Legal Archive

Apple set to be first big tech group to face charges under EU digital law

Brussels is set to charge Apple over allegedly stifling competition on its mobile app store, the first time EU regulators have used new digital rules to target a Big Tech group. The European Commission has determined that the iPhone maker is not complying with obligations to allow app developers to “steer” users to offers outside its App Store without imposing fees on them, according to three people with close knowledge of its investigation. ↫ Javier Espinoza and Michael Acton This was always going to happen for as long as Apple’s malicious compliance kept dragging on. The rules in the Digital Markets Act are quite clear and simple, and despite the kind of close cooperation with EU lawmakers no normal EU citizen is ever going to get, Apple has been breaking this law from day one without any intent to comply. European Union regulators have given Apple far, far more leeway and assistance than any regular citizen of small business would get, and that has to stop. The possible fines under the DMA are massive. If Apple is found guilty, they could be fined for up to 10% of its global revenue, or 20% for repeated violations. This is no laughing matters, and this is not one of those cases where a company like Apple could calculate fines as a mere cost of doing business – this would have a material impact on the company’s numbers, and shareholders are definitely not going to like it if Apple gets fined such percentages. As these are preliminary findings, Apple could still implement changes, but if past behaviour is any indication, any possibly changes will just be ever more malicious compliance.

Arm, Qualcomm legal battle seen disrupting AI-powered PC wave

The new Windows on ARM Copilot+ PC thing, running on Qualcomm’s Snapdragon X Elite and Pro chips, isn’t even out the door yet, and we’re already dealing with legal proceedings. But the main conversation among conference attendees was over how a contract dispute between Arm Holdings and Qualcomm, which work together to make the chips powering these new laptops, could abruptly halt the shipment of new PCs that industry leaders expect will make Microsoft and its partners billions of dollars. ↫ Max A. Cherney at Reuters The basic gist of the story is as follows. Qualcomm acquired a company named Nuvia, founded by former Apple processor engineers, in order to gain new technology to build its Snapdragon X Elite and Pro chips. Nuvia was planning on developing ARM chips for servers, but after the acquisition, Qualcomm changed their plans and repurposed their technology for use in laptops – the new X chips. ARM claims that Nuvia was only granted a license for server use, and not laptop use. Qualcomm, meanwhile, argued that it has a broad license to use ARM for pretty much anything, and as such, that any possible restrictions Nuvia had are irrelevant. While this all sounds like very rich corporations having a silly legal slapfight, it could have real consequences. If the legal case goes very, very wrong for Qualcomm, it could halt the sale of devices powered by the Snapdragon X chips well before they’re even shipping. I doubt it’ll get that far – it rarely does, and there’s some big names and big reputations at play here – but it does highlight the absurdity of how the ARM ecosystem works. Speaking of the ARM ecosystem, Qualcomm isn’t the only ARM chip makers dying to break into the PC market. Qualcomm currently has a weird exclusivity agreement with Microsoft where it’s the only ARM chip supplier for PCs, but that agreement is running out soon. Another player that’s ready to storm this market once that happens is MediaTek, who is also developing a chip geared towards Microsoft’s Copilot+ specifications, with a release target of 2025. Let’s hope MediaTek will be as forthcoming with Linux support as Qualcomm surprisingly has been, but I have my sincerest doubt.

Adobe terms clarified: will never own your work, or use it for AI training

Adobe Creative Cloud users opened their apps yesterday to find that they were forced to agree to new terms, which included some frightening-sounding language. It seemed to suggest Adobe was claiming rights over their work. Worse, there was no way to continue using the apps, to request support to clarify the terms, or even uninstall the apps, without agreeing to the terms. ↫ Ben Lovejoy at 9To5Mac Of course users were going to revolt. Even without the scary-sounding language, locking people out of their applications unless they agree to new terms is a terrible dark pattern, and something a lot of enterprise customers certainly aren’t going to be particularly happy about. I’ve never worked an office job, so how does stuff like this normally go? I’m assuming employees aren’t allowed to just accept new licensing terms from Adobe or whatever on their office computers? In response to the backlash, Adobe came out and said in a statement that it does not intend to claim ownership over anyone’s work, and that it’s not going to train its ML models on customers’ work either. The company states that to train its Firefly ML model, it only uses content it has properly licensed for it, as well as public domain content. Assuming Adobe is telling the truth, it seems the company at least understands the concept of consent, which is good news, and a breath of fresh air compared to crooks like OpenAI or GitHub. Content used for training ML models should be properly licensed for it, and consent should be properly obtained from rightsholders, and taking Adobe at their word, it seems that’s exactly what they’re doing. Regardless, the backlash illustrates once again just how – rightfully – weary people are of machine learning, and how their works might be illegally appropriated to train such models.

US agencies to probe AI dominance of Nvidia, Microsoft, and OpenAI

The US Justice Department and Federal Trade Commission reportedly plan investigations into whether Nvidia, Microsoft, and OpenAI are snuffing out competition in artificial intelligence technology. The agencies struck a deal on how to divide up the investigations, The New York Times reported yesterday. Under this deal, the Justice Department will take the lead role in investigating Nvidia’s behavior while the FTC will take the lead in investigating Microsoft and OpenAI. ↫ Jon Brodkin at Ars Technica Even if there’s no findings of wrongdoing, these kinds of investigations are incredibly important, if only to let the megaocorporations know we’ve got our eyes on them. Artificial intelligence is a whole new world of potential monopolistic and other forms of abuse, and I’d like the various competition authorities to be on top of it right from the beginning for once, so we don’t end up with a fait accompli like we have in so many other parts of the technology sector.

EU data protection board says ChatGPT still not meeting data accuracy standards

OpenAI’s efforts to produce less factually false output from its ChatGPT chatbot are not enough to ensure full compliance with European Union data rules, a task force at the EU’s privacy watchdog said. “Although the measures taken in order to comply with the transparency principle are beneficial to avoid misinterpretation of the output of ChatGPT, they are not sufficient to comply with the data accuracy principle,” the task force said in a report released on its website on Friday. ↫ Tassilo Hummel at Reuters I’m glad at least some authorities are taking the wildly inaccurate nonsense outputs of many “AI” tools seriously. I’m not entirely sure when a tool like ChatGPT can be considered “accurate”, but whatever it is now, is not it.

Nintendo issues DMCA takedown notice against over 8,500 Yuzu emulator repositories

The notice was filed on developer platform GitHub, which Nintendo claimed housed repositories that “offer and provide access to the Yuzu emulator or code based on ” which “illegally circumvents Nintendo’s technological protection measures and runs illegal copies of Switch games.” GitHub said it contacted the owners of the repositories to provide an “opportunity to make changes” before taking down the repositories, in addition to providing legal resources and information on how to file counter notices. ↫ Sophie McEvoy at GamesIndustry.biz The legal troubles around Yuzu are a little nebulous to deal with, as there’s a lot of chatter online that Yuzu contains, or at least used, code from leaked Switch SDKs. If that is indeed true – I haven’t seen any definitive proof yet – then it makes Nintendo’s aggressiveness a lot more understandable, even for someone like me who believes emulation should be 100% legal and accessible.

US Senate passes TikTok ban bill

A bill that would force China-based company ByteDance to sell TikTok — or else face a US ban of the platform — is all but certain to become law after the Senate passed a foreign aid package including the measure. It now heads to President Joe Biden, who already committed to signing the TikTok legislation should it make it through both chambers of Congress. The House passed the foreign aid package that includes the TikTok bill on Saturday. ↫ Lauren Feiner at The Verge I hope the EU follows.

EU’s new tech laws are working; small mobile browsers gain market share

Independent browser companies in the European Union are seeing a spike in users in the first month after EU legislation forced Alphabet’s Google, Microsoft and Apple to make it easier for users to switch to rivals, according to data provided to Reuters by six companies. The early results come after the EU’s sweeping Digital Markets Act, which aims to remove unfair competition, took effect on March 7, forcing big tech companies to offer mobile users the ability to select from a list of available web browsers from a “choice screen.” ↫ Supantha Mukherjee and Foo Yun Chee I can’t believe this is even remotely surprising. A lot of especially Apple fans and people from outside of the European Union complained left, right, and centre about the choice screen and how it was ugly, unnecessary, and would just confuse users. These are interesting claims, considering the fact that setting up a modern smartphone such as the iPhone takes the user through 40-50 setup screens chockful of confusing choices to make, so adding one more surely wouldn’t make a difference. Of course giving users the option to choose a different default browser would lead to an increase in browsers other than Safari (iOS) or Chrome (Android) being set as the default. I’m pretty sure quite a few users learned, through the choice screen, for the first time, that there even are different browsers to choose from, and that some of those might offer features and benefits they didn’t even know they could enjoy. That’s the whole point of this endeavour: informing users that they have a choice, something Apple, Google, and others would rather you either do not have, or at least not know about. It’s far too early to tell if these spikes are a one-off thing, or if the rise in browsers other than Safari on iOS and Chrome on Android is more structural. I wouldn’t be surprised if it’s the latter, and even if the numbers remain in the single digits or low double digits, it will still lead to an increase in competition, and a more vibrant mobile browser market. Good news, regardless.

Oregon’s governor signs right-to-repair law that bans ‘parts pairing’

Oregon Governor Tina Kotek has now signed one of the strongest US right-to-repair bills into law after it passed the state legislature several weeks ago by an almost 3-to-1 margin. Oregon’s SB 1596 will take effect next year, and, like similar laws introduced in Minnesota and California, it requires device manufacturers to allow consumers and independent electronics businesses to purchase the necessary parts and equipment required to make their own device repairs. Oregon’s rules, however, are the first to ban “parts pairing” — a practice manufacturers use to prevent replacement components from working unless the company’s software approves them. These protections also prevent manufacturers from using parts pairing to reduce device functionality or performance or display any misleading warning messages about unofficial components installed within a device. Current devices are excluded from the ban, which only applies to gadgets manufactured after January 1st, 2025. ↫ Jess Weatherbed at The Verge Excellent news, and it wouldn’t be the first time that one US state’s strict (positive) laws end up benefiting all the other states since it’s easier for corporations to just develop to the strictest state’s standards and use that everywhere else (see California’s car safety and emissions regulations for instance). As a European, I hope this will make it way to the European Union, as well.

EU opens non-compliance investigations against Alphabet, Apple and Meta under the Digital Markets Act

It turns out Apple, Facebook, and Google were not as clever with their malicious compliance with the European Union’s DMA as they thought they were, as the European Commission has opened investigations into their compliance plans. Especially Apple, who has been most public about its malicious compliance, seems to be the target. Today, the Commission has opened non-compliance investigations under the Digital Markets Act (DMA) into Alphabet’s rules on steering in Google Play and self-preferencing on Google Search, Apple’s rules on steering in the App Store and the choice screen for Safari and Meta’s “pay or consent model”. The Commission suspects that the measures put in place by these gatekeepers fall short of effective compliance of their obligations under the DMA. In addition, the Commission has launched investigatory steps relating to Apple’s new fee structure for alternative app stores and Amazon’s ranking practices on its marketplace. Finally, the Commission has ordered gatekeepers to retain certain documents to monitor the effective implementation and compliance with their obligations. ↫ European Commission press release This is entirely unsurprising. Google’s and Facebook’s compliance plans were less scrutinised in the press, but all still raised questions about whether they would pass mustard. Apple’s plans, meanwhile, were universally seen as deeply malicious and not compliant, and it seems the European Commission agrees. Apple’s continuous wild, flailing attacks on the EU and the DMA certainly aren’t helping, either. There’s no denying Apple’s behaviour has been deeply unprofessional and anti-European Union, which contrasts strongly with how Apple and Tim Cook operate in China, where they face much stricter rules than they do in the EU. Tim Cook is currently in China praising and buttering up to the Chinese totalitarian regime, while the company has been attacking the European Union and DMA almost non-stop for months now. It really shows where Apple’s priorities lie. Meanwhile, Facebook’s pay-for-privacy model was always going to be a hard sell at €10 a month, and as such, the company already announced it was going to cut that cost in half. Google’s plans are a bit more nebulous, since it’s a bit more difficult to see tangible results from things like search rankings, but it seems here, too, the European Commission has its worries about compliance. The European Commission intends to complete its investigations within a year, and if found in violation of the law, companies can be fined for up to 10% of their worldwide turnover, which can grow up to 20% for repeated infringements.

‘Even stronger’ than imagined: DOJ’s sweeping Apple lawsuit draws expert praise

The Department of Justice’s antitrust division has come into its own, having filed its third tech monopoly lawsuit in four years. The accumulated experience shows up in the complaint, according to antitrust experts who spoke with The Verge about the complaint filed Thursday accusing Apple of violating antitrust law. The DOJ describes a sweeping arc of behaviors by Apple, arguing that it adds up to a pattern of illegal monopoly maintenance. Rather than focusing on two or three illegal acts, the complaint alleges that Apple engages in a pattern of behaviors that further entrench consumers into their ecosystem and make it harder to switch, even in the face of high prices and degraded quality. ↫ Lauren Feiner at The Verge It’s been somewhat entertaining seeing Apple fanatics claim the complaint is bad, horrible, has no merit, has no chance in court, and that the DoJ has zero clue what it’s doing – while actual experts are actually positively surprised by how the complaint seems better than they expected. I wonder whose judgement to trust more.

Feds ordered Google to unmask certain YouTube users. Critics say it’s ‘terrifying.’

Federal investigators have ordered Google to provide information on all viewers of select YouTube videos, according to multiple court orders obtained by Forbes. Privacy experts from multiple civil rights groups told Forbes they think the orders are unconstitutional because they threaten to turn innocent YouTube viewers into criminal suspects. ↫ Thomas Brewster at Forbes United States law enforcement has been asking Google who watches certain YouTube videos, covering as many as 30,000 people per video. They wanted names, addresses, telephone numbers and user activity for all Google accounts who had watched a video within a certain week’s timeframe, and the IP addresses of everyone who watched the video without a Google account. That’s an absolute crapton of data, all because they suspected one person of a money-laundering scheme. And this is just one example. Forbes could not determine if Google complied with the requests, but it does highlight the dangers of having so much data on one place.

United States files antitrust lawsuit against Apple

For many years, Apple has built a dominant iPhone platform and ecosystem that has driven the company’s astronomical valuation. At the same time, it has long understood that disruptive technologies and innovative apps, products, and services threatened that dominance by making users less reliant on the iPhone or making it easier to switch to a non-Apple smartphone. Rather than respond to competitive threats by offering lower smartphone prices to consumers or better monetization for developers, Apple would meet competitive threats by imposing a series of shapeshifting rules and restrictions in its App Store guidelines and developer agreements that would allow Apple to extract higher fees, thwart innovation, offer a less secure or degraded user experience, and throttle competitive alternatives. It has deployed this playbook across many technologies, products, and services, including super apps, text messaging, smartwatches, and digital wallets, among many others. Apple’s conduct also stifles new paradigms that threaten Apple’s smartphone dominance, including the cloud, which could make it easier for users to enjoy high-end functionality on a lower priced smartphone—or make users device-agnostic altogether. As one Apple manager recently observed, “Imagine buying a Android for 25 bux at a garage sale and it works fine … And you have a solid cloud computing device. Imagine how many cases like that there are.” Simply put, Apple feared the disintermediation of its iPhone platform and undertook a course of conduct that locked in users and developers while protecting its profits. Critically, Apple’s anticompetitive conduct not only limits competition in the smartphone market, but also reverberates through the industries that are affected by these restrictions, including financial services, fitness, gaming, social media, news media, entertainment, and more. Unless Apple’s anticompetitive and exclusionary conduct is stopped, it will likely extend and entrench its iPhone monopoly to other markets and parts of the economy. For example, Apple is rapidly expanding its influence and growing its power in the automotive, content creation and entertainment, and financial services industries–and often by doing so in exclusionary ways that further reinforce and deepen the competitive moat around the iPhone. ↫ DoJ antitrust lawsuit vs. Apple The United States Department of Justice is filing an antitrust lawsuit against Apple.

There is no EU cookie banner law

You know those modal screens that interrupt your groove when you are surfing? There are no laws forcing websites to use them. They use them because they choose to. ↫ Bite code! Cookie banners are not only not required, they’re not even needed, and most implementations you encounter today are illegal anyway. You can use session cookies and anonymous stats cookies without needing any user approval. Companies like to use these cookie banners because they want to make you mad at the law, not at them for tracking you up the wazzoo, and people who actually do know better trot out the cookie banners to enrage you at the government instead of at the corporations exploiting you. EU law only states that if a website wants to track you, they have to let you know. That’s it. Seems very reasonable to anyone who isn’t a corporatist.

European Commission’s use of Microsoft 365 infringes data protection law for EU institutions and bodies

Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission. ↫ European Data Protection Supervisor You often hear people state that EU rules and regulations are designed exclusively to harm non-EU companies. The massive amounts of fines and corrective actions handed out to EU companies in all kinds of sectors already disprove this notion, and here’s a case where even the European Commission itself gets a slap on the wrist for violating its own rules and regulations – rules and regulations, we’re often told by especially American corporatists, are designed specifically to target poor American businesses. Not that corporatists have any use for reality and facts, but still.

Messy ToS update allegedly locks Roku devices until users give in

Roku customers are threatening to stop using, or to even dispose of, their low-priced TVs and streaming gadgets after the company appears to be locking devices for people who don’t conform to the recently updated terms of service (ToS). This month, users on Roku’s support forums reported suddenly seeing a message when turning on their Roku TV or streaming device reading: “We’ve made an important update: We’ve updated our Dispute Resolution Terms. Select ‘Agree’ to agree to these updated Terms and to continue enjoying our products and services. Press * to view these updated Terms.” A large button reading “Agree” follows. The pop-up doesn’t offer a way to disagree, and users are unable to use their device unless they hit agree. ↫ Scharon Harding at Ars Technica The best part of this story? And by best I mean worst? You have to send a letter – a paper one, with stamps and everything, like in the before times – to Roku’s lawyer in California containing the names of all the people opting out, the devices and services in question, and a damn purchase receipt. They’re one step away from wanting your passport and your firstborn child.

House panel unanimously approves bill that could ban TikTok

A powerful House committee advanced a bill on Thursday that could lead to a nationwide ban against TikTok on all electronic devices, renewing lawmakers’ challenge to one of the world’s most popular social media apps and highlighting unresolved fears that TikTok may pose a Chinese government spying risk. The measure that sailed unanimously through the House Energy and Commerce Committee would prohibit TikTok from US app stores unless the social media platform — used by roughly 170 million Americans — is quickly spun off from its China-linked parent company, ByteDance. ↫ Brian Fung at CNN TikTok obviously needs to be banned. It’s an extension of a genocidal, totalitarian government that has no place on our our phones. Yes, I understand Facebook, Apple, Google, Microsoft also collect vast amounts of data, but at least they are (nominally) beholden to our legal systems, and while there is, of course, a vast power imbalance between us as individuals and them as megacorporations, it’s still nowhere even close as to being an arm of a totalitarian government – they’re just not comparable. China’s state surveillance tools have no place on our devices.

European Court of Human Rights bans weakening of secure end-to-end encryption

The European Court of Human Rights yesterday banned a general weakening of secure end-to-end encryption. The judgement argues that encryption helps citizens and companies to protect themselves against hacking, theft of identity and personal data, fraud and the unauthorised disclosure of confidential information. Backdoors could also be exploited by criminal networks and would seriously jeopardise the security of all users’ electronic communications. There are other solutions for monitoring encrypted communications without generally weakening the protection of all users, the Court held. The judgement cites using vulnerabilities in the target’s software or sending an implant to targeted devices as examples. ↫ EU Reporter Excellent ruling, and it throws up another roadblock to weakening end-to-end encryption in the EU, after the European Parliament also took a stance against such weakening.

EU right to repair: sellers will be liable for a year after products are fixed

Europe’s right-to-repair rules will force vendors to stand by their products an extra 12 months after a repair is made, according to the terms of a new political agreement. Consumers will have a choice between repair and replacement of defective products during a liability period that sellers will be required to offer. The liability period is slated to be a minimum of two years before any extensions. The rules require spare parts to be available at reasonable prices, and product makers will be prohibited from using “contractual, hardware or software related barriers to repair, such as impeding the use of second-hand, compatible and 3D-printed spare parts by independent repairers,” the Commission said. ↫ Jon Brodkin at Ars Technica An excellent set of rules, and once again puts the EU at the forefront of consumer protection. Maybe some of it will trickle down to other places in the world.

The European regulators listened to the Open Source communities

Many OSI Affiliates engaged with the European Commission, European Parliament and European Council during 2023. With the welcome coordination of Open Forum Europe, a group met regularly to keep track of progress explaining the issues. Many of us also committed time and travel to meet in-person. As a result of all this effort from so many people, the final text of the CRA mitigated pretty much all the risks we had identified to individual developers and to Open Source foundations. ↫ Simon Phipps (yes, the Simon Phipps) Many in the open source community were deeply worried about the EU’s Cyber Resiliency Act’s impact on open source software, and rightfully so. It’s great to hear that the EU communicated and cooperated closely with the open source community to ensure the impact of the CRA on open source would be minimal, and it turns out they listened. Excellent news.