European digital sovereignty and open source
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 287 | |
| Author | ||
| Contributors | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/57064 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
Open sourceOpen setInternetworkingSoftwareGoogolPlot (narrative)Control flowWeb serviceComputer networkAbelian categoryText editorRead-only memoryLengthType theoryComputer hardwareData transmissionParallel portDatabaseFunction (mathematics)Communications protocolParameter (computer programming)Order of magnitudeLoginEmailAddress spaceStandard deviationInternet service providerImplementationSystem programmingArchaeological field surveySpherical capAlphabet (computer science)Bit rateMedianPRINCE2User-generated contentMountain passQuantum mechanicsDemosceneEmailLevel (video gaming)Thresholding (image processing)Web 2.0Open setGoodness of fitInternetworkingDivisorAreaEndliche ModelltheorieMultiplication signInternet service providerFrequencyPrice indexFreewareSign (mathematics)MultiplicationMobile appFacebookGoogolDifferent (Kate Ryan album)Web serviceImplementationAxiom of choiceMassModul <Datentyp>Open sourcePhysical systemNeuroinformatikSurface of revolutionMathematicsMereologySound effectInformationMobile WebModule (mathematics)Point cloudFlow separationSource codeExplosionSoftwareSmartphoneConvolutional codeArithmetic meanRight angleWeb browserWebsiteMathematical analysisStandard deviationRegulator geneCartesian coordinate systemOnline service providerPhase transitionAuthorizationServer (computing)Computer animation
06:59
Instant MessagingWeb serviceStandard deviationMobile WebRevision controlComputing platformDisintegrationPhysical systemDefault (computer science)ComputerSoftware developerInternetworkingData modelProduct (business)GUI widgetControl flowInformation securityGoogolFacebookInformationPoint cloudMathematical optimizationVideo trackingBuildingTwitterSpeech synthesisOpen sourceDeutscher FilmpreisContent (media)InternetdienstComputer networkWeb serviceInternetworkingAverageInstant MessagingMereologyCartesian coordinate systemInternet service providerPower (physics)Data storage devicePhysical lawNeuroinformatikPlanningInformation securityRight angleFacebookMobile appProduct (business)Mobile WebGame controllerEndliche ModelltheoriePoint (geometry)EmailDecision theoryFraction (mathematics)Open setOperator (mathematics)Android (robot)outputServer (computing)TelecommunicationOperating systemValidity (statistics)Business modelSearch engine (computing)Data transmissionSoftwareComputing platformStandard deviationCondition numberPoint cloudMessage passingCASE <Informatik>InformationTrailDigital mediaConnected space1 (number)WebsiteKey (cryptography)Pairwise comparisonWaveBlock (periodic table)Computer animation
15:22
InternetdienstComputer networkDistribution (mathematics)User-generated contentInternetworkingEncryptionComputing platformInformation privacyIdeal (ethics)Direct numerical simulationImage resolutionServer (computing)Local area networkInternet service providerControl flowGUI widgetWebsiteMIDIProxy serverWeb browserContent (media)EncryptionDirect numerical simulationInformation privacyInternetworkingEndliche ModelltheorieCASE <Informatik>Block (periodic table)Resolvent formalismReal numberInformationProxy serverGoodness of fitPhysical lawVideo gameIndependence (probability theory)Disk read-and-write headLocal ringSpline (mathematics)TrailHoaxWeb servicePoint (geometry)Position operatorRule of inferenceWebsiteUser-generated contentPhishingOnlinecommunityMereologyDifferent (Kate Ryan album)Game controllerBackdoor (computing)TelecommunicationSet (mathematics)MalwareServer (computing)State of matterDeclarative programmingConnected spaceArithmetic meanScaling (geometry)Revision controlCommunications protocolFilter <Stochastik>QuicksortIn-System-ProgrammierungComputer animation
23:18
Proxy serverInternet service providerContent delivery networkImplementationOperator (mathematics)InternetworkingWebsiteVirtuelles privates NetzwerkMetadataEncryptionControl flowGroup actionSoftware developerProduct (business)Digital electronicsOpen sourceStandard deviationOpen setBuildingBlock (periodic table)Identity managementPhysical systemDefault (computer science)Modul <Datentyp>Computing platformWeb serviceContent (media)Video trackingPosition operatorWebsiteDirection (geometry)NumberInformation privacyMoment (mathematics)Proxy serverOperator (mathematics)Different (Kate Ryan album)Point (geometry)MereologyRegulator geneServer (computing)Computing platformTerm (mathematics)In-System-ProgrammierungMultiplicationAdditionOpen sourceCommunications protocolIP addressWeb serviceSpline (mathematics)Module (mathematics)Real numberGoodness of fitOpen setRule of inferenceFitness functionEntire functionGame controllerEncryptionGroup actionBuildingPower (physics)FacebookQuicksortFormal languagePresentation of a groupPoint cloudEndliche ModelltheorieInternetworkingPressureStandard deviationDesign by contractLocal ringDataflowComputer configurationCASE <Informatik>Product (business)SpacetimePhysical law1 (number)Arithmetic meanVotingComputer animation
31:15
ComputerRevision controlMaxima and minimaReduction of orderOpen setIdentity managementPoint cloudStandard deviationDigital rights managementContent (media)Digital electronicsLatent heatWeb serviceComputing platformPosition operatorVideoconferencingPlastikkarteSocial softwareSystem programmingOperations researchWeb browserInstant MessagingForceDisintegrationPhysical systemReal-time operating systemPresentation of a groupTemplate (C++)Digital mediaCloud computingWeb serviceGateway (telecommunications)Electronic mailing listLogistic distributionSearch engine (computing)1 (number)Instant MessagingRight angleIdentity managementPhysical systemAdditionOcean currentNumberProcess (computing)Open sourceRule of inferenceRevision controlRegulator geneComputing platformPortable communications devicePhase transitionConstraint (mathematics)DemosceneTerm (mathematics)Core dumpAreaState of matterPosition operatorDifferent (Kate Ryan album)INTEGRALMultiplicationCommunications protocolReal numberAutomatic differentiationDirection (geometry)Default (computer science)Computing platformInformationRow (database)Type theoryMaxima and minimaYouTubeProduct (business)Mobile appPoint cloudPlastikkarteInterface (computing)System identificationVideoconferencingPersonal digital assistantPresentation of a groupImplementationLibrary (computing)Computer animation
39:11
Band matrixVideoconferencing1 (number)ImplementationMatrix (mathematics)Exterior algebraTelecommunicationComputer animationMeeting/Interview
40:01
ImplementationWeb serviceMatrix (mathematics)Digital electronicsCommunications protocolPhase transitionPoint (geometry)Decision theoryCASE <Informatik>Multiplication signMeeting/Interview
41:13
VideoconferencingBand matrixOrientation (vector space)Physical lawWeb serviceState of matterRegulator geneProjective planeCurveComputer animationMeeting/Interview
42:21
Band matrixVideoconferencingAxiom of choiceComputing platformMobile appPersonal digital assistantInterface (computing)Bridging (networking)Information privacyMultiplication signClient (computing)Extension (kinesiology)Computing platformMessage passingMetadataDigital mediaComputer animationMeeting/Interview
43:33
TwitterDrop (liquid)Computer animationMeeting/Interview
Transcript: English(auto-generated)
00:09
Hi, good morning. Greetings from my couch in Turin, Italy. I am Vittorio Bartole and I'm here to talk about the European digital sovereignty, what it is, what are the problems that it is trying to solve and how can the open source community relate to it.
00:22
I am an engineer. I'm a digital rights activist since the mid 90s and I'm working in a country for open exchange, which is a German open source software company, maybe, you know, Davco, PowerDNS. And as a disclaimer, since I will be talking about specific companies, I want to say that I don't hate these companies or the people that work for them. This is just a recap of how this situation is seen in Brussels by the institutions and by the European policy community
00:45
and so to understand why certain regulation proposals are underway. So, welcome to the Hotel California, as the famous song says. This story starts in the 80s up to the mid 90s when there was no mass internet. We only had separate BBSs or private online services that were not interconnected with each other.
01:04
And then the internet came and the bright idea for the internet was to separate the different layers and standardize each layer separately so that you could have multiple applications running over the same network layer and also multiple networks interconnecting using the same network layer.
01:21
And the architectural principles of the internet, this is RSC 1958 from 1996, were codified more or less in that period. And there are two of them that are particularly relevant to this discussion. One is standardization, meaning that once someone does something and finds a good way to do something,
01:41
everybody else should do it the same way unless there is a strong reason to change because this allows all the different implementations to interoperate and you can replace one implementation with another. And modularity is also useful because it means that you should break down whatever you are building into smaller modules so that you can then implement the different modules separately.
02:03
And so then you can replace individual modules without replacing the other. And these principles together form what we call interoperability. This system of multiple software, hardware, services provided by many different makers and providers that all work together and you can interchange each other.
02:23
So you can put together services by multiple providers and they all work together. And if you're dissatisfied with one, you just change one and keep the others. So the services that were born in this period all follow this model. I mean, email is the best example. You just get an email address, an email account from one provider,
02:41
and then immediately you can send email to anyone from any other email provider anywhere in the world. And anyone can offer email services. All the standards are open, are public. There's many free software implementations. And the same is for the web. I mean, the web is also built over this interoperable model. I mean, both browsers and servers interact, and you just need one browser to communicate with any possible website.
03:03
And this was really one of the key factors for the success of the internet. The internet went through a phase of explosive growth in the 90s and the beginning of this millennium. And this brought up economic growth, startups, wealth, but also social growth and the freedom of information to all corners of the world.
03:21
It was really an outstanding success. And then after some time, let's say around 2010, more or less, new services started to appear. And in the beginning it was great as well. I mean, we thought they would continue this tradition. But then something started to happen, consolidation. So companies started to merge with each other and started to become bigger and bigger.
03:41
And in the end, we ended up with very few companies managing the services we use every day. Smartphones came more or less in the same period, and it was also a revolution. And at the beginning, you had one million different apps made by very small maybe developers. There was a lot of choice and freedom of opportunities. But then again, after a while, we ended up with, I mean, like we are today,
04:02
just two basically mass operating systems for mobile devices. And even among the apps, I mean, most of the commonly used apps are owned by the same company. Then the cloud came, and the cloud again has the same problem. Well, the cloud is really someone else's computer. And these computers are mostly owned by very few companies,
04:23
and usually the same that also own the other services. And this is also getting worse and more concentrated every day. So all these phenomena together created something that was never seen before in the history of mankind. For the first time ever, the five biggest listed companies in the world were all tech companies.
04:40
There have always been big tech companies in history, but it never happened that all the big tech companies were dominating the scene at the global level over any other industry. And also this has been getting worse. So in 2016, the value was around half a trillion dollars. In 2019, Microsoft went over the threshold of one trillion dollars of value.
05:01
And just less than three years later, now we are nearing the three trillion dollars threshold. I mean, Apple is currently the biggest one. And basically, Apple is almost worth three trillion dollars, which is equal to France's GDP. Which means that, I mean, if all French people and companies work for one year and put together all their efforts, and they build wealth, all that wealth can barely buy Apple, barely, maybe.
05:24
And of course, the other European countries are smaller, except Germany. So the situation is getting worse and worse. These companies are getting bigger and bigger. There's very few changes in this situation, except that Facebook now is called MITA. And Tesla came in, and now Tesla is bigger than MITA. But basically, this is not getting better.
05:43
And another factor of concern, especially for governments, is taxation. So this was an analysis that was made a few years ago in Italy about the advertising revenues from Google, which, I mean, if you buy advertising as an Italian, you don't pay Google Italy, you pay Google Ireland. And then Google Ireland sends back to Google Italy as a fee, basically just one seventh, more or less, of what they get.
06:04
Which is the only part that gets taxed in Italy after you take away all the costs of actually providing the service in Italy. And so the value that gets taxed and the amount in taxes is quite low. And governments really don't like this. So this is one of the other concerns that has been raised, also because of the systemic effect.
06:22
So this is anecdotal, if you want, but it's an interesting indicator. So if you look at the price of houses in San Francisco, it has more than doubled in seven years. And if you know San Francisco prices are totally crazy for almost everything. And this is one of the signs that there's all this immense amount of wealth that is from all
06:41
over the world is concentrating into this very small area of the US West Coast where these companies are located. And everybody there is now, not everybody, but many people there are very rich and so that they want to buy a nice house and the prices go up. But this is really something that worries the authorities in Europe, because nobody likes to see all these wealth going away to another continent.
07:02
And so this is about California, because as the song says, you can check out anytime you like, but you can never leave. Because we are really stuck with the services of these companies. There's almost no way of living without it. I mean, maybe technical people like us can find a way, but it's hard and inconvenient that it's definitely not possible for the average internet users. And the way these companies continue this domination is mostly related to how they build their services.
07:26
So as a comparison with the original internet services like email and the web, we can consider the recent, the most recent wave of services like instant messaging or social media. Instant messaging is a good example because all the instant messaging services are built as a walled garden.
07:41
So if you have WhatsApp, you can only exchange messages with WhatsApp users. And if you then want to send a message to a Telegram user, you need to install Telegram, get an account on Telegram. And then the same for Facebook Messenger, for Slack, for whatever, whatever other messaging product. And so in this way, it's very hard to build new services, because even if you build a very good instant messaging service, there are no users.
08:05
So if someone tries it and says, OK, it's fine, it's very nice, better than the others, but my friends are all on WhatsApp and on Telegram, and so why should I be using this? And so it's, and by the way, it's also impossible to run your own. So you cannot run your own instant messaging server. And because either the standards are closed or the deployments are closed.
08:23
So maybe they use open standards, but they don't let you interconnect with their servers. And another common tactic is bundling. So this is especially strong in the mobile, since we have only these two mobile operating systems. And then maybe the platform also pre-installs you with applications for other services. Of course, they are the default, and so you will use them.
08:42
And they are maybe integrated, so they work better than competitors, because they are more integrated with the operating system. And maybe you get one, you get many. So in the end, these are tactics that are used to expand the domination from one specific sector to other nearby services and applications.
09:00
And so we ended up in this kind of situation in which these companies have a lot of power under many ways. I mean, they buy out competitors before they can challenge them. They can be used, as it happens with Android and Huawei, as a tool for geopolitical struggles. I mean, even if they don't want, their government, the US government, can force them to be part of this.
09:21
Or they can just get money from you, like Apple with their famous 30% commercial fee, if you want to make better, I mean, sell something from within an iOS app. And app stores are a particularly interesting example, because we never really had app stores on computers. We had package managers, but they don't ask you for money for when you want to buy something from the application makers.
09:44
And they don't want to check your code and decide whether they will let you install your application or even distribute your application to the users of your device. This is a completely new model, which is just about control. I mean, at least this is my impression. If you go to the Apple website and you see the explanation, why do we have an app store?
10:00
The first reason they give is that they do it for the kids. And maybe it's a valid reason, but, you know, I've heard this for other things. If it's valid for this, maybe it's valid also for filtering child sexual abuse. But this is another discussion. So let's get back to the reasons for the concerns in Europe. I want to stress that this is not just a matter of money. So it's not really just about getting money or being greeted by governments or whatever.
10:24
It's really a matter of surveillance, privacy, political power, control, national security. And there are many examples around this. So first of all, advertising. I mean, in the last 10 years, the advertising market has completely moved from the offline world to the online world. So the online advertising companies starting with Google and Facebook are now collecting most of the advertising revenues.
10:45
I mean, even Microsoft now makes like $8 billion per year from advertising on Bing, meaning people use Bing, some do. And they pay for advertising and it's $8 billion. So it's a lot of money. And so we've come to the point that the surveillance capital is really the business model of these companies.
11:05
So you might think that Google, for example, is a search engine company or an information company. No, I mean, 17 or more than 80 percent of the revenues come from targeted advertising or surveillance advertising, as some call it. So the business is really advertising, tracking you and selling advertising.
11:23
And Facebook even works, I mean, like 100 percent or almost 100 percent. And as we see also the other companies, everybody has at least some money that comes from surveillance advertising. But this is really about also political power. So the governments in Europe were scared a couple of years ago when all the COVID
11:42
tracking apps thing came up and they realized that they did not get to choose the model. So the conditions under which they could actually provide a COVID contact tracing app. Because in the end, Google and Apple decided how it should be done. And even if some governments disagreed, they said, no, we have the ones that decide. And independently from whether you liked it, one of the other models that were proposed, from a governmental point of view, this is really scary.
12:06
I mean, even in such an important emergency situation, you don't have the power to take a decision. And another thing that really scared European politicians, I mean, when President Trump was banned from Twitter, Angela Merkel spoke in favor of this, not because she liked President Trump, but because she realized that it's unacceptable that
12:26
a private company gets to decide whether a sitting US president has the right to talk with people in public or not. And this is really part of the issue. I mean, this is a famous picture of President Trump, former President Trump, perhaps also the next one, we don't know, with the CEOs of the big tech companies.
12:44
Because, I mean, these companies are still, even if they don't like it, they are still in the US and they are subject to US laws and they are subject to US interests. So we already know from the WikiLeaks case that the NSA was, I mean, spying without many problems on European leaders, the German, French, Italian leaders. And, I mean, they are interested in this and now there's even an open law stating this, so the Cloud Act is a US law.
13:07
It says that any US company by this law is required to share with US law enforcement agencies any information of non-US citizens that it has access to, even if it's on servers that are outside of the US. So if one of these companies has service in Europe, but someone from the US company has the password, the access to it,
13:25
they are required to take any of our private information and give it to the NSA or FBI or CIA or whatever. And this is also a national security issue for Europe. It's just unacceptable as a risk. And so this is also about, as we were saying, the models, the principles around the internet.
13:43
So it depends on how you interpret them. So the internet was built over some very few innovative technical policy principles. You might have heard, for example, about permissionless innovation. Permissionless innovation is the idea that you should be able to deploy any new servers, new software, new protocol,
14:01
come up with something and offer it to users without having to ask for a license or a permission to a government or to a telco or to anyone else. So you just create your new service, your new website, whatever. You connect, you put it on a server, connect your server to the internet and immediately you are in business. And this was really one of the reasons why the internet had so much success, because it was the opposite of the original telecommunication models.
14:24
In which you had to ask for permission to operators and get licenses and pay a lot of money up front. And so, I mean, there were plans for digital communications in the 90s by the telcos. But they were just completely defeated by the speed through which the internet gained success.
14:42
And so this was actually one of the reasons why we came up with the concept of network neutrality, which is another key principle of internet policies. Because at that point in time, we had these still very big dominant telco operators and we had a very small starting up internet companies.
15:00
So even if the internet companies were much smarter and growing much more quickly, then there was the risk that the telco operators would just slow down their traffic and block them and control them just because of the control they had on the connection. So we fought for this principle, which means that the telcos do not get
15:20
to gatekeep internet services and they have to provide the same service to everyone else. They cannot, for example, tell you, you're not going to connect with YouTube, but you can only connect with a competing service because I like them or I get money from them. And then there's another principle which is very important, which is the liability exemption. Meaning that if you're on a user-generated content platform, you're not legally
15:42
responsible for the content that the users put on it unless it's flagged you. So I mean, you explicitly know about it and then you have to take it down if it's legal. But in the other model, I mean, it would be that you would have to check all the content as soon as you get it before you publish it, which is impossible to scale. So I mean, we would not have user-generated content if we didn't have this liability exemption.
16:04
And finally, the most cherished principle in the internet community is possibly, well, it's embodied by the so-called Declaration of Independence of Cyberspace. It's a document by the mid 90s, which really says that we want to make the internet independent from governments.
16:23
The internet defeats the governments and brings democracy to the world. It's a very noble, noble set of thoughts. But really, in the community, there's still this rejection of rules, regulation, and governments thinking in borders. The very idea that you can have national governments with national laws is culturally still rejected by good parts of this community.
16:43
So the problem we have now is that all these nice principles, which were really important for the creation and the growth of the internet in its early ages, now are being used against us, against the users of the internet, much more than the governments. Because the idea that you don't have to ask for permission to do anything has been
17:03
used by this company to just do whatever is necessary for them to preserve their dominant position. So they basically like their own rules, and so they can do whatever they want, even if it's maybe not entirely fair. And the fact that they are not responsible for the content, they basically make money out of fake news and propaganda and abusive material.
17:22
And this is stuff that creates real problems for real people in real lives. So I mean, there's people really being harmed in the real life by these kind of things. So we should not dismiss it like, OK. And finally, the independence from governments means that these companies basically feel like they are above the law.
17:42
And now they have a sheer economic size that actually makes them above the law in many cases. It's very, very hard to get them to do something that they don't want to do. Maybe only the very big, the biggest countries in the world have some kind of bargaining power, but everybody else just gets whatever they want to do. And so I think we, I still wanted to mention a couple of other things.
18:05
One is about encryption. I think that we have to, I mean, we have to understand the real meaning of encryption in all these scenarios. Because, I mean, we know that we have been spending collectively the last 10 years encrypting everything for good reasons.
18:23
And I want to state immediately that I think that encryption is a good thing. We should absolutely encrypt all communications and definitely state-run backdoors are a bad idea. So I'm not absolutely arguing with this. And in the end, it's true that this is necessary to protect our communications. But I do want to challenge the idea that there's also another traditional
18:42
principle in our community that more encryption always brings more privacy and freedom. This is just a simplistic idea. It's not really completely true. It's not the whole story. And let's see why. I have examples from DNS because that's what I do. But it's exactly the same for HTTP versus HTTPS or for any other encrypted protocol.
19:01
So, as we all know, often local DNS servers, which are subject to local laws in Europe or from your own country, are used as a control point by the ISPs and by the national laws for blocking content that they don't want you to see. They block Pay-to-Pay, they block iHub, they block Roja Directa, whatever. And generally, we don't like this.
19:21
And so, I mean, what happened is that actually encounters that are much less democratic than Europe. So this is not from Europe. I mean, they had real reasons because that was real censorship, political censorship. And so they discovered that if they just move to using the global resources that are located mostly in the U.S., almost entirely in the U.S. now, they would be able to bypass DNS filters.
19:45
But still, this didn't completely work because the traffic was still unencrypted. So the local ISPs on behalf of the government were still able to intercept the traffic, sniff the traffic, and still block connections or stop them from accessing whatever they wanted to access.
20:01
And so recently, some browsers, at least one of them, came up with this model. I mean, basically, they just ignore, want to ignore your own DNS settings, they ignore your own local resolvers. They just bring up an encrypted connection to a remote server, and they send all the DNS queries to the server that they chose, and they trust, and they chose it for you. And this makes local control by the local government impossible.
20:23
And in the cases of the dissidents in authoritarian countries outside of Europe, it's still a great thing. So this is a very good thing they are doing for that use case. But the problem is that, first of all, local control is not always bad. I mean, there are actually some good reasons for blocking stuff like malware and botnets,
20:40
especially for the non-technical users, because maybe we are able to defend ourselves from phishing. But maybe my 75-year-old mom is not that good at it. And so in the end, it's also about, I mean, controls, blocking material. There's many reasons why many countries or many people want to block stuff. But still, this is a middle taste. There are people that say we shouldn't block anything on a metro principle, and that's a respectable idea.
21:04
But the real problem is that this is not just about a metro privacy and freedom. So let's make the same example, but with a different use case. So the same control point that is used by the government or by bad governments to block dissent and politically inconvenient content can be used by governments to block the websites that don't want to adhere by the national rules.
21:27
So it's actually the only one of the very few law enforcement points that when you have to deal with websites or services that are offshore, that are foreign, don't have a presence in your country, which I mean, maybe the very big tech companies all have subsidiaries in basically every country.
21:42
But even just the slightly smaller services, they don't. And so you don't have a way to act locally. And so the only thing you can do is to act on the connection and try to prevent these services from working in your country, if you want to impose them on anything, which could be something good for the users like GDPR or maybe paying taxes.
22:03
And so if, in the end, if we move to this kind of encrypted world in which everything is just flying over the heads of the local community and of the local government, then this becomes impossible. It becomes impossible to enforce the rules. But it's even worse. It becomes impossible even for us. So I don't know about you, but many of us have something called a piehole in our homes on Raspberry Pi.
22:23
It's a local DNS resolver which is configured to block targeted advertising, tracking advertising. And it's a great thing. It's actually protecting our privacy. But if this model starts to happen and browser starts just to ignore whatever resolver and sending encrypted information and getting the DNS resolved remotely, then ad blocking becomes impossible.
22:43
And so it's even new that you are losing control. So I think you're starting to see the point that I want to make is that this discussion is not really just about privacy or censorship or whatever. And there's even more because this is now being used to centralize the traffic again and to promote the same consolidation that we've seen is a problem.
23:03
So now there's this blame is connection model that is starting to be deployed. It's an interesting thing. So basically all your traffic is sent through two proxies. It's a sort of a scale down to two hops version of Tor. And so the first proxy gets your traffic. It's encrypted with the second proxy.
23:20
So the first proxy sees your IP address, but they don't see your actual traffic. The second proxy then gets it from the first. They see your traffic because they can decrypt it and send it home, but they don't see your IP address. And the final destination only gets a flow of aggregated traffic from the second proxy. So in the end, they see even less. And so this is, for example, what the Apple just implemented,
23:42
the so-called Cloud Private Relay, which is an add-on service at the moment, optional. You have to pay for it. And in this case, they run the first proxy directly. And the second proxy is provided by the user, big CDN operators like Cloudflare, Fastly, Akanai, whatever. And they have a contract with each other. So what's the problem around this?
24:02
It's not a problem. In many cases, it's a good service. So if you're concerned about your ISP or whatever tracking you, it's a way to hide your traffic, to reduce what websites see you, to increase your privacy. It's a sort of VPN. So but there are cons in the long term that we have to consider. So first of all, you can't choose your proxy operators. I mean, you have to get the ones that Apple gives you, which is themselves.
24:25
And the second most concerning one is now all your internal traffic is going to Apple. And as long as the first and second proxy don't cooperate, then it's fine. But in the long term, in a world where basically the entire internet runs on surveillance, who guarantees that Apple and their supplier will never transmit your metadata?
24:44
Or maybe if Apple follow the same model, maybe Apple will not do it, but other companies, other device makers or whatever will do it. So for us as a user, we should at least discuss what are the guarantees? How can we make sure that this is not getting worse? And now we get one party that gets to see our entire internal traffic in addition to our ISP, which is doing the first one.
25:07
So I think that I mean, I wanted to show you that the point that I wanted to make that is we should not be naive. I mean, the discussion on encryption and all the principles that I was mentioning should not be just in terms of privacy freedom.
25:22
I mean, we should really care about control because encryption now is being used as a way to move the control points of the Internet. And it's a real power struggle between governments and private companies on who gets to control and to have control points on what you do about the Internet. And what I'm scared about is that we are slowly building what I call the Internet of other people's things.
25:41
So we are basically filling our homes with devices that just bring up an encrypted channel to their servers, servers by their maker in some other country, somewhere in the cloud, and you don't get to see what they do. You as a user to know what your devices are actually sending and you would have no way to scrutinize it or block it or even sometimes to know that.
26:00
And if you manage to block it, then the device will stop working. And this is a terrible moment. So it's disempowering. It's not disempowering governments. It's disempowering us, the end users. And we are really risking to end up in this kind of situation. This is from a famous film on the DDR. And I'm really concerned about this. So the final point is that at least we can vote for our governments.
26:24
So, I mean, we don't like governments in general, but at least we do have a vote. We do have a say. We cannot definitely vote for Facebook CEO or for the CEOs of these big companies. We really have absolutely no way to control what they are going to do with our own future. So I think I showed you a lot of reasons why in Europe there is concern
26:43
around what is happening with the big tech and the direction that the Internet is taking. So that the last part of the presentation is about the Europe running from the door, trying to find a way to get out of this situation. And the talk is all about them for the last two or three years in Brussels has been all about digital sovereignty.
27:02
So what's this concept? Well, it means two slightly different things. I mean, one is digital autonomy, meaning that you have as a country or as a space like Europe, you have to be self-sufficient. You have to be able to have all the technology and the services that you need on your own grounds so that you don't depend on any foreign country,
27:22
don't depend on international trade and whatever. And we've seen how international trade is fragile in these years. And so you actually have to develop your know-how, your local industry and economy so that you are autonomous. In case of need, you can survive without having to depend on other people. And this is the concept that is more common in Germany. The French concept, on the other hand, is more about sovereignty.
27:42
So it's really about setting rules, enforcing rules, collecting tax and in general not be subject to pressure or whatever retaliatory potential, retaliatory action by any other country outside of Europe. So these two concepts merge together, create what is to say the European concept of digital sovereignty.
28:01
And here is when open source gets into play, because open source is really fit for this discussion. I mean, in Europe, we always get this question like, why is Europe not able to produce Google? I mean, we have very few of these very big tech companies. Why? I mean, what did we do wrong? How can we do better?
28:22
And this is the wrong question, in my opinion, because Europe is different. Europe is really an archipelago of 27 different countries and languages and societies and markets, and it works by horizontal cooperation. So we create alliances of SMEs and national companies that work together from different countries and then try to produce something which is good for Europe.
28:42
And so this is why also our policy and our economic policy should be different. And in general, open source is a good fit for Europe. In the end, there's an effective alliance between us and the European institutions, I'd say, because we provide the technology and we provide the model for horizontal cooperation and the open standards.
29:01
While Europe can put some funding, can put some consumer defence and can make the rules that allow us to, I mean, not to be destroyed or mistreated by these big dominant big tech companies. So what we need is regulated opponents. We need technical building blocks, and this is on us as a technical community to ensure that there are open standards, there are federation mechanisms, there are multiple implementations, open source software, we have to do that.
29:25
But then we also need the governments to do the regulation, and we need regulation that mandates the dominant players to play by the rules, to get back to the original internal principles and so to work with interoperable protocols and services and to let open source, competing open source solutions and even individual servers to interact with the big tech servers through interoperability.
29:47
So interoperability is not the only remedy, but it's really the remedy to this situation of world gardens, because if we can separate the modules and prevent this big tech company from giving us a monolithic platform that you have to use in its entirety, and we can then ensure that they are interoperable so you can replace just one of the modules and then it will work with
30:05
all the others, then we will be able to create alternative solutions, and we will be able actually to compete so even in economic terms. As an industry we will be able to produce stuff and that can compete with maybe be even better than the one from the industry.
30:21
So, for example, I would much like to have just one instant messaging app, the best possible ones, the one I like more, I choose freely. And then with that they can communicate with users of all other instant messaging services be it WhatsApp, Telegram, whatever signal, whatever, whatever you want to even the new ones, and this would really allow people to work on it and create maybe new applications
30:40
and then, and then have a chance to succeed. And so we'll also enable competition and maybe enable us to have more privacy friendly services we could pick some that are more privacy friendly. So there's a lot of things that Europe has been asking in general, with regulation, there are lots of new regulations coming. And here is a big recap I mean it will be quickly showing you a number of different law proposals that you may hear about.
31:07
We'll talk about the digital services sector and digital market sector in a minute, but I want to mention that as a governance sector which is setting the rules for open access to product data. The computer chip sector because now Europe realized that if you cannot get your chips from China and Taiwan
31:20
because there's no international trade anymore, then you're stuck in the rest of the industry which needs electronics just stops. And so they want to promote a bigger production of chips right in Europe even if it costs more because it's a strategic need. There's the minimum corporate tax directive so there's now an agreement on the fact that corporate should be taxed at least 15% or according to Ireland at most 15% but 15% is the number.
31:43
And so this will be implemented. There's a revision of the ideas going on so we could hopefully sooner or later get really working open public identities, and then there's guy x, which is an industry consortium with a weird name which possibly makes sense in German but not for other people. And, but it's working basically to establish a common cloud standards so that for cloud portability so that
32:05
you could move your cloud applications from one cloud provider to another infrastructure provider, without being locked in. And, and same for that ontology so that you can have services by multiple companies in the same niche, and they can know how to exchange information and work together and create this kind of horizontal cooperation to build a bigger service together.
32:25
So, then the digital services act I mentioned, this is the replacement for the all the commerce directly it's it's under discussion and so it's still being discussed and will be finalized in the next few months. So the idea is basically that we will keep the basic principle but introduce
32:40
some more liability especially for what they call a very large online platforms. Facebook, basically. So in terms of accountability and rules and checks on how to close accounts and not to close accounts and this kind of things. But then the real core one is the digital market sector. It's a specific regulation that's dealing with competition and creating more choice.
33:01
And it seemed that business users originally then I mean as I mean meaning the digital rights NGOs and the open source industry from Europe managed to expand it because some of these rights should really be available to all end users not just business users. And it's, it will affect only very few very big companies. So only the so called gatekeeper companies will will be subject to
33:22
it. The gatekeeper companies currently because this is still under finalization are the ones that make at least 8 billion euros per year. So it's in Europe, in the European economic area. So it's quite a big amount. And then at least three European countries at least for 45 million consumers, there's a number of criteria.
33:41
So in the end, this is aiming to create a new antitrust instrument for this kind of non traditional dominant positions because the economists will insist that Google and Nepal are not dominant companies in the mobile OS because there are two of them. I mean, everybody else agrees that there is a competition problem. So, this is the list of current services, it's an exhaustive list so if something is not here will not be affected by this law.
34:05
And so there you see that our marketplaces like Amazon or booking.com there are search engines social media video sharing instant messaging, operating systems including mobile cloud computing services in general, advertising by any of these above dominant players. And then the parliament recently added browsers, voice assistants and smart televisions. So this is the
34:26
list. So basically all the gatekeeper companies and only the companies for these services will be affected. I mean, everybody else including startups, nonprofits, smaller companies will not be affected by this act, if not by the benefits that they get from the rules imposed to the gatekeepers.
34:42
So what does this say? I mean, this act introduces two types of constraints. One is Article 5, the ones that are immediately executable and then Article 6 stuff, it's there but it needs to be worked on. And there's a list, I mean, you see that these are very reasonable things. So they must not include, I mean, not to enforce users to accept that integration across multiple services.
35:06
No best price clauses against the competition, no mandatory bundling, no clauses, I mean, no mandatory use of identity systems. I mean, there's a number of things. But I want to come to the two key things, two key problems that I identified like bundling and interoperability. So these are the anti-bundling clauses.
35:25
And these are what is in the text now that has been approved by the parliament. I will end up by explaining the process in a minute. So in the current version of the text, as approved by the parliament, there's basically some very useful clauses. Basically, the dominant gatekeeper companies must allow you to use, just the business users, to use the service without being forced to use the ancillary ones.
35:46
So if you want to use Amazon's marketplace, you must not be required to also use Amazon's logistics service, for example, or identification. In the same way, you must be able to use one without the other. So you can use, I mean, sell your stuff or put your videos on YouTube without having to use the search engine or this kind of things.
36:05
But the most important one was the last one that was added. Now, the provision is that whenever you install a new device, like a smartphone, the device has to ask you and give you a list, for example, of search engines and say, OK, which search engine do you want to use as your default search engine? And it must also not prevent you from uninstalling the platform's apps. So if you get Android, there will be the Google search
36:27
app, but you must be able to just remove it and install something else and the device must still be able to work. And then there's the interoperability clauses. Again, these are the current state of the art. When we started one year ago, the original proposal by the Commission only had this interoperability for
36:44
auxiliary services clause. So it was just about, for example, letting you log in with a different identity system or using a different payment gateway or delivery or advertising, this kind of auxiliary services. Now there's many new additions. One is about equal access to S features. So apps must be
37:00
able to access fairly the same APIs and libraries and whatever that the dominant players on apps access. And then there are two clauses for which we have been fighting a lot with some success. And these are the interoperability for instant messages and for social media. We hope that we will get interoperability for everything. We didn't get it yet, but at least we got it in these two
37:22
very key, important services. And so if this gets approved, the gatekeeper for these two services, which is the same company, so Facebook, WhatsApp, they will have to open up some kind of interface and interoperate with any other instant messaging and social media service. And of course, there's a lot of implementation questions, which are still to be discussed, but it's very important that this is a high-level text in a row.
37:43
You cannot write protocols in a row, but it's important that principle is there. And then there's a real -time data portability clause. Portability is already in the GDPR, but it's nice to get it restated and expanded. So where are we? Well, this came from a commission's proposal from one year ago. It was discussed for one year in the parliament, and then the parliament approved it on the
38:03
15th of December with 229 amendments that mostly expanded the scope and added some very good things. The problem is that now we are in the so-called trial phase in which the parliament's approved text has to be negotiated with the commission, with the original proposal, and with the member states, the council. So we are not sure that what is in there will even survive. There will be a final text agreed between these parties.
38:27
The current presidency of the EU, which is France, is really pushing for political reasons. They want to approve it before the end of the presidency in June. But then it will go to the parliament, and the parliament will have a final vote and approve the final text. So there are companies and NGOs, well-known ones, that are doing a lot of work behind the
38:45
scenes to make sure that at least what we got in these clauses stay in the final text. We hope we will succeed. We don't know yet. But please, folks, if you want to support us, please contact me. I'm happy to discuss this. So this brings us to the end of this presentation. I hope it was interesting. I'm happy to discuss it and also to answer any questions you might have.
39:06
So thank you for listening, and let's have a fruitful discussion. Thank you.
39:29
Okay. So since you have answered most of the questions in the chat, I will try to pick the ones that were missed. So Benjamin Balder-Bach asked, can you reflect on matrix and the government-EU interests afterwards?
39:44
How is it going in Germany with matrix implementation and others following? Are EU governments reasonably scared of hosting their communication infrastructure on teams to meet, etc.?
40:01
Well, yes, and matrix is basically the alternative. And I mean, basically, matrix is an element as well. So one of the companies that has been working with me and other European companies to push this. But also, I mean, just to indicate, because it's true that the European decision makers often don't know that even their very governments, like in France or in Germany, are using matrix for their services.
40:22
And so in the end, there will be an implementation phase in which someone, which is still to be understood, will have to pick the actual protocol. So there will be a decision whether, I mean, in case we force, for example, WhatsApp to open up an interface, whether they should just bring up an API, or whether they should be required to use an open protocol, which is what we are pushing for.
40:41
And then matrix could be selected as that. But this will happen afterwards. At this point in time, the important thing is to get this. In terms of infrastructure, yes, I mean, it depends on the country. There are countries, like Germany, where the discussion on not hosting stuff on US service services or service has been going on for quite a long time now.
41:00
There are other countries in which the discussion doesn't exist and the government just isn't aware or doesn't care. I mean, it really depends on you specifically. So, thank you. Kalesin also asked, the Digital Market Act seems to be very corporate oriented. What about stuff run by the public, for the public, and no money involved?
41:25
Well, indeed, it's justified. I mean, it's very business oriented because of the way the EU works. So the European Parliament and Commission can only make regulations on what the states have given to Europe as a competence. So in business, the internal market is one of these. I mean, they can do laws that keep the market alive and make it work better.
41:48
Other things are maybe not under the curve. For example, stuff like filtering is not a European competence. It's just the individual countries that make laws on deciding to block or not to block stuff. So that is reflected in the way the laws work. But in the end, if we can open
42:02
up the dominant services to interoperability and remove the problems with planned battling and closed upstairs and whatever, everybody will benefit. So even the non-profit services, the community projects will be able to interoperate and they will be able to grow. So in the end, the benefit is for everyone. Thank you. Jim Klimov also asked, I wonder about inter-messaging interoperability.
42:29
If some user talks on a chat whose tech they trust as secure, does adding an account from another platform or just assistance of a bridge with our other platform chapters undermine the security?
42:43
Well, that's your choice. I mean, interoperability creates an interface that can be used by your app to communicate. But then if you don't want to send messages or receive messages from users on other platforms, you just will possibly be able to tell to your client that you want to receive them. So it is still your choice who you communicate with. So in the end, social media might be slightly different.
43:02
But even there, if you move to a separate platform that is more privacy friendly, then at least you're gaining privacy on what you do. Because most of the interesting metadata are around, for example, what you're watching, how much time you spend on different posts and what they're talking about. And that's stuff that you can prevent the other platforms from growing simply by using a privacy friendly client.
43:21
So there's a gaining privacy anyway. And then the important thing is that as a user, you will still be able to control to which extent you want to interoperate. Thank you. I don't think there are any questions left. Thank you for the talk and the answers. Thank you for listening. And of course, drop me an email or find me on Twitter or whatever. I'm happy to continue this discussion.