A new law in the European Union would require Big Tech companies to redesign their messaging apps to work seamlessly with all others on the market.

In theory, the law will make it easier to chat with your friends and family, whether they use iMessage, WhatsApp, or Signal. However, this enforced interoperability in networking could cause significant security problems.

What Is Encryption in Messaging and Why Is It Important?

man sitting at computer desk in a purple backlit room with colorful lines of coding on the screen

Most of the messages you send using a messaging app will be unencrypted. This means third parties can read them as they travel between your phone and the person you’re writing to.

If you want to keep the content of your messages a secret, you’ll need to use an app that offers end-to-end (or E2E) encryption. This creates a kind of secure communication that ensures only you and your conversation partners can read what you send each other.

End-to-end encryption ensures all the messages you and your conversation partner send remain secure while traveling between your phones, protecting them from being read or modified by third parties. These third parties include internet service providers, phone companies, and even the messaging app itself.

As a result, the app’s development team can’t hand over your messages to advertisers, law enforcement, or anyone else who might want to read them. This encryption also prevents third parties from modifying messages in transit.

Most major messaging apps offer some kind of encryption. However, the specific encryption features offered can vary from app to app.

How the Digital Markets Act Could Threaten Encryption

lines of colorful coding on a computer screen

On March 24, 2022, EU governing bodies announced that they had reached a deal on new legislation to govern Big Tech in Europe. It’s called the Digital Markets Act (or DMA). One of the most significant changes in the new law is the requirement that all large tech companies create products that are interoperable with smaller platforms.

This means all messaging apps from Big Tech companies will need to be able to send messages, exchange files and make video calls with all other messaging apps, which is good in many ways. Interoperability means Big Tech companies like Meta, Google, and Apple have to consider smaller ones when creating new apps or platforms.

In 2021, Meta experienced a global outage when its Border Gateway Protocol (BGP) had a configuration error, leaving all its assets offline for over 6 hours. When companies like Meta make mistakes, billions of users may feel the impact.

However, the size of these businesses can insulate them from the consequences of even major missteps. Interoperability requirements could keep Big Tech accountable to consumers and the tech world at large.

Additionally, the Digital Markets Act's interoperability requirement may pose problems for apps that offer E2E encryption.

Why Interoperability May Make Encryption Harder to Implement

two people at a desk pointing at a laptop screen while one is scrolling on the track pad

Messaging apps implement encryption in different ways or use various encryption standards. Unfortunately, it’s nearly impossible to make all these strategies work together.

App developers will have to compromise to ensure interoperability. A “lowest-common-denominator” approach could emerge, where apps implement the simplest encryption system possible. For example, imagine one messaging app that supports encryption for group chats but another that only does so for one-on-one conversations.

Full interoperability may mean developers choose to implement the simplest system that will work with other apps on the market. This would probably require them to ditch more complex features, like group chat encryption.

In practice, this could make users a lot more vulnerable. Less sophisticated encryption systems may be easier to defeat or not provide complete protection from snooping third parties.

App developers may also create new standards that allow them to harmonize their encryption practices. For example, the Secure Communications Interoperability Protocol (SCIP) is a U.S. standard for secure voice and data communication. A similar standard for E2E messaging encryption could help developers ensure interoperability without sacrificing functionality.

Some popular messaging apps—like Signal—are small enough that DMA requirements won’t impact them. However, this isn’t true for top platforms like WhatsApp, which uses the Signal protocol for its encryption. The DMA could mean WhatsApp’s encryption features will be weakened or removed altogether, making it harder for users to keep their communications private.

Interoperability Requirements Could Weaken Encryption

There are benefits to interoperability requirements, like those in the new EU Digital Markets Act. However, requiring it could also encourage developers to weaken app encryption features.

Shortly, users may need to switch to apps developed by non-Big Tech companies if they want the best encryption technology possible.