The European Court of Human Rights yesterday banned a general weakening of secure end-to-end encryption. The judgement argues that encryption helps citizens and companies to protect themselves against hacking, theft of identity and personal data, fraud and the unauthorised disclosure of confidential information. Backdoors could also be exploited by criminal networks and would seriously jeopardise the security of all users’ electronic communications. There are other solutions for monitoring encrypted communications without generally weakening the protection of all users, the Court held. The judgement cites using vulnerabilities in the target’s software or sending an implant to targeted devices as examples. ↫ EU Reporter Excellent ruling, and it throws up another roadblock to weakening end-to-end encryption in the EU, after the European Parliament also took a stance against such weakening.
Europe’s right-to-repair rules will force vendors to stand by their products an extra 12 months after a repair is made, according to the terms of a new political agreement. Consumers will have a choice between repair and replacement of defective products during a liability period that sellers will be required to offer. The liability period is slated to be a minimum of two years before any extensions. The rules require spare parts to be available at reasonable prices, and product makers will be prohibited from using “contractual, hardware or software related barriers to repair, such as impeding the use of second-hand, compatible and 3D-printed spare parts by independent repairers,” the Commission said. ↫ Jon Brodkin at Ars Technica An excellent set of rules, and once again puts the EU at the forefront of consumer protection. Maybe some of it will trickle down to other places in the world.
Many OSI Affiliates engaged with the European Commission, European Parliament and European Council during 2023. With the welcome coordination of Open Forum Europe, a group met regularly to keep track of progress explaining the issues. Many of us also committed time and travel to meet in-person. As a result of all this effort from so many people, the final text of the CRA mitigated pretty much all the risks we had identified to individual developers and to Open Source foundations. ↫ Simon Phipps (yes, the Simon Phipps) Many in the open source community were deeply worried about the EU’s Cyber Resiliency Act’s impact on open source software, and rightfully so. It’s great to hear that the EU communicated and cooperated closely with the open source community to ensure the impact of the CRA on open source would be minimal, and it turns out they listened. Excellent news.
The developer OpenAI has said it would be impossible to create tools like its groundbreaking chatbot ChatGPT without access to copyrighted material, as pressure grows on artificial intelligence firms over the content used to train their products. Chatbots such as ChatGPT and image generators like Stable Diffusion are “trained” on a vast trove of data taken from the internet, with much of it covered by copyright – a legal protection against someone’s work being used without permission. ↫ Dan Milmo for the Guardian I can’t become a billionaire without robbing banks so therefore robbing banks should be legal.
In August, word leaked out that The New York Times was considering joining the growing legion of creators that are suing AI companies for misappropriating their content. The Times had reportedly been negotiating with OpenAI regarding the potential to license its material, but those talks had not gone smoothly. So, eight months after the company was reportedly considering suing, the suit has now been filed. The Times is targeting various companies under the OpenAI umbrella, as well as Microsoft, an OpenAI partner that both uses it to power its Copilot service and helped provide the infrastructure for training the GPT Large Language Model. But the suit goes well beyond the use of copyrighted material in training, alleging that OpenAI-powered software will happily circumvent the Times’ paywall and ascribe hallucinated misinformation to the Times. ↫ John Timmer at Ars Technica OpenAI and similar companies are giant copyright infringement machines, and tools like GitHub Copilot are open source license violations at an industrial scale never before seen. They need to face a reckoning for their illegal behaviour, and need to start asking creators – of journalism, of art, of code – for permission to use their works, just like anybody else needs to do. “AI” needs to play by the rules, or get steamrolled by the justice system.
Japan is preparing regulations that would require tech giants like Apple and Google to allow outside app stores and payments on their mobile operating systems, Nikkei has learned, in a bid to curb abuse of their dominant position in the Japanese market. Legislation slated to be sent to the parliament in 2024 would restrict moves by platform operators to keep users in the operators’ own ecosystems and shut out rivals, focusing mainly on four areas: app stores and payments, search, browsers, and operating systems. ↫ Ryohei Yasoshima and Riho Nagao for Nikkei Asia All around the world, the walls are closing in on these big tech monopolies. It’s a Christmas miracle.
Three years after Fortnite-maker Epic Games sued Apple and Google for allegedly running illegal app store monopolies, Epic has a win. The jury in Epic v. Google has just delivered its verdict — and it found that Google turned its Google Play app store and Google Play Billing service into an illegal monopoly. After just a few hours of deliberation, the jury unanimously answered yes to every question put before them — that Google has monopoly power in the Android app distribution markets and in-app billing services markets, that Google did anticompetitive things in those markets, and that Epic was injured by that behavior. They decided Google has an illegal tie between its Google Play app store and its Google Play Billing payment services, too, and that its distribution agreement, Project Hug deals with game developers, and deals with OEMs were all anticompetitive. ↫ Sean Hollister for The Verge Good news, of course, but it does make one wonder why a judge in Epic’s case versus Apple ruled the exact opposite as the jury did today. We don’t yet know what this verdict will mean for Google in a practical sense – that’s up to the judge, and Google intends to appeal, for course – so if consumers will actually see any benefit from this remains to be seen.
It’s about a legal battle between Intel and NEC in the 1980s over the microcode of the 8086 processor. But whilst it may be about events a long time ago, the themes are still familiar today. Whilst writing it, I couldn’t help but think about the ongoing lawsuit between Qualcomm and Arm. About how the future of both companies, and indeed others, including Intel, may be crucially affected by the results of a ruling on intellectual property protection. The court case we’ll discuss today would also have important implications for Intel, the US semiconductor industry, its Japanese competitors and for intellectual property law in general. Lawsuits. Lawsuits never change.
Google is hoping regulators will bail it out of the messaging mess it has created for itself after years of dysfunctional product reboots. The Financial Times reports that Google and a few cell carriers are asking the EU to designate Apple’s iMessage as a “core” service that would require it to be interoperable under the new “Digital Markets Act.” The EU’s Digital Markets Act targets Big Tech “gatekeepers” with various interoperability, fairness, and privacy demands, and while iMessage didn’t make the initial cut of services announced in September, Apple’s messenger is under a “market investigation” to determine if it should qualify. The criteria for gatekeeper services all revolve around business usage. The services the EU wants to include would have more than 45 million monthly active EU users and more than 10,000 yearly active business in the EU, a business turnover of at least 7.5 billion euros, or a market cap of 75 billion euros, with the caveat that these are just guidelines and the EU is open to arguments in both directions. When the initial list was announced back in September, the EU said that iMessage actually met the thresholds for regulation, but it was left off the list while it listens to Apple’s arguments that it should not qualify. The sooner the various messaging services are forced to interoperate – preferably via completely open specifications anyone can build for – the better. These services should not be locking users in.
The European data regulator has agreed to extend a ban imposed by non-EU member Norway on “behavioural advertising” on Facebook and Instagram to cover all 30 countries in the European Union and the European Economic Area, it said on Wednesday. Meta runs the risk of getting fined up to 4% of its global turnover, the Norwegian data regulator said. Sure, the European Union isn’t perfect – no government is – but the Union’s fight against the utter dominance of tech giants, as well as standing up for citizen privacy, is commendable.
State attorneys general in 41 states and the District of Columbia sued Meta today. The move comes after the conclusion of a multistate probe launched in 2021, where a bipartisan coalition of state enforcers began examining how Facebook and Instagram features are designed to allegedly addict and harm kids. Back in 2021, the Massachusetts attorney general’s office led the multistate probe investigating “Instagram’s impacts on young people” after Facebook whistleblower Frances Haugen revealed that Facebook knew Instagram was “toxic” to teen girls but downplayed risks to the public. In a press release today, Massachusetts Attorney General Andrea Joy Campbell accused Meta of “deliberately” exploiting “young users’ vulnerabilities for profit.” Everyone liked that.
Patents are thought of by some as hardware focused and used by the big guys to intimidate with petty lawsuits. In reality, of course, patents are used for much more. They are used to help secure financing, attract M&A interest, create partnerships, and more. From 2007 to 2011, a particularly interesting patent lawsuit took place that showcases just how strategic patents can be. i4i Limited, a Canadian company, sued Microsoft over a patent it owned relating to custom XML encoding, which Microsoft used in Word. In the end, Microsoft lost and had to pay $200 million in damages and was nearly restricted from selling Word over a feature used by almost none of its users. It is a fascinating tale of how software patents used to work, especially as they are coming back into vogue. I mean, I won’t shed a tear for Microsoft in this case, but it does highlight just how ridiculous software patents are.
The Verge has an excellent write-up of Satya Nadella’s day in court during the Google antitrust trial today. The power of defaults is one of the central questions of the entire US v. Google case and will continue to come up. (The witness after Nadella is former Neeva CEO Sridhar Ramaswamy, who has also said his search engine was crushed in part because overcoming Google’s default status was so difficult.) Nadella is in the rare position to have seen both sides — what it’s like to be the default and what it’s like to contend when you’re not — and argued resolutely that defaults are the only thing that truly matters. Google, on the other hand, says that building the best product is the only thing that truly matters and that Bing has never come close to doing that. Which side of that debate Judge Mehta agrees with may be the story of this entire trial. It’s an excellent and at times even funny read.
The Federal Trade Commission and 17 state attorneys general today sued Amazon.com, Inc. alleging that the online retail and technology company is a monopolist that uses a set of interlocking anticompetitive and unfair strategies to illegally maintain its monopoly power. The FTC and its state partners say Amazon’s actions allow it to stop rivals and sellers from lowering prices, degrade quality for shoppers, overcharge sellers, stifle innovation, and prevent rivals from fairly competing against Amazon. I have been told that water is wet, but that it’s very difficult to legally prove that water is wet.
California, the home to many of tech’s biggest companies and the nation’s most populous state, is pushing ahead with a right-to-repair bill for consumer electronics and appliances. After unanimous votes in the state Assembly and Senate, the bill passed yesterday is expected to move through a concurrence vote and be signed by Governor Gavin Newsom. Excellent news from California, and I’d like to congratulate everyone involved in the effort getting this passed. Much like consumer protection laws from the EU, such laws from California also have a tendency to benefit consumers far beyond the borders of the original jurisdiction.
Enter the trustbusters, led by Senator John Sherman, author of the 1890 Sherman Act, America’s first antitrust law. In arguing for his bill, Sherman said to the Senate: “If we will not endure a King as a political power we should not endure a King over the production, transportation, and sale of the necessaries of life. If we would not submit to an emperor we should not submit to an autocrat of trade with power to prevent competition and to fix the price of any commodity.” In other words, when a company gained too much power, it became the same kind of kingly authority that the colonists overthrew in 1776. Government “by the people, of the people, and for the people” was incompatible with concentrated corporate power from companies so large that they were able to determine how people lived their lives, made their incomes, and structured their cities and towns. Break up big tech. Apple, Google, Amazon, Microsoft, Facebook – they need to be chopped up into smaller parts that need to compete with one another. The amount of life this will breathe into the economy, as well as the burst of innovation that it will cause, will do more for people’s lives than a trillion nonsense trickle-down policies that favour the rich and powerful.
Over the past few days, there have been a lot of reports in the media that the UK government was backing down from its requirement that every end-to-end encrypted messenger application inside the country had to give the government backdoor access to these messenger applications. However, after reading the actual words from the UK’s junior minister Stephen Parkinson, it seemed like all she did was give a “pinky promise!” not to enforce this requirement. The law itself did not change, is not changing, and will not change, and the requirement is still in there. Today, the UK’s technology minister Michelle Donelan made that even clearer than it already was. Donelan, however, denied on Thursday that the bill had been watered down in the final stages before it becomes law. “We haven’t changed the bill at all,” she told Times Radio. “If there was a situation where the mitigations that the social media providers are taking are not enough, and if after further work with the regulator they still can’t demonstrate that they can meet the requirements within the bill, then the conversation about technology around encryption takes place,” she said. This raises an interesting question – why was everyone so keen on pushing the narrative yesterday that the “technology sector” had won, and that the UK government had backed down? Well, Facebook and Apple have kind of talked themselves into a corner in response to the UK’s requirement for backdoor access to WhatsApp and iMessage. The two companies threatened they would pull these services out of the UK if the government didn’t remove this requirement. When it became clear that the UK government wasn’t going to back down, Facebook and Apple were going to lose a lot of face if they didn’t actually pull WhatsApp and iMessage out of the UK in response. They needed something to get them out of this. This vague pinky promise is all they needed. Now they can shit all over their supposed morals and values once again, completely abandon their grandstanding and promises about protecting end-to-end encryption in messaging, and continue to operate in the UK as if nothing has changed, despite them legally being obligated to break end-to-end encryption if the UK government asks them to – which they can now do whenever it pleases them. And entirely unsurprisingly, the general tech media, ever looking to please the corporations they are supposed to do the journalism stuff about, fell for it, hook, line, and sinker. The narrative that the UK backed down and Facebook and Google won is out there now, and that’s all the tech sector needed.
The European Commission has today designated, for the first time, six gatekeepers – Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft – under the Digital Markets Act (DMA). In total, 22 core platform services provided by gatekeepers have been designated. The six gatekeepers will now have six months to ensure full compliance with the DMA obligations for each of their designated core platform services. Following their designation, gatekeepers now have six months to comply with the full list of do’s and don’ts under the DMA, offering more choice and more freedom to end users and business users of the gatekeepers’ services. However, some of the obligations will start applying as of designation, for example, the obligation to inform the Commission of any intended concentration. It is for the designated companies to ensure and demonstrate effective compliance. To this end, they have 6 months to submit a detailed compliance report in which they outline how they comply with each of the obligations of the DMA. The EC also notes that due to submissions from Apple and Microsoft arguing that iMessage and Bing, Edge, and Microsoft Advertising respectively, do not qualify to be subject to the DMA, the EC has opened four market investigations into these four services to further assess the situation. On top of that, for Gmail, Outlook.com and the Samsung Internet Browser, the EC has concluded that their owners have successfully argued they should not fall under the DMA. This is one of the biggest pieces of legislation to hit powerful corporations in a long time – especially in tech, which basically has been a wild west free-for-all regulation-wise – and it’s going to have some massive consequences for all of us.
Apple and Microsoft have argued with Brussels that some of their services are insufficiently popular to be designated as “gatekeepers” under new landmark EU legislation designed to curb the power of Big Tech. Brussels’ battle with the two US companies over Apple’s iMessage chat app and Microsoft’s Bing search engine comes ahead of Wednesday’s publication of the first list of services to be regulated by the Digital Markets Act. Microsoft’s argument seems to make sense. Microsoft was unlikely to dispute the designation of its Windows operating system, which dominates the PC industry, as a gatekeeper, these people said. But it has argued that Bing has a market share of just 3 per cent and further legal scrutiny would put it at a greater disadvantage. I guess the validity of Microsoft’s argument hinges on if that 3% equates to the number of users requirements set by the European Union, but I guess we’ll find out tomorrow. Apple’s argument, though, seems more precarious. Separately, Apple argued that iMessage did not meet the threshold of user numbers at which the rules applied and therefore should not comply with obligations that include opening the service to rival apps such as Meta’s WhatsApp, said the two people. Analysts have estimated that iMessage, which is built into every iPhone, iPad and Mac, has as many as 1bn users globally, but Apple has not disclosed any figures for several years. The decision is likely to hinge on how Apple and the EU define the market in which iMessage operates. One billion users worldwide is most definitely going to mean it exceeds the minimums set by the DSA. Apple, you’re going to have to open up iMessage, and allow competitors and newcomers to interoperate with it. Using messaging services as lock-in is outdated, anti-consumer, and harmful to competition. And if you don’t like it – as they say on the Isle of Man, a boat leaves in the morning.
The EU Digital Services Act went into effect last Friday, and since there’s an insane amount of misinformation from big tech astroturfers about what the DSA means, it’s time to list what the DSA really does for people in the EU. People in the 27-nation European Union can alter some of what shows up when they search, scroll and share on the biggest social media platforms like TikTok, Instagram and Facebook and other tech giants like Google and Amazon. That’s because Big Tech companies, most headquartered in the U.S., are now subject to a pioneering new set of EU digital regulations. The Digital Services Act aims to protect European users when it comes to privacy, transparency and removal of harmful or illegal content. Here are five things that will change when you sign on. All of these are excellent improvements and gives us as consumers more sticks to fight with. The EU is far from perfect – just like any other government – but as far as consumer protection goes, they’re leading the charge. Never forget who would not want consumers to have more protections.