End-To-End Encryption is Too Important to Be Proprietary

The EU’s Digital Markets Act is playing on the hardest setting (and it doesn’t need to).

The EU’s Digital Markets Act (DMA) is set to become law; it will require the biggest tech companies in the world (Apple, Google and Facebook, and maybe a few others) to open up their instant messaging services (iMessage, Facebook Messenger, Whatsapp, and maybe a few others) so that smaller messaging services can plug into them. These smaller services might be run by startups, nonprofits, co-ops, or even individual tinkerers.

The logic behind this is sound. IM tools are the ultimate “network effects” products: once they have a critical mass of users, other users feel they have to join to talk to the people who are already there. The more users who sign up, the more users feel they must sign up.

This gives the big platforms enormous power, for good and for ill. Start with the good: when Facebook turned on end-to-end encryption for Whatsapp in 2016, they endowed billions of users with state-of-the-art privacy.

But then there’s the bad: Mark Zuckerberg and his executive team are the benevolent dictators of Whatsapp. Benevolent dictatorships work well, but fail badly. By definition, benevolent dictatorships aren’t accountable (that’s why they’re called “dictatorships”) and that means that any time a benevolent dictator messes up (or sells out) you are stuck.

This is much worse when network effects are on the dictator’s side. If you object to Whatsapp’s administrative policies, you can’t just quit — you either have to convince all your friends to quit with you, or give up on the customers, communities and friends who stay behind.

In practice, the “collective action problem” of leaving Whatsapp for a rival service is really hard to solve. In 2021, Whatsapp changed its privacy policy in a way that alarmed many of its users. Millions of these users researched and installed alternative apps like Signal, but only a quarter of those users managed to move some of their Whatsapp conversations to Signal. More than a year later, only 0.5% managed to delete Whatsapp and switch all their comms to a service run by a company they trusted.

Whatsapp isn’t infallible. The company makes a lot of tradeoffs for a lot of reasons, and some of those tradeoffs put users at risk, but because of network effects and collective action problems, they stick around. For example, Whatsapp took five years to switch to encrypted backups, closing a giant security loophole that governments, cops and hackers could exploit to attack Whatsapp users.

Even if you trust Whatsapp’s management today, you might not like their successors at some point in the future. Remember, Whatsapp is a wholly owned subsidiary of Facebook, a company whose failures —including its role in fomenting genocide — were so grotesque that it changed its name to “Meta.” The people who chose to put profits ahead of the Rohingya will get to decide who manages Whatsapp when the current crop is fired, quits, or dies.

That’s where interoperability and the DMA come in. By enabling third parties to plug into Whatsapp, the DMA will lower the “switching costs” of leaving Whatsapp for another service.

“Switching costs?” That’s another specialized economics term, often invoked in the same breath as “network effects” and “collective action problems.”

“Switching costs” represent everything you have to give up when you switch from one product or service to another. If you buy $250 worth of ink for your HP printer in an August back-to-school sale and your printer dies in September, then switching to another manufacturer’s model will cost you $250 in ink, since those cartridges are designed to work with just one manufacturer’s printers.

Companies love high switching costs. Facebook especially loves high switching costs and goes to extraordinary lengths to create penalties for users who disloyally switch from a Facebook product to a rival’s.

Interoperability lowers switching costs. When the DMA becomes law, Signal can choose to interoperate with Whatsapp. Note that the DMA doesn’t require Signal to do this, rather, it forces Whatsapp to cooperate if Signal chooses to do so.

That means that if Whatsapp changed its privacy policies again, and once again, millions of Whatsapp users installed Signal, they could all immediately delete their Whatsapp accounts and apps — because if Signal interoperates with Whatsapp, then people who stay behind on Whatsapp can remain in contact with users who switch to Signal, even though they’ve left Whatsapp for good.

In an ideal world, this might discipline the product managers and lawyers who run Whatsapp. The fear of losing users might keep them from further degrading their privacy guarantees, for example.

And in the real world, if Facebook’s well-established preference for its shareholders’ interests over its users’ safety triumphed again, and Whatsapp continued to renege on its privacy guarantees, then users could leave for Signal without being held back by the collective action problem of network effect-driven services.

I think interoperability is a really good idea for tech services, but I think the DMA’s designers have made their job much harder than it needs to be.

End-to-end encrypted messaging is the hardest of all the Big Tech services for the EU to start exploring interop with. It’s got incredibly high stakes: if the EU’s requirements inadvertently introduce a weakness in an end-to-end encrypted messaging tool like Whatsapp, it could expose billions of users to state and criminal surveillance.

Among those users are human rights defenders and dissidents in autocratic states, who could face imprisonment, torture and murder. Whatsapp has already been targeted by these regimes, and a Whatsapp hacking tool sold by the cybermercenary company NSO Group is implicated in the Saudi royal family’s kidnapping, murder and dismemberment of the journalist Jamal Khashoggi.

End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush.

Add to that the EU member states’ own hostility to encryption. EU governments have spent decades trying to undermine encryption to make it easier for spy agencies and police departments to spy on people in Europe and around the world. The idea that these same authorities will be dictating the functionality of end-to-end encrypted messengers raises entirely justifiable suspicions —and has pitted digital rights allies against one another.

In fact, end-to-end encrypted messengers are such a hard problem that some people have proposed a conspiratorial explanation for their primacy in the DMA: they say that saboteurs tweaked the DMA so that it punted on interop for social media and focused on messaging in order to sabotage it, killing the DMA by forcing it to start on the hardest level.

I don’t think that’s true, in part because I’ve been paying very close attention to the negotiations and meetings leading up to the DMA’s latest draft. In those meetings, I’ve watched many nontechnical European officials wrestle with the very idea of interoperable social media. They literally couldn’t imagine it. It’s been so long since the internet was composed of protocols, not platforms that the bureaucratic imagination founders when trying to conceive of what that might look like.

By contrast, every one of these officials makes use of an interoperable messaging tool every day: SMS. SMS is many things — expensive, limited in functionality, and wildly insecure — but it is also venerable and universal. European officials know that they can send a message from a phone with a German Vodaphone SIM while they’re in Brussels to a Dutch loved one with a KPN SIM who’s vacationing in Barcelona, and it just works.

I think that “interoperable encrypted end-to-end messaging’” sounds plausible to EU officials in a way that “interoperable social media” doesn’t” despite the fact that the latter is much simpler than the former.

Which is not to say that interoperable end-to-end encrypted messaging is impossible. It’s not only possible, but it exists and it has existed for decades: OpenPGP is a quarter of a century old.

It’s also incredibly hard to use correctly, and has an infinitesimal sliver of the user-base of Whatsapp.

Now, it may be that OpenPGP is hard to use and got very little adoption because of the intrinsic difficulties of making interoperable, end-to-end encrypted messaging.

On the other hand, it may be that a project that was created a quarter of a century ago, in order to standardize a protocol that was published thirty years ago, faced hurdles that a modern interoperable system would not have to contend with.

Compounding PGP’s three decades of crufty technology debt is its shoestring budget. When Ed Snowden started using PGP to communicate with journalists, he was relying on a tool that was maintained by a single developer — who worked part-time.

Even a state-of-the-art messaging tool, built from scratch for modern systems and networks, is going to struggle to support millions of users if there’s only one part-time developer working on it.

I think that the true lesson of OpenPGP is that end-to-end, interoperable encryption is absolutely possible, but it helps if you don’t have to design it to run on a Compaq 486 IBM PC clone running Windows 3.0, and if the maintenance of the project is managed by multiple engineers, not a single part-time semi-volunteer working for donations in his spare time.

DMA critics know about OpenPGP, so they know that interoperable encryption is possible, so when they claim otherwise, they’re really saying, “interoperable end-to-end encrypted messaging is impossible if you are going to provide the same usability, spam-fighting and anti-harassment tools as Facebook.”

Or, put another way: “it’s impossible for proprietary end-to-end encrypted messaging to be non-proprietary.” That’s obviously true — tautological, even! — and that’s what we’re really arguing about here.

Not only is end-to-end encrypted interoperable messaging possible, it’s also more secure than proprietary messaging tools like Whatsapp, because it protects the users that Whatsapp doesn’t deign to notice or care to safeguard.

Take account removal, a key tool for fighting spam and harassment. Facebook has a history of collaborating with dictators to get dissidents’ accounts terminated. If other services could interoperate with Whatsapp or Facebook Messenger (say, services operated by disaporic dissident communities), then these interoperable services would neutralize the threat of Facebook’s collusion with autocrats. If Prime Minister Hun Sen got you kicked off of Cambodian Whatsapp, you could just sign up for Cambodian Dissident Whatsapp and jump back into your conversations.

It’s not just dissidents who have to fear disconnection from dominant messaging platforms. In the absence of interoperability, network effects produce “winner-take-all” dynamics in which a single messaging service comes to dominate in a community, application, or industry.

Today, Facebook captures and analyzes the traffic on its messaging apps, feeding it to machine-learning algorithms that unilaterally delete accounts suspected of spamming or harassment.

These instantaneous, automated, unilateral judgments occur at impossible scale and velocity. Attempts by tech platforms to institute due process for these policies have either produced appeals that are fast, but too cursory to matter; or deliberative, and too slow to matter.

Winner-take-all systems, combined with arbitrary, wholesale disconnections, and the failure of due process, create a new risk for users: that Facebook, Apple, or some other Big Tech gatekeeper will terminate your connection and leave you disconnected from social services, or customers, or school, or a support community, or your family.

The focus on the ways that interoperators might weaken Whatsapp’s security is important, but just as important is considering the ways in which interoperators might strengthen it. That includes having better, more accountable processes for disconnection and reconnection.

It also includes using different mechanisms for deciding who is accused of spamming or harassment. For some users, having Facebook mine the metadata for all of their conversations is a reasonable price to pay for reductions in spam and harassment. For other users, having that data collected at all — let alone analyzed — is a security risk in and of itself.

Big Tech has an army of security engineers who are truly dedicated to protecting us from many threats. But those engineers are explicitly prohibited from taking steps that protect us from their bosses, and their bosses’ shareholders.

Interoperability is the key to resolving this tension. Starting with end-to-end encrypted messaging is a bad idea, but not because messaging doesn’t need interop. Rather, it’s the kind of advanced-level interop that would benefit from the experiences we’ll gain from forcing interop on social media, app stores and other products and services.

But once we’ve learned those lessons, we should absolutely break the proprietary stranglehold over messaging. It’s great that Whatsapp chose to bring strong privacy to billions of users, because everybody deserves privacy.

And that means that privacy is too important to be at the mercy of an eminently fallible, inconsistently benevolent dictator.