Interoperability of digital platforms may raise user security risks

Proposed interoperability among messaging apps like WhatsApp, Telegram, as per draft Digital Competition Bill, might enhance user convenience but raises concerns over heightened privacy breaches

Messaging platforms such as WhatsApp and Telegram in India may soon be asked to allow 'interoperability' across different platforms, according to the requirements under the draft Digital Competition Bill.

As reported by Business Standard recently, in the draft version of the bill, “It is being suggested that apps, such as WhatsApp and Telegram, should share their APIs (Application Programming Interfaces) with each other to ensure there is interoperability, just as it exists across email services”.

While this is being hailed as a step that will enable data democratisation, enhance competition, and provide ease of messaging to users, experts say that this might put users at greater risk of cyber-attacks and privacy breaches, especially if it is not handled carefully with strong rules in place.

They further stress the need for developing common standards for encryption and exchange of texts across different platforms.

“One of the key concerns when it comes to interoperability is the protection of end-to-end encryption. Instant messaging platforms typically employ proprietary protocols, and aligning these varied systems poses significant technical challenges,” said Saksham Malik, Senior Programme Manager, Competition Law and Policy, The Dialogue.

“There's a need to develop a standard mechanism for secure key exchanges and a consensus on encryption methods, ensuring that all platforms maintain a uniformly high level of security,” he added.

Experts also emphasise that users should have the choice of 'opting in' to the feature once it is available.

"A crucial requirement here, and it cannot be overstated, is that users must have the option to opt in. This means a consumer can decide whether or not they want to engage in exchanging messages with third parties," said Gautam Busi, Partner, Technology and Privacy, King Stubb & Kasiva.

“This is significant due to the potential risk of spam and scams,” Busi added.

The discussion around cross-messaging functionality, also known as 'interoperability', started with the European Union’s Digital Markets Act (DMA) last year.

It classified six big internet giants, including Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft, as 'gatekeepers' and asked them to open their platforms for third parties to inter-operate.

A gatekeeper company, as defined by the EU's Digital Markets Act, refers to a large online platform that holds significant market power and acts as an intermediary, controlling access to digital services for other businesses and users.

In line with the requirements of the EU’s regulation, Meta-owned WhatsApp has been testing an 'interoperability' feature for its users in European countries and plans for a rollout soon, media reports suggest.

The messaging giant with 2 billion users worldwide also plans to release technical information for third-party integration with its platform, requiring companies to sign agreements and adhere to WhatsApp's terms to connect their apps, in compliance with the DMA.

WhatsApp’s move could see other platforms too opening up their platforms for cross-integration, experts believe.

Falling along similar lines, India’s draft Digital Competition Bill might also require platforms to open their walls and allow cross messaging.

The bill adds to an existing framework of regulations that are meant to regulate internet giants and ensure fair use of data, including the Digital Personal Data Protection Act, IT rules and the upcoming Digital India Bill.

Talking about this, Busi said, “Policymakers globally are increasingly alarmed by the power and dominance of technology giants in the digital economy.”

“There is a growing consensus on the necessity to establish a level playing field for all market players, potentially leading to increased regulatory control by governments over these tech giants,” he added.

Experts argue that the government should discuss the potential conflicts between interoperability goals and user protection objectives in a thorough and unified manner.
 

“While the proposed Digital Competition Act may seek to actively address competition bottlenecks, frameworks like the Digital Personal Data Protection Act and the proposed Digital India Act focus on privacy and security, respectively. Therefore, a concerted approach to implementing interoperability is crucial to ensure a balance is achieved between these objectives,” said Malik of The Dialogue.