Republican antitrust bill would block all big tech acquisitions

There are about to be a lot of antitrust bills taking aim at big tech, and here’s one more. Senator Josh Hawley (R-MO) rolled out a new bill this week that would take some severe measures to rein in big tech’s power, blocking mergers and acquisitions outright.

The “Trust-Busting for the Twenty-First Century Act” would ban any acquisitions by companies with a market cap of more than $100 billion, including vertical mergers. The bill also proposes changes that would dramatically heighten the financial pain for companies caught engaging in anti-competitive behavior, forcing any company that loses an antirust suit to forfeit profits made through those business practices.

At its core, Hawley’s legislation would snip some of the red tape around antitrust enforcement by amending the Sherman Act, which made monopolies illegal, and the Clayton Act, which expanded the scope of illegal anti-competitive behavior. The idea is to make it easier for the FTC and other regulators to deem a company’s behavior anti-competitive — a key criticism of the outdated antitrust rules that haven’t kept pace with the realities of the tech industry.

The bill isn’t likely to get too far in a Democratic Senate, but it’s not insignificant. Sen. Amy Klobuchar (D-MN), who chairs the Senate’s antitrust subcommittee, proposed legislation earlier this year that would also create barriers for dominant companies with a habit of scooping up their competitors. Klobuchar’s own ideas for curtailing big tech’s power similarly focus on reforming the antitrust laws that have shaped U.S. business for more than a century.

Click to access The%20Trust-Busting%20for%20the%20Twenty-First%20Century%20Act.pdf

The Republican bill may have some overlap with Democratic proposals, but it still hits some familiar notes from the Trump era of hyper-partisan big tech criticism. Hawley slams “woke mega-corporations” in Silicon Valley for exercising too much power over the information and products that Americans consume. While Democrats naturally don’t share that critique, Hawley’s bill makes it clear that antitrust reform targeting big tech is one policy era where both political parties could align on the ends, even if they don’t see eye to eye on the why.

Hawley’s bill is the latest, but it won’t be the last. Rep. David Cicilline (D-RI), who spearheads tech antitrust efforts in the House, previously announce his own plans to introduce a flurry of antitrust reform bills rather than one sweeping piece of legislation. Those bills, which will be more narrowly targeted to make them difficult for tech lobbyists to defeat, are due out in May.

#amy-klobuchar, #antitrust, #big-tech, #competition-law, #federal-trade-commission, #government, #josh-hawley, #senate, #tc, #the-battle-over-big-tech, #trump, #united-states

0

Facebook’s tardy disclosure of breach timing raises GDPR compliance questions

The question of whether Facebook will face any regulatory sanction over the latest massive historical platform privacy fail to come to light remains unclear. But the timeline of the incident looks increasingly awkward for the tech giant.

While it initially sought to play down the data breach revelations published by Business Insider at the weekend by suggesting that information like people’s birth dates and phone numbers was “old”, in a blog post late yesterday the tech giant finally revealed that the data in question had in fact been scraped from its platform by malicious actors “in 2019” and “prior to September 2019”.

That new detail about the timing of this incident raises the issue of compliance with Europe’s General Data Protection Regulation (GDPR) — which came into application in May 2018.

Under the EU regulation data controllers can face fines of up to 2% of their global annual turnover for failures to notify breaches, and up to 4% of annual turnover for more serious compliance violations.

The European framework looks important because Facebook indemnified itself against historical privacy issues in the US when it settled with the FTC for $5BN back in July 2019 — although that does still mean there’s a period of several months (June to September 2019) which could fall outside that settlement.

Yesterday, in its own statement responding to the breach revelations, Facebook’s lead data supervisor in the EU said the provenance of the newly published dataset wasn’t entirely clear, writing that it “seems to comprise the original 2018 (pre-GDPR) dataset” — referring to an earlier breach incident Facebook disclosed in 2018 which related to a vulnerability in its phone lookup functionality that it had said occurred between June 2017 and April 2018 — but also writing that the newly published dataset also looked to have been “combined with additional records, which may be from a later period”.

Facebook followed up the Irish Data Protection Commission (DPC)’s statement by confirming that suspicion — admitting that the data had been extracted from its platform in 2019, up until September of that year.

Another new detail that emerged in Facebook’s blog post yesterday was the fact users’ data was scraped not via the aforementioned phone lookup vulnerability — but via another method altogether: A contact importer tool vulnerability.

This route allowed an unknown number of “malicious actors” to use software to imitate Facebook’s app and upload large sets of phone numbers to see which ones matched Facebook users.

In this way a spammer (for example), could upload a database of potential phone numbers and link them to not only names but other data like birth date, email address, location — all the better to phish you with.

In its PR response to the breach, Facebook quickly claimed it had fixed this vulnerability in August 2019. But, again, that timing places the incident squarely in the period of GDPR being active.

As a reminder, Europe’s data protection framework bakes in a data breach notification regime that requires data controllers to notify a relevant supervisory authority if they believe a loss of personal data is likely to constitute a risk to users’ rights and freedoms — and to do so without undue delay (ideally within 72 hours of becoming aware of it).

Yet Facebook made no disclosure at all of this incident to the DPC. Indeed, the regulator made it clear yesterday that it had to proactively seek information from Facebook in the wake of BI’s report. That’s the opposite of how EU lawmakers intended the regulation to function.

Data breaches, meanwhile, are broadly defined under the GDPR. It could mean personal data being lost or stolen and/or accessed by unauthorized third parties. It can also relate to deliberate or accidental action or inaction by a data controller which exposes personal data.

Legal risk attached to the breach likely explains why Facebook has studiously avoided describing this latest data protection failure, in which the personal information of more than half a billion users was posted for free download on an online forum, as a ‘breach’.

And, indeed, why it’s sought to downplay the significance of the leaked information — dubbing people’s personal information “old data”. (Even as few people regularly change their mobile numbers, email address, full names and biographical information and so on, and no one (legally) gets a new birth date… )

Its blog post instead refers to data being scraped; and to scraping being “a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums” — tacitly implying that the personal information leaked via its contact importer tool was somehow public.

The self-serving suggestion being peddled here by Facebook is that hundreds of millions of users had both published sensitive stuff like their mobile phone numbers on their Facebook profiles and left default settings on their accounts — thereby making this personal information ‘publicly available for scraping/no longer private/uncovered by data protection legislation’.

This is an argument as obviously absurd as it is viciously hostile to people’s rights and privacy. It’s also an argument that EU data protection regulators must quickly and definitively reject or be complicit in allowing Facebook (ab)use its market power to torch the very fundamental rights that regulators’ sole purpose is to defend and uphold.

Even if some Facebook users affected by this breach had their information exposed via the contact importer tool because they had not changed Facebook’s privacy-hostile defaults that still raises key questions of GPDR compliance — because the regulation also requires data controllers to adequately secure personal data and apply privacy by design and default.

Facebook allowing hundreds of millions of accounts to have their info freely pillaged by spammers (or whoever) doesn’t sound like good security or default privacy.

In short, it’s the Cambridge Analytica scandal all over again.

Facebook is trying to get away with continuing to be terrible at privacy and data protection because it’s been so terrible at it in the past — and likely feels confident in keeping on with this tactic because it’s faced relatively little regulatory sanction for an endless parade of data scandals. (A one-time $5BN FTC fine for a company than turns over $85BN+ in annual revenue is just another business expense.)

We asked Facebook why it failed to notify the DPC about this 2019 breach back in 2019, when it realized people’s information was once again being maliciously extracted from its platform — or, indeed, why it hasn’t bothered to tell affected Facebook users themselves — but the company declined to comment beyond what it said yesterday.

Then it told us it would not be commenting on its communications with regulators.

Under the GDPR, if a breach poses a high risk to users’ rights and freedoms a data controller is required to notify affected individuals — with the rational being that prompt notification of a threat can help people take steps to protect themselves from the risks of their data being breached, such as fraud and ID theft.

Yesterday Facebook also said it does not have plans to notify users either.

Perhaps the company’s trademark ‘thumbs up’ symbol would be more aptly expressed as a middle finger raised at everyone else.

 

#data-controller, #data-protection, #dpc, #europe, #european-union, #facebook, #federal-trade-commission, #gdpr, #general-data-protection-regulation, #personal-data, #privacy, #security-breaches, #united-states

0

Breaking up big tech would be a mistake

It seems safe to say that our honeymoon with big tech is officially over.

After years of questionable data-handling procedures, arbitrary content management policies and outright anti-competitive practices, it is only fair that we take a moment to rethink our relationship with the industry.

Sadly, most of the ideas that have gathered mainstream attention — such as the calls to break up big tech — have been knee-jerk responses that smack more of retributionist fantasies than sound economic thinking.

Instead of chasing sensationalist non-starters and zero-sum solutions, we should be focused on ensuring that big tech grows better as it grows bigger by establishing a level playing field for startups’ and competitors’ proprietary digital markets.

We can find inspiration on how to do just that by taking a look at how 20th-century lawmakers reined in the railroad monopolies, which similarly turned from darlings of industry to destructive forces of stagnation.

We’ve been here before

More than a century ago, a familiar story of a nation coming to terms with the unanticipated effects of technological disruption was unfolding across a rapidly industrializing United States.

While the first full-scale steam locomotive debuted in 1804, it took until 1868 for more powerful and cargo-friendly American-style locomotives to be introduced.

The more efficient and cargo-friendly locomotives caught on like wildfire, and soon steel and iron pierced through mountains and leaped over gushing rivers to connect Americans from coast to coast.

Soon, railroad mileage tripled and a whopping 77% of all intercity traffic and 98% of passenger business would be running on rails, ushering in an era of cost-efficient transcontinental travel that would recast the economic fortunes of the entire country.

As is often the case with disruptive technologies, early success would come with a heavy human cost.

From the very beginning, abuse and exploitation ran rampant in the railroad industry, with up to 3% of the labor force suffering injuries or dying during the course of an average year.

Railroad trust owners soon became key constituents of the widely maligned group of businessmen colloquially known as robber barons, whose corporations devoured everything in their path and made life difficult for competitors and new entrants in particular.

The railroad proprietors achieved this by maintaining carefully constructed walled gardens, allowing them to run competitors into the ground by means of extortion, exclusion and everything in between.

While these methods proved wildly successful for railroad owners, the rest of society languished under stifled competition and an utter lack of concern for consumers’ interests.

Everything old is new again

Learning from past experiences certainly doesn’t seem to be humankind’s strong suit.

In fact, most of our concerns with the tech industry are mirror images of the objections 20th-century Americans had against the railroad trusts.

Similar to the robber barons, Alphabet, Amazon, Apple, Facebook, Twitter, et al., have come to dominate the major thoroughfares of trade in a fashion that leaves little space for competitors and startups.

By instating double-digit platform fees, establishing strict limitations on payment processing protocols, and jealously hoarding proprietary data and APIs, big tech has erected artificial barriers to entry that make replicating their success all but impossible.

Over the past years, tech giants have also taken to cannibalizing third-party solutions by providing private-label versions — à la AmazonBasics — to the point where big tech’s clients are finding themselves undercut and outplayed by the platform-holders themselves.

Given the above, it is not surprising that the pace at which tech startups are created in the US has been declining for years.

In fact, VC veterans such as Albert Wenger have called attention to the “kill zone” around big tech for years, and if we are to reinvigorate the competitive fringe around our large tech conglomerates, something has to be done fast.

Why we need to stop talking about breaking up big tech

The 20th-century playbook for taming monopolistic railroad trusts offers several helpful lessons for dealing with big tech.

For first steps, Congress created the Interstate Commerce Commission (ICC) in 1887 and tasked it with administering reasonable and just rates for access to proprietary railroad networks.

Due to partisan politicking, the ICC proved relatively toothless, however. It wasn’t until Congress passed the 1906 Hepburn Act, which separated the function of transportation from the ownership of the goods being shipped, that we started seeing true progress.

By disallowing self-dealing and double-dipping in proprietary platforms, Congress succeeded in opening up access on equal terms both to existing competitors and startups alike, making a once-unnavigable thicket of exploitative practices into the metallic backbone of American prosperity that we know today.

This could never have been achieved by simply breaking the railroad trusts into smaller pieces.

In fact, when it comes to platforms and networks, bigger often is better for everyone involved thanks to network effects and several other factors that conspire against smaller platforms.

Most importantly, when access and interoperability rules are done right, bigger platforms can sustain wider and wider constellations of startups and third parties, helping us grow our economic pie instead of shrinking it.

Making digital markets work for startups

In our post-pandemic economy, our attention should be in helping tech platforms grow better as they grow bigger instead of cutting them down to size.

Ensuring that startups and competitors can access these platforms on equitable terms and at fair prices is a necessary first step.

There are numerous other tangible actions policymakers can take today. For example, rewriting the rules on data portability, pushing for wider standardization and interoperability across platforms, and reintroducing net neutrality would go a long way in addressing what ails the industry today.

With President Joe Biden’s recent nod toward “Amazon’s Antitrust Antagonist” Lina Khan as the next commissioner of the Federal Trade Commission, these changes suddenly seem more likely than ever.

In the end, all of us would stand to benefit from a robust fringe of startups and competitors that thrive on the shoulders of giants and the platforms they have made.

#antitrust, #column, #congress, #federal-trade-commission, #opinion, #policy, #private-equity, #startup-company, #technology

0

My Great-Grandfather Knew How to Fix America’s Food System

In the mutual aid and stewardship of an earlier generation of American farmers, there might be hope for our own communities.

#agriculture-and-farming, #antitrust-laws-and-competition-issues, #booker-cory-a, #coronavirus-2019-ncov, #federal-trade-commission, #food, #food-insecurity, #idaho, #irrigation, #meatpacking-plants-and-slaughterhouses

0

Cricut retroactively adds subscription fee to millions of devices

Star Wars characters Darth Vader and Boba Fett.

Enlarge / Cricut is neither the first nor last internet-connected device to alter the deal after the fact and tell you to pray it doesn’t alter it further. (credit: Aurich Lawson | Lucasfilm)

Yet another company that makes Internet-connected devices is drawing the wrath of customers by demanding a monthly subscription fee long after users have already sunk hundreds of dollars into its products. This time around, the company is Cricut, which just told customers they’ll lose the ability to upload more than a few patterns per month unless they start paying up.

What’s Cricut?

Cricut makes crafting machines that, basically, make precise detail work possible for millions of users. It’s like the inverse of a printer: instead of putting your design onto paper, it slices your design into paper, card stock, vinyl, fabric, or other materials. The devices and accessory kits are sold far and wide in specialty craft and fabric stores such as Michaels or Jo-Ann, as well by mainstream retailers such as Walmart, Target, and Amazon. The devices, depending on model, sell at base prices of $179 and up, not counting the costs of required tools, accessories, and refills.

You control the machines by using a program called Design Space, on your phone or computer. The principle hasn’t changed since home desktop publishing software hit in the 1990s. You put a pattern in Design Space and the Cricut cuts the pattern into the material you’ve loaded into it. Users can access a vast library of patterns and templates through Design Space, some of which are free while others cost anywhere from a few cents to several dollars each.

Read 14 remaining paragraphs | Comments

#cricut, #federal-trade-commission, #ftc, #internet-of-shit, #internet-of-things, #policy, #tech

0

White House reportedly plans to name Amazon foe Lina Khan to FTC

A young woman poses for a photo in a spartan apartment.

Enlarge / Lina Khan, as photographed for a 2017 profile in The Washington Post. (credit: An Rong Xu | The Washington Post | Getty Images)

US President Joe Biden is reportedly planning to nominate antitrust scholar Lina Khan to the Federal Trade Commission, a move that would indicate his administration is open to aggressive antitrust regulation not only generally but specifically against Amazon and other Big Tech firms.

The Washington rumor mill has been floating Khan’s name as a possible candidate for the commission ever since Biden won the election, and Politico reported today that the White House is indeed planning to tap her for the role, which requires Senate confirmation. At present, Khan is an associate law professor at Columbia Law School.

Khan vaulted directly to antitrust superstardom in 2017 while she was still a law student, when she published her blockbuster paper “Amazon’s Antitrust Paradox” in the Yale Law Journal.

Read 8 remaining paragraphs | Comments

#antitrust, #federal-trade-commission, #ftc, #lina-khan, #policy

0

Is Your Vaccine Card Selfie a Gift for Scammers? Maybe

You finally got your vaccine, and you’re excited to share the proof. Here’s why that may not be a good idea, and what you can do instead.

#centers-for-disease-control-and-prevention, #farahany-nita-a, #federal-trade-commission, #great-britain, #vaccination-and-immunization

0

Your App Knows You Got Your Period. Guess Who It Told?

Millions of women use apps to track their cycles, and that data is often passed on to third-party companies, like Facebook and Google. But what if that data could be used to help women’s health research?

#apple-inc, #facebook-inc, #federal-trade-commission, #google-inc, #health-insurance-and-managed-care, #mobile-applications, #privacy, #women-and-girls

0

Who is Jonathan Braun? Trump’s Last Minute Pardon Still Faces Accusations of Violence

Jonathan Braun’s 10-year sentence for running a drug ring was commuted by the departing president. The White House did not mention that he faces separate accusations of violence and threats.

#amnesties-commutations-and-pardons, #bloomberg-news, #braun-jonathan, #content-type-personal-profile, #drug-abuse-and-traffic, #federal-trade-commission, #james-letitia, #justice-department, #new-york-city, #smuggling, #suits-and-litigation-civil, #trump-donald-j, #united-states-politics-and-government

0

Ticket Brokers Agree to Pay Millions in Scalping Settlements

The settlements are the first enforcement actions brought under the Better Online Ticket Sales Act, which was designed to prevent brokers from buying large numbers of tickets.

#cartisim-corp, #computers-and-the-internet, #concert-specials-inc, #e-commerce, #federal-trade-commission, #just-in-time-tickets-inc, #justice-department, #long-island-ny, #music, #suits-and-litigation-civil, #ticket-scalping

0

Decrypted: With more SolarWinds fallout, Biden picks his cybersecurity team

All change in the capital as the Biden administration takes charge, and thankfully without a hitch (or violence) after the attempted insurrection two weeks earlier.

In this week’s Decrypted, we look at the ongoing fallout from the SolarWinds breach and who the incoming president wants to lead the path to recovery. Plus, the news in brief.


THE BIG PICTURE

Google says SolarWinds exposure “limited,” more breaches confirmed

The cyberattack against SolarWinds, an ongoing espionage campaign already blamed on Russia, claimed the U.S. Bureau of Labor Statistics as another federal victim this week. The attack also hit cybersecurity company Malwarebytes, the company’s chief executive confirmed. Marcin Kleczynski said in a blog post that attackers gained access to a “limited” number of internal company emails. It was the same attackers as SolarWinds but using a different intrusion route. It’s now the third security company known to have been targeted by the same Russian hackers after a successful intrusion at FireEye and an unsuccessful attempt at CrowdStrike.

#anne-neuberger, #app-maker, #biden-administration, #china, #computer-security, #computing, #cybersecurity-startup, #european-medical-agency, #federal-trade-commission, #fireeye, #flo, #india, #malwarebytes, #national-security-council, #operating-systems, #russia, #security, #signal, #social-media, #software, #startups, #united-kingdom, #web-application-firewalls, #whatsapp, #white-house

0

TikTok update will change privacy settings and defaults for users under 18

TikTok announced today it’s making changes to its app to make the experience safer for younger users. The company will now set the accounts for users ages 13 to 15 to private by default, as well as tighten other controls for all users under 18, in terms of how they can interact with other users and TikTok content itself. TikTok is also announcing a partnership with nonprofit Common Sense Networks, an education and advocacy group that helps parents and educators navigate today’s media landscape, including children’s use of technology.

The partnership will see Common Sense Networks working with TikTok to provide additional guidance on the appropriateness of its content for users under 13.

The social video app in 2019 had been fined $5.7 million by the Federal Trade Commission (FTC) for violating U.S. children’s privacy laws. The FTC had begun looking into the app back when it was known as Musical.ly. The earlier version, prior to its acquisition by ByteDance, had collected personal information for children under 13 without parents’ consent.

As a result of that ruling, TikTok created a new, legally compliant experience for younger users in the U.S. with age-appropriate content and no ability to publish videos.

Now, TikTok will restrict the experience for other minors using the app who are over 13, too.

For children ages 13 to 15, accounts will be set to private by default and TikTok will turn the setting “Suggest your account to others” to Off. This will allow users’ videos to only be seen by those they approve as a follower and limits their account from being recommended to others elsewhere in the app.

Commenting controls are also being locked down for these users.

They’ll now be able to choose between “Friends” or “No One” in terms of who can comment on their videos, and the “Everyone” option will be removed. The Dueting and Stitching features will also be removed, which limits how these younger users can engage with other TikTok users and their content. They won’t be able to make their videos downloadable either.

For those ages 16 to 17, the default setting for Duet and Stitch will be set to “Friends,” and they’ll only be able to download videos created by users 16 and over as a result of the lockdowns for younger users. Downloads for their own videos will also be set to Off by default, but they can enable this, if they choose.

TiTok had already restricted younger users’ accounts before today in various ways, including not only through the under-13 age gated experience, but also by restricting direct messaging and hosting live streams to accounts 16 and over, and restricting virtual gifts to users over 18. Parents additionally have had the option to control their child’s experience through the Family Pairing feature, which offers parental controls and screen time limits, among other things.

Of course, any of these restrictions can be worked around for those who lie about their age upon sign-up. But it’s still fairly unusual for a large social network to do more than look the other way when it knows that minors are on its app.

In TikTok’s case, however, it has a large underage user base — some estimates had said that 41% of TikTok is between ages 16 and 24. But in the U.S., TikTok has attracted a particularly large teenage userbase. The company said in 2020 that 60% of its 26.5 million monthly active users in the U.S. were between 16 and 24. Even some of TikTok’s biggest stars, like Charli D’Amelio, are still just teenagers.

The attention to minor safety and parental controls gathered TikTok praise from notable youth safety experts, which the company also shared.

Today, TikTok is touting praise it’s received from the National PTA, ConnectSafely, NCMEC, Family Online Safety Institute, and WeProtect Global Alliance. The groups believe the changes will help teens be able to use the app more safely, responsibility, and without the further risk of exploitation.

“We couldn’t be more pleased about partnering with TikTok to develop better content experiences for users under the age of 13,” added Eric Berger, CEO of Common Sense Networks, in reference to his organization’s partnership with the social video platfrom. “At Common Sense Networks, we see this engagement as an opportunity to double down on our commitment to elevate the quality of children’s digital media so that age-appropriate content is the rule in our industry and not the exception,” he said.

The changes will roll out starting today.

 

#advocacy, #apps, #byte, #bytedance, #ceo, #digital-media, #federal-trade-commission, #friends, #mobile-applications, #musical-ly, #ncmec, #social, #software, #tiktok, #united-states, #video-hosting

0

RentPath drops acquisition deal with CoStar after FTC antitrust lawsuit

RentPath, owner of property listing sites including Rent.com and Apartment Guide, said today it has cancelled its agreement to be acquired by CoStar Group after the Federal Trade Commission sued to block the sale.

CoStar, a commercial real estate data and analytics provider that also operates listing sites like Apartments.com and ApartmentFinder.com, agreed in February to buy RentPath for $588 million. The all-cash deal came after RentPath said it would file for chapter 11 bankruptcy protection. RentPath had already hired financial advisors to restructure more than $650 million in debt, reported the Wall Street Journal.

But earlier this month, the Federal Trade Commission authorized an antitrust lawsuit in federal court to block the acquisition. Daniel Francis, deputy director of the FTC’s Bureau of Competition, said in a statement that “the acquisition will eliminate price and quality competition that benefits both renters and property managers,” because CoStar and RentPath’s rivalry kept advertising rates on their platform, which include some of the most popular listing sites, low.

In its announcement today, RentPath said its chapter 11 plan remains backed by lenders, including alternative asset management firms with “strong track records of successfully investing in businesses under similar circumstances.”

The FTC’s lawsuit and RentPath’s decision to back out of the acquisition agreement comes as more countries around the world are cracking down on tech consolidation. While the United States has trailed behind other governments in terms of antitrust actions, that is gradually changing, with Amazon, Google and Facebook coming under more legislative scrutiny, and the recent lawsuit filed by 46 states against Facebook alleging that it bought competitors “illegally” to increase its market power.

The fate of the RentPath/CoStar deal may foreshadow more antitrust scrutiny for proptech companies in the United States, too. CoStar built out its business over the past decade through acquisitions and has other deals currently in the works, including listings site HomeSnap, which passed FTC review last month, and a reported bid for property analytics company CoreLogic. CoStar and RentPath competitor Zillow is also known for building its business through a series of acquisitions, including Trulia for $3.5 billion in 2014.

 

#antitrust, #costar-group, #federal-trade-commission, #proptech, #real-estate, #real-estate-listings, #rentpath, #tc

0

A Century After Phony Flu Ads, Companies Hype Dubious Covid Cures

Musical medicine? Corona-fighting herbs? “Human beings haven’t changed all that much,” a marketing professor says of the similarities between ads from 1918 and recent months.

#advertising-and-marketing, #coronavirus-2019-ncov, #federal-trade-commission, #influenza, #influenza-epidemic-1918-19, #regulation-and-deregulation-of-industry, #vaccination-and-immunization

0

Google’s Legal Peril Grows in Face of Third Antitrust Suit

More than 30 states said that the company downplayed websites that let users search for information in specialized areas.

#amazon-com-inc, #antitrust-laws-and-competition-issues, #apple-inc, #computers-and-the-internet, #facebook-inc, #federal-trade-commission, #google-inc, #justice-department, #suits-and-litigation-civil

0

FTC kicks off sweeping privacy probe of nine major social media firms

A scalpel labeled FTC is surrounded by the logos of social media giants.

Enlarge (credit: Aurich Lawson / Ars Technica)

The Federal Trade Commission is stepping up its digital privacy work and has asked just about every major social media platform you can think of to explain what personal data it collects from users and why.

The requests for information went out today to nine platforms (or their parent companies, where applicable), including Discord, Facebook, Reddit, Snapchat, TikTok, Twitch, Twitter, WhatsApp, and YouTube, according to the press release. The companies that receive the orders have 45 days to explain to the FTC:

  • How social media and video streaming services collect, use, track, estimate, or derive personal and demographic information
  • How they determine which ads and other content are shown to consumers
  • Whether they apply algorithms or data analytics to personal information
  • How they measure, promote, and research user engagement
  • How their practices affect children and teens

A sample order (PDF) shows the depth and specificity of the information the FTC is requesting from each firm, including extremely granular data about monthly and daily active users, business and advertising strategies, and potential plans for acquisitions or divestments. Interestingly, each firm is also required to say how many users it has inaccurate demographic information for and how it accounts for targeted advertising, including inaccurately targeted advertising. In other words, among other things the FTC wants to know: do you give advertisers their money back if you don’t actually target the groups they’re trying to reach?

Read 8 remaining paragraphs | Comments

#alphabet, #amazon, #consumer-privacy, #data-privacy, #discord, #facebook, #federal-trade-commission, #ftc, #policy, #privacy, #reddit, #snapchat, #tiktok, #twitch, #twitter, #whatsapp, #youtube

0

It’s ‘Debt Parking’: When Fake Debts End Up on Your Credit Report

The F.T.C. recently took its first legal action to stop the fraud. Consumers may not know the debts are on their reports until they apply for a loan.

#consumer-financial-protection-bureau, #consumer-protection, #content-type-service, #credit-scores, #debt-collection, #equifax-inc, #experian-plc, #federal-trade-commission, #frauds-and-swindling, #personal-finances, #transunion-llc

0

The Trustbusters Come for Facebook. Finally.

The government decides to try to enforce antitrust laws.

#antitrust-laws-and-competition-issues, #computers-and-the-internet, #consumer-protection, #data-mining-and-database-marketing, #facebook-inc, #federal-trade-commission, #justice-department, #mergers-acquisitions-and-divestitures, #regulation-and-deregulation-of-industry, #social-media, #whatsapp-inc

0

‘It’s Hard to Prove’: Why Antitrust Suits Against Facebook Face Hurdles

The U.S. and states cases against the social network are far from a slam dunk because the standards of proof are formidable.

#antitrust-laws-and-competition-issues, #attorneys-general, #computers-and-the-internet, #facebook-inc, #federal-trade-commission, #instant-messaging, #mergers-acquisitions-and-divestitures, #mobile-applications, #regulation-and-deregulation-of-industry, #social-media, #states-us, #suits-and-litigation-civil, #zuckerberg-mark-e

0

Facebook Accused of Breaking Antitrust Laws

Regulators are accusing the company of buying up rising rivals to cement its dominance over social media.

#antitrust-laws-and-competition-issues, #computers-and-the-internet, #facebook-inc, #federal-trade-commission, #instant-messaging, #james-letitia, #online-advertising, #regulation-and-deregulation-of-industry, #simons-joseph-j, #social-media, #states-us, #suits-and-litigation-civil

0

Work-From-Home Scheme Targeting Latinas Netted $7 Million, U.S. Says

A federal lawsuit says that Moda Latina BZ, a Los Angeles County company, deceived consumers into thinking they could make up to $500 a week selling perfume, makeup and other items.

#advertising-and-marketing, #coronavirus-2019-ncov, #cosmetics-and-toiletries, #counterfeit-merchandise, #federal-trade-commission, #hispanic-americans, #los-angeles-calif, #perfumes-and-fragrances, #spanish-language, #suits-and-litigation-civil, #telemarketing

0

Cases against Facebook are reportedly coming… when FTC decides how

Giant monitors displaying the Facebook logo hang from the ceiling of an empty convention center.

Enlarge / All Facebook, no matter which way you look. (credit: Michael Short | Bloomberg | Getty Images)

After well over a year spent investigating Facebook, state and federal regulators are more than ready to start launching a slate of cases against Facebook, new reports say—that is, as soon as the agencies can agree on how they actually want to do it.

New suits against Facebook should come before the end of January, The Wall Street Journal writes. Both the Federal Trade Commission and a coalition of attorneys general for 47 states and territories are expected to take some kind of action.

The state and the federal probes are basically looking into two overall buckets of potentially anticompetitive behavior. The first has to do with Facebook’s effects on other businesses that could or do compete with it. That’s the investigation that delves into mergers and acquisitions, both large and small, as well as Facebook’s behavior toward companies that refuse a buyout.

Read 10 remaining paragraphs | Comments

#antitrust, #competition, #department-of-justice, #doj, #facebook, #federal-trade-commission, #ftc, #google, #instagram, #justice-department, #lawsuits, #policy, #whatsapp

0

Biden Is Expected to Keep Scrutiny of Tech Front and Center

Issues like antitrust and privacy would remain on the agenda as his administration pursued policies to limit the power of the industry’s giants.

#antitrust-laws-and-competition-issues, #biden-joseph-r-jr, #computers-and-the-internet, #democratic-party, #federal-communications-commission, #federal-trade-commission, #law-and-legislation, #presidential-election-of-2020, #privacy, #trump-donald-j, #united-states-politics-and-government

0

Zoom settles with FTC after making ‘deceptive’ security claims

The Federal Trade Commission has announced a settlement with Zoom, after it accused the video calling giant of engaging in “a series of deceptive and unfair practices that undermined the security of its users,” in part by claiming the encryption was stronger than it actually was.

Cast your mind back earlier this year at the height of the pandemic lockdown, which forced millions to work from home and rely on Zoom for work meetings and remote learning. At the time, Zoom claimed video calls were protected by “end-to-end” encryption, a way of scrambling calls that makes it near-impossible for anyone — even Zoom — to listen in.

But those claims were false.

“In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised,” said the FTC in a statement Monday. “Zoom’s misleading claims gave users a false sense of security, according to the FTC’s complaint, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information.”

Zoom quickly admitted it was wrong, prompting the company to launch a 90-day turnaround effort, which included the rollout of end-to-end encryption to its users. That eventually months later in late October — but not without another backtrack after Zoom initially said free users could not use end-to-end encryption.

The FTC also alleged in its complaint that Zoom stored some meeting recordings unencrypted on its servers for up to two months, and compromised the security of its users by covertly installing a web server on its users’ computers in order for users to jump into meetings faster. This, the FTC said, “was unfair and violated the FTC Act.” Zoom pushed out an update which removed the web server, but Apple also intervened to remove the vulnerable component from its customers’ computers.

In its statement, the FTC said it has prohibited Zoom from misrepresenting its security and privacy practices going forward, and has agreed to start a vulnerability management program and implement stronger security across its internal network.

Zoom did not immediately respond to a request for comment.

#cryptography, #data-security, #encryption, #end-to-end-encryption, #federal-trade-commission, #films, #security, #telecommunications, #web-conferencing, #web-server, #zoom

0

A Biden Win Could Renew a Democratic Split on Trade

Democrats have been unified by their desire to oust President Trump. But if that happens, deep divisions on the issue of trade are likely to reappear.

#biden-joseph-r-jr, #commerce-department, #embargoes-and-sanctions, #federal-trade-commission, #international-trade-and-world-market, #national-security-council, #north-american-free-trade-agreement, #organized-labor, #presidential-election-of-2020, #trans-pacific-partnership, #united-states-international-relations, #world-trade-organization

0

Trump Allies Amp Up Fight Over Tech’s Legal Shield Before Election

Their animosity is likely to be on full display at a hearing on Wednesday with the leaders of Facebook, Google and Twitter.

#biden-hunter, #biden-joseph-r-jr, #censorship, #commerce-department, #dorsey-jack, #executive-orders-and-memorandums, #federal-communications-commission, #federal-trade-commission, #freedom-of-speech-and-expression, #law-and-legislation, #pichai-sundar, #social-media, #trump-donald-j, #united-states-politics-and-government, #zuckerberg-mark-e

0

Are ‘Kidfluencers’ Making Our Kids Fat?

Popular YouTube channels often bombard young children with thinly veiled ads for junk food, a new study finds.

#advertising-and-marketing, #children-and-childhood, #fast-food-industry, #federal-trade-commission, #food, #obesity, #parenting, #toys, #youtube-com

0

F.T.C. Decision on Pursuing Facebook Antitrust Case Is Said to Be Near

Any action would follow the Justice Department’s landmark suit this week against Google, as a bipartisan tech backlash ramps up.

#antitrust-laws-and-competition-issues, #computers-and-the-internet, #facebook-inc, #federal-trade-commission, #social-media, #suits-and-litigation-civil

0

The Government’s Lawsuit Is Unlikely to Dethrone Google

The federal government’s lawsuit isn’t likely to derail the company’s market dominance.

#android-operating-system, #antitrust-laws-and-competition-issues, #apple-inc, #computers-and-the-internet, #consumer-protection, #federal-trade-commission, #google-inc, #justice-department, #mergers-acquisitions-and-divestitures, #online-advertising, #search-engines, #software, #suits-and-litigation-civil

0

The Justice Dept.’s Lawsuit Against Google: Too Little, Too Late

The time to do anything substantive about the overwhelming power of the giant tech companies passed very long ago.

#alphabet-inc, #antitrust-laws-and-competition-issues, #barr-william-p, #federal-trade-commission, #google-inc, #justice-department

0

American Consumers Have Lost $145 Million to Coronavirus Fraud

More than 200,000 complaints of scams and fraud have been filed so far this year, data from the Federal Trade Commission shows.

#content-type-service, #coronavirus-2019-ncov, #elderly, #federal-trade-commission, #frauds-and-swindling, #identity-theft, #rumors-and-misinformation

0

Facebook’s photo porting tool adds support for Dropbox and Koofr

Facebook’s photo and video portability tool has added support for two more third party services for users to send data via encrypted transfer — namely: cloud storage providers Dropbox and (EU-based) Koofr.

The tech giant debuted the photo porting tool in December last year, initially offering users in its EU HQ location of Ireland the ability to port their media direct to Google Photos, before going on to open up access in more markets. It completed a global rollout of that first offering in June.

Facebook users in all its markets now have three options to choose from if they want to transfer Facebook photos and videos elsewhere. A company spokesman confirmed support for other (unnamed) services is also in the works, telling us: “There will be more partnership announcements in the coming months.”

The transfer tool is based on code developed via Facebook’s participation in the Data Transfer Project — a collaborative effort started last year, with backing from other tech giants including Apple, Google, Microsoft and Twitter.

To access the tool, Facebook users need to navigate to the ‘Your Facebook Information’ menu and select ‘Transfer a copy of your photos and videos’. Facebook will then prompt you to re-enter your password prior to initiating the transfer. You will then be asked to select a destination service from the three on offer (Google Photos, Dropbox or Koofr) and asked to enter your password for that third party service — kicking off the transfer.

Users will receive a notification on Facebook and via email when the transfer has been completed.

The encrypted transfers work from both the desktop version of Facebook or its mobile app.

Last month, the tech giant signalled in comments to the FTC ahead of a hearing on portability scheduled for later this month that it would be expanding the scope of its data portability offerings — including hinting it might offer direct transfers for more types of content in future, such as events or even users’ “most meaningful” posts.

For now, though, Facebook only supports direct, encrypted transfers for photos and videos uploaded to Facebook.

While Google and Dropbox are familiar names, the addition of a smaller, EU-based cloud storage provider in the list of supported services does stand out a bit. On that, Facebook’s spokesperson told us it reached out to discuss adding Koofr to the transfer tool after a staffer came across an article on Mashable discussing it as an EU cloud storage solution.

A bigger question is when — or whether — Facebook will offer direct photo portability to users of its photo sharing service, Instagram . It has not mentioned anything specific on that front when discussing its plans to expand portability.

When we asked Facebook about bringing the photo porting tool to Instagram, a spokesman told us: “Facebook have prioritised portability tools on Facebook at the moment but look forward to exploring expansion to the other apps in the future.”

In a blog post announcing the new destinations for users of the Facebook photo & video porting tool, the tech giant repeats its call for lawmakers to come up with “clearer rules” to govern portability, writing that: “We want to continue to build data portability features people can trust. To do that, the Internet needs clearer rules about what kinds of data should be portable and who is responsible for protecting that data as it moves to different services. Policymakers have a vital role to play in this.”

It also writes that it’s keen for other companies to join the Data Transfer Project — “to expand options for people and push data portability innovation forward”.

In recent years Facebook has been lobbying for what it calls ‘the right regulation’ to wrap around portability — releasing a white paper on the topic last year which plays up what it couches as privacy and security trade-offs in a bid to influence regulatory thinking around requirements on direct data transfers.

Portability is in the frame as a possible tool for helping rebalance markets in favor of new entrants or smaller players as lawmakers dig into concerns around data-fuelled barriers to competition in an era of platform giants.

#apple, #apps, #cloud-applications, #cloud-storage, #data-portability, #dropbox, #european-union, #facebook, #federal-trade-commission, #google, #google-photos, #instagram, #interoperability, #koofr, #microsoft, #policy, #social, #twitter

0

Decrypted: Uber’s former security chief charged, FBI’s ‘vishing’ warning

A lot happened in cybersecurity over the past week.

The University of Utah paid almost half a million dollars to stop hackers from leaking sensitive student data after a ransomware attack. Two major ATM makers patched flaws that could’ve allowed for fraudulent cash withdrawals from vulnerable ATMs. Grant Schneider, the U.S. federal chief information security officer, is leaving his post after more than three decades in government. And, a new peer-to-peer botnet is spreading like wildfire and infecting millions of machines around the world.

In this week’s column, we look at how Uber’s handling of its 2016 data breach put the company’s former chief security officer in hot water with federal prosecutors. And, what is “vishing” and why should companies take note?


THE BIG PICTURE

Uber’s former security chief charged with data breach cover-up

Joe Sullivan, Uber’s former security chief, was indicted this week by federal prosecutors for allegedly trying to cover up a data breach in 2016 that saw 57 million rider and driver records stolen.

Sullivan paid $100,000 in a “bug bounty” payment to the two hackers, who were also charged with the breach, in exchange for signing a nondisclosure agreement. It wasn’t until a year after the breach that former Uber chief executive Travis Kalanick was forced out and replaced with Dara Khosrowshahi, who fired Sullivan after learning of the cyberattack. Sullivan now serves as Cloudflare’s chief security officer.

The payout itself isn’t the issue, as some had claimed. Prosecutors in San Francisco took issue with how Sullivan allegedly tried to bury the breach, which later resulted in a massive $148 million settlement with the Federal Trade Commission.

#computer-security, #crime, #data-breach, #decrypted, #federal-trade-commission, #law-enforcement, #peer-to-peer, #privacy, #san-francisco, #security, #social-engineering, #telephony, #united-states

0

Facebook trails expanding portability tools ahead of FTC hearing

Facebook is considering expanding the types of data its users are able to port directly to alternative platforms.

In comments on portability sent to US regulators ahead of an FTC hearing on the topic next month, Facebook says it intends to expand the scope of its data portability offerings “in the coming months”.

It also offers some “possible examples” of how it could build on the photo portability tool it began rolling out last year — suggesting it could in future allow users to transfer media they’ve produced or shared on Facebook to a rival platform or take a copy of their “most meaningful posts” elsewhere.

Allowing Facebook-based events to be shared to third party cloud-based calendar services is another example cited in Facebook’s paper.

It suggests expanding portability in such ways could help content creators build their brands on other platforms or help event organizers by enabling them to track Facebook events using calendar based tools.

However there are no firm commitments from Facebook to any specific portability product launches or expansions of what it offers currently.

For now the tech giant only lets Facebook users directly send copies of their photos to Google’s eponymous photo storage service — a transfer tool it switched on for all users this June.

“We remain committed to ensuring the current product remains stable and performant for people and we are also exploring how we might extend this tool, mindful of the need to preserve the privacy of our users and the integrity of our services,” Facebook writes of its photo transfer tool.

On whether it will expand support for porting photos to other rival services (i.e. not just Google Photos) Facebook has this non-committal line to offer regulators: “Supporting these additional use cases will mean finding more destinations to which people can transfer their data. In the short term, we’ll pursue these destination partnerships through bilateral agreements informed by user interest and expressions of interest from potential partners.”

Beyond allowing photo porting to Google Photos, Facebook users have long been able to download a copy of some of the information it holds on them.

But the kind of portability regulators are increasingly interested in is about going much further than that — meaning offering mechanisms that enable easy and secure data transfers to other services in a way that could encourage and support fast-moving competition to attention-monopolizing tech giants.

The Federal Trade Commission is due to host a public workshop on September 22, 2020, which it says will  “examine the potential benefits and challenges to consumers and competition raised by data portability”.

The regulator notes that the topic has gained interest following the implementation of major privacy laws that include data portability requirements — such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

It asked for comment submissions by August 21, which is what Facebook’s paper is responding to.

In comments to the Reuters news agency, Facebook’s privacy and public policy manager, Bijan Madhani, said the company wants to see “dedicated portability legislation” coming out of any post-workshop recommendations.

It reports that Facebook supports a portability bill that’s doing the rounds in Congress — called the Access Act, which is sponsored by Democratic Senators Richard Blumenthal and Mark Warner, and Republican senator Josh Hawley — which would require large tech platforms to let their users easily move their data to other services.

Albeit Madhani dubs it a good first step, adding that the company will continue to engage with the lawmakers on shaping its contents.

“Although some laws already guarantee the right to portability, our experience suggests that companies and people would benefit from additional guidance about what it means to put those rules into practice,” Facebook also writes in its comments to the FTC .

Ahead of dipping its toe into portability via the photo transfer tool, Facebook released a white paper on portability last year, seeking to shape the debate and influence regulatory thinking around any tighter or more narrowly defined portability requirements.

In recent months Mark Zuckerberg has also put in facetime to lobby EU lawmakers on the topic, as they work on updating regulations around digital services.

The Facebook founder pushed the European Commission to narrow the types of data that should fall under portability rules. In the public discussion with commissioner Thierry Breton, in May, he raised the example of the Cambridge Analytica Facebook data misuse scandal, claiming the episode illustrated the risks of too much platform “openness” — and arguing that there are “direct trade-offs about openness and privacy”.

Zuckerberg went on to press for regulation that helps industry “balance these two important values around openness and privacy”. So it’s clear the company is hoping to shape the conversation about what portability should mean in practice.

Or, to put it another way, Facebook wants to be able to define which data can flow to rivals and which can’t.

“Our position is that portability obligations should not mandate the inclusion of observed and inferred data types,” Facebook writes in further comments to the FTC — lobbying to put broad limits on how much insight rivals would be able to gain into Facebook users who wish to take their data elsewhere.

Both its white paper and comments to the FTC plough this preferred furrow of making portability into a ‘hard problem’ for regulators, by digging up downsides and fleshing out conundrums — such as how to tackle social graph data.

On portability requests that wrap up data on what Facebook refers to as “non-requesting users”, its comments to the FTC work to sew doubt about the use of consent mechanisms to allow people to grant each other permission to have their data exported from a particular service — with the company questioning whether services “could offer meaningful choice and control to non-requesting users”.

“Would requiring consent inappropriately restrict portability? If not, how could consent be obtained? Should, for example, non-requesting users have the ability to choose whether their data is exported each time one of their friends wants to share it with an app? Could an approach offering this level of granularity or frequency of notice could lead to notice fatigue?” Facebook writes, skipping lightly over the irony given the levels of fatigue its own apps’ default notifications can generate for users.

Facebook also appears to be advocating for an independent body or regulator to focus on policy questions and liability issues tied to portability, writing in a blog post announcing its FTC submission: “In our comments, we encourage the FTC to examine portability in practice. We also ask it to recommend dedicated federal portability legislation and provide advice to industry on the policy and regulatory tensions we highlight, so that companies implementing data portability have the clear rules and certainty necessary to build privacy-protective products that enhance people’s choice and control online.”

In its FTC submission the company goes on to suggest that “an independent mechanism or body” could “collaboratively set privacy and security standards to ensure data portability partnerships or participation in a portability ecosystem that are transparent and consistent with the broader goals of data portability”.

Facebook then further floats the idea of an accreditation model under which recipients of user data “could demonstrate, through certification to an independent body, that they meet the data protection and processing standards found in a particular regulation, such as the [EU’s] GDPR or associated code of conduct”.

“Accredited entities could then be identified with a seal and would be eligible to receive data from transferring service providers. The independent body (potentially in consultation with relevant regulators) could work to assess compliance of certifying entities, revoking accreditation where appropriate,” it further suggests.

However its paper also notes the risk that requiring accreditation might present a barrier to entry for the small businesses and startups that might otherwise be best positioned to benefit from portability.

#apps, #congress, #data-portability, #data-protection, #digital-media, #digital-rights, #europe, #european-commission, #european-union, #facebook, #federal-trade-commission, #ftc, #gdpr, #general-data-protection-regulation, #google, #josh-hawley, #mark-warner, #mark-zuckerberg, #policy, #richard-blumenthal, #social, #terms-of-service, #thierry-breton, #united-states

0

Mark Zuckerberg Questioned Under Oath in F.T.C. Antitrust Inquiry

It was the first known time that regulators directly interviewed a chief executive of one of the tech companies being scrutinized for potential antitrust violations.

#antitrust-laws-and-competition-issues, #computers-and-the-internet, #facebook-inc, #federal-trade-commission, #social-media, #start-ups, #united-states-politics-and-government, #zuckerberg-mark-e

0

A Third of TikTok’s U.S. Users May Be 14 or Under, Raising Safety Questions

Three current and former employees expressed concerns about the Chinese-owned app’s safeguards for preteen children.

#children-and-childhood, #childrens-online-privacy-protection-act, #computer-security, #computers-and-the-internet, #federal-trade-commission, #microsoft-corp, #musical-ly-inc, #privacy, #social-media, #tiktok-bytedance, #video-recordings-downloads-and-streaming

0

TikTok found to have tracked Android users’ MAC addresses until late last year

Until late last year social video app TikTok was using an extra layer of encryption to conceal a tactic for tracking Android users via the MAC address of their device which skirted Google’s policies and did not allow users to opt out, The Wall Street Journal reports. Users were also not informed of this form of tracking, per its report.

Its analysis found that this concealed tracking ended in November as US scrutiny of the company dialled up, after at least 15 months during which TikTok had been gathering the fixed identifier without users’ knowledge.

A MAC address is a unique and fixed identifier assigned to an Internet connected device — which means it can be repurposed for tracking the individual user for profiling and ad targeting purposes, including by being able to re-link a user who has cleared their advertising ID back to the same device and therefore to all the prior profiling they wanted to jettison.

TikTok appears to have exploited a known bug on Android to gather users’ MAC addresses which Google has still failed to plug, per the WSJ.

A spokeswoman for TikTok did not deny the substance of its report, nor engage with specific questions we sent — including regarding the purpose of this opt-out-less tracking. Instead she sent the below statement, attributed to a spokesperson, in which company reiterates what has become a go-to claim that it has never given US user data to the Chinese government:

Under the leadership of our Chief Information Security Officer (CISO) Roland Cloutier, who has decades of experience in law enforcement and the financial services industry, we are committed to protecting the privacy and safety of the TikTok community. We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We have never given any US user data to the Chinese government nor would we do so if asked.

“We always encourage our users to download the most current version of TikTok,” the statement added.

With all eyes on TikTok, as the latest target of the Trump administration’s war on Chinese tech firms, scrutiny of the social video app’s handling of user data has inevitably dialled up.

And while no popular social app platform has its hands clean when it comes to user tracking and profiling for ad targeting, TikTok being owned by China’s ByteDance means its flavor of surveillance capitalism has earned it unwelcome attention from the US president — who has threatened to ban the app unless it sells its US business to a US company within a matter of weeks.

Trump’s fixation on China tech, generally, is centered on the claim that the tech firms pose threats to national security in the West via access to Western networks and/or user data.

The US government is able to point to China’s Internet security law which requires firms to provide the Chinese Communist Party with access to user data — hence TikTok’s emphatic denial of passing data. But the existence of the law makes such claims difficult to stick.

TikTok’s problems with user data don’t stop there, either. Yesterday it emerged that France’s data protection watchdog has been investigating TikTok since May, following a user complaint.

The CNIL’s concerns about how the app handled a user request to delete a video have since broadened to encompass issues related to how transparently it communicates with users, as well as to transfers of user data outside the EU — which, in recent weeks, have become even more legally complex in the region.

Compliance with EU rules on data access rights for users and the processing of minors’ information are other areas of stated concern for the regulator.

Under EU law any fixed identifier (e.g. a MAC address) is treated as personal data — meaning it falls under the bloc’s GDPR data protection framework, which places strict conditions on how such data can be processed, including requiring companies to have a legal basis to collect it in the first place.

If TikTok was concealing its tracking of MAC addresses from users it’s difficult to imagine what legal basis it could claim — consent would certainly not be possible. The penalties for violating GDPR can be substantial (France’s CNIL slapped Google with a $57M fine last year under the same framework, for example).

The WSJ’s report notes that the FTC has said MAC addresses are considered personally identifiable information under the Children’s Online Privacy Protection Act — implying the app could also face a regulatory probe on that front, to add to its pile of US problems.

Presented with the WSJ’s findings, Senator Josh Hawley (R., Mo.) told the newspaper that Google should remove TikTok’s app from its store. “If Google is telling users they won’t be tracked without their consent and knowingly allows apps like TikTok to break its rules by collecting persistent identifiers, potentially in violation of our children’s privacy laws, they’ve got some explaining to do,” he said.

We’ve reached out to Google for comment.

#android, #apps, #bytedance, #china, #chinese-communist-party, #encryption, #european-union, #federal-trade-commission, #france, #general-data-protection-regulation, #google, #josh-hawley, #mac-address, #privacy, #security, #social, #targeted-advertising, #tc, #tiktok, #trump-administration, #united-states, #us-government

0

Apple goes to war with the gaming industry

Most gamers may not view Apple as a games company to the same degree that they see Sony with PlayStation or Microsoft with Xbox, but the iPhone-maker continues to uniformly drive the industry with decisions made in the Apple App Store.

The company made the news a couple times late this week for App Store approvals. Once for denying a gaming app, and the other for approving one.

The denial was Microsoft’s xCloud gaming app, something the Xbox folks weren’t too psyched about. Microsoft xCloud is one of the Xbox’s most substantial software platform plays in quite some time, allowing gamers to live-stream titles from the cloud and play console-quality games across a number of devices. It’s a huge effort that’s been in preview for a bit, but is likely going to officially launch next month. The app had been in a Testflight preview for iOS, but as Microsoft looked to push it to primetime, Apple said not so fast.

The app that was approved was the Facebook Gaming app which Facebook has been trying to shove through the App Store for months to no avail. It was at last approved Friday after the company stripped one of its two central features, a library of playable mobile games. In a curt statement to The New York Times, Facebook COO Sheryl Sandberg said, “Unfortunately, we had to remove gameplay functionality entirely in order to get Apple’s approval on the stand-alone Facebook Gaming app.”

Microsoft’s Xbox team also took the unusually aggressive step of calling out Apple in a statement that reads, in-part, “Apple stands alone as the only general purpose platform to deny consumers from cloud gaming and game subscription services like Xbox Game Pass. And it consistently treats gaming apps differently, applying more lenient rules to non-gaming apps even when they include interactive content.”

Microsoft is still a $1.61 trillion company so don’t think I’m busting out the violin for them, but iOS is the world’s largest gaming platform, something CEO Tim Cook proudly proclaimed when the company launched its own game subscription platform, Apple Arcade, last year. Apple likes to play at its own pace, and all of these game-streaming platforms popping up at the same time seem poised to overwhelm them.

Image Credits: Microsoft

There are a few things about cloud gaming apps that seem at odds with some of the App Store’s rules, yet these rules are, of course, just guidelines written by Apple.  For Apple’s part, they basically said (full statement later) that the App Store had curators for a reason and that approving apps like these means they can’t individually review the apps which compromises the App Store experience.

To say that’s “the reason” seems disingenuous because the company has long approved platforms to operate on the App Store without stamping approval on the individual pieces of content that can be accessed. With “Games” representing the App Store’s most popular category, Apple likely cares much more about keeping their own money straight.

Analysis from CNBC pinned Apple’s 2019 App Store total revenue at $50 billion.

When these cloud gaming platforms like xCloud scale with zero iOS support, millions of Apple customers, myself included, are actually going to be pissed that their iPhone can’t do something that their friend’s phone can. Playing console-class titles on the iPhone would be a substantial feature upgrade for consumers. There are about 90 million Xbox Live users out there, a substantial number of which are iPhone owners I would imagine. The games industry is steadily rallying around game subscription networks and cloud gaming as a move to encourage consumers to sample more titles and discover more indie hits.

I’ve seen enough of these sagas to realize that sometimes parties will kick off these fights purely as a tactic to get their way in negotiations and avoid workarounds, but it’s a tactic that really only works when consumers have a reason to care. Most of the bigger App Store developer spats have played in the background and come to light later, but at this point the Xbox team undoubtedly sees that Apple isn’t positioned all that well to wage an App Store war in the midst of increased antitrust attention over a cause that seems wholly focused on maintaining their edge in monetizing the games consumers play on Apple screens.

CEO Tim Cook spent an awful lot of time in his Congressional Zoom room answering question about perceived anticompetitiveness on the company’s application storefront.

The big point of tension I could see happening behind closed doors is that plenty of these titles offer in-game transactions and just because that in-app purchase framework is being live-streamed from a cloud computer doesn’t mean that a user isn’t still using experiencing that content on an Apple device. I’m not sure whether this is actually the point of contention, but it seems like it would be a major threat to Apple’s ecosystem-wide in-app purchase raking.

The App Store does not currently support cloud gaming on Nvidia’s GeForce platform or Google’s Stadia which are also both available on Android phones. Both of these platforms are more limited in scope than Microsoft’s offering which is expected to launch with wider support and pick up wider adoption.

While I can understand Apple’s desire to not have gaming titles ship that might not function properly on an iPhone because of system constraints, that argument doesn’t apply so well to the cloud gaming world where apps are translating button presses to the cloud and the cloud is sending them back the next engine-rendered frames of their game. Apple is being forced to get pretty particular about what media types of apps fall under the “reader” designation. The inherent interactivity of a cloud gaming platform seems to be the differentiation Apple is pushing here — as well as the interfaces that allows gamers to directly launch titles with an interface that’s far more specialized than some generic remote desktop app.

All of these platforms arrive after the company already launched Apple Arcade, a non-cloud gaming product made in the image of what Apple would like to think are the values it fosters in the gaming world: family friendly indie titles with no intrusive ads, no bothersome micro-transactions and Apple’s watchful review.

Apple’s driver’s seat position in the gaming world has been far from a wholly positive influence for the industry. Apple has acted as a gatekeeper, but the fact is plenty of the “innovations” pushed through as a result of App Store policies have been great for Apple but questionable for the development of a gamer-friendly games industry.

Apple facilitated the advent of free-to-play games by pushing in-app purchases which have been abused recklessly over the years as studios have been irresistibly pushed to structure their titles around principles of addiction. Mobile gaming has been one of the more insane areas of Wild West startup growth over the past decade and Apple’s mechanics for fueling quick transactions inside these titles has moved fast and broken things.

Take a look at the 200 top grossing games in the App Store (data via Sensor Tower) and you’ll see that all 199 of them rely solely on in-app micro-transaction to reach that status — Microsoft’s Minecraft, ranked 50th costs $6.99 to download, though it also offers in-app purchases.

In 2013, the company settled a class-action lawsuit that kicked off after parents sued Apple for making it too easy for kids to make in-app purchases. In 2014, Apple settled a case with the FTC over the same mechanism for $32 million. This year, a lawsuit filed against Apple questioned the legality of “loot box” in-app purchases which gave gamers randomized digital awards.

“Through the games it sells and offers for free to consumers through its AppStore, Apple engages in predatory practices enticing consumers, including children to engage in gambling and similar addictive conduct in violation of this and other laws designed to protect consumers and to prohibit such practices,” read that most recent lawsuit filing.

This is, of course, not how Apple sees its role in the gaming industry. In a statement to Business Insider responding to the company’s denial of Microsoft’s xCloud, Apple laid out its messaging.

The App Store was created to be a safe and trusted place for customers to discover and download apps, and a great business opportunity for all developers. Before they go on our store, all apps are reviewed against the same set of guidelines that are intended to protect customers and provide a fair and level playing field to developers.

Our customers enjoy great apps and games from millions of developers, and gaming services can absolutely launch on the App Store as long as they follow the same set of guidelines applicable to all developers, including submitting games individually for review, and appearing in charts and search. In addition to the App Store, developers can choose to reach all iPhone and iPad users over the web through Safari and other browsers on the App Store.

The impact has — quite obviously — not been uniformly negative, but Apple has played fast and loose with industry changes when they benefit the mothership. I won’t act like plenty of Sony and Microsoft’s actions over the years haven’t offered similar affronts to gamers, but Apple exercises the industry-wide sway it holds, operating the world’s largest gaming platform, too often and gamers should be cautious in trusting the App Store owner to make decisions that have their best interests at heart.


If you’re reading this on the TechCrunch site, you can get more of my weekly opinions and notes on the news by subscribing to Week in Review here, and following my tweets here.

#android, #app-store, #apple, #apple-app-store, #apple-arcade, #apple-inc, #ceo, #computing, #coo, #driver, #federal-trade-commission, #gaming, #geforce, #ios, #ipad, #iphone, #itunes, #microsoft, #mobile-app, #nvidia, #sensor-tower, #sheryl-sandberg, #smartphones, #software, #sony, #tc, #the-new-york-times, #tim-cook, #xcloud

0

Twitter faces FTC probe, likely fine over use of phone numbers for ads

Twitter faces FTC probe, likely fine over use of phone numbers for ads

Enlarge (credit: Anadolu Agency | Getty Images)

Twitter is facing a Federal Trade Commission probe and believes it will likely owe a fine of up to $250 million after being caught using phone numbers intended for two-factor authentication for advertising purposes.

The company received a draft complaint from the FTC on July 28, it disclosed in its regular quarterly filing with the Securities and Exchange commission. The complaint alleges that Twitter is in violation of its 2011 settlement with the FTC over the company’s “failure to safeguard personal information.”

That agreement included a provision banning Twitter from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.” In October 2019, however, Twitter admitted that phone numbers and email addresses users provided it with for the purpose of securing their accounts were also used “inadvertently” for advertising purposes between 2013 and 2019.

Read 4 remaining paragraphs | Comments

#2fa, #federal-trade-commission, #ftc, #investigations, #policy, #privacy, #twitter

0

Twitter warns investors of possible fine from FTC consent order probe

Twitter has disclosed it’s facing a potential fine of more than a hundred million dollars as a result of a probe by the Federal Trade Commission (FTC) which believes the company violated a 2011 consent order by using data provided by users for a security purpose to target them with ads.

In an SEC filing, reported on earlier by the New York Times, Twitter revealed it received the draft complaint from the FTC late last month. The activity the regulator is complaining about is alleged to have taken place between 2013 and 2019.

Last October the social media firm publicly disclosed it had used phone numbers and email addresses provided by users to set up two-factor authentication to bolster the security of their accounts in order to serve targeted ads — blaming the SNAFU on a tailored audiences program, which allows companies to target ads against their own marketing lists.

Twitter found that when advertisers uploaded their own marketing lists (of emails and/or phone numbers) it matched users to data they had submitted purely to set up two-factor authentication on their Twitter account.

“The allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019,” Twitter writes in the SEC filing. “The Company estimates that the range of probable loss in this matter is $150.0 million to $250.0 million and has recorded an accrual of $150.0 million.”

“The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome,” it adds.

We’ve reached out to Twitter with questions. Update: A company spokeswoman said it had nothing to add outside this statement:

Following the announcement of our Q2 financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order. Following standard accounting rules we included an estimated range for settlement in our 10Q filed on August 3.

The company has had a torrid few weeks on the security front, suffering a major security incident last month after hackers gained access to its internal account management tools, enabling them to access accounts of scores of verified Twitter users, including Bill Gates, Elon Musk and Joe Biden, and use them to send cryptocurrency scam tweets. Police have since charged three people with the hack, including a 17-year-old Florida teen.

In June Twitter also disclosed a security lapse may have exposed some business customers’ information. While it was forced to report another crop of security incidents last year — including after a researcher identifying a bug that allowed him to discover phone numbers associated with millions of Twitter accounts.

Twitter also admitted it gave account location data to one of its partners, even if the user had opted-out of having their data shared; and inadvertently gave its ad partners more data than it should have.

Additionally, the company is now at the front of a long queue of tech giants pending enforcement in Europe, related to major GDPR complaints — where regional fines for data violations can scale to 4% of a company’s global annual turnover. Twitter’s lead data protection regulator, Ireland’s DPC, submitted a draft decision related to a probe of one of its security breaches to the bloc’s other data agencies in May — with a final decision slated as likely this summer.

The decision relates to an investigation the regulator instigated following yet another major security fail by Twitter in 2018 — when it revealed a bug had resulted in some passwords being stored in plain text.

As we reported at the time it’s pretty unusual for a company of such size to make such a basic security mistake. But Twitter has a very long history of failing to protect users’ data — with additional hacking incidents all the way back in 2009 leading to the 2011 FTC consent order.

Under the terms of that settlement Twitter was barred for 20 years from misleading consumers about the safety of their data in order to resolve FTC charges that it had “deceived consumers and put their privacy at risk by failing to safeguard their personal information”.

It also agreed to establish and maintain “a comprehensive information security program”, with independent auditor assessments taking place every other year for 10 years.

Given the terms of that order a fine does indeed look inevitable. However the wider failing here is that of US regulators — which, for over a decade, have failed to grapple with the exploitative, surveillance-based business models that have led to breaches and security lapses by a number of data-mining adtech giants, not just Twitter.

#advertising-tech, #bill-gates, #computer-security, #data-breach, #elon-musk, #europe, #federal-trade-commission, #florida, #ireland, #joe-biden, #privacy, #security, #social, #social-media, #twitter, #u-s-securities-and-exchange-commission, #united-states

0

F.T.C. Investigating Twitter for Potential Privacy Violations

The social media company said the agency was examining whether it had misused people’s personal information to serve ads.

#computers-and-the-internet, #consumer-protection, #federal-trade-commission, #online-advertising, #privacy, #social-media, #twitter

0

How to Hold Big Tech’s Feet to the Fire

Members of Congress will be able to grill tech C.E.O.s at a hearing. Let’s hope they don’t waste the opportunity.

#alphabet-inc, #amazon-com-inc, #antitrust-laws-and-competition-issues, #apple-inc, #bezos-jeffrey-p, #cicilline-david-n, #computers-and-the-internet, #cook-timothy-d, #facebook-inc, #federal-trade-commission, #pichai-sundar, #zuckerberg-mark-e

0

Let’s close the gap and finally pass a federal data privacy law

My college economics professor, Dr. Charles Britton, often said, “There’s no such thing as a free lunch.” The common principle known as TINSTAFL implies that even if something appears to be free, there is always a cost to someone, even if it is not the individual receiving the benefit.

For decades, the ad-supported ecosystem enjoyed much more than a proverbial free lunch. Brands, technology providers, publishers and platforms successfully transformed data provided by individuals into massive revenue gains, creating some of the world’s most profitable corporations. So if TINSTAFL is correct, what is the true cost of monetizing this data? Consumer trust, as it turns out.

Studies overwhelmingly demonstrate that the majority of people believe data collection and data use lack the necessary transparency and control. After a few highly publicized data breaches brought a spotlight on the lack of appropriate governance and regulation, people began to voice concerns that companies had operated with too little oversight for far too long, and unfairly benefited from the data individuals provided.

With increased attention, momentum and legislative activity in multiple individual states, we have never been in a better position to pass a federal data privacy law that can rebalance the system and set standards that rebuild trust with the people providing the data.

Over the last two decades, we’ve seen that individuals benefit from regulated use of data. The competitiveness of the banking markets is partly a result of laws around the collection and use of data for credit decisions. In exchange for data collection and use, individuals now have the ability to go online and get a home loan or buy a car with instant credit. A federal law would strengthen the value exchange and provide rules for companies around the collection and utilization of data, as well as establish consistency and uniformity, which can create a truly national market.

In order to close the gap and pass a law that properly balances the interests of people, society and commerce, the business sector must first unify on the need and the current political reality. Most already agree that a federal law should be preemptive of state laws, and many voices with legitimate differences of opinion have come a long way toward a consensus. Further unification on the following three assertions could help achieve bipartisan support:

A federal law must recognize that one size does not fit all. While some common sense privacy accountability requirements should be universal, a blanket approach for accountability practices is unrealistic. Larger enterprises with significant amounts of data on hand should have stricter requirements than other entities and be required to appoint a Data Ethics Officer and document privacy compliance processes and privacy reviews.

They should be required to regularly perform internal and external audits of data collection and use. These audits should be officer-certified and filed with a regulator. While larger companies are equipped to absorb this burden, smaller businesses should not be forced to forego using the data they need to innovate and thrive by imposing the same standards. Instead, requirements for accountability should be “right-sized,” and based on the amount and type of data collected and its intended use.

A federal law must properly empower the designated regulatory authority. The stated mission of the Federal Trade Commission is to protect American consumers. As the government agency of record for data privacy regulation and enforcement, the FTC has already imposed billions of dollars in penalties for privacy violations. However, in a modern world where every company collects and uses data, the FTC cannot credibly monitor or enforce federal regulation without substantially increasing funding and staffing.

With increased authority, equipped with skilled teams to diligently monitor those companies with the most consumer data, the FTC — with State Attorney Generals designated as back-ups — can hold them accountable by imposing meaningful remedial actions and fines.

A federal law must acknowledge that properly crafted private right-to-action is appropriate and necessary. The earlier points build an effective foundation for the protection of people’s privacy rights, but there will still be situations where a person should have access to the judicial system to seek redress. Certainly, if a business does not honor the data rights of an individual as defined by federal law, people should have the right to bring an action for equitable relief. If a person has suffered actual physical or significant economic harm directly caused by violation of a Federal Data Privacy law, they should be able to bring suit if, after giving notice, the FTC declines to pursue.

Too many leaders have been unwilling to venture toward possible common ground, but public opinion dictates that more must be done, otherwise states, counties, parishes and cities will inevitably continue to act if Congress does not. It is just as certain that those data privacy laws will be inconsistent, creating a patchwork of rules based on geography, leading to unnecessary friction and complexity. Consider how much time is spent sorting through the 50 discrete data breach laws that exist today, an expense that could easily be mitigated with a single national standard.

It is clear that responsible availability of data is critical to fostering innovation. American technology has led the world into this new data-driven era, and it’s time for our laws to catch up.

To drive economic growth and benefit all Americans, we need to properly balance the interests of people, society at-large and business, and pass a data law that levels the playing field and allows American enterprise to continue thinking with data. It should ensure that transparency and accountability are fostered and enforced and help rebuild trust in the system.

Coming together to support the passage of a comprehensive and preemptive federal data privacy law is increasingly important. If not, we are conceding that we’re okay with Americans remaining distrustful of the industry, and that the rest of the world should set the standards for us.

#column, #digital-rights, #federal-trade-commission, #government, #human-rights, #opinion, #policy, #privacy, #social-issues, #terms-of-service

0