Liam Mo and Brenda Goh, Reuters:

A group of 55 Chinese iPhone and iPad users filed a complaint with China’s market regulator on Monday, a lawyer representing the group said, alleging that Apple abuses its market dominance by restricting app distribution and payments to its own platforms while charging high commissions.

[…]

This marks the second complaint against Apple led by Wang. A similar case filed in 2021 was dismissed by a Shanghai court last year.

Imran Rahman-Jones, BBC News:

But the Competition and Markets Authority (CMA) has designated both Apple and Google as having “strategic market status” – effectively saying they have a lot of power over mobile platforms.

The ruling has drawn fury from the tech giants, with Apple saying it risked harming consumers through “weaker privacy” and “delayed access to new features”, while Google called the decision “disappointing, disproportionate and unwarranted”.

The CMA said the two companies “may be limiting innovation and competition”.

Pretty soon it may be easier to list the significant markets in which Apple is still able to exercise complete control over iOS app distribution.

⌥ Permalink

U.S. Director of National Intelligence Tulsi Gabbard, in a tweet that happens to be the only communication of this news so far:

Over the past few months, I’ve been working closely with our partners in the UK, alongside @POTUS and @VP, to ensure Americans’ private data remains private and our Constitutional rights and civil liberties are protected.

As a result, the UK has agreed to drop its mandate for Apple to provide a “back door” that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.

Zoe Kleinman, BBC News:

The BBC understands Apple has not yet received any formal communication from either the US or UK governments.

[…]

In December, the UK issued Apple with a formal notice demanding the right to access encrypted data from its users worldwide.

It is unclear to me whether Gabbard is saying the U.K.’s backdoor requirement is entirely gone, or if it means the U.K. is only retreating from requiring worldwide access (or perhaps even only access to U.S. citizens’ data). The BBC, the New York Times, and the Washington Post are all interpreting this as a worldwide retreat, but Bloomberg, Reuters, and the Guardian say it is only U.S. data. None of them appear to have confirmation beyond Gabbard’s post, thereby illustrating the folly of an administration continuing to make policy decisions and announcements in tweet form. The news section of the Office of the Director of National Intelligence is instead obsessed with relitigating Russian interference in the dumbest possible way.

Because of the secrecy required of Apple and the U.K. government, this confusion cannot be clarified by the parties concerned, so one is entrusting the Trump administration to communicate this accurately. Perhaps the U.K. availability of Advanced Data Protection can be a canary — if it comes back, we can hope Apple is not complicit with weakening end-to-end encryption.

Also, it seems that Google has not faced similar demands.

⌥ Permalink

Liv McMahon and Andrew Rogers, BBC News:

Around 6,000 sites allowing porn in the UK will start checking if users are over 18 on Friday, according to the media regulator Ofcom.

Dame Melanie Dawes, its chief executive, told the BBC “we are starting to see not just words but action from the technology industry” to improve child safety online.

She told BBC Radio Four’s Today programme that “no other country had pulled off” such measures, nor gained commitments from so many platforms, including Elon Musk’s X, around age verification.

It is remarkable that one of the first large-scale laws of this type happened on the web before it hit smartphone apps. Perhaps that is because both the App Store and Play Store have rules prohibiting pornography. The web has so far only had voluntary guidelines and minimal verification. In the U.K., that has now changed.

This article is headlined “Around 6,000 Porn Sites Start Checking Ages in U.K.”, yet in this — the first paragraph — the reporters acknowledge these are “sites allowing porn” not “porn sites”. This might sound like I am splitting hairs, but this figure seems to include some extremely large non-porn websites too:

Ofcom said on Thursday that more platforms, including Discord, X (formerly Twitter), social media app Bluesky and dating app Grindr, had agreed to bring in age checks.

The regulator had already received commitments from sites such as Pornhub – the UK’s most visited porn website – and social media platform Reddit.

When we are talking about large platforms like Discord and Reddit, there is a meaningful difference between describing them as “porn sites” and “sites allowing porn”.

Apps for Bluesky, Discord, Grindr, Reddit, and X are all available on the App Store, where they all have “16+” ratings, and the Play Store, where they have a “Mature 17+” rating with the exception of Discord’s “Teen” rating. These platforms are in a position to provide privacy-protecting age gating and, I think, they ought to do so with APIs also available to third-party stores.

The age verification mandated by this British law, however, is worrisome, especially if it becomes a model for similar laws elsewhere. The process may be done by a third-party service and can require sensitive information. These services may be specialized, meaning they may have better security and privacy protections, but it still means handing over identification to some service a user probably does not recognize. What is a “Yoti” anyway? And, because website operators are liable if they do not adequately protect youth, they may choose to take broader measures — just in case. For example, the law requires age verification for “material that promotes or encourages suicide, self-harm and eating disorders”. Sounds reasonable, but it also means online support groups could be age-restricted as a precautionary measure by their administrators. Perhaps that is reasonable; perhaps young people should only participate in professional support groups. But it is a notable compromise.

Nevertheless, I think the justification behind this policy is fair and deserved. There are apps and parts of the web where children should not be able to participate. I do not even mind the presence of a third-party in the verification chain — many Canadian government services include the option of logging in with a bank or credit union account, and it works quite well. But there are enough problems with this law that I hope it is not seen by other governments — including my own — as a good foundation, because it is not.

⌥ Permalink

The Financial Times today published an article by Anna Gross, Tim Bradshaw, and Lauren Fedor, in which the three paint a picture of a complex stalemate between investment interests and the U.K. government’s snooping desires:

Sir Keir Starmer’s government is seeking a way out of a clash with the Trump administration over the UK’s demand that Apple provide it with access to secure customer data, two senior British officials have told the Financial Times.

The officials both said the Home Office, which ordered the tech giant in January to grant access to its most secure cloud storage system, would probably have to retreat in the face of pressure from senior leaders in Washington, including vice-president JD Vance.

The writers go on to describe the tension between U.K. and U.S. authorities, with sources telling them the U.K. definitely wants this capability, but feels the weight of the U.S. administration. Here are two things I think are true:

1. The U.K. should not be demanding access to iCloud data end-to-end encrypted by Advanced Data Protection — and certainly not worldwide, as it wants. It is terrible on the merits, it will be misused, and it is ridiculous nobody can talk about it directly because of secrecy requirements.

2. The U.S. continues to abuse its power in worrisome ways. There is no evidence this administration is objecting to the U.K. law on the merits of free speech, given how bad they are on speech in general. There is lots of reason to believe they are simply hostile to any attempts at regulating the massive technology companies that happen to come from the U.S. and reinforce its global power. It is not just the U.K.; the Canadian government pulled a fairly reasonable Digital Services Tax to placate this administration for similar reasons.

Bad faith rationale aside, the U.K. seems to be thinking about retreating from its backdoor efforts, though it has not yet made any moves to do so. Yet Ars Technica, which syndicates the occasional Times story, republished this article under the headline “UK backing down on Apple encryption backdoor after pressure from US”. That is not true — not yet, anyway.

And there is reason to be skeptical of the Times’ sourcing on these matters, too. In 2023, its reporters — including Gross, who also worked on this Advanced Data Protection story — were told the U.K. government would no longer demand the breaking of end-to-end encryption in messaging apps. This was only true in the sense the government no longer demanded impossible backdoors, only possible ones. This was not so much rescinding a demand as it was clarifying it.

Until the U.K. formally withdraws the technical capability notice served to Apple — and maybe Google, too — we should assume they are still pushing for a backdoor. And, because of the secrecy rules, if they do rescind it, it seems we will only find out in a leak to the Times or the BBC, without any official acknowledgement any of this took place.

⌥ Permalink

Meredith Whittaker, president of Signal — which has recently been in the news — in an op-ed for the Financial Times:

The UK is part and parcel of a dangerous trend that threatens the cyber security of our global infrastructures. Legislators in Sweden recently proposed a law that would force communication providers to build back door vulnerabilities. France is poised to make the same mistake when it votes on the inclusion of “ghost participants” in secure conversations via back doors. “Chat control” legislation haunts Brussels.

There is some good news: French legislators ultimately rejected this provision.

⌥ Permalink

Grace Dean, BBC News:

Ms O’Carroll’s lawsuit argued that Facebook’s targeted advertising system was covered by the UK’s definition of direct marketing, giving individuals the right to object.

Meta said that adverts on its platform could only be targeted to groups of a minimum size of 100 people, rather than individuals, so did not count as direct marketing. But the Information Commissioner’s Office (ICO) disagreed.

“Organisations must respect people’s choices about how their data is used,” a spokesperson for the ICO said. “This means giving users a clear way to opt out of their data being used in this way.”

Meta, in response, says “no business can be mandated to give away its services for free”, a completely dishonest way to interpret the ICO’s decision. There is an obvious difference between advertising and personalized advertising. To pretend otherwise is nonsense. Sure, personalized advertising makes Meta more money than non-personalized advertising, but that is an entirely different problem. Meta can figure it out. Or it can be a big soggy whiner about it.

⌥ Permalink