I am so angry at the ignorance of these EU bureaucrats (aka idiots) that I cannot clearly state why I think this is going to hurt consumers. I’ll let others speak for me.
Demanding that vendors of encrypted messengers figure out how to simultaneously open up their service to interoperators and maintain security is a tall order, even though the demand is limited to very large, well-funded companies like Apple and Meta Platforms (Facebook). As applied to encrypted messaging, interoperability could encompass a range of approaches from simply requiring users to be able to connect to a service with the client of their choice, all the way to a fully federated model akin to email. These approaches would have vastly different effects on security. A technological solution that is simple to express in legislative terms can have unintended consequences, such as creating incentives for companies to compromise on the security of users’ communications. As with recent US proposals for law enforcement access to encrypted data, policymakers need to safeguard users’ access to truly secure communications.
...making encrypted messaging interoperable simply cannot happen in the timeframe envisioned by the DMA if it has any hope of resolving the significant technical and policy hurdles. The DMA’s time limits on gatekeepers to provide interoperability—three months after a request in the case of one-to-one encrypted messaging; and within two years for group messaging—are far too short. By comparison, Meta Platforms (Facebook) announced plans to interconnect and encrypt three of its own messaging products in March 2019, and this project is still not complete. Getting interoperability right would require participation by a much larger group of stakeholders as part of a standards-setting and governance process and would therefore likely move at an even statelier pace.
The computer security expert Steven Bellovin argues interoperable end-to-end encryption “is somewhere between extraordinarily difficult and impossible,
This is bananas. All third party developers get control over the secure enclave and the software that controls it? Would be good to give them such control over the camera, microphone, and location data, too.