top | item 34996859

(no title)

danrl | 3 years ago

A convenient first step for European governments towards killing effective end-to-end cryptography usage in everyday messaging. It used to be checks notes „terrorism“ and „child safety“ and now the hot new thing is „interoperability“. Who would have thought, that of all the above, „interoperability“ would be the one that makes it into legislation.

discuss

MattJ100|3 years ago

Fact check: The Digital Markets Act explicitly calls out end-to-end encryption as a feature that MUST be preserved if the platform supports it.

From Article 7:

"The level of security, including the end-to-end encryption, where applicable, that the gatekeeper provides to its own end users shall be preserved across the interoperable services."

Vt71fcAqt7|3 years ago

The way appositives work is that they qualify the preceding subject. Here you have two appositives so you can read "where applicable" as qualifying "including end-to-end encryption" or "the level of security." If "where applicable" is qualifying "the level of security" the staement reads "the level of security, where applicable, that the gatekeeper provides to its own end users shall be preserved accross the interoperable services." (And this seems to me the most accurate meaning. In any case it can be read that way.) Even if it is qualifying "the level of security" it is still in the end only "where applicable" which can still be read to mean the same thing. In fact, reading "where applicable" to mean "where already existing" as you implied, is redundant because it is already given in "shall be preserved" and "the level of security." Now we can read "where applicable" to imply that e2ee does not apply when the EU says it shouldn't.

closetnerd|3 years ago

Is there more on this? Can this as is really be enough to maintain the security guarantees Apple currently provides?

sandgiant|3 years ago

I'm curious about this too. At least now I have fairly decent confidence that when I send an iMessage to someone, Apple protects their identity to whatever standard they have. Whatever trust I put in Apple, at least it's a single point of failure.

What happens if interoperability is enforced and messages have to be end-to-end encrypted? Wouldn't that mean that any side-loaded Android app would have to be able to get hold of my friend's private iMessage key?

On iOS I guess you could still keep the key private through Apple's SDK, but what about other platforms?

blep-arsh|3 years ago

The protocol is just registering a public key for each device to the server-side directory. A device-specific private key is generated and kept client-side on every device that logs in to iMessage.

int_19h|3 years ago

Why would a side-loaded Android app get a hold of a binary blob owned by another app, without the user granting such access explicitly?

ThatPlayer|3 years ago

You can continue to put your trust in only Apple: the DMA also says users should be able to enable and disable interoperability.

rodgerd|3 years ago

> On iOS I guess you could still keep the key private through Apple's SDK, but what about other platforms?

It's such a huge win for Facebook and Google - I'm not worried about "sideloaders", it lets them crack open the privacy of iMessage by simply having a view on conversations they can't see under the guise of interoperability.

The EU are just rolling a surveillance capitalist's wet dream with rulings like these.