FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Apple tweaks App Store rule changes for children’s apps and sign-in services

By Matthew Panzarino

Originally announced in June, changes to Apple’s App Store policies on its Sign in with Apple service and the rules around children’s app categories are being tweaked. New apps must comply right away with the tweaked terms, but existing apps will have until early 2020 to comply with the new rules.

The changes announced at Apple’s developer conference in the summer were significant, and raised concerns among developers that the rules could handicap their ability to do business in a universe that, frankly, offers tough alternatives to ad-based revenue for children’s apps.

In a short interview with TechCrunch, Apple’s Phil Schiller said that they had spent time with developers, analytics companies and advertising services to hear what they had to say about the proposals and have made some updates.

The changes are garnering some strong statements of support from advocacy groups and advertising providers for children’s apps that were pre-briefed on the tweaks. The changes will show up as of this morning in Apple’s developer guidelines.

“As we got closer to implementation we spent more time with developers, analytics companies and advertising companies,” said Schiller. “Some of them are really forward thinking and have good ideas and are trying to be leaders in this space too.”

With their feedback, Schiller said, they’ve updated the guidelines to allow them to be more applicable to a broader number of scenarios. The goal, he said, was to make the guidelines easy enough for developers to adopt while being supportive of sensible policies that parents could buy into. These additional guidelines, especially around the Kids app category, says Schiller, outline scenarios that may not be addressed by the Children’s Online Privacy Protection Act (COPPA) or GDPR regulations.

There are two main updates.

Kids’ changes

The first area that is getting further tweaking is the Kids terms. Rule sections 1.3 and 5.1.4 specifically are being adjusted after Apple spoke with developers and providers of ad and analytics services about their concerns over the past few months.

Both of those rules are being updated to add more nuance to their language around third-party services like ads and analytics. In June, Apple announced a very hard-line version of these rule updates that essentially outlawed any third-party ads or analytics software and prohibited any data transmission to third-parties. The new rules offer some opportunities for developers to continue to integrate these into their apps, but also sets out explicit constraints for them.

The big changes come in section 1.3 surrounding data safety in the Kids category. Apple has removed the explicit restriction on including any third-party advertising or analytics. This was the huge hammer that developers saw heading towards their business models.

Instead, Apple has laid out a much more nuanced proposal for app developers. Specifically, it says these apps should not include analytics or ads from third parties, while implicitly acknowledging that there are ways to provide these services as well as practicing data safety on the App Store.

Apple says that in limited cases, third-party analytics may be permitted as long as apps in the Kids category do not send personal identifiable information or any device fingerprinting information to third parties. This includes transmitting the IDFA (the device ID for advertisers), name, date of birth, email address, location or any other personally identifiable information.

Third-party contextual ads may be allowed but only if those companies providing the ads have publicly documented practices and policies and also offer human review of ad creatives. That certainly limits the options, including most offerings from programmatic services.

Rule 5.1.4 centers on data handling in kids apps. In addition to complying with COPPA, GDPR and other local regulations, Apple sets out some explicit guard rails.

First, the language on third-party ads and analytics has been changed from may not to should not. Apple is discouraging their use, but acknowledges that “in limited cases” third-party analytics and advertising may be permitted if it adheres to the new rules set out in guideline 1.3.

The explicit prohibition on transmitting any data to third parties from apps in the Kids category has been removed. Once again, this was the big bad bullet that every children’s app maker was paying attention to.

An additional clause reminds developers not to use terms like “for kids” and “for children” in app metadata for apps outside of the Kids category on the App Store.

SuperAwesome is a company that provides services like safe ad serving to kids apps. CEO Dylan Collins was initially critical of Apple’s proposed changes, noting that killing off all third-party apps could decimate the kids app category.

“Apple are clearly very serious about setting the standard for kids apps and digital services,” Collins said in a statement to TechCrunch after reviewing the new rules Apple is publishing. “They’ve spent a lot of time working with developers and kidtech providers to ensure that policies and tools are set to create great kids digital experiences while also ensuring their digital privacy and safety. This is the model for all other technology platforms to follow.”

All new apps must adhere to the guidelines. Existing apps have been given an additional six months to live in their current form but must comply by March 3, 2020.

“We commend Apple for taking real steps to protect children’s privacy and ensure that kids will not be targets for data-driven, personalized marketing,” said Josh Golin, Executive Director of Campaign for Commercial-Free Childhood. “Apple rightly recognizes that a child’s personal identifiable information should never be shared with marketers or other third parties. We also appreciate that Apple made these changes on its own accord, without being dragged to the table by regulators.”

The CCFC had a major win recently when the FTC announced a $170M fine against YouTube for violations of COPPA.

Sign in with Apple

The second set of updates has to do with Apple’s Sign in with Apple service.

Sign in with Apple is a sign-in service that can be offered by an app developer to instantly create an account that is handled by Apple with additional privacy for the user. We’ve gone over the offering extensively here, but there are some clarifications and policy additions in the new guidelines.

Sign in with Apple is being required to be offered by Apple if your app exclusively offers third-party or social log ins like those from Twitter, Google, LinkedIn, Amazon or Facebook. It is not required if users sign in with a unique account created in the app, with say an email and password.

But some additional clarifications have been added for additional scenarios. Sign in with Apple will not be required in the following conditions:

  • Your app exclusively uses your company’s own account setup and sign-in systems.
  • Your app is an education, enterprise or business app that requires the user to sign in with an existing education or enterprise account.
  • Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
  • Your app is a client for specific third-party service and users are required to sign in to their mail, social media or other third-party account directly to access their content.

Most of these were sort of assumed to be true but were not initially clear in June. The last one, especially, was one that I was interested in seeing play out. This scenario applies to, for instance, the Gmail app for iOS, as well as apps like Tweetbot, which log in via Twitter because all they do is display Twitter.

Starting today, new apps submitted to the store that don’t meet any of the above requirements must offer Sign in with Apple to users. Current apps and app updates have until April 2020 to comply.

Both of these tweaks come after developers and other app makers expressed concern and reports noted the abruptness and strictness of the changes in the context of the ever-swirling anti-trust debate surrounding big tech. Apple continues to walk a tightrope with the App Store where they flex muscles in an effort to enhance data protections for users while simultaneously trying to appear as egalitarian as possible in order to avoid regulatory scrutiny.

Huawei drops lawsuit over equipment seized by the U.S. government

By Catherine Shu

Huawei has dropped a lawsuit against the Commerce Department and other agencies after the U.S. government released telecommunications equipment seized in September 2017. The suit was filed by the Chinese company’s U.S. subsidiary, Huawei Technologies USA, in June. In a statement, Huawei said it considers the return of the equipment, including servers and Ethernet switches, “as a tacit admission that the seizure itself was unlawful and arbitrary.”

The equipment was confiscated by U.S. officials in Alaska as it was on its way back to China after testing in California. Huawei said the U.S. government determined after an investigation that no export license was needed for the shipment, but did not give the company an explanation for why it had been withheld for two years.

The dropped lawsuit is separate from the one Huawei filed against the U.S. government in March, claiming that a ban on the use of its products by federal agencies and contractors violated due process and is unconstitutional.

Huawei has been on the U.S. government’s entity list since May over concerns that it poses a threat to national security and its equipment may be used for espionage, allegations the company has denied. The trade blacklist prevents it from purchasing from U.S. suppliers without getting clearance from the government first.

Along with ZTE, Huawei has been on the U.S. government’s radar since the House Intelligence Committee identified the companies as potential security threats. Scrutiny has intensified since the U.S.-China trade war began last year, however, and the U.S. government has put more legal pressure on Huawei, which the company described earlier this month as a “malign, concerted effort by the U.S. government to discredit Huawei and curb its leadership position in the industry.”

Apple products under pricing pressure as new 15% tariffs drop Sunday

By Kirsten Korosec

A new 15% tariff on Chinese imports will go in effect just after midnight Sunday, placing levies on hundreds of household goods and consumer tech, including a bevy of Apple products.

The tariffs, put in place by President Donald Trump as part of an escalating tit-for-tat trade war with China, were entered into the Federal Register on Friday.

Apple, the largest U.S. technology company by market cap, has its products assembled in China by Foxconn and then ships them to consumers all over the world. The Apple Airpods, Apple Watch and accompanying Apple Watch bands and the Apple Homepod are all products subject to the higher tariffs beginning Sunday. The iPhone doesn’t appear to be impacted this round, but could be subject to tariffs that begin Dec. 15.

Apple is hardly the only electronics company — most of which have final assembly in China — to be affected by the tariffs. TVs, speakers, digital cameras, lithium-ion batteries and flash drives are just a few of consumer electronics that will be subjected to a 15% tariff beginning Sunday. But the higher tariffs do threaten to give rival Samsung an edge.

The new higher tariffs come just a few weeks since Apple CEO Tim Cook met with Trump to argue that such a move would benefit its No. 1 competitor Samsung.

The 15% tariff will affect about $112 billion of Chinese goods, lower than the original list of $300 billion imports. Last week, the U.S. Trade Representative office modified the original list, either delaying tariffs on some products until December 15 or removing some goods altogether.

Despite the lower number, the impact is still expected to pinch companies importing products from China. The complete list of products affected by the 15% tariffs is 122 pages long. And eventually, that pain — aka higher prices — will be passed onto consumers.

Tariffs have already had a cost, according to the Consumer Tech Association. Since July 2018, Section 301 tariffs on China have cost the consumer tech industry over $10 billion, including $1 billion on 5G-related products, the CTA said.

In total, American taxpayers have paid over $27 billion in extra import tariffs from the beginning of the trade war in 2018 through June of this year, most of which can be attributed to the U.S.-China trade war, according to U.S. Census information provided by the Information Technology Industry Council (ITI).

Another 30% tariff on about $250 billion of goods is expected to begin October 1.

Chinese tariff retaliation, presidential tweets and market unease sends exchanges plummeting

By Jonathan Shieber

After a week of modest gains, major stock indexes plummeted on Friday as China retaliated against U.S. tariffs by imposing $75 billion worth of tariffs on U.S. goods coming into the country.

China’s foreign ministry said that it would resume tariffs on U.S. imports of automobiles and auto parts and place an additional 5% or 10% tariff on agricultural and food products like soybeans, coffee, whiskey and seafood.

The trouble was exacerbated by statements on President Donald Trump’s Twitter account, which called for the U.S. to “immediately start looking for an alternative to China.” The president also accused China of stealing “our Intellectual Property at a rate of Hundreds of Billions of Dollars a year.”

Our Country has lost, stupidly, Trillions of Dollars with China over many years. They have stolen our Intellectual Property at a rate of Hundreds of Billions of Dollars a year, & they want to continue. I won’t let that happen! We don’t need China and, frankly, would be far….

— Donald J. Trump (@realDonaldTrump) August 23, 2019

The attacks sent markets into a tailspin. The Dow Jones Industrial Average fell by as much as 700 points before closing the day slightly down only 623 points at 25,628.60. Meanwhile the S&P 500 Index fell 75.84 points to end the day at 2,847.11 and the Nasdaq dropped 239.62 points to close at 7,751.77.

The declines come on top of a dismal week of economic reports for the U.S. Earlier, the number of jobs the country had added over the past year was revised downward by 500,000. Meanwhile, the national debt is ballooning at a faster rate than expected, with the U.S. deficit expected to hit $1.2 trillion by 2020.

States to launch antitrust investigation into big tech companies, reports say

By Manish Singh

The state attorneys in more than a dozen states are preparing to begin an antitrust investigation of the tech giants, the Wall Street Journal and the New York Times reported Monday, putting the spotlight on an industry that is already facing federal scrutiny.

The bipartisan group of attorneys from as many as 20 states is expected to formally launch a probe as soon as next month to assess whether tech companies are using their dominant market position to hurt competition, WSJ reported.

If true, the move follows the Department of Justice, which last month announced its own antitrust review of how online platforms scaled to their gigantic sizes and whether they are using their power to curb competition and stifle innovation. Earlier this year, the Federal Trade Commission formed a task force to monitor competition among tech platforms.

It won’t be unprecedented for a group of states to look at a technology giant. In 1998, 20 states joined the Justice Department in suing Microsoft . The states could play a key role in building evidence and garnering public support for major investigations.

Because the tentacles of Google, Facebook, Amazon, and Apple reach so many industries, any investigation into them could last for years.

Apple and Google pointed the Times to their previous official statements on the matter, in which they have argued that they have been vastly innovative and created an environment that has benefited the consumers. Amazon and Facebook did not comment.

Also on Monday, Joseph Simons, the chairman of FTC, warned that Facebook’s planned effort to integrate Instagram and WhatsApp could stymie any attempt by the agency to break up the social media giant.

“If they’re maintaining separate business structures and infrastructure, it’s much easier to have a divestiture in that circumstance than in where they’re completely enmeshed and all the eggs are scrambled,” Simons told the Financial Times.

US Commerce Department adds 46 Huawei affiliates to entity list

By Brian Heater

The United States Department of Commerce announced this morning the addition of 46 Huawei affiliates to its Entity List. Effective today, the companies join more than 100 entries added to the list over connections to the embattled Chinese consumer electronics giant.

The DoC also used this morning’s news to announce an extension of its Temporary General License (TGL), which affords people and companies a limited time use of goods from Huawei and affiliate companies in order to essentially wean them off of Huawei networking equipment. The license, which offers “narrow exceptions” is set to expire 90 days from today.

In a statement provided to the press, Secretary of Commerce Wilbur Ross stated, “As we continue to urge consumers to transition away from Huawei’s products, we recognize that more time is necessary to prevent any disruption. Simultaneously, we are constantly working at the Department to ensure that any exports to Huawei and its affiliates do not violate the terms of the Entity Listing or Temporary General License.”

Huawei has, of course, long denied any ties to security or spying accusations from the U.S. government. Recently, stories, including alleged ties to African government spying, have continued to shine a light on concerns about the company’s ties to the Chinese government. Those concerns have led to Huawei’s addition to the entities list, along with U.S. government bans on buying equipment.

Per the DoC:

Huawei was added to the Entity List after the Department concluded that the company is engaged in activities that are contrary to U.S. national security or foreign policy interests, including alleged violations of the International Emergency Economic Powers Act (IEEPA), conspiracy to violate IEEPA by providing prohibited financial services to Iran, and obstruction of justice in connection with the investigation of those alleged violations of U.S. sanctions, among other illicit activities.

Losing access to American software and hardware could, in turn, have a devastating impact on the company. Notably, Huawei recently unveiled HarmonyOS. The new mobile operating system is not yet an Android replacement, but is believed by many to be part of a long-term strategy to wean itself off of dependence on Google.

We have reached out to Huawei for comment.

Another day, another reversal in stock fortunes as recession fears grow

By Jonathan Shieber

U.S. stock markets plummeted today as recession fears continue to grow.

Yesterday’s good news about a reprieve on tariffs for U.S. consumer imports was undone by increasing concerns over economic indicators pointing to a potential global recession coming within the next year.

The Dow Jones Industrial Average dropped more than 800 points on Wednesday — its largest decline of the year — while the S&P 500 fell by 85 points and the tech-heavy Nasdaq dropped 240 points.

The downturn in the markets came a day after the Dow closed up 373 points after the U.S. Trade Representative announced a delay in many of the import taxes the Trump administration planned to impose on Chinese goods.

In the U.S. it was concerns over the news that the yield on 10-year U.S. Treasury notes had dipped below the yield of two-year notes. It’s an indicator that investors think the short-term prospects for a country’s economic outlook are worse than the long-term outlook, so yields are higher for short-term investments.

China’s industrial and retail sectors both slowed significantly in July. Industrial production, including manufacturing, mining and utilities, grew by 4.8% in July (a steep decline from 6.3% growth in June).  Meanwhile, retail sales in the country slowed to 7.6%, down from 9.8% in June.

Germany also posted declines over the summer months, indicating that its economy had contracted by 0.1% in the three months leading to June.

Globally, the protracted trade war between the U.S. and China are weighing on economies — as are concerns about what a hard Brexit would mean for the economies in the European Union .

The stocks of Alphabet, Amazon, Apple, Facebook, Microsoft, Netflix and Salesforce were all off by somewhere between 2.5% and 4.5% in today’s trading.

Reports say White House has drafted an order putting the FCC in charge of monitoring social media

By Jonathan Shieber

The White House is contemplating issuing an executive order that would widen its attack on the operations of social media companies.

The White House has prepared an executive order called “Protecting Americans from Online Censorship” that would give the Federal Communications Commission oversight of how Facebook, Twitter and other tech companies monitor and manage their social networks, according to a CNN report.

Under the order, which has not yet been announced and could be revised, the FCC would be tasked with developing new regulations that would determine when and how social media companies filter posts, videos or articles on their platforms.

The draft order also calls for the Federal Trade Commission to take those new policies into account when investigating or filing lawsuits against technology companies, according to the CNN report.

Social media censorship has been a perennial talking point for President Donald Trump and his administration. In May, the White House set up a tip line for people to provide evidence of social media censorship and a systemic bias against conservative media.

In the executive order, the White House says it received more than 15,000 complaints about censorship by the technology platforms. The order also includes an offer to share the complaints with the Federal Trade Commission.

As part of the order, the Federal Trade Commission would be required to open a public complaint docket and coordinate with the Federal Communications Commission on investigations of how technology companies curate their platforms — and whether that curation is politically agnostic.

Under the proposed rule, any company whose monthly user base includes more than one-eighth of the U.S. population would be subject to oversight by the regulatory agencies. A roster of companies subject to the new scrutiny would include Facebook, Google, Instagram, Twitter, Snap and Pinterest .

At issue is how broadly or narrowly companies are protected under the Communications Decency Act, which was part of the Telecommunications Act of 1996. Social media companies use the Act to shield against liability for the posts, videos or articles that are uploaded from individual users or third parties.

The Trump administration aren’t the only politicians in Washington are focused on the laws that shield social media platforms from legal liability. House Speaker Nancy Pelosi took technology companies to task earlier this year in an interview with Recode.

The criticisms may come from different sides of the political spectrum, but their focus on the ways in which tech companies could use Section 230 of the Act is the same.

The White House’s executive order would ask the FCC to disqualify social media companies from immunity if they remove or limit the dissemination of posts without first notifying the user or third party that posted the material, or if the decision from the companies is deemed anti-competitive or unfair.

The FTC and FCC had not responded to a request for comment at the time of publication.

HarmonyOS is Huawei’s Android alternative for smartphones and smart home devices

By Manish Singh

After months of conflicting statements from Huawei executives, the Chinese networking giant on Friday officially unveiled HarmonyOS, the much-anticipated microkernel-based distributed operating system that it has developed to power smartphones, laptops and smart home devices as the company attempts to reduce its reliance on American firms.

HarmonyOS will be made available later this year for deployment in smart screen products such as TV, smart watches and in-vehicle infotainment systems, said Richard Yu, CEO of the Huawei consumer division at the company’s developer conference. In the next three years, Huawei, the world’s second largest smartphone vendor, will look to bring HarmonyOS to more devices, including smartphones, he said.

Yu said, without offering any proof, that HarmonyOS is “more powerful and secure than Android.” He said HarmonyOS’ IPC performance is five times that of Google’s Fuchsia. The top executive also claimed that HarmonyOS’ microkernel has “one-thousandth the amount of code in the Linux kernel.”

“A modularized HarmonyOS can be nested to adapt flexibly to any device to create a seamless cross-device experience. Developed via the distributed capability kit, it builds the foundation of a shared developer ecosystem,” the company said in a statement, adding that it began to explore developing its own operating system “as early as 10 years ago.”

The company said it intends to continue to use Android moving forward, but HarmonyOS is officially its back-up plan if things go south. “We will prioritize Android for smartphones, but if we can’t use Android, we will be able to install HarmonyOS quickly,” Yu said.

GettyImages 1160460796

Image: FRED DUFOUR / AFP / Getty Images

The availability of the mobile operating system, which is open source, will be limited to China for now, though the company has plans to bring it to international markets at a later stage, he said.

The company said it has worked on security and trustworthiness aspects of the operating system from the ground up. It said HarmonyOS uses formal verification methods to “reshape security.” Formal verification methods are an effective mathematical approach to validate system correctness from the source, while traditional verification methods, such as functional verification and attack simulation, “are confined to limited scenarios,” the company claimed.

The announcement today comes months after the U.S. government put Huawei and more than 60 affiliates in an entity list, restricting U.S. firms from maintaining a business relationship with the Chinese giant. The U.S. government has accused Huawei of stealing trade secrets, and said it poses a risk to national security. Huawei has denied these accusations and pursued legal means to fight back.

In the aftermath, Google, Intel and other U.S.-based companies that contribute much of the technology and solutions that go into a smartphone suspended their business with Huawei, thereby severely questioning the company’s future prospects.

The ongoing trade war between the U.S. and China has already started to impact Huawei’s bottom line. The company’s performance in the quarter that ended in June was weak, compared to several previous quarters.

What remains unclear is the kind of impact the U.S.’ accusations have had on the Chinese giant’s brand image worldwide. According to research firm Counterpoint, about half of all Huawei smartphones ship outside China.

Huawei was poised to become the world’s biggest vendor by shipment — something it would have achieved — “if not for the trade war,” Yu said.

Facebook could face billions in potential damages as court rules facial recognition lawsuit can proceed

By Jonathan Shieber

Facebook is facing exposure to billions of dollars in potential damages as a federal appeals court on Thursday rejected Facebook’s arguments to halt a class action lawsuit claiming it illegally collected and stored the biometric data of millions of users.

The class action lawsuit has been working its way through the courts since 2015, when Illinois Facebook users sued the company for alleged violations of the state’s Biometric Information Privacy Act by automatically collecting and identifying people in photographs posted to the service.

Now, thanks to a unanimous decision from the 9th U.S. Circuit Court of Appeals in San Francisco, the lawsuit can proceed.

The most significant language from the decision from the circuit court seems to be this:

We conclude that the development of face template using facial-recognition technology without consent (as alleged here) invades an individual’s private affairs and concrete interests. Similar conduct is actionable at common law.

The American Civil Liberties Union came out in favor of the court’s ruling.

“This decision is a strong recognition of the dangers of unfettered use of face surveillance technology,” said Nathan Freed Wessler, staff attorney with the ACLU Speech, Privacy, and Technology Project, in a statement. “The capability to instantaneously identify and track people based on their faces raises chilling potential for privacy violations at an unprecedented scale. Both corporations and the government are now on notice that this technology poses unique risks to people’s privacy and safety.”

As April Glaser noted in Slate, Facebook already may have the world’s largest database of faces, and that’s something that should concern regulators and privacy advocates.

“Facebook wants to be able to certify identity in a variety of areas of life just as it has been trying to corner the market on identify verification on the web,” Siva Vaidhyanathan told Slate in an interview. “The payoff for Facebook is to have a bigger and broader sense of everybody’s preferences, both individually and collectively. That helps it not only target ads but target and develop services, too.”

That could apply to facial recognition technologies as well. Facebook, thankfully, doesn’t sell its facial recognition data to other people, but it does allow companies to use its data to target certain populations. It also allows people to use its information for research and to develop new services that could target Facebook’s billion-strong population of users.

As our own Josh Constine noted in an article about the company’s planned cryptocurrency wallet, the developer community poses as much of a risk to how Facebook’s products and services are used and abused as Facebook itself.

Facebook has said that it plans to appeal the decision. “We have always disclosed our use of face recognition technology and that people can turn it on or off at any time,” a spokesman said in an email to Reuters.

Now, the lawsuit will go back to the court of U.S. District Judge James Donato in San Francisco who approved the class action lawsuit last April for a possible trial.

Under the privacy law in Illinois, negligent violations could be subject to damages of up to $1,000 and intentional violations of privacy are subject to up to $5,000 in penalties. For the potential 7 million Facebook users that could be included in the lawsuit, those figures could amount to real money.

“BIPA’s innovative protections for biometric information are now enforceable in federal court,” added Rebecca Glenberg, senior staff attorney at the ACLU of Illinois. “If a corporation violates a statute by taking your personal information without your consent, you do not have to wait until your data is stolen or misused to go to court. As our General Assembly understood when it enacted BIPA, a strong enforcement mechanism is crucial to hold companies accountable when they violate our privacy laws. Corporations that misuse Illinoisans sensitive biometric data now do so at their own peril.”

These civil damages could come on top of fines that Facebook has already paid to the U.S. government for violating its agreement with the Federal Trade Commission over its handling of private user data. That resulted in one of the single largest penalties levied against a U.S. technology company. Facebook is potentially on the hook for a $5 billion payout to the U.S. government. That penalty is still subject to approval by the Justice Department.

US regulators take aim at Tesla over Model 3 safety claims

By Kirsten Korosec

Tesla’s claims about the safety of its Model 3 electric vehicle prompted U.S. regulators to send a cease-and-desist letter and escalate the matter by asking the Federal Trade Commission to investigate, according to documents released by the nonprofit legal transparency website PlainSite.

The documents show correspondence between the lawyers at National Highway Traffic Safety Administration and Tesla that began after the automaker’s October 7 blog post that said the Model 3 had achieved the lowest probability of injury of any vehicle the agency ever tested. PlainSite received the 79 pages of communications since January 2018 between NHTSA and Tesla through a Freedom of Information Act request. There were 450 pages of communication that were withheld due to Tesla’s request for confidentiality on the basis of “trade secrets.”

NHTSA took issue with the blog post, arguing that Tesla’s claims were inconsistent with its advertising guidelines regarding crash ratings. The matter might have ended with that demand. But NHTSA took the issue further and informed Tesla it would ask the Federal Trade Commission to weigh in.

“This is not the first time that Tesla has disregarded the guidelines in a matter that may lead to consumer confusion and give Tesla an unfair market advantage,” the letter dated October 17 reads. “We have therefore also referred this matter to the Federal Trade Commission’s Bureau of Consumer Protection to investigate whether these statements constitute unfair or deceptive acts or practices.”

Tesla did not respond to a request for comment.

The automaker’s lawyers did, however, push back against NHTSA’s request, according to the correspondence released by PlainSite. Tesla lawyers argue in one letter that the company’s statements were neither “untrue nor misleading.”

“To the contrary, Tesla has provided consumers with fair and objective information to compare the relative safety of vehicles having 5-star overall ratings,” the letter from Tesla’s deputy general counsel.

The documents posted by PlainSite also showed NHTSA requested sales data on all Tesla vehicles produced since July 2016 with or without Autopilot, the automaker’s advanced driver assistance system. The agency also issued subpoenas to Tesla ordering it to produce information on several crashes, including a January 25, 2019 crash in San Ramon, Calif. The subpoenas requested information about the vehicle, its owner, history and videos and images related to the crash and were to be sent to NHTSA’s Office of Defects Investigations.

Tech stocks walloped as China retaliates in the latest salvo of its trade war with the US

By Jonathan Shieber

All U.S. stock markets were down severely today, and tech stocks were hit especially hard, as China retaliated to increasing U.S. tariffs by halting imports on U.S. agricultural goods and finally acceded to market pressures by letting the yuan slide in value against the dollar.

At one point, the Dow was down nearly 900 points before staging a late afternoon rally to close off by roughly 760 points. The Nasdaq, the marketplace which is home to a number of technology stocks, saw its value drop by 3.4%, or 277.10 points.

Shares of Alphabet (the parent company of Google), Amazon, Apple, Facebook, Microsoft, Netflix and Twitter were all down for the day. Indeed, as CNBC reported, the biggest tech stocks — Microsoft, Amazon, Apple, Facebook and Alphabet — lost a combined $162 billion in market value.

Declines came as China allowed its currency to fall below what was once considered to be a red-line in the country’s currency peg against the dollar. That means that Chinese goods start to look more attractive globally as their prices decline in relation to the dollar. It could also trigger a wave of currency devaluations and protectionist measures across the globe — further putting downward pressure on global economic growth.

Stocks also continued to feel the pinch from the threat that President Donald Trump would make good on his threat to impose new tariffs on goods from China beginning September 1, 2019. Those tariffs are expected to take a bite out of every-day consumer goods and clothing, which adversely affects tech companies.

The big concern for these tech companies is the looming threat of that tariff expansion from the U.S. If those tariffs go into effect it would have significant consequences in these companies’ home market. 

“Assuming smartphones, tablets, smart watches, and computer systems are not categorically excluded from the final $300B tranche, we expect there will be material impact to Apple hardware product earnings,” analysts from Cowen & Co. wrote in a note quoted by CNBC .

Don’t miss this epic Twitter fight between the IAB’s CEO and actual publishers

By Natasha Lomas

Grab popcorn. As Internet fights go this one deserves your full attention — because the fight is over your attention. Your eyeballs and the creepy ads that trade data on you to try to swivel ’em.

A Clockwork Orange Eyes GIF - Find & Share on GIPHY

In the blue corner, the Internet Advertising Association’s CEO, Randall Rothenberg, who has been taking to Twitter increasingly loudly in recent days to savage Europe’s privacy framework, the GDPR, and bleat dire warnings about California’s Consumer Privacy Act (CCPA) — including amplifying studies he claims show “the negative impact” on publishers.

Exhibit A, tweeted August 1:

More on the negative impact of #GDPR on publishers (and more reasons @iab is trying to fix #CCPA so publishers, brands, & retailers don’t get killed). https://t.co/BWtGNYGTJq

Randall Rothenberg (@r2rothenberg) July 31, 2019

NB: The IAB is a mixed membership industry organization which combines advertisers, brands, publishers, data brokers* and adtech platform tech giants — including the dominant adtech duopoly, Google and Facebook, who take home ~60% of digital ad spend. The only entity capable of putting a dent in the duopoly, Amazon, is also in the club. Its membership reflects the sprawling interests attached to the online ad industry, and, well, the personal data that currently feeds it (your eyeballs again!), although some members clearly have pots more money to spend on lobbying against digital privacy regs than others.

In a what now looks to have been deleted tweet last month Rothenberg publicly professed himself proud to have Facebook as a member of his ‘publisher defence’ club. Though, admittedly, per the above tweet, he’s also worried about brands and retailers getting “killed”. He doesn’t need to worry about Google and Facebook’s demise because that would just be ridiculous.

Now, in the — I wish I could call it ‘red top’ corner, except these newspaper guys are anything but tabloid — we find premium publishers biting back at Rothenberg’s attempts to trash-talk online privacy legislation.

Here’s the New York Times‘ data governance & privacy guy, Robin Berjon, demolishing Rothenberg via the exquisite medium of quote-tweet

One of the primary reasons we need the #GDPR and #CCPA (and more) today is because the @iab, under @r2rothenberg's leadership, has been given 20 years to self-regulate and has used the time to do [checks notes] nothing whatsoever.https://t.co/hBS9d671LU

— Robin Berjon (@robinberjon) August 1, 2019

I’m going to quote Berjon in full because every single tweet packs a beautifully articulated punch:

  • One of the primary reasons we need the #GDPR and #CCPA (and more) today is because the @iab, under @r2rothenberg’s leadership, has been given 20 years to self-regulate and has used the time to do [checks notes] nothing whatsoever.
  • I have spent much of my adult life working in self-regulatory environments. They are never perfect, but when they work they really deliver.
  • #Adtech had a chance to self-reg when the FTC asked them to — from which we got the joke known as AdChoices.
  • They got a second major chance with DNT. But the notion of a level playing field between #adtech and consumers didn’t work for them so they did everything to prevent it from existing.
  • At some point it became evident that the @iab lacked the vision and leadership to shepherd the industry towards healthy, sustainable behaviour. That’s when regulation became unavoidable. No one has done as much as the @iab has to bring about strong privacy regulation.
  • And to make things funnier the article that @r2rothenberg was citing as supporting his view is… calling for stronger enforcement of the #GDPR.
  • If that’s not a metaphor for where the @iab’s at, I don’t know what is.

Next time Facebook talks about how it can self-regulate its access to data I suggest you cc that entire thread.

Also chipping in on Twitter to champion Berjon’s view about the IAB’s leadership vacuum in cleaning up the creepy online ad complex, is Aram Zucker-Scharff, aka the ad engineering director at — checks notes — The Washington Post.

His punch is more of a jab — but one that’s no less painful for the IAB’s current leadership.

“I say this rarely, but this is a must read,” he writes, in a quote tweet pointing to Berjon’s entire thread.

I say this rarely, but this is a must read, Thread: https://t.co/FxKmT9bp7r

— Aram Zucker-Scharff (@Chronotope) August 2, 2019

Another top tier publisher’s commercial chief also told us in confidence that they “totally agree with Robin” — although they didn’t want to go on the record today.

In an interesting twist to this ‘mixed member online ad industry association vs people who work with ads and data at actual publishers’ slugfest, Rothenberg replied to Berjon’s thread, literally thanking him for the absolute battering.

Yes, thank you – that’s exactly where we’re at & why these pieces are important!” he tweeted, presumably still dazed and confused from all the body blows he’d just taken. “@iab supports the competitiveness of the hundreds of small publishers, retailers, and brands in our global membership. We appreciate the recognition and your explorations,@robinberjon.”

Yes, thank you – that’s exactly where we’re at & why these pieces are important! @iab supports the competitiveness of the hundreds of small publishers, retailers, and brands in our global membership. We appreciate the recognition and your explorations, @robinberjon & @Bershidsky https://t.co/WDxrWIyHXd

— Randall Rothenberg (@r2rothenberg) August 2, 2019

Rothenberg also took the time to thank Bloomberg columnist, Leonid Bershidsky, who’d chipped into the thread to point out that the article Rothenberg had furiously retweeted actually says the GDPR “should be enforced more rigorously against big companies, not that the GDPR itself is bad or wrong”.

Who is Bershidsky? Er, just the author of the article Rothenberg tried to nega-spin. So… uh… owned.

May I point out that the piece that's cited here (mine) says the GDPR should be enforced more rigorously against big companies, not that the GDPR itself is bad or wrong?

— Leonid Bershidsky (@Bershidsky) August 1, 2019

But there’s more! Berjon tweeted a response to Rothenberg’s thanks for what the latter tortuously referred to as “your explorations” — I mean, the mind just boggles as to what he was thinking to come up with that euphemism — thanking him for reversing his position on GDPR, and for reversing his prior leadership vacuum on supporting robustly enforced online privacy laws. 

It’s great to hear that you’re now supporting strong GDPR enforcement,” he writes. “It’s indeed what most helps the smaller players. A good next step to this conversation would be an @iab statement asking to transpose the GDPR to US federal law. Want to start drafting something?”

It's great to hear that you're now supporting strong GDPR enforcement. It's indeed what most helps the smaller players. A good next step to this conversation would be an @iab statement asking to transpose the GDPR to US federal law. Want to start drafting something?

— Robin Berjon (@robinberjon) August 2, 2019

We’ve asked the IAB if, in light of Rothenberg’s tweet, it now wishes to share a public statement in support of transposing the GDPR into US law. We’ll be sure to update this post if it says anything at all.

We’ve also screengrabbed the vinegar strokes of this epic fight — as an insurance policy against any further instances of the IAB hitting the tweet delete button. (Plus, I mean, you might want to print it out and get it framed.)

Screenshot 2019 08 02 at 18.48.08

Some light related reading can be found here:

A closer look at China’s smartphone market

By Brian Heater

In February 2013, China surpassed the United States to become the world’s largest smartphone market. More than half a decade on, it still proves an elusive target for international sellers. A glance at reports from the past several quarters reveals the top spots dominated by homegrown names: Huawei, Vivo, Oppo, Xiaomi.

Combined, the big four made up roughly 84% of the nearly 100 million smartphones shipped last quarter, per new numbers from Canalys. Even international giants like Apple and Samsung have trouble cracking double-digit market share. Of the two, Apple has generally done better, with around six percent of the market — around six times Samsung’s share.

But Apple’s struggles have been very visible nonetheless, as the company has invested a good deal of its own future success into the China market. At the beginning of the year, the company took the rare action of lowering its guidance for Q1, citing China as the primary driver.

“While we anticipated some challenges in key emerging markets, we did not foresee the magnitude of the economic deceleration, particularly in Greater China,” Tim Cook said in a letter to shareholders at the time. “In fact, most of our revenue shortfall to our guidance, and over 100 percent of our year-over-year worldwide revenue decline, occurred in Greater China across iPhone, Mac and iPad.”

When it came time to report, things were disappointing as expected. The company’s revenue in the area dropped nearly $5 billion, year over year. On the tail of two rough quarters, things picked up a bit for Apple in the country. This week, Tim Cook noted “great improvement” in Greater China.

Capital One’s breach was inevitable, because we did nothing after Equifax

By Zack Whittaker

Another day, another massive data breach.

This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005.

That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.

The FBI already has a suspect in custody. Seattle resident and software developer Paige A. Thompson, 33, was arrested and detained pending trial. She’s been accused of stealing data by breaching a web application firewall, which was supposed to protect it.

Sound familiar? It should. Just last week, credit rating giant Equifax settled for more than $575 million over a date breach it had — and hid from the public for several months — two years prior.

Why should we be surprised? Equifax faced zero fallout until its eventual fine. All talk, much bluster, but otherwise little action.

Equifax’s chief executive Richard Smith “retired” before he was fired, allowing him to keep his substantial pension packet. Lawmakers grilled the company but nothing happened. An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine — which amounted to about 20% of the company’s annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly.

Legislatively, nothing has changed. Equifax remains as much of a “victim” in the eyes of the law as it was before — technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.

Mark Warner, a Democratic senator serving Virginia, along with his colleague since turned presidential candidate Elizabeth Warren, was tough on the company, calling for it to do more to protect consumer data. With his colleagues, he called on the credit agencies to face penalties to the top brass and extortionate fines to hold the companies accountable — and to send a message to others that they can’t play fast and loose with our data again.

But Congress didn’t bite. Warner told TechCrunch at the time that there was “a failure of the company, but also of lawmakers” for not taking action.

Lo and behold, it happened again. Without a congressional intervention, Capital One is likely to face largely the same rigmarole as Equifax did.

Blame the lawmakers all you want. They had their part to play in this. But fool us twice, shame on the credit companies for not properly taking action in the first place.

The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine. We watched and waited to see what would happen as the canary’s lifeless body emerged — but, much to the American public’s chagrin, no action came of it. The companies continued on with the mentality that “it could happen to us, but probably won’t.” It was always going to happen again unless there was something to force the companies to act.

Companies continue to vacuum up our data — knowingly and otherwise — and don’t do enough to protect it. As much as we can have laws to protect consumers from this happening again, these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously.

We had an opportunity to stop these kinds of breaches from happening again, yet in the two years passed we’ve barely grappled with the basic concepts of internet security. All we have to show for it is a meager fine.

Thompson faces five years in prison and a fine of up to $250,000.

Everyone else faces just another major intrusion into their personal lives. Not at the hands of the hacker per se, but the companies that collect our data — with our consent and often without — and take far too many liberties with it.

Week in Review: Regulation boogaloo

By Lucas Matney

Hello, weekenders. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how services like Instagram had moved beyond letting their algorithms take over the curation process as they tested minimizing key user metrics such as “like” counts on the platform.


John Taggart/Bloomberg via Getty Images

The big story

The big news stories this week intimately involved the government poking its head into the tech industry. What was clear between the two biggest stories, the DoJ approving the Sprint/T -Mobile merger and the FTC giving Facebook a $5 billion slap on the wrist, is that big tech has little to worry about its inertia being contained.

It seems the argument from Spring and T-Mobile that it was better to have three big telecom companies in the U.S. rather than two contenders and two pretenders, seems to have stuck. Similarly, Facebook seems to have done a worthy job of indicating that it will handle the complicated privacy stuff but that they’ll let the government orgs see what they’re up to.

Fundamentally, none of these orgs seem to want to harm the growth of these American tech companies and I have a tough time believing that perspective is going to magically get more toothy in some of these early antitrust investigations. The government might be making a more concerted effort to understand how these businesses are structured, but even focusing solely on something like the cloud businesses of Microsoft, Google and Amazon, I have little doubt that the government is going to spend an awfully long time in the observation phase.

The danger is erraticism and for that the worst government fear for tech isn’t a three-letter agency, it’s the Twitter ramblings of POTUS.

feedback -> @lucasmtny

Onto the rest of the week’s news.

Intel and Apple logos

(Photo: ALASTAIR PIKE,THOMAS SAMSON/AFP/Getty Images)

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple dropping $1 billion on Intel’s modem business
    Apple is snapping up a missing link in its in-house component production with the $1B purchase of most of Intel’s modem business. This follows a dramatic saga between Intel, Qualcomm and Apple over the past year, but Apple will be making its own smartphone modems the question is when they actually end up in new iPhones. Read more here.
  • Microsoft dropping $1 billion on OpenAI
    Microsoft announced this week that it is dumping $1 billion into Sam Altman’s OpenAI research group. The partnership is pretty major, but it’s just one of the interesting avenues Microsoft is using to ensure its Azure services gain notable customers. Read more here.
  • Galaxy Fold is coming back!
    After a very embarrassing soft launch, Samsung which managed to make it a several devices beyond the Note 7 before another garbage fire is trying its hand at the Galaxy Fold again and will be releasing it sometime in September. It seems like the carriers are a little dubious of the prospect and T-Mobile has already opted out of carrying it. Read more here.

darkened facebook logo

GAFA Gaffes [Facebook Edition!!]

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook gets five:
    [Facebook settles with FTC: $5 billion and new privacy guarantees]
  2. FTC isn’t quite done with Facebook:
    [Facebook says it’s under antitrust investigation by the FTC]
  3. Facebook dismissed CA warnings:
    [Facebook ignored staff warnings about sketchy Cambridge Analytica in September 2015]
  4. Facebook left kids vulnerable:
    [Facebook fails to keep Messenger Kids safety promise]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. This week, my colleague Danny spoke with some top VCs about why fintech startups have been raising massive amounts of cash and he seemed to walk away with some interesting impressions.

Why fintech VC mega rounds have become so common

“…The biggest challenge that has faced fintech companies for years — really, the industry’s consistent Achilles’ heel — is the cost of acquiring a customer. Financial customer relationships are incredibly valuable, and the cost of acquiring a user for any product is among the most expensive in every major channel.

And those costs are going up…”

Here are some of our other top reads for premium subscribers.

We’re excited to announce The Station, a new TechCrunch newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning in August.

Lessons from the hardware capital of the world

By Brian Heater

A week is obviously not enough time to truly understand a market as massive and fascinating as China. Hell, it’s not really even enough time to adjust to the 12-hour time difference from New York. That said, each of the three visits I’ve taken to the country in the past two years has yielded some useful insights into my role as hardware editor here at TechCrunch.

Late last week, I got back from an eight-day trip to Shenzhen in the Guangdong Province of South China and nearby Hong Kong. In some respects, the cities are worlds apart, though a newly opened high-speed rail system has reduced the trip to 30 minutes. Customs issues aside, it’s the height of convenience. Though for political and cultural reasons I’ll not get into here, some have bemoaned the access it’s provided.

This particular visit was sort of a scouting trip. In November, TechCrunch will be hosting its first Hardware Battlefield event in a couple of years. Previous events had been held at CES for reasons of easy access to young startups. This time out, however, we’ve opted to go straight to the source.

The birthplace of hardware

Facebook ignored staff warnings about ‘sketchy’ Cambridge Analytica in September 2015

By Natasha Lomas

Facebook employees tried to alert the company about the activity of Cambridge Analytica as early as September 2015, per the SEC’s complaint against the company which was published yesterday.

This chimes with a court filing that emerged earlier this year — which also suggested Facebook knew of concerns about the controversial data company earlier than it had publicly said, including in repeat testimony to a U.K. parliamentary committee last year.

Facebook only finally kicked the controversial data firm off its ad platform in March 2018 when investigative journalists had blown the lid off the story.

In a section of the SEC complaint on “red flags” raised about the scandal-hit company Cambridge Analytica’s potential misuse of Facebook user data, the SEC complaint reveals that it already knew of concerns raised by staffers in its political advertising unit — who described CA as a “sketchy (to say the least) data modeling company that has penetrated our market deeply.”

Screenshot 2019 07 25 at 11.43.17

Amid a flurry of major headlines for the company yesterday, including a $5 billion FTC fine — all of which was selectively dumped on the same day media attention was focused on Mueller’s testimony before Congress — Facebook quietly disclosed it had also agreed to pay $100 million to the SEC to settle a complaint over failures to properly disclose data abuse risks to its investors.

This tidbit was slipped out toward the end of a lengthy blog post by Facebook general counsel Colin Stretch, which focused on responding to the FTC order with promises to turn over a new leaf on privacy.

CEO Mark Zuckerberg also made no mention of the SEC settlement in his own Facebook note about what he dubbed a “historic fine.”

As my TC colleague Devin Coldewey wrote yesterday, the FTC settlement amounts to a ‘“get out of jail” card for the company’s senior execs by granting them blanket immunity from known and unknown past data crimes.

“Historic fine” is therefore quite the spin to put on being rich enough and powerful enough to own the rule of law.

And by nesting its disclosure of the SEC settlement inside effusive privacy washing discussion of the FTC’s “historic” action, Facebook looks to be hoping to detract attention from some really awkward details in its narrative about the Cambridge Analytica scandal that highlight ongoing inconsistencies and contradictions, to put it politely.

The SEC complaint underlines that Facebook staff were aware of the dubious activity of Cambridge Analytica on its platform prior to the December 2015 Guardian story — which CEO Mark Zuckerberg has repeatedly claimed was when he personally became aware of the problem.

Asked about the details in the SEC document, a Facebook spokesman pointed us to comments it made earlier this year when court filings emerged that also suggested staff knew in September 2015. In this statement, from March, it says “employees heard speculation that Cambridge Analytica was scraping data, something that is unfortunately common for any internet service,” and further claims it was “not aware of the transfer of data from Kogan/GSR to Cambridge Analytica until December 2015,” adding: “When Facebook learned about Kogan’s breach of Facebook’s data use policies, we took action.”

Facebook staffers were also aware of concerns about Cambridge Analytica’s “sketchy” business when, around November 2015, Facebook employed psychology researcher Joseph Chancellor — aka the co-founder of app developer GSR — who, as Facebook has sought to paint it, is the “rogue” developer that breached its platform policies by selling Facebook user data to Cambridge Analytica.

This means Facebook employed a man who had breached its own platform policies by selling user data to a data company which Facebook’s own staff had urged, months prior, be investigated for policy-violating scraping of Facebook data, per the SEC complaint.

Fast-forward to March 2018 and press reports revealing the scale and intent of the Cambridge Analytica data heist blew up into a global data scandal for Facebook, wiping billions off its share price.

The really awkward question that Facebook has continued not to answer — and which every lawmaker, journalist and investor should therefore be putting to the company at every available opportunity — is why it employed GSR co-founder Chancellor in the first place?

Chancellor has never been made available by Facebook to the media for questions. He also quietly left Facebook last fall — we must assume with a generous exit package in exchange for his continued silence. (Assume because neither Facebook nor Chancellor have explained how he came to be hired.)

At the time of his departure, Facebook also made no comment on the reasons for Chancellor leaving — beyond confirming he had left.

Facebook has never given a straight answer on why it hired Chancellor. See, for example, its written response to a Senate Commerce Committee’s question — which is pure, textbook misdirection, responding with irrelevant details that do not explain how Facebook came to identify him for a role at the company in the first place (“Mr. Chancellor is a quantitative researcher on the User Experience Research team at Facebook, whose work focuses on aspects of virtual reality. We are investigating Mr. Chancellor’s prior work with Kogan through counsel”).

Screenshot 2019 07 25 at 12.02.10

What was the outcome of Facebook’s internal investigation of Chancellor’s prior work? We don’t know because again Facebook isn’t saying anything.

More importantly, the company has continued to stonewall on why it hired someone intimately linked to a massive political data scandal that’s now just landed it a “historic fine.”

We asked Facebook to explain why it hired Chancellor — given what the SEC complaint shows it knew of Cambridge Analytica’s “sketchy” dealings — and got the same non-answer in response: “Mr Chancellor was a quantitative researcher on the User Experience Research team at Facebook, whose work focused on aspects of virtual reality. He is no longer employed by Facebook.”

We’ve asked Facebook to clarify why Chancellor was hired despite internal staff concerns linked to the company to which his company was set up to sell Facebook data; and how of all possible professionals it could hire Facebook identified Chancellor in the first place — and will update this post with any response. (A search for “quantitative researcher” on LinkedIn’s platform returns more than 177,000 results of professionals who are using the descriptor in their profiles.)

Earlier this month a U.K. parliamentary committee accused the company of contradicting itself in separate testimonies on both sides of the Atlantic over knowledge of improper data access by third-party apps.

The committee grilled multiple Facebook and Cambridge Analytica employees (and/or former employees) last year as part of a wide-ranging enquiry into online disinformation and the use of social media data for political campaigning — calling in its final report for Facebook to face privacy and antitrust probes.

A spokeswoman for the DCMS committee told us it will be writing to Facebook next week to ask for further clarification of testimonies given last year in light of the timeline contained in the SEC complaint.

Under questioning in Congress last year, Facebook founder Zuckerberg also personally told Congressman Mike Doyle that Facebook had first learned about Cambridge Analytica using Facebook data as a result of the December 2015 Guardian article.

Yet, as the SEC complaint underlines, Facebook staff had raised concerns months earlier. So, er, awkward.

There are more awkward details in the SEC complaint that Facebook seems keen to bury, too — including that as part of a signed settlement agreement, GSR’s other co-founder, Aleksandr Kogan, told it in June 2016 that he had, in addition to transferring modeled personality profile data on 30 million Facebook users to Cambridge Analytica, sold the latter “a substantial quantity of the underlying Facebook data” on the same set of individuals he’d profiled.

This U.S. Facebook user data included personal information such as names, locations, birthdays, gender and a sub-set of page likes.

Raw Facebook data being grabbed and sold does add some rather colorful shading around the standard Facebook line — i.e. that its business is nothing to do with selling user data. Colorful because while Facebook itself might not sell user data — it just rents access to your data and thereby sells your attention — the company has built a platform that others have repurposed as a marketplace for exactly that, and done so right under its nose…

Screenshot 2019 07 25 at 12.40.29

The SEC complaint also reveals that more than 30 Facebook employees across different corporate groups learned of Kogan’s platform policy violations — including senior managers in its comms, legal, ops, policy and privacy divisions.

The U.K.’s data watchdog previously identified three senior managers at Facebook who it said were involved in email exchanges prior to December 2015 regarding the GSR/Cambridge Analytica breach of Facebook users data, though it has not made public the names of the staff in question.

The SEC complaint suggests a far larger number of Facebook staffers knew of concerns about Cambridge Analytica earlier than the company narrative has implied up to now. Although the exact timeline of when all the staffers knew is not clear from the document — with the discussed period being September 2015 to April 2017.

Despite 30+ Facebook employees being aware of GSR’s policy violation and misuse of Facebook data — by April 2017 at the latest — the company leaders had put no reporting structures in place for them to be able to pass the information to regulators.

“Facebook had no specific policies or procedures in place to assess or analyze this information for the purposes of making accurate disclosures in Facebook’s periodic filings,” the SEC notes.

The complaint goes on to document various additional “red flags” it says were raised to Facebook throughout 2016 suggesting Cambridge Analytica was misusing user data — including various press reports on the company’s use of personality profiles to target ads; and staff in Facebook’s own political ads unit being aware that the company was naming Facebook and Instagram ad audiences by personality trait to certain clients, including advocacy groups, a commercial enterprise and a political action committee.

“Despite Facebook’s suspicions about Cambridge and the red flags raised after The Guardian article, Facebook did not consider how this information should have informed the risk disclosures in its periodic filings about the possible misuse of user data,” the SEC adds.

9 reasons the Facebook FTC settlement is a joke

By Devin Coldewey

The FTC just announced the details of its settlement agreement with Facebook over years of privacy practices in violation of a previous order. To say the settlement is favorable to Facebook, even with the record $5 billion penalty, is an understatement; the company’s lawyers are probably popping champagne right about now. Here’s why.

1. $5 billion is a laugh

$5 billion may sound like a lot, but in this context it is simply not a meaningful amount. Leaving aside that Facebook at this point probably makes that in a month, it simply does not correspond to the harm done or rewards reaped.

It’s highly likely that Facebook’s “unjust enrichment,” made as a result of the forbidden user data collection in which it engaged, is more than $5 billion. As Commissioner Rohit Chopra says in his dissenting statement, “breaking the law has to be riskier than following it.” In other words, you shouldn’t be able to steal $100, then pay a fine of $50 to get off the hook.

“The fact that Facebook’s stock value increased with the disclosure of a potential $5 billion penalty may suggest that the market believes that a penalty at this level makes a violation profitable,” wrote Commissioner Rebecca Kelly Slaughter in her own dissent.

In the case of Google, which in spirit is similar to this one, the settlement with the FTC amounted to several times the company’s unjust enrichment. Why isn’t that the case with Facebook? Because the investigation didn’t look into it.

2. The investigation was rushed and incomplete

No one likes it when serious investigations of wrongdoing (not that Facebook officially admits to any) drag on for too long, since in the meantime the wrongdoing may very well continue. But this case isn’t a simple one where Facebook may have violated one or two of the FTC’s prohibitions for a short period of time in 2014. The company ignored the government-ordered restrictions systematically for years, meriting an investigation on a similar scale.

Instead of getting deep into the questions of who was responsible, how much money was made, whether public statements were misleading, the extent of public harm, etc, the investigators opted to quickly establish a pattern of violating behavior and slap the company with a nice round number. (Let’s hope the antitrust investigation announced today is a bit more thorough.)

The brevity and limitations of the investigation are evident from the fact that…

3. They didn’t grill any executives

“The Commissioners supporting this outcome do not cite a single deposition of Zuckerberg or any other Facebook officer or director,” writes Chopra. Although there may have been off-record conversations or letters from execs in response to questions sent by investigators, they did not put Zuckerberg or Sandberg or any other big players in the hot seat. Seems fundamental when the investigation alleges complicity at the highest levels, right?

But not only were no executives put to the question…

4. There are no charges or consequences for them either

“I started Facebook, and at the end of the day I’m responsible for what happens on our platform,” wrote Mark Zuckerberg last year during the fracas surrounding his questioning by Congress. Nor is that only his opinion. There is a great deal of precedent for leveling additional, complementary charges at executives alongside those aimed at the company. They might not even need testimony to do it:

“I believe there is already sufficient evidence, including through public statements, to support a charge against Mark Zuckerberg for violating the 2012 order,” writes Chopra, and Commissioner Slaughter concurred. Even if that weren’t the case, they could state with certainty that leadership, if it was not directly complicit in rulebreaking, at least failed in their responsibility to prevent it.

Going after individuals, however, may involve separate fact-finding work, expensive and time-consuming litigation, and of course the risk that after all that, the judge will rule against the FTC and officially exonerate the defendant and set an unsavory precedent. They may have decided that risk was too great, but surely if some revealing information comes to light tomorrow individual charges may result.

About that…

5. You get immunity! And YOU get immunity!

It’s ordinary in settlements like to this to “release” companies from claims that they violated an agreement — like a plea bargain where you get probation and no record in exchange for a fine and community service. But the Facebook settlement gives both the company and its executives blanket immunity, not just for any violations the FTC has claimed, but for any violations it hasn’t claimed.

In other words, it’s giving Facebook a blank slate not only for violations it definitely did, but for any it might have secretly done between 2012 and 2018. “A release of this scope is unjustified by our investigation and unsupported by either precedent or sound public policy,” writes Slaughter. “I have not been able to find a single Commission order — certainly not one against a repeat offender — that contains a release as broad as this one,” concurs Chopra.

It’s extraordinary that a repeat offender that has shown a disdain for the FTC’s authority would get such comprehensive, top-to-bottom immunity. This isn’t just a plea bargain, it’s a plenary indulgence.

6. The privacy measures are honor system

This was perhaps the FTC’s best chance to lay down strong rules as to what Facebook can and can’t do with user data going forward — especially considering the previous ones were shrugged off. Instead, apart from a few new rules like better notification of facial recognition systems, it basically just told Facebook it can do what it wants as long as it files the paperwork.

The settlement requires Facebook to document lots of things. If a new product is a potential risk, Facebook has to write a report on what data will be collected, how it will notify users, whether they can opt out, and how it is (and isn’t) planning to reduce that risk. Nowhere does the FTC spell out what constitutes unreasonable risk, minimum notification or opt-out requirements, or whether a product or strategy (like absorbing WhatsApp) is automatically suspect.

“It is akin to if federal regulators, instead of ordering automakers to install seatbelts, ordered them to document the pros and cons of installing seatbelts, and to decide for themselves whether it would be worthwhile,” writes Chopra.

As long as it files its paperwork, Facebook is free to decide what constitutes risk, damage to users, and how it should handle those things. It’s a bit like asking a bank robber to write a journal. But even if someone reads it and finds something objectionable…

7. The oversight is toothless

Facebook must establish a Privacy Committee, Compliance Officers, and an Independent Assessor to make sure that the rules it sets for itself are sufficient and being followed sufficiently. Unfortunately, what they do is a whole lot of reviewing, certifying, and briefing, and no doing.

The Compliance Officers sign off on the privacy program, to be sure, but they have few specific goals, like prevent this or ensure that. The Assessor also lacks authority, so if they decide the privacy program is not working out, they simply register their complaint and wait for Facebook to justify itself.

The “independent” committee’s makeup will be highly affected by the powers that be at Facebook, which have enormous voting power and will be able to make it hard on any troublesome members. Even if they couldn’t, the committee has no power over management — it’s just another Facebook-issued stamp for Facebook-written paperwork.

8. Fancy meeting you here

Federal Trade Commission building

Not pictured: revolving door at front entrance

As The Hill’s Harper Neidig points out: Sean Royall, Facebook’s head counsel in these proceedings, was deputy director at the FTC’s Competition Bureau (not the Bureau of Consumer Protection, which led this action) from 2001-2003. His boss at the bureau then was Joseph Simons — the current chairman of the FTC.

It’s probably just a coincidence.

9. It changes nothing, and endorses Facebook’s continued monetization of mass surveillance

Nothing in this order challenges the fundamental problem that over the last decade has increasingly caused friction between Facebook and both its users and (supposed) regulators: that its business model is predicated on mass collection of personal data on its users, which it distills then sells to advertisers.

That’s a business model that should give any consumer protection regulator pause, and yet this settlement is a tacit endorsement of it. The order really amounts to little more than additional paperwork for Facebook to fill out while it pursues its original course without any divergence.

To be fair, the FTC is a reactive agency and as such is limited by in how much it can really require proactively. But it doesn’t seem like they were testing those limits today. The decision not to litigate, the unimaginative penalty amount, and the eye-popping immunity grant suggest the agency is working comfortably within them and just wanted to get this thing out the door.

The requirements of the settlement were barely even considered on today’s earnings call, on which there appeared to be an understanding that it wouldn’t affect much if anything at all. Even the fear that Zuckerberg voiced earlier today that it would require hiring a thousand people who might otherwise be working on new products (a questionable claim, incidentally) went unaddressed.

This was an opportunity for the FTC to demonstrate that the U.S. is a venue where global internet companies like Facebook can still be held accountable for their actions. It was made clear today that not only will a big check change that, but that the check doesn’t even have to be that big.

EU opens formal antitrust probe of Broadcom and seeks interim order

By Natasha Lomas

The European Commission has opened a formal investigation into US chipmaker Broadcom which it suspects of restricting competition via a number of exclusivity practices in markets where it holds a leading position such as for systems-on-a-chip, front-end chips and wifi chipsets.

Earlier this year press reports suggested US authorities are broadening their own antitrust probe of the company.

The FTC opened its investigation into Broadcom back in January 2018.

Commenting in a press release announcing the antitrust action against the chipmaker, the EU’s antitrust chief Margrethe Vestager said: “TV set-top boxes and modems are part of our daily lives, for both work and for leisure. We suspect that Broadcom, a major supplier of components for these devices, has put in place contractual restrictions to exclude its competitors from the market. This would prevent Broadcom’s customers and, ultimately, final consumers from reaping the benefits of choice and innovation. We also intend to order Broadcom to halt its behaviour while our investigation proceeds, to avoid any risk of serious and irreparable harm to competition.

The Commission has issued a formal statement of objections in which it sets out its preliminary conclusions and explains its reasons for seeking interim measures, saying (emphasis its) it believes that:

  • Broadcom is likely to hold a dominant position in various markets for the supply of systems-on-a-chip for TV set-top boxes and modems
  • certain agreements between Broadcom and seven of its main customers manufacturing TV set-top boxes and modems contain exclusivity provisions that may result in those customers purchasing systems-on-a-chip, front-end chips and WiFi chipsets exclusively or almost exclusively from Broadcom
  • the provisions contained in these agreements may affect competition and stifle innovation in these markets, to the detriment of consumers

The formal investigation could take several years to conclude and the Commission notes that the outcome is not prejudiced by preliminary findings nor any interim measures.

“The Commission has gathered information indicating that Broadcom may be implementing a range of exclusionary practices in relation to these products,” it writes. “These practices may include (i) setting exclusive purchasing obligations, (ii) granting rebates or other advantages conditioned on exclusivity or minimum purchase requirements, (iii) product bundling, (iv) abusive IP-related strategies and (v) deliberately degrading interoperability between Broadcom products and other products.

“As a result of concerns relating to these alleged practices by Broadcom, the Commission has decided to open a formal investigation.”

The Commission says it wants to impose interim measures to prevent the suspected anti-competitive behaviour from damaging the market “irreparably” — i.e. before a regulatory intervention could issue a corrective sanction, assuming it ends up deciding such action is necessary after the investigation has run its course.

Its assessment of the case found that the alleged competition concerns to be “of a serious nature and that Broadcom’s conduct may result in the elimination or marginalisation of competitors before the end of proceedings” — allowing it to meet the threshold for ordering interim measures under EU law.

The Commission says it has informed the chipmaker and the competition authorities of EU Member States that it has opened proceedings and of its intention to impose interim measures.

It’s not clear at this stage when such interim measures could be applied — with anything from several weeks to many months being possible.

Broadcom could also seek to appeal against them.

We’ve reached out to the company for comment. 

In recent years the semiconductor supplier has walked away from a proposed hostile takeover of mobile chipmaker Qualcomm after it was blocked by the Trump administration. It went on to shell out $18.9BN in cash to pick up IT management software and solutions provider, CA Technologies — in what looked like a bid to diversify its offerings.

❌