It has been clear for a while that certain providers and services need to be regulated as utilities - Microsoft, Google, Apple, Visa, Mastercard, and soon Openai and Anthropic.
It should be illegal for these companies, just like utilities, to deny service to anyone or any entity in good standing for dues.
There is little hope for getting this through in the US where most politicians of any stripe hate the public, and the ones that don't have hardly any power. But it might be possible to do this in the EU.
Then, we non-EU folks need to apply for Estonian e-residency [1] which may get us EU regulatory coverage.
It would not surprise me if these actions are coming at the requests of governments. Strong encryption is one of the few things that challenges their monopoly on information; they have a very strong incentive to apply political pressure to the maintainers of these projects to, well, stop maintaining the projects. We've seen this in overt actions that the EU takes; in more covert actions that the U.S. government is suspected of taking; and in the news headlines about third-world dictatorships that just shut off the Internet. Tech companies are perhaps the most convenient leverage point for these actions.
More regulation won't help here, because the regulation-maker is itself the hostile party.
What would help is full control over the supply chain. Hardware that you own, free and open-source operating systems where no single person is the bottleneck to distribution, and free software that again has no single person who is a failure point and no way to control its distribution.
>More regulation won't help here, because the regulation-maker is itself the hostile party.
It's easy to paint the big gov as bad, but this is a case where unfortunately the populace seems to be in agreement with the big bad gov. While most US citizens support encryption, 76% or so, the vast majority 63% also favor government "backdoor" access for national security reasons.
I guess either we believe in democracy or we don't. It could be said that if Veracrypt isn't/can't be backdoor'd, perhaps the gov is simply implementing the will of the people :( via Microsoft.
What does democracy have to do with electronic encryption? Democracy existed before computers.
There are legitimate reasons for governments to intercept information, with the correct oversight -- enforced legally in an "checks and balances" manner. The fact that there is a breakdown of trust between government and people won't be solved with more encryption.
Tyranny of majority is a thing. It's something mature democracies are aware of and have the ability to defend against.
We're in an interesting spot here and the tension is tangible.
We need a law that a human representative can be spoken to within 24 hours or directly when something critical happens.
Also “there is no appeal possible” should be plain illegal.
Technofeudalism is what happens when grossly under-regulated anarcho-capitalism dominates rather than sustainable, more ordinary capitalism where government regulation is the supreme, minimized biased arbiter that keeps things fairer and sensible for the benefit of the many rather than the benefit of the few.
In the EU, under GDPR, it is legally required to explain automated profiling.
We have a EU dev we tried to have submit a GDPR request for human review on something on Facebook.
There’s no apparent mechanism to do so. Support was clueless. The privacy email address responded weeks later with “not out department”.
That's because the correct department is legal. GDPR is a legal mechanism, not a support and privacy thing.
"I'm doing it wrong and it doesn't work" means you're doing it wrong, not that it doesn't work.
How's that work? Got a link handy to explain to a dummy?
Article 13(2)(f)
"In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."
EDPB Guidelines on automated decision making: https://ec.europa.eu/newsroom/article29/items/612053 especially page 25 is relevant
C‑634/21 is also somewhat relevant to understand how courts have applied ADM in general context of credit reporting https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... though it didn't specify what information actually needs to provided for 13(2)(f).
I understand the sentiment, but.. do you realize how much more expensive that would make all these services?
I don’t know the number. But personally I think using the services and ‘simply’ only use them if the disappearance isn’t catastrophic and have the price be low or free while it works isn’t too bad a trade-off.
Admittedly that’s a big ‘if.’
That is the wrong way to look at it.
If this requirement was in place they would be a bit more careful about terminating accounts because the cost equation would incentivize it. Maybe they would be more careful in their automation or require more than one level of human review before cutting off access.
These companies are gatekeepers for their platform. It isn’t crazy to require them to act more responsibly.
These are usually multi billion dollar companies, they’ll be fine, stop worrying about them.
Start worrying about the erosion of your rights as a consumer.
They sure do earn enough money to afford whatever number that is on your mind.
These services are designed such that security sort of depends on reviewing the programs that are allowed to run. Microsoft, Google and Apple all do this. It adds expense, annoyance, limitations, and really very little security.
The contrasting approach, where one designs a platform that remains secure even if the owner is allowed to run whatever software they like, may be more complex but is overall much better. There aren’t many personal-use systems like this, but systems like AWS take this approach and generally do quite well with it.
> The contrasting approach, where one designs a platform that remains secure even if the owner is allowed to run whatever software they like
There's a lot that one can gripe about Amazon as a company about, but credit where credit is due -- their inversion of responsibility is game-changing.
You see this around the company, back to their "Accept returns without question" days of mail order.
Most critically, this inversion turns customer experience problems (it's the customer's problem) into Amazon problems.
Which turns fixing them into Amazon's responsibility.
Want return rates to go down because the blanket approval is costing the company too much money? Amazon should fix that problem.
Too often companies (coughGoogleMicrosoftMetacough) set up feedback loops where the company is insulated from customer pain... and then everyone is surprised when the company doesn't allocate resources to fix the underlying issue.
If false positive account bans were required to be remediated manually by the same team who owned automated banning, we'd likely see different corporate response.
MS could literally double their global employee count with a fraction of what they spend on AI annually.
If it's impossible for a service provider to even talk to its customers, why is it in operation at all?
Even if they somehow were so expensive, that it would no longer scale to their size, that is still not our problem and if anything, a sign that either they need to improve their systems, or simply cannot be as big as they are. Shit happens, scale down, I won't cry for them.
I don't think they would be so much more expensive but they would be less profitable for sure and perhaps less "innovative" as a big chunk of the profit will go into regulation stuff.
> I understand the sentiment, but.. do you realize how much more expensive that would make all these services?
It wouldn't. For example, before Gmail, email was often free or nearly free (bundled with your internet service), but in most cases, you could talk to a human if you had issues with the service.
What we couldn't do is turn these business models into planetary-scale behemoths that rake in hundreds of billions of dollars in revenue. In essence, you couldn't have Google or Facebook with good customer support. I'm not here to argue that Google or Facebook are a net negative, but the trade-offs here are different from what you describe.
Honestly, it's not our problem. Once a service becomes so vital it cannot be terminated without any meaningful process. My meta developer account is suspended and none of my appeals are responded to . Who can I talk to? Nobody. It's wrong.
Look how much profit Microsoft made last year.
"Financially, it was a year of record performance. Revenue was $281.7 billion, up 15 percent. Operating income grew 17 percent to $128.5 billion." https://www.microsoft.com/investor/reports/ar25/index.html
So don't be so naive to tell us that 1-2 additional people to handle the appeal process is anything but rounding error in their balance sheet.
If it is regulated as a utility, the government will want to ban these hacking tools.
I think the GP is relating to MS services and accounts as utilities that should not be possible to be taken away easily, not about Wireguard.
Agreed. Be careful what you wish for.
It always weird to see how dichotomy of some people saying AI will never be profitable and are doomed to fail and others saying that they are such a essential public service that they are a utility and should be subject to government regulation. Hopefully they are not the same group of people, but I suspect there is a greater overlap that one would expect.
I'm not one of those people but want to point out that there isn't much of a contradiction there. I don't know if hospitals, universities, train tracks, roads, and libraries technically speaking count as utilities but they overall don't seem to be profitable and at the same time are extremely desirable for a society and an economy to have. AI could turn out to be of the same sort.
I've gotten business verification for Microsoft before. The kind you need in order to get certain oauth scopes for their O365 platform.
Do not discount complete, total, utter, profound fucking incompetence as the driving reason behind this.
Getting the business verification was an astounding shitshow. With a registered C corp and everything, massively unclear instructions, UI nestled in a partner site with tons of dead ends. And then even after all the docs, it took another week because -- in an action that nobody could possibly have ever foreseen -- we had two different microsoft accounts due to a cofounder buying ONE LICENSE of O365 for excel and doing domain verification because it suggested it.
I have a feeling, that the resolve to do something about it is waning in the EU, because of the plans to soften up the GDPR.