The EU has announced a new bill that targets Big Tech in Europe, known as Digital Markets Act (DMA). The Commission proposed new rules to establish common cybersecurity and information security measures across the EU bodies, offices, and agencies.
The bill would require every large tech company, with a market capitalization of more than €75 billion or more than 45 million users, to create products that are interoperable with smaller platforms.
The DMA focuses mainly on a special class of tech companies known as ‘gatekeepers,’ with a large audience or revenue, and structural power as compared to smaller competitors.
The Verge elaborated that the bill will allow smaller companies to compete with one another, “let users install third-party applications outside of the App Store, letting outside sellers rank higher in Amazon searches or requiring messaging apps to send texts across multiple protocols.”
Johannes Hahn, Commissioner for Budget and Administration, stated:
In a connected environment, a single cybersecurity incident can affect an entire organization. This is why it is critical to building a strong shield against cyber threats and incidents that could disturb our capacity to act. The regulations we are proposing today are a milestone in the EU cybersecurity and information security landscape. They are based on reinforced cooperation and mutual support among EU institutions, bodies, offices, and agencies and a coordinated preparedness and response. This is a real EU collective endeavor.
What This Means For WhatsApp
However, the implementation of DMA will pose a huge problem for services that offer end-to-end encryption. Security experts warn that it will become increasingly difficult to maintain encryption between multiple apps especially those like WhatsApp, resulting in the weakening or removal of its messaging encryption.
Interoperability across multiple platforms will result in different challenges as there is no way to amalgamate different forms of encryption across applications with different features.
Internet security researcher and professor of computer science at Columbia University, Steven Bellovin, in a comment to The Verge elaborated:
Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes … A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?
Currently, all messaging services are responsible for their security. Many argue that demanding interoperability from one app will eventually expose users to vulnerabilities that are introduced on other platforms, making the overall security as strong as its weakest link.
