Gapple to Government: "Send Your Man to See My Man. And We'll Stiff Him."

It's Episode 315 of the Cyberlaw Podcast.

|

J.P. Morgan once responded to Teddy Roosevelt's charge that his railway trust violated federal law by telling the President, "If we have done anything wrong, send your man to see my man, and we'll fix it up." That used to be the gold standard for monopolist arrogance in dealing with government, but Google and Apple have put J.P. Morgan in the shade with their latest instruction to the governments of the world: You can't use our app to trace COVID-19 infections unless you promise not to use it for quarantine or law enforcement purposes.

The two companies are able to dictate this policy because between them they have about 99% of the phone OS market. That's more control than Morgan had of US railways, and their dominance apparently gives them the clout to send a message that improves on Morgan's: "If you think we've done something wrong, don't bother to send your man; ours is too busy to meet."

Nate Jones and I discuss Silicon Valley overreach in this episode. (In that vein, I apologize unreservedly to John D. Rockefeller, to whom I mistakenly attributed the Morgan quote.) The sad result is that what began as a promising technological adjunct to covid-19 contact tracing has been delayed and muddled by ideological engineers in the Valley to the point where it isn't likely to be deployed and used in a timely way.

Another lesson we draw in today's episode is for authoritarian governments: Worry less about Cyber Command and more about NGOs. Citizen Lab has released a great paper making the case that WeChat monitors its users outside China, not to suppress their speech but to flag documents and images for later suppression inside China. Ironically, Matthew Heiman notes, Western users of WeChat who circulate human rights material are giving China's censors the ability to hash and block that material as soon as it crosses the Great Firewall—where it's really needed.

Meanwhile, Nate points out, Bellingcat has done for Russia's GRU what Citizen Lab did for China. Perhaps inspired by Germany's indictment of Dmitry Badin for hacking the Bundestag, Bellingcat doxes him to a fare-thee-well, finding his phone number, car registration, wife's home page, GRU office address, and preposterously bad password.

David Kris, meanwhile, explains the intersection of export control law and the Law of Unintended Consequences, as the US Commerce Department finds that its efforts to isolate Huawei may be excluding US firms from some standards bodies.

Anthony Anscombe joins us from Steptoe's class action practice to unpack the recent Seventh Circuit decision on Article III standing and the second dumbest privacy law in the country – Illinois's Biometric Information Privacy Act.

I note that Israel's passive-aggressive Supreme Court, meanwhile, has found a second way to say, "Meh," to the Israeli government's use of intelligence capabilities to do contact tracing.

Matthew lays out what's at stake as the Senate rewards the House's "corona-cation" by trying again to pass its FISA bill. That may happen as early as today.

In short hits, every government's hackers are adding COVID-19 to their targets, going after everyone from the WHO to coronavirus researchers. And I make an effort to explain why Apple has brought a DMCA copyright lawsuit against Corellium. It's all about the "chilling effect" on security research. And maybe one particular Five Eyes researcher, Azimuth. I make the case for Justice Department intervention on Corellium's behalf – or at least Azimuth's. Following up on last week's story, Banjo's CEO finds himself canceled for his (bad) acts as a 17-year-old. And, finally, where is Jean-Paul Sartre when you need him? He's the only one who can resolve the odd dispute over "authenticity" between Twitter and the US State Department.

Download the 315th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

NEXT: Can Courts Distinguish Anti-BDS Laws from Public Accommodations Laws for First Amendment Purposes?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Too big to succeed, eh? Take their property!

    1. Or to put it a way even simpletons should be able to understand: These contact apps are not hard. They don’t require billions and years to develop. If someone, including the government, doesn’t like the terms, they are free to develop their own. Cost under $100K dollars easy.

      But it’s kinda late for a contact tracing app to be of any use. There’s all the time in the world for the government to puff this up into a multi-year billion dollar cost-plus single-source contract, deal with the inevitable contract award disputes, re-bid it because the project is over-budget and over-time, and still get it done in time for the next pandemic.

      1. If it’s that easy why doesn’t someone else fund the app? Like NSA, DARPA, VA or some NGO or even the WHO, Bill Gates, Jeff Bozo, Berkshire Hathaway or even Kaiser Permanente?

        1. Well you shouldn’t point that out, you are just plain rude to say something so obvious. Don’t you know only government can do these things?

      2. It’s actually a lot more complicated than this. Neither Apple nor Google are actually building contact tracing apps. Instead, they are updating iOS and Android to provide APIs that contact tracing apps can be built on top of. Governments or NGOs or Bloomberg (in the case of NYS) or whoever else are responsible for building the apps.

        While it’s theoretically possible to build contact tracing apps without these APIs (South Korea did it!), they lack important capabilities. Most notably, iOS doesn’t give apps access to the Bluetooth low energy data that these apps use to identify nearby devices unless they are either using these APIs or running in the foreground. If the app has to run in the foreground, it uses a LOT of battery and also means you can’t use the phone to do anything else. Some governments, like Singapore, are pressing ahead and building apps that run int he foreground anyway since they want to be able to use the data to do things that Apple and Google won’t allow, but that seems like it’s going to be a pretty bad user experience.

        None of this to say that Apple or Google are wrong for restricting the use of APIs the way they are. They are private companies that want users to trust that the phones they sell aren’t going to be spying on them, and since all of these apps are opt-in it’s arguable that you’ll get better participation by helping people believe that the government isn’t going to use your phone to hunt you down and put you in quarantine. Governments have more coercive powers, but it’s probably not in Apple or Google’s interests to build tools to facilitate those.

  2. The two companies are able to dictate this policy because between them they have about 99% of the phone OS market.

    Ah … no. They developed one app. There are tens of thousands of apps out there. Governments have developed their own apps and released them (see the UK). There is literally no way Apple and Google could enforce such a rule for other applications.

    Apple’s iOS OS has a 28.79% market share. And while google did initially develop android which has a 70.68% OS market share – they hold less than a 2% market share on actual devices that they directly control. The rest take android, modify it, and ship their own hardware with it. And the top two are Huawei and Samsung.

    So once again – Baker shows a complete lack of understanding of the tech industry.

    1. Yeah. This seems like the complete opposite of Morgan.

      1. And Morgan was probably used to dealing with politicians with waggling fingers. His statement is much more sarcastic in this context.

    2. “The two companies are able to dictate this policy because between them they have about 99% of the phone OS market.”

      If people wanted Microsoft to have control of their phone hardware, they’d have bought Windows phones. Anyways, somebody’s forgetting to count all non-smartphone phones out there. In terms of number of phones manufactured, “NO OS” dwarfs both IOS and Android.

  3. ” but Google and Apple have put J.P. Morgan in the shade with their latest instruction to the governments of the world: You can’t use our app to trace COVID-19 infections unless you promise not to use it for quarantine or law enforcement purposes.”

    I don’t like liking Apple and Google. Please don’t force me to like them.

    1. No kidding.

      But the more bemusing part of all this is the suspension of disbelief required to pretend that a private company’s terms of service for an app is going to be the first thing in this whole sordid experience that somehow doesn’t get swept into the dustbin when a governmental body decides it’s the Right Thing to Do.

    2. You can’t use our app to trace COVID-19 infections unless you promise not to use it for quarantine or law enforcement purposes

      Good!

      The government lies about these things, and will start to use if for law enforcement. They did under Clinton, when Congress passed expansive anti-terrorist laws, swearing to use them only for terrorism, then immediately started using them against drugs. When asked, they simply stated the law doesn’t specifically state terrorism only.

      Government lies about expanding its own power. “Those statements technically weren’t part of the law!”

      Liars.

  4. So when the US government wants some cooperation the answer is “no” (not new, see Apple vs FBI in dead terrorist case). When the Chinese government wants cooperation the answer is “shi”. Interesting that the big tech firms are more than happy to bend over backwards to help a dictatorship oppress their people, but seems to have had a conscience attack here at home. Or maybe they just don’t like Trump. Can’t remember when the terrorism case was.

    That being said, I am all in favor of not allowing the government to use a mandatory app to trace our every move. If the government wants that app they can certainly develop it themselves (perhaps they could call the Iowa Democratic Party for help on that) and then try to get us to install it. Good luck with that. They can go f themselves. I carry my phone almost everywhere for business and I am under no illusions about Google’s tracking of my data and location, but if I knew 100% for sure that it was the government tracking me, I’d leave it at home and go back to paper and pencil

    1. “Interesting that the big tech firms are more than happy to bend over backwards to help a dictatorship oppress their people, but seems to have had a conscience attack here at home. Or maybe they just don’t like Trump.”

      Well, they don’t like Trump, but I think the relevant point here is that they know Trump isn’t going to have them assassinated, or their factories confiscated. And they don’t know that of Xi.

      They never should have gotten entangled with China to begin with, but to be fair, the US government probably was pressuring them to, at least at first. .

      1. Exactly. If you don’t like “engagement” with China, talk to your representatives and senators. It’s their job to set that policy along with the president.

        Trump wants to cut off support for movie studios that alter movies to appease China. He should require them to put a disclaimer in the opening of every such movie. After all, foreign governments have no right to speak in the US, at least not without registering or notification. That’s all, just notify the Americans the message may not be pure.

    2. Seems pretty weird to suggest that Google is bending over backwards to accommodate China when they pulled out of the China search market entirely rather than deal with the government’s censorship demands.

    3. “when the US government wants some cooperation the answer is ‘no'”

      When the US government takes a position that is counter to Apple’s customers’, Apple takes its customers’ side. How awful.

  5. I’m still struggling with the notion that insisting on particular terms, should customers wish to buy your product, is analagous to breaching federal law.

    Baker seems to have missed the cheese and started chewing on a chalk sandwich.

    1. I’m sure you’re just being paranoid about another leg in the panopticon.

  6. Once again, Stewart Baker confirms that his position within the Volokh Conspiracy is to save them from needing a fascist sock-puppet.

Please to post comments