EU passes massive regulation of "Big Tech" companies.

Colstan

Site Champ
Posts
822
Reaction score
1,124
The hammer has finally dropped. The EU has passed the "Digital Services Package" which will heavily regulate any "gatekeeper", as they call them, within their regulatory purview.

While most of the attention is going to fall on the requirements to open up the app store, the part that stuck out to me is:

Give developers access to any hardware feature, such as "near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies.

I wonder if this means that Apple will have to gimp the Secure Enclave in the new "European Union Edition" of all of their products.

Also, this could start a trade war:

The DMA says that gatekeepers who ignore the rules will face fines of up to 10 percent of the company's total worldwide annual turnover, or 20 percent in the event of repeated infringements, as well as periodic penalties of up to 5 percent of the company's total worldwide annual turnover. Where gatekeepers perpetrate "systematic infringements," the European Commission will be able to impose additional sanctions, such as obliging a gatekeeper to sell a business or parts of it, including units, assets, intellectual property rights, or brands, or banning a gatekeeper from acquiring any company that provides services in the digital sector.
 

DT

I am so Smart! S-M-R-T!
Posts
6,405
Reaction score
10,455
Location
Moe's
Main Camera
iPhone
While most of the attention is going to fall on the requirements to open up the app store, the part that stuck out to me is:

I wonder if this means that Apple will have to gimp the Secure Enclave in the new "European Union Edition" of all of their products.

Yeah, that seems like a NFW situation, i.e., Apple implements something in hardware with the expectations of providing limited access so as to comply with their own/internal safety and security protocols, but then get regulated into allowing full access?
 

Scepticalscribe

Cancelled
Posts
6,644
Reaction score
9,457
Delighted to see this.

Big Tech has had this coming for a very long time.

If they fail to regulate themselves (not least, if their failure may come to pose a threat to the stability, standing and security of a society), - and they have failed to regulate themselves, many of the icons of Big tech viewing themselves as loftily above all government, or supranational, regulation, - then, inevitably, others will take the decision to regulate them. Not before time.

And, we can expect Russia and China (who neither subscribe to democratic principles nor believe in open societies) to follow suit, even more stringently.
 

Andropov

Site Champ
Posts
602
Reaction score
754
Location
Spain
Give developers access to any hardware feature, such as "near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies.
This is catastrophically bad. Some hardware is hidden in public APIs for good reason. I.e. network MAC addresses being used as unique identifiers to track users, until both Apple and Google hid access to the true MAC address of the device.

Pre-install certain software applications and require users to use any important default software services such as web browsers.
I can see this ending with Chrome having near 100% market share like Internet Explorer back in the day.
 

Nycturne

Elite Member
Posts
1,111
Reaction score
1,418
This is catastrophically bad. Some hardware is hidden in public APIs for good reason. I.e. network MAC addresses being used as unique identifiers to track users, until both Apple and Google hid access to the true MAC address of the device.

The big problem is how vague this is, and how much is likely going to need to be defined by the regulation body. Does CoreNFC comply or not? Does having the ability to set security levels on individual files count as accessing the secure element? In the case of secure elements, it depends a lot on what is acceptable or not. But generally, the whole point is that the secure element is not easily accessible from the OS, which limits what the OS and apps can do with it.

Apple's whole approach of "implement it for ourselves, polish the API, publish the API" seems to run counter to this in spirit as well.

I can see this ending with Chrome having near 100% market share like Internet Explorer back in the day.

Sounds a lot in practice like we will see something similar to what Microsoft did with Windows with the browser selector. So yeah, it's effectively handing power to the market leader in areas where this is required, which is the opposite of what's intended.

  • Give users the option to change the default voice assistant to a third-party option.
  • Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.
  • Allow developers to offer third-party payment systems in apps and promote offers outside the gatekeeper's platforms.

I honestly expect malicious compliance with these three. Apple and Google already signaled that letting you use your own payment processor means: auditing + 3% discount. Enabling a second voice assistant platform is going to be a bit of a cluster, so I fully expect it to be something like: Okay, here's how you hook into the OS to get the voice data, but you are on your own for anything else. So Google and Apple could try to leverage it against each other, but this isn't going to increase competition in the space due to the barrier to entry now required (app integration via Intents/etc). To be honest, Google would again be the winner with the requirement of switchable voice assistants, IMO.

Additional app stores and side loading benefit larger developers who have the infrastructure to do this themselves (i.e. developers that have vertical integration) rather than indie developers. So this really benefits medium/large businesses more than small businesses.

Generally, I agree that regulation to create a more even playing field is a net positive, but I'm left wondering how they are expecting to deal with the situations where they are effectively encouraging further consolidation between the big players they seek to regulate rather than competition.
 

DT

I am so Smart! S-M-R-T!
Posts
6,405
Reaction score
10,455
Location
Moe's
Main Camera
iPhone
The more I read, the worse it sounds. The language about "... interoperability between messaging platforms ...", just all sorts of nonsense.

I pinged a few of my close friends who are also developers (like myself), and they unanimously expressed what a terrible idea they believe this is. Reading the comments on MR, there's pretty consistent condemnation from people who understand the implications.
 

SuperMatt

Site Master
Posts
7,862
Reaction score
15,004
The more I read, the worse it sounds. The language about "... interoperability between messaging platforms ...", just all sorts of nonsense.

I pinged a few of my close friends who are also developers (like myself), and they unanimously expressed what a terrible idea they believe this is. Reading the comments on MR, there's pretty consistent condemnation from people who understand the implications.
It would be wiser for them to pass laws creating agencies to regulate the industry. The agencies could employ experts in relevant fields, and suggest USEFUL regulations. Reactionary rules from legislators will undoubtedly be a disaster. Just watch any video of tech executives being interviewed by legislative panels. Many of them don’t know even the MOST basic facts of how a cell phone works.

Of course, in America, the Supreme Court has decided that Congress no longer has the authority to give power to these agencies. So we are truly f-ed if we expect octogenarian glad-handers with aides to serve their every whim to be able to pass a new law every time we need regulations.
 

Andropov

Site Champ
Posts
602
Reaction score
754
Location
Spain
The big problem is how vague this is, and how much is likely going to need to be defined by the regulation body. Does CoreNFC comply or not? Does having the ability to set security levels on individual files count as accessing the secure element? In the case of secure elements, it depends a lot on what is acceptable or not. But generally, the whole point is that the secure element is not easily accessible from the OS, which limits what the OS and apps can do with it.

Apple's whole approach of "implement it for ourselves, polish the API, publish the API" seems to run counter to this in spirit as well.
Yeah, the 'give developers access to any hardware feature' is absurdly vague. Would, for example, the limitations Apple imposes on app extensions (i.e. background time, RAM limits...) be considered law-breaking? If an iPad comes with 6GB of RAM, but apps are not allowed to use all of it, arguably not all hardware is available to developers. But something as wide as that would be unmanageable.

Sigh. I can remember many, many occasions where someone (client, higher-up, etc) requested a dumb or unreasonable feature for an app, and I was ultimately saved of having to implement it because it was forbidden by Apple. If anything, I sometimes wish some things were *more* policed.

The more I read, the worse it sounds. The language about "... interoperability between messaging platforms ...", just all sorts of nonsense.

I pinged a few of my close friends who are also developers (like myself), and they unanimously expressed what a terrible idea they believe this is. Reading the comments on MR, there's pretty consistent condemnation from people who understand the implications.
I don't even see the point of having interoperability between all messaging platforms. Why would you want that? Also, this particular quote is hilarious:
Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.
Like... any request? From anyone? Obviously Apple can't be manually integrating every single third party messaging services that a random dev requests. At the very least it should be proposed as some sort of standard every app must adhere to. Do they have any idea of how many requests people would make? This is not something that could be done by Apple/Google, by any stretch of the imagination, upon request.
 

Herdfan

Resident Redneck
Posts
4,690
Reaction score
3,571
Is this the same law that is going to force Apple to put USB-C on their phones?
 

jbailey

Power User
Posts
164
Reaction score
180
This is going to to be fascinating to watch. The law of unintended consequences writ large. I have no idea how Apple is going to respond. Most of the above quotes show how absurd the wording of this law is.
 

DT

I am so Smart! S-M-R-T!
Posts
6,405
Reaction score
10,455
Location
Moe's
Main Camera
iPhone
Like... any request? From anyone? Obviously Apple can't be manually integrating every single third party messaging services that a random dev requests.

I can't wait to submit my integration request for my app, FartChat, it has 6 users at the moment and it's used to send recordings of flatulence ...

Apple HQ, Development Team

"We got another 50 integrations requests for messaging, well, I guess we better just get started, let's see first up, FartChat"

*blank stares*

"Nevermind, let's all just work on our resumes ..."
 

leman

Site Champ
Posts
610
Reaction score
1,122
Yeah, I am a bit worried about where this is going. My fear that all this will do is erode privacy, harm the small independent developer as well as give even more power to companies like Google and Meta who deal in user data. But we will see. Apple has some smart people, I hope they already planned ahead and will manage to come up with a new model that will work well for both the users and devs while adhering to these regulations.
 

Joelist

Power User
Posts
177
Reaction score
168
I suggest reading the source material. The OP is quoting from the "article" at MR, which doesn't exactly have a reputation for accuracy.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
the law is funnier in the original german :)
Everything is. Well, except for the writings of mustache man, but I'll leave the Charlie Chaplin cosplayer out of this.

While chuckling at the Eurocrat's work, did they actually explain how "secure elements" are going to be regulated? While the other stuff is important, blowing a hole in Apple's security model is going to be bad for everyone around the globe. Or is it simply a lot of vague fluff that's going to be decided in the courts over the next two decades?
 

Cmaier

Site Master
Staff Member
Site Donor
Posts
5,214
Reaction score
8,260
Everything is. Well, except for the writings of mustache man, but I'll leave the Charlie Chaplin cosplayer out of this.

While chuckling at the Eurocrat's work, did they actually explain how "secure elements" are going to be regulated? While the other stuff is important, blowing a hole in Apple's security model is going to be bad for everyone around the globe. Or is it simply a lot of vague fluff that's going to be decided in the courts over the next two decades?

I would love to see the actual text. Haven’t yet.
 

Cmaier

Site Master
Staff Member
Site Donor
Posts
5,214
Reaction score
8,260
BTW, I went to the EU website to try to find the text. I got stuck in an endless loop of clicking on links that looked like they would finally take me to the text, but instead just take me to a different press release about the text.
 
Top Bottom
1 2