In just a few years, instant messengers have become the main service in telecommunications, but unlike the telephony that has prevailed for a long time, there is a lack of interoperability. Many users can only communicate with all their contacts if they install several messengers and learn several operating concepts. This has long been a thorn in the side of many customers, some companies and also messenger developers.
But with the DMA, and possibly in the future with a similar law being discussed by US lawmakers, the pressure to create interoperable solutions is suddenly very great. Dominant instant messenger operators, including Apple and Facebook, will likely need to offer text messaging capabilities with smaller messengers by next year. This is required by Article 7 of the Digital Market Act, which came into force on November 1, 2022.
The Internet Engineering Task Force wants to provide decisive help with open specifications that all messenger operators can then use. The new working group wants the details More Instant Messaging Interoperability (MIMI) and for this purpose it meets at short intervals right from the start, i.e. every two weeks. Despite the short interval, it remains to be seen whether it will be able to meet the European legislator’s deadlines. A look at the protagonists sometimes shows very different interests and a large number of suggestions and options.
In February, around 1000 people sent by companies, organizations and regulators took part in a workshop organized by the European Commission, discussed possible solutions and estimated the effort required. For example, WhatsApp is based on a variant of the signal protocol, while iMessage is based on Matrix. In the workshop, the EU Commission kept a low profile on who exactly is committed to interoperability. Meta, which will hardly be able to escape as a WhatsApp and Facebook operator, sent its general counsel, Stephen Hurley, to Brussels to exert influence.
Not rocket science, actually
If you believe Matthew Hodgson, one of the founders of Matrix, at least the transmission of text messages could be easy. At the workshop, he showed a chat between a WhatsApp and a GoogleChat client, mediated by bridge applications and two matrix servers. A Matrix developer needed three to four weeks for this demo, Hodgson said when asked.
Since 2014, the matrix team, which is set up as a foundation, has been developing the matrix protocol specifically as a federated system and thus as an alternative to the centrally set up messenger services. On this basis, customers such as the Bundeswehr can operate their own messenger instances (home server) and communicate with other Matrix users at the same time.
Hodgson and co-founder Amandine Le Pape therefore see Matrix as a candidate for a protocol that enables messenger interoperability. At the IETF’s MIMI working group, which met for the first time in March, Hodgson and colleagues have already proposed Matrix as a conceptual framework and transport protocol.
Security, Confidentiality and Anonymity
However, some crypto researchers around Sophia Celi have found vulnerabilities in the Matrix protocol, which means more work if the interoperability of the messengers is not to become a security problem. Among other things, the researchers had shown that the federated network can be infiltrated by attacks on home servers.
The idea of bridge servers that mediate between the services has now been abandoned, Hodgson admitted in Brussels. As long as there is no common protocol that all messengers use, client-side bridging is meant to mediate. The messages are only decrypted on the devices of the users involved.
Determining user IDs (discovery) is tricky, because these are often phone numbers. The same phone number can be assigned to more than one client at the same time, so that it is then unclear which client a message reaches under a specific number. In addition, unwanted readers can access trustworthy metadata based on phone numbers.
Threema: Herculean task with an uncertain outcome
Some operators are therefore at least reserved, if not skeptical, about interoperability, including the Swiss company Threema. Martin Blatter, co-founder of the company, considers both network elements that decrypt content on the transport route and mediating interfaces (gatekeeper APIs) to be unsuitable for large messenger providers.
In his view, both contradict the expectations of Threema users, because, for example, Gatekeeper APIs could play into the hands of services like WhatsApp that are interested in user data. “From our point of view, protecting the privacy of users is the most important thing,” Blatter told c’t.
Threema also wants to hold back on messenger interoperability for economic reasons. For the service, which has around 11 million subscribers, it would be uneconomical if armies of other messenger operators suddenly started using Threema’s infrastructure. “We still have to pay our bills ourselves,” he explains. However, Threema users only pay 5 euros once. And if Threema suddenly becomes accessible from all major messengers, the small provider could suddenly run out of arguments to retain more customers for a fee.
If the various parties involved manage to agree on a specification, Blatter fears that the “lowest common denominator” will be insufficient and also that it will be clumsy. A messenger with video calls and group chats, and all of that heavily encrypted, is not as easy as classic email.
As a relatively small messenger, Blatter is “fortunate” that Threema is not one of the gatekeepers for which the commission will ultimately demand opening.
Security killer complexity
Skeptics like Blatter are supported by privacy researcher Ross Anderson from the University of Edinburgh. Together with his colleague Jenny Blessing from the University of Cambridge, he warns against lowering the security level by forcing the messenger to open.
Both are convinced that interoperable end-to-end communication is feasible, “but this requires numerous new protocols and processes, cryptographic and human, in order to maintain reasonable security and usability requirements.” It is not enough to have cryptographic protocols add up so that one service provider can forward messages to another. One also has to consider the many features and protocols that current end-to-end encrypted applications contain.
Anderson and Blessing argue, “The complexity of the interoperable system could compromise security because of the many dynamic parts, in the same way that key trustees compromise cryptographic keys, even if kept perfectly secure.” Vulnerabilities in one of the services could easily compromise the security of the whole Undermining messenger ecosystems.
Alissa Cooper, one of three chairs of the MIMI working group and Vice President of Ecosystem Engineering at Cisco, also believes that attackers would only have to find one vulnerability in order to be able to attack many services. Nonetheless, the Cisco-powered WebEx messenger already includes some interoperability features, Cooper added. Microsoft Teams users can start WebEx calls with a click.
MIMI-Optimisten
As chair of the MIMI working group, Cooper is practically part of the team of optimists, even if she is skeptical about the deadlines set by the EU Commission. “Very ambitious” is the target. If the EU Commission classifies a company as the dominant messenger operator (gatekeeper) and then a small messenger operator (access seeker) demands interoperability, the large company only has a few months to offer interoperable text chats. Interoperable group chats must then follow after two years and group video calls after four years.
It is still unclear whether gatekeepers can ask each other to open up and whether and how the Commission will make a distinction between EU and non-EU participants.
Hard work also lies ahead for the MIMI working group. Apart from Matrix, representatives of the Berlin messenger operator WIRE have also submitted further suggestions for parts of the specification. And Cisco engineers have the Simple Protocol for Inviting Numbers (SPIN) up for discussion. Rohan Mahy is taking care of a common content format for WIRE, which is also significantly involved in the proposed Message Layer Security (MLS). Raphael Robert, formerly Chief Security at WIRE and now R&D CEO at Phoenix, served up a proposal for a “delivery solution” between messengers.
In principle, the IETF wants to rely on its own specifications. For example, there is some evidence that the MIMI group could agree on MLS for end-to-end encryption. According to Mahy, one reason for this is that the widespread signal protocol and its variants are not in the hands of the IETF community. Messenger operators like Threema also reject interoperability. Mahy, on the other hand, is one of the drivers of interoperability. He had initiated the establishment of the MIMI working group even before the EU had its Digital Markets Act 2022 in the towel. Following the completion of the MLS specification, WIRE’s next logical step is to continue interoperability.
But the IETF has to choose between many proposals for the transport protocol that is supposed to mediate between the messengers. In addition to Matrix, the good old but not very successful Jabber protocol XMPP is also on the list, and Cisco developers brought Quic into play.
For the DMA of the EU Commission see also:
EU submits: Special rules apply to these 19 Internet services
(dz)
