BoR PC10 (19) 29

About Wire is the most secure collaboration platform, transforming the way businesses communicate in the same way and with the same speed that our founders disrupted telephony with . Headquartered in with offices in and San Francisco, Wire launched its collaboration and communication platform for businesses in early 2018 and today has over 700 customers, making Wire the fastest-growing collaboration platform. Wire offers messaging, voice, video, , and search, all protected by end-to-end encryption. Wire’s product suite has been recognised and endorsed by industry analysts Forrester and Gartner as one of the most effective and secure communications platforms. Wire is consistently delivering groundbreaking innovation from a unique “message fortress” architecture to encrypted video conferencing, guest rooms and Messaging Layer Security (MLS). Customers working with Wire include Blackrock, Softbank Robotics, PFA Pension Fund, Teamviewer, Unicef and several central government organisations in Europe and the US.

Privacy and security by design All communication through Wire is secured with end-to-end encryption — , conference calls, files. Wires is available on GitHub for anyone to verify, modify and improve. As Wire understands not everyone is an expert in cryptography, Wire has committed for regular security audits from independent security experts like X41 D-Sec and Kudelski Security; this makes Wire the most extensively publicly audited collaboration and on the market. Wires privacy policy is written to be easy to understand by anyone and Wire doesn’t stop there – the privacy and security whitepaper has very detailed information on how data gets used and how the security architecture works. Wire only stores the data needed to make sure conversations stay in sync across devices, to detect fraud and spam, and to troubleshoot customer issues.

Wire is fully GDPR compliant and helps its customers to deal with the requirements of GDPR. By encrypting all communication it is ensured that no sensitive data is available to Wire as a 3rd party, thus reducing the number of data processors a business needs to deal with.

Business Model Wire offers with Wire Personal a free version for consumers and different paid solutions for business customers like Wire Pro for small and medium businesses or NGOs and Wire Enterprise for large organisations like Ernst & Young or BASF. In addition, Wire is available in a range of different deployment options, including the instant and zero-touch cloud solution, private cloud deployment, and full on-premises solution.

Wire offers its products as software as a service – the pricing of Wire Pro starts from 4€ per user per month and Wire Enterprise from 8€ per user per month. Our problems with the current net neutrality situation

Zero-Rating impedes our ability to compete The current dominant messaging app in European countries is either WhatsApp or , which both belong to Facebook. Our Wire Personal service offers a privacy-friendly, EU-based alternative to dominant messaging services that are based outside of the . The tremendous growth of our service over the past years is evidence to our potential to challenge incumbent players and the strong desire in Europe for trusted, privacy-friendly alternatives. We believe that we offer a better service than our competitors that is better suited for the demands of European users with a particular privacy focus.

However, we experience a significant limitation in our ability as challenger to compete with incumbent messaging OTTs because of the wide-spread practice of zero-rating. We are not part to any zero-rating offer, but many of our dominant competitors benefit from the data associated to their service being priced differently for our potential customers. Among the top 20 zero-rated applications in Europe are six of our competitors1. WhatsApp and Facebook Messenger zero-rating offers can be found in almost all European countries. This situation particularly decreases our ability to gain a foothold in these countries and to extend our market share with the customers of the ISPs offering these services.

Today, are among the most popular mobile applications. Messaging applications consume a lot of the screen time of users and given the increasing multi-media content that get’s delivered they contribute to a significant share of the monthly mobile data consumption. Most users have more than one messaging application installed on their phone and use them in parallel depending on the type and context of the conversation. One of the most important distinction criteria of every messaging application is the existing user base with which the application can be used. Bundles and paired offerings by ISPs are therefore of particular significance in their effect on competition in this market.

We can point to access offers in Europe which zero-rate only the most dominant messaging services2. These types of bundles have a strong impact on the user-choice of messaging application and subsequently the ability of providers of such applications to enter a market and compete. Particularly closed offers in which the ISP hand-pick the participating applications of their zero-rating offers, we see our rights as end-users materially reduced in practice and in our reading of the European net neutrality law (Regulation (EU) 2015/2120) this type of practice should be prohibited. Therefore, we ask BEREC to change the Guidelines to establish a clear ban on these types of harmful zero-rating practices.

1 https://en.epicenter.works/document/1522 2 See offers from Portugal (https://www.wtf.pt/), Austria (https://www.yesss.at/tarifoptionen/all-you- can-chat) or survey of 2018 (https://en.epicenter.works/document/1521) Finally, with regards to open zero-rating programs we want to point out that as a SME we would be over-whelmed with the administrative and legal burden to sign-up and sustain commercial and technical agreements with every mobile operator who offers an open zero- rating program and who’s customers we might want to reach with a competitive offer. Plus having individual contracts with every ISP in Europe would be a legal nightmare which we as small startup simply cannot lift and would put every newcomer in the same position.

Class-based distinctions restrict the freedom to innovate Wire as a startup is challenging existing communication vendors like Google, Facebook, , GoToMeeting, etc. As a fully end-to-end encrypted service we offer a range of functionalities from sending simple text messages to audio and video conferencing, file sharing or screen sharing. Our service could fit at least into the category of groupware, file sharing, messaging and video or audio conferencing.

Wire is also completely end-to-end encrypted and doesn’t allow network side traffic inspection. Any attempts to classify the traffic as belonging to a text, video or audio application based on SNI or other identification criteria would therefore be futile. Using DPI to detect the class of traffic would therefore not work for our service and we are also opposed to DPI from a data protection perspective. Any new innovative service that doesn’t fit into existing categorisations from ISPs would be faced with the risk of being misclassified and treated unfavourably by traffic management.

Furthermore, we’d ask BEREC to introduce in the guidelines the suggestion to national telecom regulators to strengthen their cooperation with data protection authorities. The issues under the supervision and enforcement mandate of telecom regulators are increasingly touching on questions of GDPR and ePrivacy enforcement and further regulatory cooperation would be beneficial for a level playing field. Similarly, BEREC should cooperate closer with the EDPB and EDPS as to reach a harmonized interpretation of EU legislation throughout the different fields of regulation.

Subsequently, any open zero-rating programs that are based on categories of applications like messaging, video or file sharing would limit the freedom to innovate of providers of such applications. Reinventing categories of past use-cases is one of the driving factors in the history of the open internet as an engine of innovation. In mind of the purpose of the net neutrality legislation in Europe, BEREC should address the potential for misclassification and categories entrenching outdated use-cases in its guidelines.

Restrictions on decentralized and federated services We already offer our enterprise customers the possibility to host the server component for our service on their own infrastructure. In the near future Wire Pro and Wire Enterprise will have the capability to federate between these decentralised installations of the server component. This federation allows users to send messages and interact across previously separated messaging domains. We see a huge potential of this strategy for our company. This puts us in the unique position to offer a competitive inter-operable messaging service that respects the privacy of end-users and the confidentiality interests of companies. Federation will be the future of how communication platforms will work in the future and Wire initiated the idea, along with Mozilla and Cisco, to work on a new end-to-end encrypted protocol that is developed by an IETF workgroup – it is called Messaging Layer Security (MLS). The University of Oxford, Facebook, INRIA, Google and Twitter joined the workgroup later. MLS’s major goals are to make end-to-end encrypted messaging in (large) groups efficient and more secure and to become an open standard3.

The decentralised nature of our service is a competitive advantage that allows for greater control of our clients over their infrastructure. That same architecture also makes it impossible to offer stable identification criteria to enable ISPs to correctly distinguish traffic belonging to our service. Currently, many ISPs hold the view that in order to be eligible to join zero-rating offers the service has to be offered to the general public. Some NRAs follow this interpretation. We cannot concur with this reading of the Regulation and would ask BEREC to clarify this in the Guidelines.

Contact On behalf of GmbH Alan Duric, co-founder, CTO/COO, Wire [email protected]

3 https://wire.com/en/blog/mls-future-of-messaging/