As Apple counts down the months to the launch of iPhone 14 and iOS 16, it suddenly risks a repeat of last year, when its launch plans were almost derailed by a controversial plan to scan iPhone content. And to make matters worse, a new warning for Apple’s billion-plus iPhone users has just been issued.
Much has been written in the last two weeks, following the EU’s landmark decision to clampdown on tech walled gardens, with its lawmakers agreeing “that the largest messaging services (such as Whatsapp, Facebook Messenger or iMessage) will have to open up and interoperate with smaller messaging platforms, if they so request.”
The Digital Markets Act has several serious ramifications for Apple, such as unpicking its App Store monopoly to allow side-loading for the first time, but it’s the impact on iMessage that will hit hardest.
The idea that a Signal or Telegram or even Threema user can message someone on WhatsApp or iMessage echoes back to the introduction of network interoperability back in the early days of SMS, but there was no optionality back then, SMS was the only cellphone messaging platform. While breaking down monopolistic tech walled gardens is laudable, there are major security and technical risks.
As I explained last week, the impact from DMA will be felt hardest by WhatsApp, the world’s largest messenger has no other strings to its bow, there’s an argument here that it’s not broken and doesn’t need fixing. Promoting innovation is one thing, but giving start-up platforms access to WhatsApp’s huge user base actually risks doing the opposite.
The situation for Apple’s iMessage and Google Messages is very different. These are stock messengers, and in Apple’s case there is no way for a user to select an alternative SMS client on their device. While Google has taken the lead in pushing out RCS—an update to SMS, and has now added encryption into the mix, Apple has steadfastly refused to play outside its walled garden.
This is a huge mistake and is not in the interests of the billion-plus iPhone users who still fail-over to unsecured SMS when they message non-Apple users from their devices. Apple should be forced to either offer its users the ability to run Signal or WhatsApp, both cross-platform and secure, as iMessage alternatives, or it should fully open up to RCS. This is technically difficult, but in not doing so, Apple is essentially preventing the world from moving to SMS v2.
While the DMA goes too far in some ways and risks unintended consequences, regulating operability between the stock messengers on Android and iPhone, enabling users to move forwards, ensuring network messaging is not held back, is the right move. Apple’s decision to hold out, reportedly for commercial reasons, has been bad news for its users—it’s not in their interests.
Talking of bad news for iPhone users, a new report commissioned by Meta and published this week will make uncomfortable reading in Cupertino. The Business for Social Responsibility (BSR) report into the Human Rights Impacts from end-to-end encryption is ostensibly focused on Meta’s plans to expand such security from WhatsApp to cover Facebook Messenger and Instagram as well. But it also includes a warning that seems to have Apple’s iPhone plans in mind.
There are complexities in Meta’s own plans, specifically around the dangers in linking encrypted messaging with social media platforms, but the bad news for Apple and its billion iPhone users is that the report also challenges the client-side scanning that Apple has introduced to iMessage and still plans to implement at some point to scan photos for known child sexual abuse imagery.
“Nearly all proposed client-side scanning approaches,” BSR warns, “undermine the cryptographic integrity of end-to-end encryption, which because it is so fundamental to privacy would constitute significant, disproportionate restrictions on a range of rights, and should therefore not be pursued.”
Apple’s argument is that automated scanning on an iPhone to tag possibly illicit content doesn’t present the same privacy risks as scanning everything in iCloud. From a messaging perspective, it watered down its plans to report minors sharing potentially erotic images to just a user warning. But even so, iMessage has now opened the concept of end-to-end encryption scanning, and as I have argued before, it’s a short line from this to regulatory insistence on more of the same.
There is of course an interesting twist in Meta and its commissioned report criticising Apple on the privacy front, notwithstanding that it’s not named. Apple’s crackdown on Meta in the last year has had a major impact on the company, and Meta’s Mark Zuckerberg has called out iMessage before as the biggest competitor to its own messaging platforms, especially in the U.S. And so, the impact of Europe’s DMA on the two tech giants will be a veritable popcorn moment.
Apple should now step back from any plans to introduce client-side scanning, given the broader implications on users the world over. It was an ill-conceived solution and Apple would do well to acknowledge this, and introduce the same public cloud scanning for CSAM that others have implemented without any such controversy or backlash.
More critically, Apple needs to u-turn on RCS in the run-up to iPhone 14 and iOS 16. It can use DMA as an excuse to do so. Sticking to its walled garden is increasingly risky for the billion-plus iPhone users and the rest of the world, caught in an SMS v1 rabbit hole because Apple will not move forwards.
The worry for Apple is that the timing on DMA and sharing its long-awaited next steps on CSAM both risk further controversy in the run up to its fall launch schedule—yet again. You can expect both these issues to generate plenty of headlines through the summer as we find out more.