PeerTube
here.
YouTube here.
Spotify here.
Transcript
Marcel, as a software engineer and former member of the
European Parliament. At what point did the digital market sector become a
central focus in your political work?
First of all, we need to realize what is the European
legislation process. It's the European Commission that, puts forward the
proposal and, then the European Parliament and the Council, of the European
Union jointly adopt that legislation.
It was first and foremost the decision of the European
Commission that they would put forward this proposal and a lot of other,
proposals, for digital legislation.
Why I found the Digital Markets Act as a really interesting
legislation to work on as a member of the European Parliament is that the
Digital Markets Act looks at the market from a, sort of like a holistic
approach and is recognizing the fact that there is a small number of very large
tech companies that are in a very dominant position on the market.
That basically means that they control the conditions on the
market. So the interaction, between the end users, or as I prefer to say
people, and also effectively control competition on the market. It's very easy
in this dominant position to set conditions in a way that, it would be very
difficult for competitors to compete on that market. And the Digital Markets
Act by recognizing this fact is looking at it from a different perspective than
other types of digital legislations that were proposed. It basically,
designates a new, kind of like group or category of, these tech companies that
the legislation calls gatekeepers and recognizes that there should be specific,
set of rules, ex ante rules that would apply in order, to prevent that they
would abuse their dominant position on the market, and this is why I found it
really interesting.
Amandine, could
you start by explaining what Element does and how it relates to Matrix please.
So the better way is to start with Matrix, which is a protocol,
a standard for decentralized and secure communication, which means that we want
instant messaging, voiceover ip, and any type of communications actually to be
interoperable. So we want, various apps to be able to communicate with one
another and the users to have the control. Matrix is and open source projects
managed by an, nonprofit foundation. And Element is a commercial company, which
was set up by the team who created Matrix and who actually builds Matrix
product and sells Matrix services, to like these days, mostly public sector
organizations who want alternatives to, Teams or WhatsApp, and have end-to-end
encrypted communication that they actually control.
As someone involved in negotiating what became Article 7
of the DMA, how would you explain what this obligation is meant to achieve in
the messaging space and why it matters?
As a member of the European Parliament, I have, tabled an
amendment, aimed at enabling horizontal interoperability in messaging services
as well as social networks, When it comes to messaging services, during the
negotiations, this amendment has been expanded into a separate article, which
is now Article 7 of the Digital Markets Act and the idea behind that amendment
I have tabled is that, one of the major issues why people cannot easily switch
from one platform to another platform is that they are kind of locked in a
platform where the vast majority of their friends, of their business contacts,
of their family members are, and therefore, even though, if at some point they
may figure out, for any reason I don't like this platform, I would like to
switch to another platform, for instance, how the platform handles, the privacy
of their personal data, for any sort of reasons, I don't like the, user
interface and I would like, a different, service that has a better technical
experience with. They hardly ever do it because they would have to effectively
convince all their friends, all their family members and all their business
partners to also leave with them.
Of course multiplies, in the network of these contacts because
then if you convince your family member, then that family member also needs to
convince all their friends and family members and business partners. So as a
matter of fact, it's pretty much impossible, to switch from one platform, to
another without dealing with, very negative consequences of that decision that
do not lie in the technical, layer of the problem. And therefore such a market
can hardly be described as contestable. And the main objective of the Digital
Markets Act to make markets fairer and more contestable and therefore my idea
was,if we address this problem, then we will make the markets more contestable.
Many people before me
spoke about the need for horizontal interoperability. I just happened to be in
the position of a member of the European Parliament who could table this
proposal as a legislative proposal. And, in the negotiations, we were able to
agree on the basic facts that this is actually a good idea and, now we have it
as Article 7 and hopefully it will,really help to get rid of this end user lock
in on the platform as I described.
Could you explain, why Matrix suddenly became relevant to
the DMA, Digital Markets Act discussions on messaging interoperability.
Basically when we saw the DMA, it struck us that it was trying
to bring exactly what we were trying to bring with Matrix as well. One way to
start Matrix was to create the standard but also try to interconnect the
existing deployment, the existing applications, the existing networks together.
So we had built what we call Bridges, to allow, for example,
WhatsApp, Matrix and Slack on Teams to be able to speak together so users can
come from the different apps and actually be able to communicate into one
single network. So when, the DMA came up and, we started seeing the gatekeepers
coming again, saying, oh, but it is absolutely impossible to do end-to-end
encrypted, interoperable communication.
We were like, wait, we've been doing that for, it was like six,
7 years at the time. So it is absolutely possible and we're happy to tell you
how you can do it and demonstrate that it works. so we basically, we were an
existing example of how the DMA, requirements could be done. and it was useful
to be able to clarify this and even work with, Meta to tell them, actually you
could do it this way and look, you can go for it.
So it was really nice to be able to support the, European
Commission by telling them like what they're saying is not true, because here
is the proof that it can work.
With email, I can use one provider, say Proton, and, send
a message, to someone on another provider, say Gmail without friction. Why did
messaging evolve differently so that cross-platform communication looks like
the exception rather than the rule?
So why it evolved differently? So we had, several open
standards for messaging, with things like SIP, for example, which is more
towards media and voiceover IP and video, or voice mostly. and then XMPP who
has been an open standard, as well for, messaging and communication. But the
difference is that. XMPP is very fragmented and basically then you had one
given central standard, but then you could add modules on the side. So if you
had one application using XMPP, with the module A, B, and C, it wouldn't be able
to interoperate with another one still using XMPP, but with module D and E, for
example, and, our team have been using all of these. in the past and, we know
that a lot of the, existing applications have been using, these as well. So
WhatsApp, Google Talk at the time, they were all using XMPP until the time in
the moment where they decided to actually go, proprietary and evolved towards
something that they could control and own, probably to simplify things or
because they were not happy with the way XMPP was working. With email in the
past, what happened is that there were different implementation of messaging
and then at some point people realized that it made no sense to have really
close network of communication and it would be much smarter to come together,
agree on one given standard, and then increase the volume of the network and
have everyone to talk together. So that's what happened for email. And you had,
Microsoft left on the side, with Exchange which was failing to get to come with
the others. And at some point they looked like they isolated, network on the
side, and people wouldn't be using them because they had a limited network, so
they had to converge with the rest. So the messaging applications considered
that their value was based on the size of the network, and we ended up in such
positions with people like Skype or WhatsApp, that had huge network which meant
they didn't feel the need to actually converge on a given standard because
their network was big enough, to keep the control on where they were going. One
thing we've noticed as well is when people start working on messaging apps,
they think messaging is easy. It's just sending one message from A to B. The
problem comes when you start to want to add end-to-end encryption, group chat,
history sharing. And because there was no very simple standard out there, which
allowed people to build messaging on top of existing bricks, they all started
by doing something simple and reinventing the wheel and ended up in siloed
communication. So basically we created Matrix because we had played with the
existing standard, we had built our own proprietary protocol and we had a
feeling we understood why people every time reinvented the wheel.
We said, okay, we believe that if we manage to put together a
standard, which is unified, so not fragmented, there is one single spec. If you
speak Matrix, then you can interpret with anyone out there. If we, build
something where, the, ability to build an app on top is super easy, especially
at the time.
So we started in 2014 and that's when everyone started to add
messaging in their website, in their apps. You wanted customer support. It was
starting to pop up everywhere. We want, web developers to be able to add
messaging to whatever app they want or app developers to do that. We don't want
people to be forced to be experts in messaging protocols to add chat to what
they're building. So we need a standard where,building an app on top is easy.
So we need an API, which is, super simple, to manage. And that's where is
basically how we converge into building Matrix and try to overcome these big
silos that were created due to all these various failure modes that, we
encountered.
Article 7 was a major achievement in the negotiations.
What were the main obstacles you had to overcome to get messaging
interoperability into the DMA at all?
The major concerns I think came from the fact that it's a very
technical issue. Not necessarily everybody understood how it would work. if
there was opposition in the negotiations. when it comes to this article, then
it was mostly about, not understanding what it really means and whether it
would negatively affect innovation because, this interoperability, in, um,
minds of those who opposed, to this is something that, could stifle innovation
because the provider would have to basically, take into account during the
development how this would affect interoperability. And, the other major
concern was about privacy and security issues. So, if two different platforms
become interoperable how, the protection of personal data would work and how
let's say the gatekeepers platforms will be able to uphold, security of their
users on that platform.
Do you have a view on the way iMessage was ultimately not
designated?
I need to say that decision was surprising because in the
legislative process, this was one of the services that were in the discussions.
So it was definitely the, back of the minds of the legislators, when this
legislation was negotiated.
And I would even add on top of that, which is there was also a
surprising, decision not to designate Outlook.com, for instanceand if I
understand it correctly, then the, reasoning of the Commission is built around
the fact that this is already an open protocol and therefore no designation is
needed.
But as a matter of fact, the sole existence of an open protocol
does not mean that there are no hurdles in implementing it and that,
gatekeepers do not abuse dominant position on the market and that no ex-ante
rules are needed in order to prevent that, from happening. It is a number
independent interpersonal communication services, so it falls into the scope of
Article 7, so that was another surprising decision of the Commission. And, what
I wonder about is whether the Commission has in their minds something about
what would be the sort of like triggers or thresholds that would make the
Commission to reconsider these decisions.
Unsurprisingly, Meta has chosen to implement the
messaging interoperability obligation through interfaces, designed and
controlled by Meta itself, rather than through a shared open protocol. What are
the main weaknesses of that approach, generally speaking from your perspective?
So the main weakness with them not choosing to adopt an open
standard is that today, Meta and Facebook messengers are the only two
gatekeepers, but in the end it means that everyone wanting to interoperate with
them are going to have to implement META'S interface, Facebook Messenger
interface and if there are more, then every time you have to multiply the
effort. It also means it's fully controlled by them, which well, they have to
respect a certain number of rules, which means they cannot do whatever they want
and they have to manage it in a way that people are aware of the changes coming
up, et cetera et cetera, but it still means it's optimized for them. But the
main problem is, as third parties implementing the interop will have to
multiply for each provider as opposed to do it once for a given standard, and
the other thing is that if they had implemented a standard like Matrix, any
other player in the ecosystem would have direct interoperability with them
without having to, to re-implement something on top of what they're already
speaking.
The major, weakness of this approach of interface rather than
an open protocol is that of course there is a lot more burden on the side of
the competitor to implement it. Because if it was an open protocol, then
basically, implementing an open, protocol is, a lot easier for the competitor
because they only take the technical specification of it.
They implement it according to the specification, and voilà,
they have interoperability by definition. By basically obliging the competitor
to sign all sorts of, contractual agreements, and creating. a very ad hoc
technical specification is of course, much more difficult, to implement, from
the side of the competitor.
Shortly after the DMA entered into force Signal said it
would not seek interoperability under Article 7. Could you briefly explain what
you see as the main reasons for that decision?
So our understanding from speaking with, Moxie quite a lot, who
created Signal is that Signal is very much focused on privacy and security uh,
and, uh, we have a very diverging opinion on what is the most secure way, of
communicating. Moxie thinks that if you have one app which is centralized, that
you can trust, which is really hard, that's more secure, that having a network
of different providers, which means that your data may end up on different
servers, with whom you are speaking. So our approach is like, by doing a
decentralized network, then you spread the data everywhere. There is not one
single point of failure that attackers will want to go to. Our take is that
having one single app, as strong as it is, it still means you have to trust the
person running it. It still becomes a huge honey pot. if I'm an attacker, I
know where I will want to try to get in. So that's different approach to it.
Basically our understanding is that the interoperability would mean, sharing
data from Signal users with others and that's completely against their
approach, to security and privacy. That's just like a really different position
to ours.
What do you see as the main lessons from the
implementation and the enforcement of this horizontal interoperability
obligation so far?
In terms of the main lesson, I think one of the main problem
with the implementation is basically they're following the law word by word and
taking their own interpretation. And then it's quite hard to enforce when it's
not written black and white in the text. For example, the kind of things where
we've seen, the implementation from Meta to be not great is that there is a
request to, localize our users.
So we need to be able, because this is an EU regulation, so we
want to apply it only in the EU, so you need to tell us whether your users are
in the EU or not. We don't track our users because we respect their privacy,
there we have two options based on the META'S implementation is either we track
and we tell meta that's, where our users are, or we just get the information
and send it to Meta and they do the calculations that, but none of them are
good options.
so these are the sort of, interpretation of the law, which are
hard to enforce and say. this is completely, preventing us to deploy something
useful that people will use. It makes no sense.
I think it's not
completely anathema to think that the Commission should be able to make
recommendation or request on how the implementation should happen if it's
working with, people who are experts in the field. Like when we go to the
Commission and we tell them, look,this thing, and this thing are unacceptable
or completely, hindering the effect of Article 7, you should ask them to change
this. I feel they are pretty legitimate to go and say the way you've implemented
means that your implementation is useless. I think it's, it's legitimate to do.
The gap of the implementation, currently lies in having a
technical implementation of what, is in the Article 7. that on the side of the
competitor apparently is also, something that costs a lot of money, not only in
the technical implementation of it, but also in the negotiation with the
gatekeeper and fulfilling the requirements that the gatekeeper, is, placing in
this interoperability offering.
And this is, also something that, I think will become the main,
point of, friction, because on one hand, the way how Article 7 is constructed,
indeed the gatekeeper is in control, how that interoperability is built. But
the gatekeeper should not, place any obstacles, either technical or contractual
or any other, to the implementation of that interoperability.
It'll be very important to enforce, the Article 7 properly and
make sure that this position of power is not abused in the implementation.
As a follow up question, should support by the Commission
also include, dedicated funding to support the development and maturation of
open standards so that they can emerge more effectively than market incentives
alone have so far allowed?
That would definitely be helpful. whether it's the role of the
Commission to fund this sort of development or not. I have a feeling it should
and actually, we are seeing some Horizon project and grants, request, or how's
it called? Call for application for grants, which are going into that
direction.
They are trying to make sure that the European ecosystem,
especially around open source, is able to step up and get to a mainstream level
so that, the digital sovereignty can come. So, that might be a step in the
first direction. It's, not specifically trying to target implementation,
supporting the implementation of interop, or not specifically supporting Open
Standard, but it's going into that whole, let's make sure we are digitally
sovereign by making sure we can have open source alternatives to big tech. It's
getting there and I think that'll definitely be helpful.
I believe that the Commission needs to look into,if there are,
any shortages on getting funding to actually implement that, interoperability.
So if there's a burden on the side of the competitor that they need to get
over.
Apparently it is negative for the market if that
interoperability is not implemented and the competitor maybe needs a way to
access funding to get that implemented. The Commission I think, should explore
options.
Meta has announced BirdyChat and Haiket as the first
third party services to interoperate with WhatsApp, but an announcement is not
the same thing as effective interoperability. Under Article 7, what criteria
should we use to decide whether this is genuinely working in practice and not a
more polished form of malicious compliance?
So the best way to see if it's working in practice is, use it
basically, make sure it's actually usable by. real people like, what is the
user experience? Is it actually useful? There is probably a way to look at the
Article 7 and check the boxes and say if all the boxes are checked, but what
we're trying to do is create services which are usable by people. So I think
that would be the best proof.
The whole point of interoperability is that, anyone can,
connect to that major gatekeeper service. and this will have a major benefit
for the market and for the end users, for people who use the service because
they can become interconnected, with other networks and vice versa. If placing
contractual obligations, or agreements such as an NDA is placing an unnecessary
disproportionate burden on making this happen, this obviously is a problem and
that is, where the European Commission needs to pay close attention. Because it
would be, bad. And of course, against the sense of that legislation, if that
article is not fulfilled because the gatekeeper dictates conditions that,
basically, put them back into the position of power that they can dictate
anything and therefore circumvent the obligations which is illegal under, the
Digital Markets Act. So it's definitely up for the European Commission to look
into it. And I think discovering the space where exactly, this agreement on
interoperability lies, and, to what extent the gatekeepers can or cannot,
impose additional restrictions on interoperability and to what extent it is
burdensome, for the competitor to actually implement it, this is what we can
see as the limitations of the actual, implementation because at this moment we
are aware only of basically two implementations of Article 7, with WhatsApp.
one is Bird Chat and one is Haiket, none of which actually are fully rolled out
into the public. Basically if you go on the website of that provider, you can
be placed on a waiting list. But no major service, has become interoperable
with WhatsApp, at this moment.
As part of the DMA review you have proposed amending
article 7. Could you please briefly walk us through that proposal?
We were suggesting that,
at least open standards were mentioned in Article 7. We think like mandating
open standard maybe would be step too far, but at least mentioning it would
help drive the discussion into the right direction rather than making it super
simple for gatekeepers to say, here is , my implementation, it's just based on
an open API. So that's what we were trying to do.
BEREC, the Body of European Regulators for Electronic
Communications, suggests that the basic functionalities listed in Article 7
should cover interoperable B2C communication as well, not just end user
messaging in order to better support the DMA's contestability aims. What is
your view on that?
I think that would, that
would've been good. Uh, basically one of the problems we're finding in trying
to implement our own version of the bridge to be interoperable with Meta is
where. it's been hard to find a funding to actually implement the bridge, and
what we're saying is because the, Article 7 is so focused on end users, then,
Meta is pushing back and it's, like we cannot use the use case of our customers
to say, Hey, the way this has been done is not great because it's preventing us
to get funding for it. But, oh, but I don't care because it's just foreign end
users. So your customers are businesses or government, and that's out of the
scope of DMA, so yeah, basically. Also, because we're trying to open market,
we're trying to, make an industry, thrive better and be more active. it
would've probably made sense to include this as well.
Article 7 is built around interpersonal communication
between human users. How do you think that framework will hold as messaging
increasingly includes AI agents and other machine mediated interactions, do you
think that it's going to keep up or do we need to think of a different article
7?
I think we're already
starting to see where it's starting to tense up a bit like the fact that Meta
is using AI on WhatsApp and then what does it mean for interop? So whether we
should augment, Article 7 to take this into account. I'm not really sure, I
haven't thought too hard about it, but yeah, it's bringing interesting new
challenges.
Getting Article 7 into the DMA, horizontal
interoperability, was a remarkable achievement, but it was always understood as
an initial foothold rather than the finished product. The DMA is now revised,
what needs to change?
Another potential area where, the Commission can look at when
it comes to horizontal interoperability is social networks. The Commission has
an obligation to do so because that is part of the article about the review
that, is taking place this year and the Commission has an obligation to look
into whether that interoperability should also be extended to social networks.
As a matter of fact, that is part of the amendments that I have
also tabled. However, during the negotiation, it was not possible to secure
this as an obligation, but only in the review clause. But from my, perspective,
social networks is apparently one of those, markets that are obviously failing,
with only a handful of large companies basically grabbing a massive chunk of
the market and having the ability to abuse their position on the market.
Ex-ante rules that would impose horizontal interoperability would in a similar
fashion, as with interoperably of messaging services, allow people to,
basically leave one service and go to another without the need to losing their
connections that they have on the other service.
So that would also make the markets, much more, contestable and
let's see what the Commission, will figure out during the review. But for me,
that is an obvious, way where to look. And as a matter of fact, from a
technical perspective, this is easier done than, let's say, end to end,
encrypted, group communication over a messaging service.
Because social networks by definition are, you know, people
publish a content that is public. And, or at least you show it to your circle
of your connections or is, a lot easier, to technically implement this. You
don't have to deal with end-to-end encryption. which is, I think, an
interesting element because during the negotiations, the opposition that I run
into was that politicians did not understand what I mean as social networks
interoperability, but technically speaking, it's actually easier, than, messaging
services. and, the benefits are massive. And as a matter of fact, there is an
example social networks interoperability. The Fediverse where Mastodon is a
federated network,where Mastodon can interoperate with other networks that are
based on the ActivityPub protocol. So it definitely can be done.
In the current push for digital sovereignty, do you see a
stronger case for more decisive Commission action on messaging
interoperability? And where concretely should that action be focused?
I think the entirety of, the DMA, article 7 in particular are
serving digital sovereignty. It's opening the market, it's bringing choice to
the user. It's a complete overlap, so I'm not sure there is more to be done
beyond just make sure that article 7 is actually implemented and that we are
enforcing the implementation and we're making sure that the implementation is
done in a way which is actually usable. because if we do this, then it'll serve
digital sovereignty by default.
So, because digital sovereignty is a question of choice, you
have to build on top of an ecosystem, and open source is definitely a non
search to it. Open standard and digital commons are like the next level up.
This is really when you get an ecosystem and when you get control. One key
consideration though, is when you want to actually implement digital
sovereignty and you want to use open source, you will only be digitally
sovereign if you make sure that you keep this open source ecosystem alive. So
if it's, just a matter of taking open source, bringing in house and say, Hey,
I'm building on top of this. I'm sovereign. Well, not really, because you are
still stuck on having a full team implementing what you are managing your fork
as opposed to actually fitting back into the digital commons, making sure that
these commons are growing to the next level, to the next level up and serving
the entire community. So one key thing when we implement digital sovereignty is
make sure that we do it the right way and we buy open source the right way. We
make sure we use, vendors from the industry who can then level up the entire
ecosystem and focus on innovation, focus on differentiation, and make sure that
when we buy from these vendors, they also, contribute back to the upstream and
maintain this ecosystem.
Negotiators’s cut:
DMA main achievements so far?
The main achievement I would say is that, we already have the
conversation now that is legislatively backed. It's an obligation, and now we
can discuss where the issues are and why we still cannot see any
interoperability between, let's say WhatsApp or a Gatekeeper service and some
major platform such as Matrix.
And we can bring these issues to a public debate and basically
demand what is already legislated in the DMA, which is the gatekeeper needs to
enable this interoperability. But apparently the legislation still falls short
on the implementation on, enforcement on that. It would actually already be the
case that I can send a message, let's say, from Matrix to WhatsApp, which is
the end goal of this, with the aim to improve the contestability of the market.
