Monday, May 23, 2022

Proposed EU DMA: USB-C, Messaging, NFC

European Parliament:

Mobile phones, tablets, digital cameras, headphones and headsets, handheld videogame consoles and portable speakers, rechargeable via a wired cable, would have to be equipped with a USB Type-C port, regardless of the manufacturer. Exemptions would apply only for devices that are too small to have a USB Type-C port, such as smart watches, health trackers, and some sports equipment.

Via Nick Heer:

The straight-line way of reading this is that future iPhones and iPads will have to have a USB-C port instead of a Lightning one.

Casey Newton:

The act applies to what it calls “gatekeepers” — defined as any platform that has a market capitalization of €75 billion, or more than €7.5 billion in European revenue. So: yes to WhatsApp and iMessage; no to Signal and Telegram.

[…]

Disdain for the new requirements is not universal; Matrix, a nonprofit organization working to build an open-source standard for encrypted communication, published a blog post Friday explaining some possible technical paths forward.

But it’s clear that, to the extent that there might be a way for services like iMessage and WhatsApp to interoperate and preserve encryption, that way has yet to be invented.

Via Nick Heer:

To be clear, it does not appear that the draft law mandates the creation of no privacy or security risks; the segment posted by Benedict Evans — the full draft text is currently confidential — says platform providers must create a “high level of security and personal data protection”. It is about finding an appropriate level of risk with the caveat that it will never get to zero. But the core of the question seems correct: is there a way to make encrypted messaging services work together while ensuring negligible difference in security and privacy levels?

[…]

Remember Adium? That is a great piece of software I have not touched in about ten years as phone-centred messaging clients have replaced desktop-based ones. Something like that could be possible again.

Hartley Charlton:

The latest provisional agreement sets out plans to establish a “High-Level Group” of central European digital regulators to coordinate national regulators across EU member states and requires “gatekeepers” to create an independent “compliance function.” The new group must include compliance officers to monitor their company’s compliance with EU legislation using sufficient authority, resources, and access to management, and be headed by an “independent senior manager with distinct responsibility for the compliance function.” The rule would effectively require companies like Apple to set up an internal department dedicated to meeting pro-competition regulations.

In addition, new rules specifically targeted to address companies like Apple that have “a dual role” with control over both hardware and software look to allow any developer to gain access to any existing hardware feature, such as “near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies.” This could have major implications for the level of integration that developers can achieve on Apple platforms, such as allowing contactless payment services to operate on the iPhone and Apple Watch just like Apple Pay.

John Gruber:

This is bananas. All third party developers get control over the secure enclave and the software that controls it?

[…]

This is profoundly anti-consumer. Consumers aren’t asking for any of this shit. Actual people love their phones more than their computers — whether Macs or PCs — not despite the fact that their phones are tightly controlled consoles, but because they are tightly controlled consoles. These regulators don’t see it that way, because they’re idiots. They think they can legislate their way to a world where the iPhone (and Android, which is also console-like) remains far safer and more reliable than PCs while mandating that all the protections that have made them far safer and more reliable than PCs be removed. It’s absurd.

I think this is conflating a lot of different things. The main reasons that phones are safer and more reliable are sandboxing (so apps run mostly independently from each other and the system) and the hidden file system (so users can’t mess things up). Those would remain in place. I still think it’s far from clear that adding an API to access NFC would cause harm. The bit about the Secure Enclave strikes me as differing interpretations, like when Microsoft told the court that Internet Explorer couldn’t be removed from Windows because—thinking of the frameworks, not just the app—then it would no longer boot. Obviously, the EU doesn’t want it opened up in a way that would make it useless.

I would imagine though, if this comes to fruition, E.U. citizens are going to wind up buying iPhones that operate very differently from those sold everywhere else in the world, and they will suffer for it.

Steve Troughton-Smith:

Why does Apple see a ‘European’ iPhone variant as an existential threat, but not its stripped-down feature-restricted variant for e.g. China (which it has shipped for a decade)? Because everybody will want one with this unrestricted featureset, of course. Hence the unrelenting PR

Previously:

15 Comments RSS · Twitter


Why can't public key encryption be used to enable interoperable E2EE?


Gruber continuing to push that "Console" angle, earning his access.


>Why can't public key encryption be used to enable interoperable E2EE?

It might be possible, but it sure would increase the complexity of an already non-trivial system (so much so that other than Apple, I don't believe any other messenger currently offers multiple devices; WhatsApp has it in beta now).

>Gruber continuing to push that "Console" angle, earning his access.

I think his "app console" metaphor makes a lot of sense. That's distinct from the question of whether we have to _like_ it that way.

(What I personally don't like about it is that we haven't been asked. We weren't asked if we want the Mac to be more like that, nor if we want the iPhone and iPad to be _less_ like that.)


Not surprise this is coming from Gruber. Where USB3 is created by Apple and AirPod was selling at cost.


> Consumers aren’t asking for any of this shit

I mean, that's just a flat-out lie.

>but because they are tightly controlled consoles.
>These regulators don’t see it that way, because
>they’re idiots"

"People who don't buy into Apple's ridiculous narrative for why it is okay to treat their customers like garbage are idiots."

>to the extent that there might be a way for
>services like iMessage and WhatsApp to interoperate
>and preserve encryption, that way has yet to be
>invented

I'm super confused by this claim. The legislation just says that any app should be able to call the backends of these apps in the exact same way their own proprietary apps do, right? How does that have any impact on security in any way? Why is it in any way less secure for Signal to talk to WhatsApp's backend than it is for WhatsApp's own app?


I'm looking forward to the coming EU-US iOS schism ;)

After seeing how Apple dealt with the Dutch competition ruling, I'm not very optimistic we are going to see tangible results from this new legislation soon. Apple will likely become very creative to find ways to circumvent the intention of the law.


@Sören The problem with Gruber's "app console" thing, is that it ignores the fundamental differences in the two markets. And by doing so, makes a disingenuous argument.

Consoles are sold by manufacturers at a loss, to make them as affordable as possible, so developers can have as large a market as possible. So it's reasonable to have a locked-down market, so the console maker gets back to break-even and into profit from the consumer's game purchases - the games revenue subsidises the console.

Apple is making profit on the hardware from day one. Until Apple loses money on every iPhone sale by making them cheaper, consoles aren't an analogous market to Apple's devices, and therefore aren't a justification for Apple getting a cut of developer revenue.


> The legislation just says that any app should be able to call the backends of these apps in the exact same way their own proprietary apps do, right? How does that have any impact on security in any way?

Because the data is E2EE. So, not only does the *own* service's backend not know what to do with the data, but beyond that, the *other* service's backend wouldn't even know how to pass it on.

"Invented" seems a bit of a stretch, but E2EE interoperability is tricky.

@someone

> Consoles are sold by manufacturers at a loss

That's the console makers' problem, not a regulator's. (If anything, it draws additional ire, because they can argue it's a form of price dumping, not to mention collusion.) Any of the three major console makers can decide, at any point, to sell their products at profit.

The one key difference I see is that smartphones are an essential device, almost like a utility, whereas game consoles are entertainment.


Another big difference is that consoles have curated app Stores


@Sören

> That's the console makers' problem, not a regulator's.

Regulators are concerned primarily with *consumer* harm, not manufacturer fairness. Consoles being sold at a loss to be cheaper, subsidised by game sales, results in most consumers getting a better deal than if they'd had to pay more for the console (the number of games to pay off the subsidy is probably higher than the average ame buyer purchases new).

Regardless of whether the business model is self-inflicted or not - it's still a fundamentally different business model from Apple's, which makes it an invalid comparison to Apple, and thus makes Gruber's constant repetition of Apple's PR talking point a disingenuous argument.

> The one key difference I see is that smartphones are an essential device

Even more reason for them to be regulated aggressively, and in a completely different fashion to games consoles.


> Regulators are concerned primarily with *consumer* harm, not manufacturer fairness.

A market in which all participants fool the consumer into an unsustainable pricing structure does plenty of harm.

(See also: ad-subsidizes products.)

But yes, regulators may not have caught onto that, yet.

>(the number of games to pay off the subsidy is probably higher than the average ame buyer purchases new)

Wouldn't that mean the entire division operates at a loss? That seems doubtful.

> it's still a fundamentally different business model from Apple's, which makes it an invalid comparison to Apple

By that logic, we can't compare Safari and Chrome, since one is subsidized through hardware + search engine default, and the other is subsidizes through stealing my data.

>and thus makes Gruber's constant repetition of Apple's PR talking point a disingenuous argument.

I don't think "app console" is even an Apple PR talking point at all?

> Even more reason for them to be regulated aggressively

No disagreement there.


@Sören

> A market in which all participants fool the consumer into an unsustainable pricing structure does plenty of harm.

But the console market isn't unsustainable (unlike the iOS mobile games market, where if you're not making Apple Arcade commissioned titles, your revenue options VERY limited to micro-transactions and ads), which is the point. The hardware subsidy is what allows an XBox Series X, with components that would cost ~3x the price as a retail PC, to be affordable to more people, and every one of those people can buy games.

It's a net positive to the consumer, and a net positive to the developer, which is why you don't have huge numbers of XBox & PS5 developers in open revolt.

Apple's take from the App Store does nothing to increase the sales of Developer's apps - it doesn't make the iPhone cheaper to consumers, it doesn't increase the size of the iPhone market, it's a pure rentseeking protection racket. There's no upside for anyone, but Apple's shareholders - and even they are going to suffer eventually, when the business model is broken over a regulatory anvil.

> Wouldn't that mean the entire division operates at a loss? That seems doubtful.

A relatively small number of gamers buy a large number of games. Even for most consumers, the cost is amortised over a longer period of time - making up ~50-75% of the console's "true" value over multiple years is within the cashflow envelope of people who wouldn't be able to afford the "full price" console in one hit, and wouldn't qualify for finance - think parents who buy the discounted console, and then the kid makes up the subsidy buying games over the next few years with money from an after-school job etc.

Again, it's a net positive for the market. Consoles that cost 3x as much, with games that cost 30% less would sell fewer games, and result in lower returns for developers.

> By that logic, we can't compare Safari and Chrome, since one is subsidized through hardware...

There's a good argument to be made that Apple should be banned from bundling any application software with macOS, and bundling macOS with their hardware, and that the operating system should be a separately priced item, as should every application.

The thing is, regulation isn't, in any way, about trying to get down to some theoretical minimum set of regulations that apply as broadly as possible. That's a mistake that a lot of people seem to make in their thinking. Regulation is about crating rules for specific problems. Regulatory complexity is not an inherently bad thing, because simplicity isn't a goal (outside of high-school economics classes).

So it's absolutely acceptable to have what people think of as "double standards" because two different markets, which share a lot of similarities, contain a small fundamental difference.

Consoles being sold at a loss, to preserve the financial oxygen in the room of the market, so more developers get a deeper breath, is just that sort of difference,

> I don't think "app console" is even an Apple PR talking point at all?

I've seen it used by Apple. "iPhones are App Consoles, like Games Consoles are Games Consoles" sort of thing.

> No disagreement there.

*thumbs up*


> It's a net positive to the consumer

Only if you buy few games. If you buy many, you get punished because you're paying the console subsidy multiple times.

> Consoles that cost 3x as much

I doubt they would cost 3x as much, or even 2x. The hardware in consoles isn't that high-end, and they also buy at large volumes.

>There's a good argument to be made that Apple should be banned from bundling any application software with macOS, and bundling macOS with their hardware, and that the operating system should be a separately priced item, as should every application.

There is, but we've been through that with Windows ca. XP, and it wasn't a good idea. Selling an OS without a reasonable set of built-in apps isn't consumer-friendly.

In any case, I don't think Gruber is making the argument "iPhones are app consoles, and that's great". After all, he's also been advocating for a "developer mode" that loosens even some of the restrictions on macOS. Why would he be arguing the opposite on the phone?


>> The legislation just says that any app should be able to call the backends of these apps in the exact same way their own proprietary apps do, right? How does that have any impact on security in any way?

>Because the data is E2EE. So, not only does the *own* service's backend not know what to do with the data, but beyond that, the *other* service's backend wouldn't even know how to pass it on.

This assumes that backends will have to talk to each other, which doesn't seem to be the case. But even if it were, backends still have to know who the recipient is, so it doesn't really matter that the data is end-to-end encrypted, they only need to know how to route it, which they do.


@Soren

> Only if you buy few games. If you buy many, you get punished because you're paying the console subsidy multiple times.

A person with many games can probably afford to fund the platform through what is effectively a form of progressive taxation. The console itself is the lowest level of Maslow's hierarchy for Games, so doing anything to make it affordable is in the consumers' benefit.

The Net Positive outcome is the larger addressable market, by having as many consoles as possible. A large number of consoles owners, with only a few games each, is a better outcome, both for developers, and for regulators, than a small number of console owners with many games each.

> I doubt they would cost 3x as much, or even 2x. The hardware in consoles isn't that high-end, and they also buy at large volumes.

Microsoft are on the record that they lose money on their consoles. The components they put in the console, cost them more than the price at which they sell the console. The multiplier is going to change over time, but when the Series X debuted, it was 2-3x the price to build a PC with equivalent performance new AMD kit in it.

> In any case, I don't think Gruber is making the argument "iPhones are app consoles, and that's great". After all, he's also been advocating for a "developer mode" that loosens even some of the restrictions on macOS. Why would he be arguing the opposite on the phone?

His (and Apple's) argument has been that "The iPhone is the same as a Games Console, and if we get regulated and unlocked, so should they". It's a classic poisoning of the well, or "telling on everyone else when you get caught" strategy. The goal, is to rope in so many other players to their fate, that the shared disruption would be so great, that regulators give up on addressing them alone.

The Mac has been less restricted in the past, Gruber is advocating for it being what it has always been (and largely what it still is if you're determined). The iPhone has never been unrestricted, Gruber is advocating for it to remain what it has always been.

His motivations for that, IMHO are influenced by a financial conflict of interest, in that he is dependent on access to Apple executives for his podcasts, live shows, "little birdies", review units etc.

Whether he is told to push an agenda, or just chooses to do so off his own bat, knowing what will ingratiate him with Cupertino, isn't really important to the outcome.

Gruber's critiques of Apple tend to only ever be in the *style* of things - he doesn't like the style of Safari tabs - that's a criticism which is addressable, costs Apple nothing, and earns them his praise. He never criticises the basic business model of Apple's offerings.

Leave a Comment