In Europe, new laws will require Apple to promote cross-platform messaging. The Cupertino-based company will have to make iMessage more interoperable with “smaller” messaging apps. EU officials on Thursday agreed on this ruling as part of the Digital Markets Act (DMA). DMA establishes a series of prohibited acts and obligations that big tech companies need to follow.
DMA and The Gatekeepers
EU legislators recently promulgated the Digital Markets Act (DMA) to put an end to the dominance of big tech companies such as Google, Meta (Facebook), Amazon, and Apple. “From now on, Big Tech companies must show that they allow for fair competition on the internet,” said lead MEP Andreas Schwab. This is part of Europe’s drive to ensure more competition, more innovation, and more choices for users in the digital environment.
The DMA rules designated big tech companies as “gatekeepers.” Gatekeepers have a market capitalization of at least 75 billion euros ($82.4 billion) or an annual turnover of 7.5 billion euros ($8.2 billion).
Can Cross-Platform Messaging Work?
European Parliament, Council, and Commission reached the agreement after almost 8 hours of discussion. They agreed that large messaging apps should be interoperable with smaller messaging platforms. These include WhatsApp, Facebook Messenger, and Apple’s iMessage. The ruling requires messaging apps be able to exchange messages, send files, or make video calls across platforms. This applies to all messaging apps, regardless of size.
On paper, it would seem easy to apply this ruling but technically, it might be difficult to implement. Certain variables must be considered and companies will require different levels of interoperability due to encryption.
Penalties for Breaching the Rules and Next Steps
The rules also established penalties for those companies found violating them. These fines range from up to 10% of the company’s annual worldwide turnover for the first violation to as much as 20% for repeated violations.
All that being said, the European Commission must implement the new rules to gain tangible results immediately. The rulings still require finalization and approval by Parliament and Council. They will then go into effect within six months. In the meantime, the EU commissioners are still working on the finer details of the agreement.
Security is a nightmare for everyone. This well-intentioned plan will create unintended problems. Who has liability here? The EU won’t take responsibility and the companies will be absolved via their terms and conditions. That leaves the end user holding the bag. More competition (not really, but OK) and more personal vulnerability.
Arnold:
This is one of those ideas that, in abstract sounds great (who could possibly object to message interoperability irrespective of client software?), but in which the devil is lying the details. While Messages will create a decryption key that only the recipient device can access, there are multiple other points of attack, including a hacker creating another encryption layer with a hacker’s key, in addition to attacking the cloud server where the messages are stored and several other points of vulnerability.
We have seen, time and again, how many large companies that one should think have substantial security, fail in almost amateurish fashion, let alone smaller companies. If the third party lacks state of the art security protocols, or the third party user is side-loading spyware, this will create a back door into the Apple Message user’s otherwise secure messaging platform – at least for exchanges with that third party app user.
The question is, will European lawmakers stipulate that these companies provide a pre-specified level of security for their platforms, including their cloud servers, provide for oversight of compliance, as well as penalties (on top of being legally liable) for failure to comply? If not, the bad guys can simply sit back and watch the Europeans score a game-winning own goal.
Apple gave the same argument in its rebuttal against making iMessage interoperable with other apps – privacy and security vulnerabilities plus undermining of intellectual property.