End-to-end encryption is pretty important in the world of messaging, because there’s no telling who might be out there trying to read your communications. The problem is that those services tend to operate on their own, with their own encryption and restricting your messaging to others on the same platform. Google thinks it's about time that changed.
Google has announced its support for a new standard that would enable better interoperability between different messaging platforms. Specifically the RFC 9420 specifications of the Internet Engineering Task Force’s (IETF) Messaging Layer Security (MLS) standard.
Google claims that it supports legislation that pushes for better interoperability between large encrypted messaging apps, like the European Union’s Digital Market Act. However, it notes that the diversity in platforms, and the protocols they use, would make that near-impossible to accomplish without some kind of industry standard.
Anything less than that, Google says, would end up lowering security and raising implementation costs. Group Messaging in particular would be impossible across platforms, since each message and file sent would need to be encrypted and delivered multiple times to account for each service’s protocols.
The benefits to standardizing MLS means developers wouldn't need to spend time and resources on their own in-house end-to-end encryption, while eliminating the security concerns that may arise from trying to mash existing services and protocols together in a web of interoperability. Which sounds like a great idea, but it will rely on everyone agreeing that this is a good idea.
The RCS problem
Take RCS messaging, for example. On its own the idea is pretty sound, with the system offering a far more advanced and secure way to send messages compared to SMS and MMS. You can send images, videos, files, text, and emoji with end-to-end encryption, keeping it safe from prying eyes. Unfortunately, not everyone likes RCS.
Apple, for example, has regularly refused to implement RCS, regardless of how well it might improve communication between iPhones and Android devices. In fact, Apple has a habit of ignoring standards unless someone forces it to implement them, as we’ve seen with the iPhone and USB-C.
The major difference in this case is that there are dozens of encrypted messaging apps with significant user bases, and they’d all need to get on board. Getting that many people to agree on something is pretty difficult, no matter what the resulting benefits might be.
How does this affect users?
When it comes to a universal encryption standard, the primary benefit to users would be better support across different messaging platforms. By ensuring every service's encryption is the same, it's one step closer to offering secure communication between platforms — something that wouldn't be possible if everyone does their own thing.
Interoperability will require more than just matching encryption, and it'll be up to developers to actually bridge the gap between them — whether by choice or because the law forces them to. But, if Google's dream comes to pass, you could potentially be able to use iMessage to send encrypted communication to Facebook Messenger, WhatsApp, or any number of rival platforms.
Of course ,there will no doubt need to be measures in place to ensure the security of the new unified encryption protocol. If a hole is found in one service, it's likely that it would be present in all of them, giving bad actors access to a trove of messages they may not have had access to before.
That's especially important to think about given world governments' ongoing attempts to compromise encryption for their own benefit. Like the measures being proposed in the U.K., which are so severe Apple has threatened to pull iMessage and FaceTime from the region.
But at the same time by opting for an open standard, you've got an entire industry combining their resources to ensure that doesn't happen. Rather than different smaller groups working on their own thing. That, combined with the work of white hat hackers, may even mean security issues are patched up quickly and efficiently.
That's assuming everything goes to plan, and different organizations are willing to cooperate and collaborate effectively. Because as much as a universal encrypted messaging standard sounds like a good idea, it’ll be interesting to see how much support a move like this will get in practice. Having the backing of Google is something, but it’s not enough to guarantee success.