Nearly unnoticed by the antitrust world, the German Bundeskartellamt has terminated proceedings against Google regarding so-called “Transport Layer Security Certificates”. With nearly daily decisions or new investigations against big tech, the termination of a proceeding without a finding or a fine appears almost rare. Here is a short run through the when, how, and why – including three takeaways.
At the end of last week, the Bundeskartellamt published a case summary on its website on the termination of proceedings against Google regarding Transport Layer Security Certificates (TLS). The decision itself was taken just a few days earlier. Three noteworthy things about timing and publication:
- In other cases, the publication of a case summary often takes place weeks or months after the actual decision.
- The case summary was simultaneously published in German and English, which is not necessarily the norm.
- The Bundeskartellamt did not issue a press release, which seems unusual in big tech cases these days.
What was the case about?
The regulator had investigated whether Google might have abused its dominant position via the treatment of TLS certificates by web browsers. More specifically, the case was about how Google (and in some case other browser providers) had altered how they displayed information about certificates, less clearly highlighting trustworthy certificates (e.g., by switching from a green icon/address bar to a grey icon); had considered certain certificate providers as no longer trustworthy (after which at least two providers left the market entirely); and had shortened the period for which certificates were considered trustworthy.
I will not
pretend to understand go into the technical details here, but TLS certificates are meant to provide a secure connection between a website using a TLS certificate and a website visitor. They are issued by service providers. Web browsers consider TLS certificates and their issuers as “trustworthy” and can warn against websites using certificates that are not trustworthy.
Why was the case closed?
The Bundeskartellamt used its discretion to close the proceedings. That leaves open whether or not the Bundeskartellamt considered Google’s conduct to be infringing competition law.
According to the case summary, essentially three reasons led to the termination of the case:
- The “overwhelming” majority of internet users were unaware of the importance of TLS certificates (one a second thought: perhaps also a reason for how little attention the termination got so far?).
- Other authentication processes had become available during the proceeding, and the proposed amendment to an EU regulation foresees that certificates have to be recognised by browsers and displayed in a user-friendly manner.
- Most interestingly, the Bundeskartellamt found that a decision by it “alone is unlikely to have resulted in achieving the maximum conceivable added value of more trustworthy certificates”, but that the issues could only be solved with legal requirements.
What are the main takeaways?
There might be more, but I will highlight three:
- Wherever one stands on the discussion around regulating big tech, it is in principle good see a regulator being willing to terminate cases not worth pursuing further. Regulators need to stay objective in their investigations, and that includes the termination of proceedings in certain cases.
- While every news (even if it is only a rumour) regarding new cases or decisions against big tech seems to be picked up widely, news about the termination of a case hardly seem to be noticed. This might be a broader phenomenon, but the speed and way of publication of information about this particular case seems remarkable.
- Not so often does a regulator point to a decision by it alone being unlikely to achieve the desired result and instead calling for new legal requirements in different areas than antitrust.