The Atlantic Council’s Digital Forensic Research Lab (DFRLab) issued a new report that recommends policymakers enact data privacy protection legislation for point-to-point messaging platforms, such as Telegram, WeChat, and WhatsApp.
An estimated 69 percent of the U.S. population currently uses at least one point-to-point messaging app, according to the report. However, the security of the apps vary, with most messaging apps collecting usage metadata to monitor platform performance and integrity.
Messaging app security depends on how encryption is enabled. For example, WhatsApp offers end-to-end (E2E) encryption by default, which protects messages from unauthorized third-party access – including from the platform itself.
As for the others, Telegram offers opt-in encryption, and WeChat only offers transport-layer encryption for data in transit.
In order to better protect the human rights of users, the report recommends that policymakers enact data privacy protection legislation. It calls on Congress to advance data protection legislation that sets rules for data collection, processing, storing, and sharing.
At the same time, the report calls on lawmakers to avoid “regulations that undermine rights-protecting technologies,” such as E2E encryption.
“As an underlying ethos, legislators and policymakers should always take into consideration how policies and regulations aiming to govern or control messaging apps could be enforced across countries that maintain different levels of respect for human rights,” the report says.
“For instance, a regulation instituted in the United States that mandates platforms keep identification records for their users and deliver that information to law enforcement agencies upon request could be weaponized in authoritarian or autocratic countries where a given messaging app is widely used, increasing the possibility of capture and incarceration of political dissidents,” it explains.
The report also recommends that lawmakers examine business practices and commercial services offered via messaging apps to identify regulatory gaps. It suggests that regulatory bodies, such as the Federal Trade Commission (FTC), assess existing regulations to see whether or not those gaps exist.
Finally, it calls on policymakers to promote digital literacy that is tailored to the risks faced by users of messaging apps. For example, the report says middle and high school curriculums should include digital literacy on messaging apps.
“We need to develop as a society, good, strong, robust, right-protecting data protection regulations. And for us, this is kind of the major issue,” Iria Puyosa, the author of the report and a senior research fellow at DFRLab, said during an Aug. 16 Atlantic Council event. “And it’s not only about trying to moderate harmful content, it’s about protecting users’ autonomy when using data-driven applications.”
“It’s a growing experience as human beings in society in which we’re all the time giving away data about our behavior ourselves,” she added. “It’s a huge challenge, it’s something we need to address as a society: how to protect people’s data.”