← Back to context

Comment by mytailorisrich

12 hours ago

Yes but in the real world all smartphones are either Apple or Android. Europe has zero footprint in either software or hardware. It is not creating a requirement to use specific products, it is using the products people already have.

So one may argue that the implementers are only taking the pragmatic approach regarding something that is out of their hands.

12 comments

mytailorisrich

Reply
subscribed  9 hours ago

It literały has created the dependency on google when thought Android offers the standard/generic AOSP attestation.

Also you weirdly forget all the Chinese phones. There's also some tiny European brand which will have absolutely no way to limit their users dependency on the famously hostile and unconctactable provider.

jonathanstrange  12 hours ago

We're talking about an essential government service, not just another weather app. You have to look at this through the lense of national security, the debate about EU digital sovereignty, and the requirements of the GDPR in light of the US CLOUD Act, as well as prior decisions of EU courts about these issues.

  • mytailorisrich  12 hours ago

    Yes all that you wrote is true. But that does not magically change anything to what I previously stated: in the real world all smartphones are either Apple or Android...

    I don't know what the eIDAS 2.0 requires in term of security but it may make the choice the implementers made here unavoidable in practice, as hinted by @webhamster.

    If so, it seems that a solution, if technically possible, might be to mandate that OSes provide the required security features without tie-in.

    The outrage in the comments feels a bit like people yelling at clouds...

    • Hackbraten  7 hours ago

      > in the real world all smartphones are either Apple or Android...

      So you're claiming that Mobian doesn't exist? PureOS doesn't exist? PostmarketOS doesn't exist? Ubuntu Touch doesn't exist? SailfishOS doesn't exist?

      1 reply →

    • taotau  10 hours ago

      correction. in the real world all smartphones are either apple, android or none/other. in terms of legals, you really do have to cater to all three, which is why we don't have one world government.

      3 replies →

    • jonathanstrange  7 hours ago

      Essential EU government services cannot be devised on the hope that US companies will invent something that - contrary to current US legislation - will somehow provide the attestation services needed in a GDPR-compliant way without forcing EU citizens to provide personal data to US companies.

      If it's not possible to create such a system for mobile phones because of legal issues (as you seem to acknowledge and judges have found in the past), then the focus would have to be on creating hardware devices in the EU, ideally with open source hardware and software. These can be made reasonably secure, have been used by banks for a long time, and would enhance digital sovereignty.

      What I find unacceptable is the attitude "well, it will violate the law but as a matter of practicality it's the only choice we have right now so we'll just do it."

      1 reply →