Last week, Mark Gurman published a blockbuster story in @Bloomberg, revealing #Apple's plan to allow third-party #Ios #AppStores to comply with the #EU's #DigitalMarketsAct. Apple didn't confirm it, but I believe it. Gurman's sourcing was impeccable:
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2022/12/21/malicious-compliance/#dma
1/
This is a huge deal. While Apple's "curated" approach to software delivers benefits to users, those benefits are unreliable. As I explain in a new post for @eff's Deeplinks blog, Apple only fights for its users when doing so is good for its shareholders. But when something is good for Apple shareholders and bad for its customers, the shareholders win, every time:
2/
And what we can do about it.With this year’s passage of the EU’s Digital Markets Act (DMA), very large online platforms - those with EU revenues of €75 billion or more and at least 45 million EU users - will have to open up their devices to rival app stores. While this has implications for game...
To see how this works, just consider Apple's record in #China. First, Apple removed all working #VPN apps from its Chinese App Store, to facilitate state spying on its Chinese customers:
Then Apple backdoored its Chinese cloud servers, to further facilitate state surveillance of Chinese #Iphone owners:
https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html
3/
Apple Inc <AAPL.O> says it is removing virtual private network (VPN) services from its app store in China, drawing criticism from VPN service providers, who accuse the U.S. tech giant of bowing to pressure from Beijing cyber regulators.
Then, just last month, Apple neutered #Airdrop's P2P file-sharing in order to help the Chinese state in its campaign to stamp out protests:
Apple claims that its App Store is a fortress that protects its users against external threats.
4/
But the Iphone is designed to block its owners from choosing rival app stores, which means that when Apple betrays its customers, the fortress walls become *prison* walls. Governments know this, and they rely on it when they demand that Apple compromise its customers to totalitarian surveillance:
https://pluralistic.net/2022/11/11/foreseeable-consequences/#airdropped
5/
Now, there's an interesting contrast here. When the #FBI demanded that Apple backdoor its devices to aid in the prosecution of the San Bernardino shooters, Apple took its customers' side, bravely refusing to compromise its devices:
https://www.eff.org/cases/apple-challenges-fbi-all-writs-act-order
That was the right call. Does it mean Apple doesn't value privacy for its Chinese customers' privacy as much as it values it for American customers? Does it mean that Apple respects the #CCP more than it respects the FBI?
6/
A U.S. federal magistrate judge has ordered Apple to break the security of an iPhone as part of the investigation into the 2015 San Bernardino shootings. Apple is fighting the order which would compromise the security of all its users around the world.In March 2016, FBI announced that it had...
Not at all. It just means that China was able to threaten Apple's shareholders in ways that the #DoJ couldn't. Standing up to the Chinese government would threaten Apple's access to 350 million middle-class Chinese potential customers, and an equal number of Chinese low-waged workers who could be tapped to manufacture Apple devices under brutal labor conditions at rock-bottom prices.
7/
Standing up to the FBI didn't threaten Apple's shareholders the way that standing up to the CCP would, so Apple stood up for its American users and sold out its Chinese users.
But that doesn't mean that US Apple customers are safe. In the US, Apple defends its customers from rival *commercial* threats, but actively prevents those customers from defending *themselves* against Apple's own commercial threats.
8/
Famously, Apple took its customers side over Facebook's, adding an amazing, best-in-class, one-click opt-out to tracking, which is costing Facebook *$10 billion per year*. You love to see it:
9/
On the other hand...Apple secretly continued to its customers' clicks, taps, gestures, apps and keystrokes, even after those customers *explicitly* opted out of tracking, and used that data to build nonconsensual dossiers on every Ios owner for use in its own ad-targeting business:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
10/
Apple defended its customers against Facebook's predation, but not its own. When Apple's shareholder interests are on the line, Apple's App Store becomes a prison, not a fortress: because Apple controls which software you can install, it can (and does) block you from installing apps that extend its block on commercial surveillance to Apple itself.
11/
Then there's the #AppTax. Apple charges app makers a 30% commission on all their sales, which means that certain businesses literally *can't exist*. Take #audiobooks: audiobook sellers have 20% gross margins on their wares. If they sell their audiobooks through apps and pay a 30% vig to Apple, they lose money on every sale. Thus, the only Ios app that will sell you an audiobook is Apple's own #AppleBooks.
12/
Apple Books *requires* authors and publishers to wrap their books in Apple's #DRM, and the #DMCA makes it a felony to supply *your own readers* with a tool to convert *the books you published* to a rival's format. That means that readers have to surrender every book they've bought on Apple Books if you switch platforms and ask them to follow you. It's not just #SocialMedia that turns creators into #DigitalSharecroppers.
13/
It's not any better when it comes to the businesses that can eke out an existence under the app tax's yoke. These businesses pass their extra costs on to Apple's customers, who ultimately bear the app tax burden. Because *every* app maker has to pay the app tax, they *all* tacitly collude to hike their prices.
14/
And because mobile is a #duopoly, the app tax is also buried in every #Android app, because @searchliaison has exactly the same app tax as Apple (#Google will also be forced to remove barriers to third-party app stores under the #DMA).
All this to say that it is a terrible error to impute morals or values to giant corporations. Apple and Google are both immortal colony organisms that view human beings as inconvenient gut flora.
15/
They are remorseless paperclip-maximizing artificial life forms. They are, in other words, limited liability corporations.
https://knowyourmeme.com/memes/paperclip-maximizer
"If you're not paying for the product, you're the product" sounds good, but it's absolutely *wrong*. You can't bribe a paperclip-maximizing colony organism into treating you with dignity by spending money with it.
16/
Paperclip Maximizer is a thought experiment about an artificial intelligence designed with the sole purpose of making as many paperclips as possible, which could hypothetically destroy the world or even the entire universe by converting all resources into paperclips due to instrumental convergence.
Companies' treatment of you depends on what they can get away with - not their "personalities." Apple doesn't respect privacy - it thinks it can make more paperclips by giving some of its customers some privacy. As soon as Apple finds a way to make more paperclips by spying on those you (say, by starting its own internal #adtech business), it *will* spy on you, and the $1000 you spent on your Iphone will not save you.
17/
Once you understand that corporate conduct is a matter of power, not personality, then you understand that the way to prevent companies from harming you is to meet their power with #CountervailingPower. This is why #TechWorker #unions matter: organized #labor has historically been the most important check on corporate power, which is why tech companies are so vicious in the face of union drives:
https://www.epi.org/publication/unions-decline-inequality-rises/
18/
To a remarkable extent, inequality, which fell during the New Deal but has risen dramatically since the late 1970s, corresponds to the rise and fall of unionization in the United States. BLOG: Union decline and rising inequality in two charts The passage in 1935 of the National Labor Relations Act, which protected and encouraged unions,…
Beyond labor, two other forces can discipline corporate conduct: #regulation and #competition. The biggest threat to a business's customers is that business's own shareholders. A company might defend its customers against a rival, but they will *never* defend its customers against its own shareholders.
19/
Regulation and competition both impose costs on shareholder who abuse their customers: regulation can punish bad conduct with fines that come out of shareholder profits, and competition can create a race to the top as businesses seek to poach each others' customers by offering them progressively better deals.
Which brings me back to the DMA, the EU's pending regulation forcing Apple to open its app store, and Apple's leaked plans to comply with the regulation.
20/
This is (potentially) great news, because rival app stores can offer Apple customers an escape hatch from mandatory surveillance and price-gouging.
But the devil is in the details. There are so many ways that Apple can use #MaliciousCompliance to *appear* to offer a competitive app marketplace without actually doing so. In my article for EFF, I offer a checklist of fuckieries to watch for in Apple's plans:
21/
* Forcing software authors in Apple's #DeveloperProgram. Not only does this force developers to pay Apple for the privilege of selling to Iphone owners, but it also forces them to sign onto a Bible-thick #EULA that places all kinds of arbitrary limits on their software. It's not enough for Apple to open up to rival app stores - it also must not sabotage rivals who produce competing #SDKs for Ios.
22/
* Forcing App Store criteria on rival app stores. Apple mustn't be permitted to turn legitimate vetting for security or privacy risks into editorial control over which apps Ios users are allowed to use.
23/
Apple may not want to carry games that highlight labor conditions in high-tech manufacturing sweatshops:
https://venturebeat.com/games/apple-drops-uncomfortable-sweatshop-hd-game-from-app-store/
And it may object to apps that track US drone killings of civilians abroad:
https://www.theguardian.com/technology/2012/aug/30/apple-blocks-us-drone-strike-app
But those arbitrary editorial conditions shouldn't be imposed on rival app stores.
24/
* Taxing rival app stores for "security vetting." Apple is not the only entity qualified to assess the security of apps:
and it's just as capable as its rivals of making grave errors:
https://www.infosecurity-magazine.com/news/apple-fixes-exploited-iphone-zero/
It's fine to say that app stores must submit to third-party security certification, but they should be free to *choose* Apple out of a field of qualified privacy certifiers.
25/
* Requiring third-party app stores to process payments with Apple. The app tax should be disciplined by competition. Allowing Apple to extract 30% from transactions in its rivals' app stores would defeat the whole purpose of the DMA.
26/
* Arbitrarily revoking third party app stores. It's foreseeable that some third-party app stores would be so incompetent or malicious that Apple could revoke their ability to operate on Ios devices. However, if Apple were to pretextually shut down third-party app stores, it could sour Iphone owners off the whole prospect of getting apps elsewhere.
27/
Apple must not be permitted to shut down app stores in an anti-competitive way, but distinguishing pretextual shutdowns from bona fide ones is a time-consuming, fact-intensive process that could leave customers in limbo for years.
One way to manage this is for regulators to dangle *massive* fines for pretextual shutdowns. In addition to this, Apple must make some provision to continue its customers' access to the apps, media and data from the app stores it shuts down.
28/
All of this points to the role that regulators pay, even (especially) when it comes to disciplining companies through competition. The DMA is overseen by the @EU_Commission, which has the power to investigate, verify and approve (or reject) the standards that Apple sets for privacy, security, and app stores themselves. The Commission should anticipate and fund the regulators needed to manage these tasks quickly, thoroughly and efficiently.
29/
Finally, Europeans shouldn't have all the fun. If Apple can do this for Europeans, it can do it for every Apple device owner. If you bought an Ios device, it's *yours*, not Apple's, and you should have the right to #TechnologicalSelfDetermination that Europeans get when it comes to deciding which software it runs.
--
Image:
Electronic Frontier Foundation
https://www.eff.org/files/banner_library/eu-flag-11.png
CC BY 3.0:
https://creativecommons.org/licenses/by/3.0/us/
eof/
"You can't bribe a paperclip-maximizing colony organism into treating you with dignity by spending money with it."
Well said!
Cory Doctorow
bluvoid