(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Explaining fundamental problems of the EU #DMA demanding instant #messenger #interoperability, via fun analogies with food & sex — #endtoendencryption #e2ee

2022-03-25 22:00:00+00:00

Thomas Urbain (AFP)

Thanks for getting back to me. Here are some questions:

What are the main issues with implementing interoperability for messaging apps ?

Would it require standard protocols to be implemented by all participating players ?

How far are we from it becoming a reality ?

Could end to end encryption work from one messaging app to another ?

Who would benefit from interoperability ?

Put simply: there are a clique of politicians and privacy activists who have gained influence in the EU; they have achieved this by painting Mark Zuckerberg, Tim Cook (etc) as cartoon supervillains, fostering a mindset of “stopping the evil American corporatists at all costs” rather than looking at the risks and benefits to humanity as a whole.

Frankly, I used to be one of these activists. And then I learned about big systems.

Such people pursue and promote “interoperability” because they envision Facebook, Google and Apple as essentially cookie-cut, basically identical “phone companies” which *should be forced* to enable the ability of users to “call” / “message” each other, at any cost, between “phone companies”, because that is how they now-and-historically consider platforms: as centrally controlled telephony structures owned by pseudo-state-nationalised or robber-baron monoliths.

They also pursue “interoperability” because it offers opportunities to impose huge and dramatic fines when the platforms fail to deliver the impossible.

The truth is that the software industry is a lot more like the restaurant industry: you go to a restaurant in order to have a nice experience with a given set of friends, and you go there for the specialties of the house. Some restaurants are McDonalds. Some of them are boutique Michelin-starred places with excellent discretion. If you went into a McDonalds and said “In the interest of breaking corporate monopolies, I demand that you include a sushi platter from <some other restaurant> with my order”, they would rightly just stare at you.

But it’s McDonalds, right? They are huge. It’s almost a monopoly. Therefore they should be forced to enable such consumer freedom, because surely no consumer should be obliged to go to a Sushi restaurant to order Sushi.

But this metaphor is even better than that: what happens when the requested sushi arrives by courier at McDonalds from the ostensibly requested sushi restaurant? Can and should that McDonalds serve that sushi to the customer? Was the courier legitimate? Did they actually fetch the sushi from the customer’s genuinely-desired restaurant, or is it from a fake place, nearer by? Was it prepared safely? Has it been transported securely so that it won’t develop malware/food poisoning? Did it get swapped in transit? Has the courier (or anyone else on the handling chain) spied on the customer details? And how are costs going to be shared?

This is the problem. The interoperability proposal is dressed up as making the customer’s life easier, but in the process exposes the customer to metaphorical food-poisoning: connections from fake identities, bad data/food, bad food-handling/interception or tampering, and expanded oversight/surveillance … with all of this ignoring the massive imposition of complexity. The proposal destroys McDonald’s/WhatsApp’s/Apple’s/your favourite sushi restaurant’s ability to provide a consistent and trustworthy experience.

It’s a bad proposal.

Standard protocols? Well, that could happen, but then every restaurant in the would have to serve basically the same menu, and there would be no practical differentiation, and no such thing as a sushi restaurant any more. I hope to god that this does not become a reality, because I actually use different tools for different purposes — and, to swap metaphors, I am certain that people who have affairs, etc, will not want to have different and particular messaging apps to suddenly start “interoperating”.

There are people — some of them respected academics — who are presenting the following false-equivalence fallacy:

all end to end encrypted messengers use “algorithms”

some of the “algorithms” are the same

because they are all algorithms, they can all interoperate.

… just like:

lots of restaurants use Beef

therefore all restaurants can use the same Beef!

…which suddenly means that you can’t order Kobe Beef — nor a steak-frites, nor “The Impossible Vegan Burger” — and instead all beef is a Big Mac patty, by EU law.

What we need is more apps, more diversity, and if the EU believes in federated protocols — which is essentially what they are calling for — then they should help fund efforts like Matrix.

The EU should not go around trying to force McDonalds and YoSushi to allow customers to cross-order.

Corin Faife (Verge)

…so interoperability would at some level be forcing all message services to use the same protocol, and you (and others) are concerned that this would be a less secure, lowest-common-denominator option

To be absolutely clear :

I am not “concerned that this would be a less secure, lowest-common-denominator option”

…I am concerned that this requires secure ecosystems, secure enclaves like WhatsApp or iMessage, to drill holes in their protective bastion walls and start passing messages back and forth as-if they were part of a single entity with a solitary model of identity and trust and security.

It’s a bit like demanding that the UK and the EU, post-Brexit, must have “free movement”, in which case what was the whole point of Brexit? — a question I ask myself daily — [as] the whole point of Signal, Telegram, WhatsApp, iMessage, etc. is that they are separate, distinct spaces, places where you can have a distinct experience with a [distinct] set of friends and peers.

Demanding that the Microsoft Teams and Tinder/Grinder apps you use, can all see and message each other, is a really bad idea.
[END]

[1] URL: https://alecmuffett.com/article/16037
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.