Other Developments, Further Reading, and Coming Events (6 July 2021)

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

Other Developments

  • The United States District Court for the District of Columbia dismissed the antitrust suits the Federal Trade Commission (FTC) and 48 state attorneys general brought against Facebook. The court granted Facebook’s motion to dismiss against the FTC because it failure to makes its case under Section 2 of the Sherman Antitrust Act that Facebook “has monopoly power in the market for Personal Social Networking (PSN) Services.” In the case the states brought, the court granted Facebook’s motion to dismiss because the attorneys general filed it so long after the company acquired Instagram and WhatsApp and its alleged conduct that denied other messaging apps the opportunity to work in an interoperable fashion with Facebook’s. The court stated the FTC may refile its case and laid out a map for doing so:
    • To guide the parties in the event amendment occurs, this Opinion also explains two further conclusions of law. First, even if the FTC had sufficiently pleaded market power, its challenge to Facebook’s policy of refusing interoperability permissions with competing apps fails to state a claim for injunctive relief. As explained herein (and in the Court’s separate Opinion in the States’ case), there is nothing unlawful about having such a policy in general. While it is possible that Facebook’s implementation of that policy as to certain specific competitor apps may have violated Section 2, such finding would not change the outcome here: all such revocations of access occurred in 2013, seven years before this suit was filed, and the FTC lacks statutory authority to seek an injunction “based on [such] long-past conduct.” FTC v. Shire ViroPharma, Inc., 917 F.3d 147, 156 (3d Cir. 2019). Regardless of whether the FTC can amend its Complaint to plausibly allege market power and advance this litigation, then, the conduct it has alleged regarding Facebook’s interoperability policies cannot form the basis for Section 2 liability. Second, the agency is on firmer ground in scrutinizing the acquisitions of Instagram and WhatsApp, as the Court rejects Facebook’s argument that the FTC lacks authority to seek injunctive relief against those purchases. Whether other issues arise in a subsequent phase of litigation is dependent on how the Government wishes to proceed.
  • The House Appropriations Committee marked up the “FY 2022 Financial Services and General Government Appropriations Act” that funds and provides direction to the Federal Trade Commission (FTC), Federal Communications Commission (FCC), the Office of Management and Budget (OMB) and the General Services Administration (GSA). In the report accompanying the bill, the Committee detailed funding and provided programmatic direction:
    • The Committee recommends $389,800,000 for the FTC. The Congressional Budget Office estimates $138,000,000 of collections from Hart-Scott-Rodino premerger filing fees and $20,000,000 of collections from Do-Not-Call fees, which partially offset the appropriation requirement for this account. The Committee is highly concerned by increasing instances of fraudulent or deceptive data collection practices and other violations of consumer protection laws, as well as by increasing concentration in technology and other markets. The Committee provides the FTC with additional resources to increase both its enforcement of antitrust statutes and its capacity to investigate un-fair, deceptive, and fraudulent business practices.
    • Cryptocurrency. — Cryptocurrencies are digital assets that use cryptography to secure or verify transactions. They are not created by a government or central bank, but they can be exchanged for U.S. dollars or other government-backed currencies. As consumer interest in cryptocurrencies has grown, so have scams such as deceptive investment and business opportunities, bait-and-switch schemes, and deceptively marketed mining machines. The Committee encourages the FTC to work with the Securities and Exchange Commission, other financial regulators, consumer groups, law enforcement, research organizations, and other public and private stakeholders to identify and investigate fraud related to cryptocurrencies market and discuss methods to empower and protect consumers. The Committee recommends that the FTC increase its engagement with stakeholders on this issue and that the FTC promptly publish any public education or consumer protection best practices developed from its activities on its website.
    • Consumer Right to Repair. — The Committee is aware of the FTC’s ongoing work examining how manufacturers, particularly mobile phone and car manufacturers, may limit repairs by consumers and repair shops, and how those limitations may increase costs, limit choice, and impact consumers’ rights under the Magnuson-Moss Warranty Act. The Committee appreciates the FTC’s timely and comprehensive report, ‘‘Nixing the Fix: An FTC Report to Congress on Repair Restrictions,’’ issued in May 2021. The report notes that ‘‘[t]o address unlawful repair restrictions, the FTC will pursue appropriate law enforcement and regulatory options, as well as consumer education, consistent with our statutory authority.’’ The Committee requests a briefing, within 120 days of enactment of this Act, on law enforcement, regulatory, and educational actions the agency has taken in relation to the Magnuson-Moss Warranty Act since the publication of that report, including an assessment of how repair restrictions might impact rural communities, communities of color, and indigenous communities.
    • Children’s Privacy. — The Committee is aware of the significant increase in online activity by children during the COVID 19 pan-demic and is concerned that this may lead to a greater opportunity for bad actors to unlawfully gather and use children’s personal information. The Committee urges the FTC to prioritize investigations into potential violations of the Children’s Online Privacy Protection Act Rule (COPPA Rule) and to incorporate findings from new and recent cases relating to children’s privacy into its ongoing COPPA Rule review process. Not later than 120 days after the enactment of this Act, the FTC is directed to provide to the Committee a report detailing the current amount of resources and personnel focused on enforcing the COPPA Rule; the number of investigations into violations of the COPPA Rule in the past 5 years; and the types of relief obtained, if any, for any completed investigations.
    • The Committee recommends $387,950,000 for the FCC, to be derived from offsetting collections. The Committee also includes a cap of $128,621,000 for the administration of spectrum auctions.
    • Broadband Maps. — The Committee remains highly interested in implementation of the Broadband DATA Act (P.L. 116–130). The FCC is directed to provide an updated spend plan and status report on Broadband Data Act spending no later than 60 days after enactment of this Act.
    • Mapping Partnership with USPS. — The Committee notes that the FCC released a report in May 2021 on the feasibility of partnering with the United States Postal Service to facilitate the collection of mobile wireless broadband data, as required by the Broadband DATA Act. The report outlines several challenges but says that ‘‘the Commission is continuing to explore possible solutions to the issues.’’ The Committee encourages the FCC to continue its work to address these obstacles and create a feasible partnership that will help improve wireless mapping in rural and underserved communities across the country.
    • Broadband Access. — The Committee believes that deployment of broadband in rural and economically disadvantaged areas is a driver of economic development, jobs, and new educational opportunities. The Committee supports FCC efforts to judiciously allocate Universal Service Fund (USF) funds for these areas.
    • Rural Digital Opportunity Fund. — In the Rural Digital Opportunity Fund (RDOF) Phase I auction, 180 bidders won $9.2 billion over 10 years to provide broadband to more than 5 million locations in U.S. States and territories. The RDOF Phase I auction represents an opportunity to bring broadband access to unserved rural communities across this country and to help close the digital divide in rural communities, but the Committee remains concerned about program implementation. The Committee expects the FCC to fully enforce its rules related to buildout requirements and performance tier commitments.
    • Territorial Access to Broadband. — The Committee is concerned about disparities in access to communications services on Tribal lands and in territories. The Committee encourages the FCC to implement policies to increase broadband access and adoption in these areas. The Committee commends the FCC’s work in establishing the Uniendo, a Puerto Rico Fund, and the Connect U.S. Virgin Islands (USVI) Fund to make additional USF funding available to rebuild fixed and mobile voice and broadband networks damaged in the 2017 hurricane season. In September 2019, the FCC approved $950,000,000 in Stage 2 funding to improve, expand, and harden communications networks in Puerto Rico and the USVI. In the U.S. Virgin Islands, the FCC is allocating more than$180,000,000 over ten years in support fixed networks, and$4,000,000 over three years for mobile networks. The Committee supports these efforts and urges the FCC to expeditiously move for-ward with its funding commitments under these programs.
    • Tribal Access to Broadband. — The Committee urges the FCC to responsibly and efficiently take action to increase access to broadband on Tribal lands and supports consultation with Federally recognized Indian Tribes, Alaska Native villages and corporations, and entities related to Hawaiian home lands to help close the digital divide. The FCC is encouraged to use all available resources to increase funding for consultation with Federally recognized Indian tribes, Alaska Native villages, and entities related to Hawaiian home lands; other work by the Office of Native Affairs and Policy (ONAP); and associated work from other bureaus and offices in support of ONAP.
    • School Broadband. — The Committee believes that access to broadband is an important factor in student success in school. The coronavirus pandemic highlighted this issue, but it will continue for many students even after full-time remote learning ends. The Committee notes that Congress established a $7,171,000,000 Emergency Connectivity Fund in the American Rescue Plan Act of 2021 (P.L. 117–2) to help address this issue. The Committee directs the FCC to evaluate new or existing programs that could be used to permanently extend telecommunications and information services to students at locations other than schools and libraries. The Committee directs the FCC to provide a briefing on implementation of the Emergency Connectivity Fund and any findings from its evaluations no later than 120 days after the enactment of this Act.
    • 5G Networks. — The Committee remains concerned about the digital divide and supports measures to bring broadband services to unserved and underserved communities as well as to address broadband affordability and adoption. The Committee also recognizes that ensuring the United States is the global leader in the5G economy is an economic and national security imperative. The Committee supports policies to ensure that 5G technologies are developed domestically and among our allies, and that the United States leads the world in the deployment of multiple, facilities-based commercial 5G networks. To that end, the Committee supports a phased approach to making additional spectrum available for commercial licensed and unlicensed use. Additionally, the Committee supports the Commission’s efforts to make more mid-band spectrum available for auction and flexible commercial use. The Committee opposes efforts to use Federally allocated spectrum to create a national wholesale 5G network owned, operated, or con-trolled by the government and continues to support private sector efforts to deploy 5G.
    • 5G Supply Chain. — The Committee notes the importance of a secure 5G technology supply chain. The Committee encourages the FCC to investigate options for increasing supply chain diversity, bolstering competition in the 5G equipment market, and strengthening 5G network security via hardware and software solutions that use virtualization technology, open standard-based interfaces, and interoperable equipment.
    • Cybersecurity Certification and Labeling. — The Committee encourages the FCC’s Office of Engineering and Technology to begin assessing existing cybersecurity certifications pertinent to critical infrastructure and to develop further informational and technological resources, as needed, to inform consumer and critical infrastructure owner and operator purchasing decisions for secure information and communications technologies.
    • Cloud Migration. — The Committee recognizes the importance of cloud migration for continued FCC operations and cybersecurity. Throughout much of the last decade, the FCC has released plans for IT modernization and cloud migration with the intention of decreasing their data center footprint in accordance with the Data Center Optimization Initiative (DCOI) mandated by Federal Information Technology Acquisition Reform Act (P.L. 113–291). The FCC is directed to provide a report to Committee no later than 120 days after enactment of this Act on its plans for re-architecting legacy systems, moving to commercial cloud solutions, and complying with DCOI.
    • Municipal Broadband. — The Committee urges the FCC to study the role of municipal-owned networks in expanding broadband access to unserved and underserved communities.
  • The European Commission (EC) announced “a new Joint Cyber Unit to tackle the rising number of serious cyber incidents impacting public services, as well as the life of businesses and citizens across the European Union (EU).” The Commission also provided updates on a range of other measures to bolster the cybersecurity of the EU and its member states. The EC continued:
    • First announced by President Ursula von der Leyen in her political guidelines, the Joint Cyber Unit proposed today aims at bringing together resources and expertise available to the EU and its Member States to effectively prevent, deter and respond to mass cyber incidents and crises. Cybersecurity communities, including civilian, law enforcement, diplomatic and cyber defence communities, as well as private sector partners, too often operate separately. With the Joint Cyber Unit, they will have a virtual and physical platform of cooperation: relevant EU institutions, bodies and agencies together with the Member States will build progressively a European platform for solidarity and assistance to counter large-scale cyberattacks.
    • The Recommendation on the creation of the Joint Cyber Unit is an important step towards completing the European cybersecurity crisis management framework. It is a concrete deliverable of the EU Cybersecurity Strategy and the EU Security Union Strategy, contributing to a safe digital economy and society.
  • Senate Finance Committee Ranking Member Mike Crapo (R-ID) asked the Government Accountability Office (GAO) to review “the Internal Revenue Service’s (IRS) data security practices, procedures and methods” “follow[ing] the unauthorized disclosure of individuals’ confidential tax returns to the media outlet, ProPublica.” Crapo argued:
    • The recent apparent unauthorized disclosure of individuals’ confidential tax return information to the media outlet, ProPublica, and a subsequent article titled “The Secret IRS Files: Trove of Never-Before-Seen Records Reveal How the Wealthiest Avoid Income Tax” is deeply troubling.  The article states that “ProPublica has obtained a vast trove of Internal Revenue Service data on the tax returns of thousands of the nation’s wealthiest people, covering more than 15 years.”  Such unauthorized disclosure represents an unacceptable violation of the trust that Americans place in the IRS to safeguard their personal information and undermines the system of voluntary compliance upon which our tax system relies.
    • The size and scope of the apparent disclosure to ProPublica of confidential taxpayer information from a government agency warrants increased government oversight to ensure that the IRS is implementing robust processes and procedures to fully protect tax filers’ personal data.  In a related article, ProPublica asserts, “We live in an age in which people with access to information can copy it with the click of a mouse and transmit it in a variety of ways to news organizations.”  IRS practices, procedures, and methods must ensure that it is not that easy for unauthorized individuals to access and transmit to third parties the private information Americans entrust every year to the tax collectors.  The same related article continues, “We [ProPublica] have gone to considerable lengths to confirm that the information sent to us is accurate.  We compared the tax data in our possession to other sources of the same information wherever we could find them, some of which were public (a tax return for a candidate for national office), others of which were private [emphasis added].”  If ProPublica is confirming private tax information by comparison to information from other private sources, additional concerns arise about the security of Americans’ financial information.
  • The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport (DCMS) issued “New guidance for tech companies to protect people online.” DCMS stated its “Safety by design guidance…will help businesses such as start-ups find the information they need so they can build safe products from the development stages right through to the user experience.” DCMS asserted:
    • Research has shown small companies are less confident in their ability to find information on child online safety compared to medium and large companies.
    • The guidance advocates putting safety at the heart of platform design to minimise the risk of online harm occurring. It advises companies about providing an age-appropriate experience for children using tools such as age assurance and age verification methods.
    • This includes encouraging adults to set services’ safety measures to high by default so they can’t be changed by children, recommending that firms make it easier for users to report harmful content or behaviour, and for companies to block high-risk search terms – for example around illegal terrorist content.
    • A ‘one stop shop’ with child safety advice will also help bosses implement crucial safety measures for children users ahead of the government’s forthcoming Online Safety Bill. Under the bill tech firms will be required to assess the risks posed to people using their services and provide safer environments for users. The guidance is targeted at companies whose online platforms are used by children, such as social media or gaming platforms.
    • It includes advice on how to protect children’s personal data, address abuse and encourage positive behaviour online, and how to tackle child sexual exploitation and abuse. It also recommends applying and actively enforcing minimum age limits and reporting child sexual exploitation and abuse.
  • The European Parliament published a research paper titled “Online advertising :the impact of targeted advertising on advertisers, market access and consumer choice,” in which the authors offered the following “potential solutions that may be relevant to protect consumers and SMEs and facilitate the development of the single market for advertising in the context of the DSA and DMA as well as other legislative and soft law instruments:
    • a. Informing consumers about being targeted and improved consent mechanisms. The DSA could contain a requirement for meaningful transparency concerning the existence of targeted advertising, alongside a requirement that information about targeted advertising should be conveyed in a manner which is clear to consumers. If these measures are insufficient, an opt-in to targeted advertising could be encouraged through the self and co-regulatory measures provided for in Article 36 of the DSA.
    •  b. Addressing “dark patterns” through guidelines EDPB guidelines cover the issue of “dark patterns” to some extent. However, further action could be taken such as defining design guidelines, among others, for cookie banners and consent forms and providing a user-friendly tool enabling consumers to report websites that may not comply.
    • c. Preventing discrimination and improving algorithmic transparency. The DSA could further contribute to ensuring that rules regarding discrimination are adhered to in the context of digital advertising by enforcing greater meaningful transparency concerning the existence of targeted advertising and the parameters used. In addition, regular vetting of systems and training data by accredited researchers could offer new insights on how to mitigate systemic risks and reduce information asymmetries.
    • d. Ensure that minors are not subject to targeted advertising which exploits their vulnerabilities. The AVMS Directive already includes obligations to protect minors from harmful content in advertising. However, the provisions apply only to video sharing platforms. The DSA could include a similar provision to that in Article 28b, paragraph 3 AVMS, to clarify that minors (and potentially other vulnerable customer groups) should be protected from harmful targeted advertising .
    • e. Ensuring responsibility for targeted advertising when multiple actors are involvedActors which are responsible for targeted advertising solutions may not fall under the scope of the DSA, which is limited to intermediation services. A possible solution may be to clarify that Article 5.3 of the DSA proposal, which removes the liability exemption of the hosting platforms, could also apply to platforms which may lead a reasonably well-informed consumer to believe that advertising is provided by the online platform itself or by a recipient of the service who is acting under its authority or control. This would ensure that the platform has an incentive to comply with all the transparency rules.
    • f. Improving consumers’ access to redress. The proposed DSA sets out a generic mechanism for users to flag illegal content and to seek redress. However, this may not help consumers to identify how to make complaints and ensure that they reach the right enforcement body. The Digital Service Co-ordinators could be tasked with providing information to consumers on how to seek redress in relation to online advertising (among other areas). Another option would be to adopt a sector-specific directive addressing all consumer protection issues related to online advertising.
    • G .Facilitating the functioning of the internal market. The risk of legal uncertainty deriving from the potential application of national rules to advertising services could be mitigated by clarifying the meaning of common terms and enforcing cooperation mechanisms between Member States. This could be done, for instance, by amending the eCommerce Directive (possibly through the DSA) by introducing precise deadlines and procedural conditions for the implementation of derogations by Member States8. Adopting EU-wide Codes of Conduct which could be ‘vetted’ by the European Commission to define which types of national restrictions would be compatible with the internal market clause might also be helpful.
    • h. Addressing exploitation by platforms which hold a gatekeeper position in digital advertising. Smaller firms in particular may be reliant on large gatekeepers to reach consumers, potentially allowing exploitation. The proposed DMA includes provisions which aim to shine a light on potential exploitation by requiring information on advertising prices and performance to be shared with advertisers. Alongside approving the DMA provisions, potential exploitation could be addressed by taking advantage of this information to pursue case by case enforcement under competition law.
    • i. Increase transparency concerning advertising auctions and the performance of advertising. The distribution of ads via ad-auctions is marked by a lack of transparency towards both advertisers and publishers. The current DMA proposal provides for some useful transparency provisions, but could be extended to require transparency for the criteria used by the ad-tech platform services in the auction process, including details of the price components as well as other factors which are taken into account in the auction process and their weighting.
    • j. Tackling bundling and tying by gatekeeper intermediaries of premium advertising space Ad-inventory of vertically integrated large intermediaries (e.g., Facebook, YouTube, Google) is considered very valuable from an advertiser’s perspective but is often exclusively marketed via their own Ad-Network or Ad-Exchange. This could raise entry barriers and impede competition in the provision of advertising intermediary services. It may be appropriate to encourage the European Commission to closely monitor competition across the online advertising value chain, and if necessary consider separating intermediary services from the ad-inventory of their publisher’s sites.
    • k. Addressing asymmetric access to consumer data. Large providers of advertising services like Google and Facebook can access a huge amount of data that other companies do not have access to. Large providers may directly prohibit or introduce considerable obstacles to the use of the data via a competitor’s advertising services. The prohibition on bundling and self-preferencing in the DMA proposal may address the issue to some degree, but further analysis could be conducted to understand whether other measures may be necessary.
  • The United States (U.S.) Government Accountability Office (GAO) issued a report titled “Facial Recognition Technology: Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks.” In making extensive recommendations to law enforcement agencies, the GAO concluded:
    • Facial recognition technology is a powerful tool used by the federal law enforcement community. Federal agencies that employ law enforcement officers rely on systems with facial recognition technology, and the potentially millions or billions of photos stored in these systems, to help generate investigative leads and solve crimes. However, 13 federal agencies cannot assess the risks of using non-federal systems because they are unaware of what systems are used by employees. By implementing a mechanism to track what non-federal systems are used by employees, agencies will have better visibility into the technologies they rely upon to conduct criminal investigations. In addition, by assessing the risks of using these systems, including privacy and accuracy-related risks, agencies will be better positioned to mitigate any risks to themselves and the public.
  • The United Kingdom’s (UK) Information Commissioner Elizabeth Denham posted on the Information Commissioner’s Office (ICO) blog on “mobile phone extraction practices across the criminal justice system in the UK.” Denham explained:
    • My 2020 report explained the issues at play in England and Wales. It recommended several measures, aimed at regaining public confidence that may have been lost through previous poor practices. These measures included calling for a new code of practice to be implemented across law enforcement to improve compliance with data protection law.
    • Our report broke new ground. It called for a change in culture to stop unnecessary processing of personal data from mobile phones that could not be justified. It is not okay for the police to ask people to hand over their mobile phones without good reason. They must only take people’s data when it is strictly necessary for a specific, reasonable line of enquiry.
    • That report, supported by our work with organisations including the police, victims’ groups and government, has already prompted improvements.
    • The Court of Appeal issued a judgment that reinforced our report’s findings and recommendations. The Attorney General has revised his guidelines on disclosure, stressing the message that it is not always necessary to obtain digital materials. And the College of Policing has issued operational guidance to police in England and Wales, mphasizing the need to consider alternatives to the examination of mobile phones and to extract only the minimum amount of data strictly necessary.
    • This is a good start, but a more strategic, coordinated approach is needed so that police and prosecutors understand and implement the required systemic changes. Crucially, the code of practice I called for a year ago, to introduce clarity, consistency and adequate safeguards whenever mobile phone extraction is being considered, is yet to be introduced despite continuous engagement from my office.
    • To assist police organisations in Northern Ireland and Scotland in understanding their data protection obligations in their mobile phone extraction operations, we have published two separate reports with recommendations on how to comply with the law. We have also published a follow-up to my 2020 report on the issues in England and Wales.
  • The Microsoft Threat Intelligence Center warned of “new activity from the NOBELIUM threat actor,” “the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.” Microsoft asserted:
    • Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to share some details to help our customers and communities protect themselves.  
    • This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date. All customers that were compromised or targeted are being contacted through our nation-state notification process.
    • This type of activity is not new, and we continue to recommend everyone take security precautions such as enabling multi-factor authentication to protect their environments from this and similar attacks. This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.  The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada.  In all, 36 countries were targeted.
    • As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign. We responded quickly, removed the access and secured the device. The investigation is ongoing, but we can confirm that our support agents are configured with the minimal set of permissions required as part of our Zero Trust “least privileged access” approach to customer information. We are notifying all impacted customers and are supporting them to ensure their accounts remain secure. 

Further Reading

  • Swedish court upholds ban on Huawei selling 5G network gear” By Johan Ahlander and Supantha Mukherjee — Reuters. A Swedish court on Tuesday upheld a ban against Huawei (HWT.UL) selling 5G equipment in the country, dashing the Chinese company’s hopes of staging a comeback in Europe and increasing the chances of potential retaliation by China against rival Ericsson. In October, Swedish telecom regulator PTS unexpectedly banned Huawei supplying 5G equipment to Swedish mobile firms due to security concerns raised by Sweden’s security service SAPO, a decision the Chinese company challenged in the court.
  • Scholars on LinkedIn Are Being Blocked in China ‘Without Telling Them Why’” By Liza Lin — The Wall Street Journal. Eyck Freymann, an Oxford University doctoral student, was surprised to get a notice from LinkedIn this month telling him his account had been blocked in China. The “Experience” section of his profile, which detailed his career history, contained “prohibited” content, he was informed. The social-networking site owned by Microsoft Corp. didn’t explain more, but Mr. Freymann said he thought it was because he had included the words “Tiananmen Square massacre” in the entry for his two-year stint as a research assistant for a book in 2015.
  • New Twisted Toys ads highlight how tech giants prey on children’s data” By Cat Zakrzewski — The Washington Post. Meet Share Bear, the toy that knows everything about you … and then sells it to billion-dollar tech companies. This cuddly yet creepy companion is part of a new campaign launching later this week called “Twisted Toys,” which aims to raise awareness about the ways tech companies prey on children’s data. The upbeat commercials at first appear as if they would run during Saturday morning cartoons, but quickly take a dark turn. They distort familiar childhood toys with risky and addictive features common across the Internet. 
  • India plans tighter e-commerce rules amid complaints over Amazon, Flipkart” By Aditya Kalra — Reuters.  India proposed banning flash sales on e-commerce websites and said on Monday their affiliate entities should not be listed as sellers on their platforms, in a proposed tightening of rules that could hit Amazon and Walmart’s Flipkart. The Ministry of Consumer Affairs’ rules, which were released in a government statement, come amid complaints by brick-and-mortar retailers that foreign e-commerce players bypass Indian laws by using complex business structures.
  • Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress” By Tonya Riley — cyberscoop. The Justice Department is abusing secret subpoenas to collect cloud user data at alarming rates, a top Microsoft executive testified in front of the House Judiciary Committee on Wednesday. Tom Burt, Microsoft’s vice president of customer security and trust, told lawmakers that the company currently receives between 2,400 to 3,500 secrecy orders each year. That’s roughly a third of the total number of requests that federal law enforcement sends to Microsoft, and it’s a number that has grown as more companies and organizations rely on cloud providers to serve as their virtual offices.
  • A major international data flow problem just got resolved. But another row is already brewing” By Daphne Leprince-Ringuet — ZDNet. Personal data will continue to flow unimpeded from the EU to the UK, the bloc’s member states have agreed in a unanimous decision that will relieve many businesses on both sides of the Channel of spending much time and money on complex legal paperwork. All 27 member states voted in favor of granting the UK an adequacy decision – a special status that recognizes that the country’s data laws do as good a job as the European GDPR at protecting personal information.  
  • House GOP Leader Criticizes Bipartisan Bills Targeting Big Tech” By Ryan Tracy and Julie Bykowicz — The Wall Street Journal. Bipartisan legislation to curb the market power of big technology companies faced a new hurdle Wednesday, with House Minority Leader Kevin McCarthy (R., Calif.) criticizing the bills introduced last week. Mr. McCarthy’s opposition widens a GOP divide over the proposals—which has been the aim of tech industry lobbyists seeking to derail legislation that threatens the businesses of some of America’s largest companies, Amazon.com Inc., Facebook Inc., Alphabet Inc.’s Google and Apple Inc.
  • SolarWinds hackers had access to Denmark’s central bank, report says” By Jeff Stone — cyberscoop. A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident. Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators.
  • Here’s What’s in the Six Antitrust Bills That Could Finally Break Up Big Tech” By Shoshana Wodinsky — Gizmodo. After two years of investigations and a 30-hour debating session on the House floor, the US House Judiciary Committee voted on Thursday to pass a sweeping six-bill package collectively meant to reign in Big Tech’s massive market power. Even though there’s been a recent bipartisan push for a major tech crackdown, this week’s marathon debate revealed some serious rifts between the two parties—and even within the two parties—that could hamper the bill’s hopes of being passed into law. Some GOP reps, like Jim Jordan from Ohio, have publicly railed against the measures as a group of “Democrat Bills,” that are too radical to pass muster among his fellow Republicans. Some Democratic lawmakers, meanwhile, expressed concerns about some of the bill’s data privacy implications. On both sides, there was vocal concern that the bill’s wording was too broad, and potentially invited some unintended consequences for smaller tech companies, too. Of course, there’s also bipartisan consensus among lawmakers from California that these bills would be bad for their donors constituents.
  • Trudeau’s Party Passes Bill to Regulate Social Media, Streaming” By Kait Bolongaro — Bloomberg. Canadian lawmakers passed a controversial bill that aims to regulate programming distributed by media streaming services and social platforms like Facebook and YouTube, a measure that critics warn could infringe on individual speech. The legislation drafted by Justin Trudeau’s government, known as Bill C-10, is meant to subject tech giants to the same requirements as traditional broadcasters — effectively compelling companies like Netflix Inc. and TikTok Inc. to finance and promote Canadian content. It’s among the most far-reaching plans by governments anywhere to regulate the algorithms tech companies use to amplify or recommend content.
  • 3 things to know about Nigeria’s Twitter ban” By Lindsay Hundley, Hakeem Bishi and Shelby Grossman — The Washington Post. On June 4, the Nigerian government announced that it had suspended Twitter’s operations in the country. The announcement came two days after the social media company removed a tweet by President Muhammadu Buhari, in which Buhari issued a thinly veiled threat against secessionist groups in the southeast “to treat them in the language they understand.” Since announcing the ban, the government has issued directives to federal prosecutors to arrest anyone still using Twitter — and ordered Internet providers to block access to the platform. After some initial confusion as to whether Twitter remained accessible, it appears as of mid-June that most Nigerians can no longer access the platform.
  • New Laws Are ‘Probably Needed’ to Force US Firms to Patch Known Cyber Vulnerabilities, NSA Official Says” By Patrick Tucker — Nextgov. The vast majority of cyber attacks exploit known vulnerabilities that could be fixed by patching older software and replacing older computing gear. But that costs money, and legislation will likely be needed to force companies to make these fixes soon — before the kind of AI-powered tools used by Russia and China become commonplace among smaller-scale hackers, said Rob Joyce, who leads the National Security Agency’s Cybersecurity Directorate. “The biggest problem is historical tech debt,” said Joyce, meaning old computers and software that aren’t up-to-date on the most recent patches against attackers. “That means we have to be investing in refresh. We have to be investing in the defensive teams. We have to be investing in organizations that will track, follow and upgrade to close out those vulnerabilities and from where I sit, there’s probably going to have to be some regulation over time.” Joyce made his remarks during a pre-taped session that aired on Friday during the sixth annual Defense One Tech Summit. 

Coming Events

  • On 13 July, the Federal Communications Commission (FCC) will hold its monthly meeting with this tentative agenda:
    • Securing Communications Networks. The Commission will consider a Third Report and Order that would amend the rules for the Secure and Trusted Communications Networks Reimbursement Program consistent with modifications adopted by Congress in the Consolidated Appropriations Act, 2021. The item would also clarify certain aspects of the Reimbursement Program. (WC Docket No. 18-89)
    • Enabling State-of-the-Art Radar Sensing Technologies in the 60 GHz Band. The Commission will consider a Notice of Proposed Rulemaking proposing revisions to Section 15.255 of the rules governing short range radar operations in the 64-71 GHz frequency band. (ET Docket No. 21-264)
    • Updating Technical Rules for Radio Broadcasters. The Commission will consider a Notice of Proposed Rulemaking to eliminate or amend outmoded or unnecessary broadcast technical rules. (MB Docket No. 21-263)
    • Updating International Filing Requirements for the Digital Age. The Commission will consider an Order that would amend rules to require the remaining applications and reports to be filed electronically in the International Bureau Filing System (IBFS) and eliminate duplicative paper filing requirements. (IB Docket No. 21-265)
    • Enforcement Bureau Action. The Commission will consider an enforcement action.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Rostislav Uzunov from Pexels

Photo by Brett Jordan on Unsplash

Photo by Swapnil Deshpandey on Unsplash

Photo by Sam Mathews on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s