Much has been written in the last two weeks, following the EU’s landmark decision to clampdown on tech walled gardens, with its lawmakers agreeing “that the largest messaging services (such as Whatsapp, Facebook Messenger or iMessage) will have to open up and interoperate with smaller messaging platforms, if they so request.” The Digital Markets Act has several serious ramifications for Apple, such as unpicking its App Store monopoly to allow side-loading for the first time, but it’s the impact on iMessage that will hit hardest.
As the months tick away until the release of iPhone 14 and iOS 16, Apple risks repeating the mistakes of last year, when its launch plans were nearly derailed by a content-scanning scheme that sparked outrage. Apple already had a significant issue after promising to reconsider last year’s divisive decision. With a game-changing new regulation and a stern warning addressed at its billion-plus iPhone users, the problem has only gotten worse.
Google Messages introduces ‘iMessage-like’ experience
Google Messages introduces ‘iMessage-like’ experience GOOGLE
This is a huge mistake and is not in the interests of the billion-plus iPhone users who still fail-over to unsecured SMS when they message non-Apple users from their devices. Apple should be forced to either offer its users the ability to run Signal or WhatsApp, both cross-platform and secure, as iMessage alternatives, or it should fully open up to RCS. This is technically difficult, but in not doing so, Apple is essentially preventing the world from moving to SMS v2.
The situation for Apple’s iMessage and Google Messages is very different. These are stock messengers, and in Apple’s case there is no way for a user to select an alternative SMS client on their device. While Google has taken the lead in pushing out RCS—an update to SMS, and has now added encryption into the mix, Apple has steadfastly refused to play outside its walled garden.
Talking of bad news for iPhone users, a new report commissioned by Meta and published this week will make uncomfortable reading in Cupertino. The Business for Social Responsibility (BSR) report into the Human Rights Impacts from end-to-end encryption is ostensibly focused on Meta’s plans to expand such security from WhatsApp to cover Facebook Messenger and Instagram as well. But it also includes a warning that seems to have Apple’s iPhone plans in mind.
While the DMA goes too far in some ways and risks unintended consequences, regulating operability between the stock messengers on Android and iPhone, enabling users to move forwards, ensuring network messaging is not held back, is the right move. Apple’s decision to hold out, reportedly for commercial reasons, has been bad news for its users—it’s not in their interests.
There are complexities in Meta’s own plans, specifically around the dangers in linking encrypted messaging with social media platforms, but the bad news for Apple and its billion iPhone users is that the report also challenges the client-side scanning that Apple has introduced to iMessage and still plans to implement at some point to scan photos for known child sexual abuse imagery.
“Nearly all proposed client-side scanning approaches,” BSR warns, “undermine the cryptographic integrity of end-to-end encryption, which because it is so fundamental to privacy would constitute significant, disproportionate restrictions on a range of rights, and should therefore not be pursued.”
Apple’s argument is that automated scanning on an iPhone to tag possibly illicit content doesn’t present the same privacy risks as scanning everything in iCloud. From a messaging perspective, it watered down its plans to report minors sharing potentially erotic images to just a user warning. But even so, iMessage has now opened the concept of end-to-end encryption scanning, and as I have argued before, it’s a short line from this to regulatory insistence on more of the same. There is of course an interesting twist in Meta and its commissioned report criticising Apple on the privacy front, notwithstanding that it’s not named. Apple’s crackdown on Meta in the last year has had a major impact on the company, and Meta’s Mark Zuckerberg has called out iMessage before as the biggest competitor to its own messaging platforms, especially in the U.S. And so, the impact of Europe’s DMA on the two tech giants will be a veritable popcorn moment.
Apple should now step back from any plans to introduce client-side scanning, given the broader implications on users the world over. It was an ill-conceived solution and Apple would do well to acknowledge this, and introduce the same public cloud scanning for CSAM that others have implemented without any such controversy or backlash.