said.
There’s also a social component to making messaging platforms work seamlessly together, she said. iMessage, for instance, allows users to send stickers or animations, but it’s unclear whether those functionalities can be carried over when communicating with people on different apps. “If anything in the content of the conversation is not part of that contract between apps, for example stickers or voice messages, I don't think that interoperability is going to work,” she said. “And it's going to bring frustrations, miscommunication.”
The other big question is how end-to-end-encryption will work across all apps. Security experts are concerned it will need to be weakened or dropped for the sake of interoperability. Neil Brown, managing director of the internet-focused law firm decoded.legal, said requiring users to accept weaker security in order for platforms to remain interoperable “would seem counterintuitive.”
Brown said he could see platforms offering end-to-end encryption giving their users a heads-up if they’re working with platforms that do not offer the same.
“I would not be surprised that, if platforms offering end-to-end encryption were able to interoperate with platforms which do not, they would warn their users about the implications of those originating communications from a non-end-to-end encrypted platform,” he said.
There could be one way to allow for interoperability while circumventing these concerns about end-to-end encryption and data privacy, said Conrad Kramer, who has worked on Apple’s Shortcuts feature and co-founded Workflow. Kramer said companies like Apple, Meta and others could open their messaging service APIs to one central app. From there, users would be able to choose whether they want to send a message from iMessage or Signal or Messenger without opening those apps.
The rules may also have the effect of allowing Android users to finally have access to iMessage (though no word on whether the green and blue bubble divide will come to a close).
“[If] I am a smaller messaging app, and I would like to interoperate with WhatsApp and iMessage, those companies would be legally required to provide an API for my app to reach into and talk to the iMessage and WhatsApp networks," he said.
In the case that abuse occurs through a messaging platform or the government needed messaging data for whatever reason, the network where the message traveled to would be responsible: “If you are using iMessage, and you message over the WhatsApp network to someone else on WhatsApp, the answer is Facebook because Facebook operates the network that the message traversed," Kramer said.
Kramer said the main concern with encryption is that if the rules required the servers of Apple or Facebook to talk (or interoperate), then an iMessage going to WhatsApp would potentially need to be decrypted from iMessage and then re-encrypted for WhatsApp: “at which point that is breaking the encryption.” But it would be less of an issue if the message traveled through one network.
“In any model where the message traverses a single network, and it goes from one phone to another phone, the encryption would still preserved and not broken," he said.
Regardless, platforms are going to need to cross engineering hurdles to make interoperability work. Apple is already worried the rules will create security vulnerabilities, while Google thinks they’ll hinder innovation.
“Requiring coordination between large tech companies is something that is very hard to do,” Kramer said. “They do not like each other, they do not work well together.”But platforms will need to learn to play nice, because the rules will start to take effect later this year. From then on, platforms have staggered deadlines to meet different levels of interoperability.