{"id":35963,"date":"2022-05-23T15:26:23","date_gmt":"2022-05-23T19:26:23","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=35963"},"modified":"2024-03-14T15:31:40","modified_gmt":"2024-03-14T19:31:40","slug":"proposed-eu-dma-usb-c-messaging-nfc","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/05\/23\/proposed-eu-dma-usb-c-messaging-nfc\/","title":{"rendered":"Proposed EU DMA: USB-C, Messaging, NFC"},"content":{"rendered":"

European Parliament<\/a>:<\/p>\n

Mobile phones, tablets, digital cameras, headphones and headsets, handheld videogame consoles and portable speakers, rechargeable via a wired cable, would have to be equipped with a USB Type-C port, regardless of the manufacturer. Exemptions would apply only for devices that are too small to have a USB Type-C port, such as smart watches, health trackers, and some sports equipment.<\/p><\/blockquote>\n

Via Nick Heer<\/a>:<\/p>\n

The straight-line way of reading this is that future iPhones and iPads will have to have a USB-C port instead of a Lightning one.<\/p><\/blockquote>\n\n

Casey Newton<\/a>:<\/p>\n

\n

The act applies to what it calls “gatekeepers” — defined as any platform that has a market capitalization of €75 billion, or more than €7.5 billion in European revenue. So: yes to WhatsApp and iMessage; no to Signal and Telegram.<\/p>\n

[…]<\/p>\n

Disdain for the new requirements is not universal; Matrix, a nonprofit organization working to build an open-source standard for encrypted communication, published a blog post Friday explaining some possible technical paths forward<\/a>.<\/p>

But it’s clear that, to the extent that there might be a way for services like iMessage and WhatsApp to interoperate and preserve encryption, that way has yet to be invented. <\/p>\n<\/blockquote>\n\n

Via Nick Heer<\/a>:<\/p>\n

\n

To be clear, it does not appear that the draft law mandates the creation of no privacy or security risks; the segment posted by Benedict Evans<\/a> — the full draft text is currently confidential — says platform providers must create a “high level of security and personal data protection”. It is about finding an appropriate level of risk with the caveat that it will never get to zero. But the core of the question seems correct: is there a way to make encrypted messaging services work together while ensuring negligible difference in security and privacy levels?<\/p>\n

[…]<\/p>\n

Remember Adium<\/a>? That is a great piece of software I have not touched in about ten years as phone-centred messaging clients have replaced desktop-based ones. Something like that could be possible again.<\/p>\n<\/blockquote>\n\n

Hartley Charlton<\/a>:<\/p>\n

The latest provisional agreement sets out plans to establish a “High-Level Group” of central European digital regulators to coordinate national regulators across EU member states and requires “gatekeepers” to create an independent “compliance function.” The new group must include compliance officers to monitor their company’s compliance with EU legislation using sufficient authority, resources, and access to management, and be headed by an “independent senior manager with distinct responsibility for the compliance function.” The rule would effectively require companies like Apple to set up an internal department dedicated to meeting pro-competition regulations.<\/p>

In addition, new rules specifically targeted to address companies like Apple that have “a dual role” with control over both hardware and software look to allow any developer to gain access to any existing hardware feature, such as “near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies.” This could have major implications for the level of integration that developers can achieve on Apple platforms, such as allowing contactless payment services to operate on the iPhone and Apple Watch just like Apple Pay.<\/p><\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

This is bananas. All third party developers get control over the secure enclave and the software that controls it?<\/p>\n

[…]<\/p>\n

This is profoundly anti-consumer. Consumers aren’t asking for any of this shit. Actual people love their phones more than their computers — whether Macs or PCs — not despite the fact that their phones are tightly controlled consoles, but because they are tightly controlled consoles. These regulators don’t see it that way, because they’re idiots. They think they can legislate their way to a world where the iPhone (and Android, which is also console-like) remains far safer and more reliable than PCs while mandating that all the protections that have made them far safer and more reliable than PCs be removed. It’s absurd.<\/p><\/blockquote>\n\n

I think this is conflating a lot of different things. The main reasons that phones are safer and more reliable are sandboxing (so apps run mostly independently from each other and the system) and the hidden file system (so users can’t mess things up). Those would remain in place. I still think it’s far from clear that adding an API to access NFC would cause harm. The bit about the Secure Enclave strikes me as differing interpretations, like when Microsoft told the court that Internet Explorer couldn’t be removed from Windows because—thinking of the frameworks, not just the app—then it would no longer boot. Obviously, the EU doesn’t want it opened up in a way that would make it useless<\/a>.<\/p>\n\n

I would imagine though, if this comes to fruition, E.U. citizens are going to wind up buying iPhones that operate very differently from those sold everywhere else in the world, and they will suffer for it.<\/p><\/blockquote>\n\n

Steve Troughton-Smith<\/a>:<\/p>\n

\n

Why does Apple see a ‘European’ iPhone variant as an existential threat, but not its stripped-down feature-restricted variant for e.g. China (which it has shipped for a decade)? Because everybody will want one with this unrestricted featureset, of course. Hence the unrelenting PR<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n