Tag: technology

14. The EU’s DMA and Chat Interoperability

I am not a computer security or cryptography expert.

I’ve been doing some research on this thing the EU recently passed, called the Digital Markets Act (DMA). Among other things the new law wants chat platforms like WhatsApp and iMessage to interoperate. This sounds great! There are too many different chat clients and everyone I’ve ever talked to about this is annoyed by them and only uses some subset of them. There’s the plethora of products (all of which are pretty jank and bad) trying to give consumers a single frontend. People want this. 

And we want it with ‘end to end encryption’ (E2EE), which just means that nobody other than you and the people you’re talking with can read your messages. WhatsApp, iMessage, and so on implement this within their platform already–when you send a WhatsApp message (supposedly) it’s E2E encrypted and Facebook can’t read your messages. But you can’t use WhatsApp to send a message to someone on iMessage–yet. That’s what’s being discussed.

There are some extremely hysterical loud voices against this DMA:

> This is a mind numbingly foolish, privacy-destroying, encryption-busting, innovation-killing proposal, dressed up in clothes of anti-monopoly.

Alec Muffett, security industry veteran and expert

Yikes!

> A cynic might say that this is a way to effectively outlaw E2EE while framing it as an antitrust move against tech.

Alex Stamos, the former chief security officer at Facebook

Double yikes! These are both qualified people who probably know what they’re talking about, and they’re decrying this as the end of secure messaging and maybe the end of everything as we know it!?

Arguments look like:

  • it’s impossible to achieve interop on a technical level while preserving E2EE
  • it stifles innovation because standards are slow to update

Why, though? What makes this so complicated? Why is having standards for encrypted messaging going to ruin security for everyone forever?

The innovation claim is a little boring. What we’re talking about is chat apps. The biggest new feature any of them have implemented in the last 5 years is emoji reactions and inline ‘reply’ messages. Isn’t the gain offered by having interop between the clients worth a lot?

Interop is clearly something the various chat providers are disincentivized from doing. Meta benefits by having WhatsApp or Messenger lock-in, Apple benefits by having iMessage lock-in, etc. It’s hard to disentangle doomsayers with good pro-security intentions from the corporate incentives–both of which are at play here.

Regulation requires developing a deep technical understanding of the issues at stake, and discussing them with experts in public. So far, the EU hasn’t shown much evidence of doing either

Casey Newton via this tweet

There needs to be cooperation between the technical side and the legislative side to craft good legislation. But, there’s an adversarial element here that’s hard to disentangle. Private companies are quick to shout that the EU or other government is not consulting them, all while simultaneously lobbying against those lawmakers.

In war you might first start off fully adversarially by trying to win outright and with the goal of annihilating your enemies. Then, if you see things aren’t going to go your way, you might shift towards trying to soften the blow and direct the outcome as best you can so things go well for both parties. It seems to me like both the governments and the tech companies in reality have the adversarial stance… but the above quote is stone-throwing that the governments should have the cooperative stance.

Here’s a writeup from someone at Matrix about potential paths forward. This strikes me as much more sober, compared to the hysterical tweeting about literally the end of all encrypted chat. The piece mentions some solutions to the key exchange problems at hand, including some that Matrix has already been exploring. 

The suggestions are running a client-side bridge on the user’s device, which would allow crosstalk between the different chat platforms. Or switching to a decentralized / federated protocol at the interface between chat providers. Or to worst-case notify the user when they’re talking to an untrusted participant. Though, I worry that this last suggestion could lead us to more things like the annoying GDPR-mandated cookies notifications. It’s clear that care needs to be taken in crafting responsible legislation that actually does what we want it to do.

Zuckerberg has previously stated that he wants interoperability between Facebook chat and WhatsApp, but this person on twitter states that since they’ve been working on this problem since 2018 it’s too hard to solve. This is a good point! Why is Facebook having such a hard time unifying Messenger and WhatsApp?

The EU is running the show with respect to tech legislation. Meanwhile, American lawmakers are on the sidelines, as Casey Newton puts it. 

Sure, these are hard problems, but they matter! Rather than a lot of excuses, I’d like to see if any experts can actually draft proposals on how to solve them. We want unified secure chat!

The Socialist Utopia At The Tip of the Iceberg

I recently started working at a Large Software Company in Seattle. It’s my first job out of university, and I’ve been working on being mindful of the experience.

Increasingly it seems to me that Large Software Company is, internally, a socialist utopia. People work as much as they’re going to work, and are compensated quite handsomely… enough, I’d say, for most resources to not be scarce. Within reason.

“From each according to their ability, to each according to their needs.”

To me, this nominally constrained post-scarcity is what socialist and marxist thought envisioned about 100 years ago. By nominally constrained, I mean it’s not a perfect utopia. There’s no fountain of chocolate, and everyone can’t be an artist/singer/poet. It’s a socialist utopia not in the sense of some idealistic asymptotically impossible heaven on earth, but in a real-life, this-is-actually-happening sort of way. No to downplay the situation, a real utopia is more utopic than one imagined.

Here are some key points to consider, in no order:

  • Individual contributors at Software Company have job security. That is, they rarely get fired unless they’re seriously underperforming—i.e. not working according to their ability.
  • We each make enough to not need to worry* about short term finances. From the point above, we have job security, and our minds and wallets are free to wander from
  • There’s horizontal mobility within the company: individuals are free to devote their working hours to whichever pursuits fit their fancy. Again, this is in a nominally constrained sort of way… Most pursuits available to fit ones fancy involve building software, albeit across a wide range of markets and audiences. You can’t really be anything you want to within the company, but you could for instance be any type of software engineer.

* I want to emphasize financial worrying in particular. There’s some amount of research which indicates stress associated with finances can seriously reduce life expectancy, resilience to disease, and all those other Bad Things which come with constant fretting about how you’re going to put food on the table.

…But what about everyone else?

We, the employees of Large Software Company, as well as the employees of most all other large software companies, get to participate in our socialist utopia-of sorts… but what about everyone else? Most of the residents of a place don’t work for Large Company… or may even work for Other Company. With exceptions, everyone not working for a company (any sort, including non-software), is either seeking employment at a company or attempting to start their own. And even most startups seek to be “aqhired” by other, larger companies.

The web of each company’s workers permeates through a fractured society of other such webs. Tribes, each pulling together the resources for themselves to survive. Some, seeking to be gobbled up by other, larger webs. Company A employees ride the same bus and use the same grocery store as those working with Company B, but will likely never share words or thoughts with each other, even sitting 8 inches apart every morning. We each do not mix with others, we merely share the same space. And they do not mix with us.

America is a cultural wasteland. Very little unites us besides coincidence, the same borders and physical space are not the stuff of true unity. We think different thoughts, we interact with our own, and on occasion build bridges to incorporate new people and their groups in turn.

Our 21st century social climate is populated by roving strandbeests we call corporations, built out of congealed sweat, blood, and hardened legalese. Mounted by the people who’ve climbed on or in, those who now fuel its Product Development furnaces and Business Marketing Decisions. Protected by our modern knights clad in the armor of Law. The machines slowly crawl over the vast swaths of employment-seeking human ants, reaching down towards the chaotic ground to selecting new members of itself, those once separate are sublimated eagerly into the whole.

In exchange for pieces of our individual self, we are given a taste of utopia.