CryptoDB
Interoperability in E2EE Messaging
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | The recently passed EU Digital Markets Act (DMA) will require large “gatekeeper” companies like Meta and Apple who run widely used end-to-end encrypted (E2EE) messaging apps to allow interoperability with other smaller E2EE apps, on request. Users will be able to communicate with each other across providers: for example, a user on Signal would be able to chat with a user on WhatsApp. The law itself is light on details or concrete requirements, leading to both its supporters and detractors arguing based more on speculation rather than hard evidence. One thing these opposing sides agree on is that the DMA’s interoperability mandate will require fundamental changes to the design of existing E2EE messaging. But what changes will the law require, exactly? How will these requirements be translated into new designs? Will these new designs have new security challenges? These and other critical technical questions lack clear answers today; since legal interoperability requirements under the DMA could take effect as soon as March 2024, and similar legislation has been proposed in the US, it is imperative that the community starts trying to answer these questions now. The purpose of this talk is to introduce E2EE messaging interoperability to the broader cryptography community. Our first task will be to interpret -- guided by existing legal analyses, where available -- the text of the DMA’s interoperability mandate for the community, highlighting requirements and identifying key pieces we believe will have the biggest impact on new designs. Next, we will break down the specific challenges of interoperability in three key areas: identity, protocols, and abuse prevention. For each area, we will briefly survey the landscape of possible designs, critically evaluate proposed solutions, identify novel cryptography-focused questions where more research is needed, and elaborate a minimal list of properties we believe any solution should satisfy. We also identify a set of overarching principles that should guide new designs, e.g. limiting cross-platform metadata leakage. Our goal is to bring the cryptography community into the ongoing dialogue between regulators, policy scholars, industry practitioners, and users about what interoperable E2EE messaging will look like. |
| Video: | https://youtu.be/sthXs4zJ5XU?t=3309 |
BibTeX
@misc{rwc-2023-35456,
title={Interoperability in E2EE Messaging},
note={Video at \url{https://youtu.be/sthXs4zJ5XU?t=3309}},
howpublished={Talk given at RWC 2023},
author={Esha Ghosh and Paul Grubbs and Julia Len and Paul Rösler},
year=2023
}