Archive

Headlines in Tech 24-31 Aug 2022

Headlines in tech news of the week

China agrees to let US audit US listed Chinese companies

…the US had threatened to kick out Chinese companies from its stock exchanges otherwise. Any loss of access to US stock exchange would obviously massively reduce access to the largest public capital market for Chinese businesses. The principle from the US side is that all listed companies should be on an equal footing, and investors should be given the assurance that the numbers disclosed by all public companies can be relied upon and not cooked up.

” Make no mistake though: The proof will be in the pudding,” said Security and Exchange Commission head Gary Gensler. “This agreement will be meaningful only if the PCAOB [Public Company Accounting Oversight Board] actually can inspect and investigate completely audit firms in China”.

Apps

Apple enables users to delete the Wallet app

… back in May this year, the EU Commission said that Apple may be breaching competition laws by preventing third parties from providing a mobile wallet system. A lawsuit was filed in July on behalf of banks complaining that Apple is anti-competitively forcing banks to adopt Apple Pay. iPhones have NFC (Near Field Communication) chips which enables users to pay by tapping on the merchant’s device. Whilst Google enables third parties to access NFC on Android devices, Apple has this chip locked in with Apple’s wallet app. The reports say that in order to tackle the legal issue that has been raised by the EU, Apple will enable users to delete the app, and allow third party web browsers to work with Apple Pay.

Query how many people will actually delete the wallet, given that it does give users a very useful seamless method to make payments for goods.

Artificial Intelligence/ Algorithms

Filtering issues emerge with new uses of AI

A variety of different AI tools are emerging but the issues seem to be similar:

  • A company called Sanas attracted criticism for supplying AI software that filters out accents used in call centres to make call centre agents sound white American. Sanas (founded by first generation immigrants) say that callers who call in because they are frustrated with a service, get even more frustrated when they sense that someone abroad is fielding the calls – and the agents get the brunt of the call. Sanas also say that callers can understand the agents better, enabling the service provider to improve their service.  Critics say it ignores and disrespects different cultures that exist in the world.  
  • Stable Diffusion – which provides AI image generator that produces text to images like Dall-E and Imagen, has caused deepfake problems as unsavoury, and realistic images of public figures are being shared on 4chan, an anonymous English-language imageboard website (hacking group Anonymous formed from 4chan users). The difference between Stable Diffusion and Dall-E/Imagen is the lack of safety measures to stop the ability to generate deepfakes of public figures. The company is now working with “leading ethicists and technologists”, it said. The overwhelming majority of deepfakes are understood to be pornographic. Implementing measures to stop the generation of pornographic images would be a very good start.

AI generated art work wins first prize in the digital category at Colorado State Fair

…this was not against the rules, but most of the art submitted was not AI generated. It has attracted criticism. But note, the “artist” did work on the art, touching up what the AI spat out.

AI powered camera to detect falls in an old persons’ home detects too many false positives

…but I’m sure it would get better. The AI camera was designed to detect up falls and screams. However, the driver for the camera being installed in the first place was because of reported elderly abuse and neglect. This meant that staff were on constant watch and had to respond to every alarm bell. It also meant that it was time-consuming and reduced the time available for care.

French tax authority uncover undeclared private swimming pools using Google/Capgemini developed AI leading to a windfall in taxes

…Small amount of tax €200 /year need to be paid in respect of property that houses a swimming pool. Using aerial photographs and the helping hand of AI, the tax authority has been able to unearth more than 20,000 pools that have not been declared. Pools must be declared because they contribute to the value of property. Eventually, it may be used to detect whether people are observing a ban on swimming pools should there be one in the future, if France should suffer severe drought as it has done this year.

The tax authority have said that it may then extend to undeclared home extensions, patios and gazebos in respect of which tax also needs to be paid.

BigTech/ Data / Platforms

Content moderation

Trump’s answer to Twitter “Truth Social” fails to satisfy Google Play’s standards

…as a result of which Truth Social, which purports to provide a “vibrant, family-friendly environment” is not available on Android phones.  Google cited content moderation concerns.  It means that Trump cannot reach to 44% of the Android using public – at least via their mobile phone. To what extent would this affect any future elections, I wonder. Trump is as I understand it, still banned from Twitter (hence he has decided to found something like it himself). 

Truth Social is available on iPhones.

Privacy

Wikimedia foundation the nonprofit that operates Wikipedia –  petitions the US Supreme Court to subject the US government’s mass surveillance program to constitutional review

…who knew that the US National Security Agency (NSA) has a program (also known as “Upstream” surveillance) to intercept Americans’ private emails, internet messages, and web communications with people overseas.

Upstream surveillance is conducted under Section 702 of the Foreign Intelligence Surveillance Act (FISA), which permits the government to intercept Americans’ international communications without a warrant – so long as it is targeting individuals located outside the U.S. for foreign intelligence purposes. Section 702 will expire in 2023 unless it is reauthorized by Congress.

In September 2021, the Fourth Circuit held that even though the Wikimedia Foundation provided public evidence that its communications with Wikipedia users are subject to Upstream surveillance, “state secrets privilege” meant that the case should be dismissed. Said privilege allows the government to withhold information in legal proceedings if disclosure of that information would threaten national security. Wikimedia seeks the Supreme Court to review the decision.

FTC sues data broker Kochava for selling US citizen’s sensitive information such as visits to abortion clinics

…the adtech group – who has Uber, McDonald’s and Disney as their clients, is alleged to have sold off citizens’ location data, including abortion clinics, medical institutions, homeless shelters, domestic violence shelters, rehabilitation clinics, and religious centres. The agency has sued because Kochava is exposing individuals to threats of stigma, stalking, discrimination, job loss, and even physical violence. Kochava explains that the data collection has been consented to by the individuals. This action follows other similar types of lawsuits advanced by the FTC, as highlighted previously.

Kochava is in the process of enabling blocking geolocation to mitigate the claim raised.

Restaurants using voice recognition technology sued in a proposed class action for breaching Illinois Biometric Information Privacy Act (BIPA)

…the defendant restaurants have collected customers’ voiceprints, when using the automated voice ordering system, without obtaining the requisite consent / providing customers with data retention and destruction policies per BIPA, says the complaint. If biometrically unique information fall into the wrong hands, it can lead to identity theft, as it can be used to extract sensitive data.  

The complaint goes on to explain: “To the human ear, your voice can instantly give away your mood…But machines can learn a lot more: inferring your age, gender, ethnicity, socio-economic status, health conditions, and beyond. Researchers have even been able to generate images of faces based on the information contained in individuals’ voice data.. soon companies may also draw conclusion about your weight [and] height[.]”.

Competition

Antitrust breach actions by Competition Commission of India (CCI)

…a couple going on.

  • Tinder / Match Group v Apple: Tinder’s complaint filed to the CCI says forcing all in-app purchases through Apple’s pay system and charging high commission is anticompetitive. One interesting argument Tinder is reported to have made is that they have to pay a commission on its in-app purchases. Apple doesn’t charge developers for physical goods and services purchased through the app. It’s why Uber is exempt from paying Apple the commission – Tinder argues that Apple’s treatment of them is unfair; they are just like Uber, bringing people together, yet Apple has chosen to levy Tinder a commission. 
  • CCI initiated investigation into Meta/Whatsapp, following privacy policy changes which said that users’ data will be deleted unless the new privacy policy is accepted. The investigation will also look at whether “excessive data collection” of consumers, and the sharing of the data could be anticompetitive. What I can’t really understand here is that Whatsapp messaging is understood to be end-to-end encrypted meaning Meta will not have access to the private messaging. That in itself is seen to be a big issue in India because of the potential spread of disinformation / ease of anti-government campaigns that can spread across the country without anyone being able to do anything about it. It is therefore not entirely clear to me what it means by excessive data collection, it has to be said. Any thoughts, I’d be interested…

Microsoft changes licensing terms to help small cloud providers to compete more effectively

…this happens to have followed a complained filed by OVHcloud, a French cloud service provider among others. The allegation was as follows:

  • Microsoft’s licensing arrangement makes it more expensive for users to switch between cloud providers
  • Microsoft software does not perform well on a non Azure [Microsoft] cloud platform

Microsoft is subject to another complaint, by NextCloud (a European company) which complains of Microsoft’s bundling of Onedrive and other Microsoft services. The EU Commission is yet to investigate the complaint. The solution Microsoft proposes tackle some of these complaints. The main one is that Microsoft software (most notably Office) can run well on other cloud services. These changes do not apply to Microsoft’s major cloud rivals, such as Amazon, Google and Alibaba.

Business

India’s conglomerate Jio ties up with WhatsApp (Meta) to enable users to browse and buy across the whole JioMart grocery catalogue without leaving WhatsApp

…if successful, WhatsApp may well become a super app (an app that deals with multiple aspects of a person’s life – eg. banking, chats, shopping etc). Jio’s Reliance Retail is largest in India, but its e-commerce presence has thus far been less significant. Whatsapp’s adoption in India is significant, being well over a third. Put them together, and you could end up with a very useful service. The challenge for WhatsApp is then to make sure that by adding the service, the app doesn’t become too cumbersome – e.g. too many ads – for the Jio tie up could only be a start for WhatsApp before it expands to other services.

Cyber security

Hackers create realistic hologram of Binance Chief Communication Officer for scamming purposes

Hackers created a hologram of Binance Chief Communications Officer which offered opportunities to list tokens on Binance over a Zoom call – this entailed an upfront fee.  Hackers created the deepfake hologram by using Binance CCO’s past appearances on TV. It was real enough to fool very tech savvy people, the CCO said.  

EV/AVs

South Korea concerned about impact of US Inflation Reduction Act

…The Act gives tax credits to EV makers but excludes EVs assembled outside the US. South Korea, home to car, battery and semiconductor makers Hyundai, Kia, Samsung, SK Hynix and LG to miss out as would other automakers of other countries such as Germany and Japan that export EVs to the US. South Korea aims to coordinate with EU and Japan to negotiate with the US administration.

Honda and LG Energy Solution to build $4.4billion EV battery plant in the US

…EV battery factories are enormously costly to build. Rising energy prices and prices of ever scarcer rare metals required to make them do not help the situation. No doubt Honda aims to qualify for the tax credit available under the Infrastructure Reduction Act – as explained above. The bans on sale of ICE cars from 2035 in Washington and California (see next) would also present a boon to the business.

BMW to produce Hydrogen cell cars too

…hydrogen-powered vehicles are ideally placed technologically to fit alongside battery-electric vehicles and complete the electric mobility picture – says BMW.

Washington and California states to ban the sale of Internal Combustion Engine (ICE) cars from 2035

…sale of used ICE cars will be allowed. Making sure that charging infrastructure is up to scratch will be key. The announcements follow that of the EU, which confirmed the ban of new ICE cars from 2035, two months or so ago.

Revel, Fermata Energy, and NineDot Energy Launch First V2G System in New York

…the G stands for Grid. Fermata Energy’s V2X bidirectional charging system can charge EVs as well discharge the stored energy in the EV batteries back to the Grid. When the demand on the Grid is high, EVs with surplus energy can supply energy back to the grid, enabling “grid resilience”.

Whatever the loss of energy entailed in charging the EVs and discharging back to the Grid, one assumes it can only improve, if it is significant. My limited understanding of how the energy system works is that, energy needs to be constantly generated; thus during sleeping hours, you end up with surplus energy that is not fully utilised. That can be used to charge EVs overnight, using cheap electricity rather than let it go to waste; if it isn’t needed then you can return that back to the Grid – making a profit in the process. Park, Plug in and Profit, is the idea.

A bit about the three companies:

Revel – provider of infrastructure and services for EVs.  

Fermata Energy – develops and owns proprietary vehicle-to-everything (V2X) software platform and bidirectional chargers turn EVs into mobile energy storage assets

NineDot Energy – currently focused on developing battery energy storage sites in the New York area.

California passes bill to protect driver data and consumers from being exposed to misleading advertising

Senate Bill 346: This bill would prohibit any images or video recordings collected through the operation of an in-vehicle camera from being used for any advertising purpose or being sold to any third party – unless the consumer affirmatively consents.

Senate Bill 1398: The bill would prohibit a manufacturer or dealer from deceptively naming or marketing autonomous features. See for example California DMV’s complaint against Tesla, over the label full self-driving description, in relation to a vehicle which is not completely autonomous.

Green Agenda

Panasonic joins the Low Carbon Patent Pledge

…alongside Hewlett Packard Enterprise (HPE), Microsoft, and Meta, and others who are pledging to make freely available their IP concerning key patented technologies that have applications in low carbon innovations including the generation, storage, and distribution of low carbon energy.

EU says certain mobile spare parts must be made available for at least five years from launch

…and  batteries should survive at least 500 full charges without deteriorating to below 83 per cent of their capacity [but this is difficult to prove]. Furthermore, software updates must be provided for 5 years after devices leave the market. Will the US [especially California] follow?

Intellectual Property

US seeks public comments to help identify potential internet and physical markets that are involved in intellectual property infringement to add to the Notorious Markets List, with a focus on online piracy and its impact on US workers

…deadline for submitting comments is 7 October.

Metaverse/NFTs

Former health secretary Matt Hancock becomes the first UK member of parliament to launch into the Metaverse

…the FT article about it, is funny not because of the content, but because of the sarcastic overtone.

Very difficult to obtain a metaverse related TM in China points out an article

…According to an article, it is difficult to obtain metaverse related trade mark rights, such as digital goods, leading to a rejection in 80% of the applications, because it is “likely to mislead consumers” – whatever this means. Furthermore, China National Intellectual Property Administration (CNIPA) explained that it requires “allowable” descriptions of underlying goods and services, which is difficult in the case of virtual goods/services because it has not yet created new subclasses for them, although there are some applications with descriptions which use terms such as “virtual worlds” and “virtual goods” which have been found to be allowable. Without being able to rely on trade mark rights for use in the metaverse, brand owners may have no option but to rely on China’s Unfair Competition law, which will be costly, the article says.

The EU IPO by the way, is seeking comments on its approach about applications that relate to the metaverse/ NFTs. Deadline for comments is 3 October. It states:

  • Virtual goods are proper to Class 9 because they are treated as digital content or images. However, the term virtual goods on its own lacks clarity and precision so must be further specified by stating the content to which the virtual goods relate (e.g. downloadable virtual goods, namely, virtual clothing)
  • The 12th Edition of the Nice Classification will incorporate the term downloadable digital files authenticated by non-fungible tokens in Class 9. NFTs are treated as unique digital certificates registered in a blockchain, which authenticate digital items but are distinct from those digital items [but some NFTs authenticate physical items – so what about them?]. For the Office, the term non fungible tokens on its own is not acceptable. The type of digital item authenticated by the NFT must be specified.
  • Services relating to virtual goods and NFTs will be classified in line with the established principles of classification for services

Satellites/ Space

Starlink/T-Mobile alliance to enable coverage in rural parts of the US

…The significance

  • Use of normal smartphone to connect to Starlink satellite; not an expensive satellite phone
  • Technically significant – use of T-Mobile’s cellular 5G spectrum in this context is “like putting a cellular tower in the sky”.
  • As well as enabling those in rural areas to stay connected (although quite how good the connection is expected to be is a big question mark), it could also save lives – not only of those living in rural areas but also those that have gone missing in the depths of North America. It could potentially support IoT communications.  

The technology has yet to be demonstrated.

Federal Communication Commission’s OK of Space X request to fly its satellites at a lower altitude decided with due consideration rules DC Court of Appeal

… The Communications Act of 1934 authorizes the FCC to grant radio station licenses, including for the operation of communications satellites. The Commission may modify licenses if it finds that the modification would serve the public interest among other things. The Telecommunications Act of 1996 requires the agency to facilitate the provision of broadband internet service to unserved areas.

Technical changes can interfere with signals from other satellites, so the Commission must find that the proposed modification does not present any significant interference problem. The FCC found that the changes would impose no undue interference and would serve the public interest.

Competitors had opposed:

  • DISH – said changes would interfere with its GSO satellite television service. [geostationary satellite systems have to be prioritised over non-geostationary satellites, like that of SpaceX]
    • Court found that FCC’s certification of compliance to SpaceX provided assurance that there will be no harmful interference.
  • Viasat/Balance Group (environmental organisation) – said environmental assessment should have taken place before deciding on SpaceX’s request but did not.
    • Court said that the parties did not have standing.

Semiconductors

Chip designer ARM sues Qualcomm, its biggest customer

…the suit is in Delaware. ARM is one of the most successful semiconductor and software design companies, mainly for CPUs (computer processors – the brains in the computer).  Its business is the licensing of intellectual property that pertain to CPUs and other chips.  ARM accuses Qualcomm of bypassing the need to take the requisite chip design licence from ARM, instead using Nuvia’s designs without ARM’s permission. ARM had said that Nuvia cannot assign its licences to Qualcomm and so Qualcomm cannot use Nuvia’s design without ARM’s blessing – yet are continuing to use Nuvia’s licensed technology. ARM terminated Nuvia’s licence.

Last year, Qualcomm bought Nuvia, a chip start-up, in the business of customizing processor core designs for data center servers, using Arm’s technology. Qualcomm says that all its acts fall within its own ARM licence.

Supply Chain

Wingtech (China) in process of building a massive factory to make PCs – thought to be to supply Apple

… Whilst Apple has recently shown moves to reduce Chinese dependency moving its manufacturing to Vietnam and India, at the same time it may be trying to reduce Taiwanese dependency too, observes Nikkei. In addition to Wingtech, Apple has procured other Chinese companies to make its products for them.  

Note:

  • Making MacBooks is technically demanding, so much so that it was only thought to be the mainstay of Taiwanese Quanta and Foxconn. Even the Taiwanese Compal and Wistron are thought maybe not to be up to scratch despite their trusted supplier status to leading PC brands like HP, Dell and Lenovo.
  • The selection of Wingtech to make the new M2 powered MacBook Air under the circumstances is a massive endorsement.
  • already makes PCs for Samsung, Lenovo and Asustek, according to some sources
    • also makes phones for successful Chinese makers Oppo, Vivo and Xiaomi
    • bought chipmaker Nexperia from NXP in 2019 and acquired the U.K.’s largest chip plant (Newport Wafer Fab – though currently under investigation on national security grounds) through Nexperia in 2021

We will hear more about Wingtech in the future no doubt.     

Telecoms

UK Government puts on further pressure on telco and network companies by proposing to add new regulation on ensuring security

…pressure which telco companies don’t need. The infrastructure cost entailed in upgrading to 5G is so significant, telco companies are lobbying big tech companies and streaming companies who stand to gain from the 5G offering, to contribute. In the UK there are four carriers, but business is not easy, so much so that the smaller of the two – Vodafone and Three are in merger talks. That is not to say what the government is proposing is wrong. There has been a spike in hacking and security breach incidents. Increasing geopolitical tensions only adds fuel to this fire. The importance of connectivity in our lives also makes the problem acute – one just has to imagine the mayhem that might ensue if the autonomous vehicle network were to be hacked. I’ve heard it described that data scientists and information security analysts will never be out of the job in the future.

The rules follow the Telecommunications (Security) Act 2021 [which amends the Communications Act 2003] to give the government new powers to make regulations and issue codes of practice to provide guidance on how to comply with the new regulations. In essence, it introduces new duties on providers of public electronic communications networks and services (‘providers’) to identify and reduce the risk of security compromises, and prepare for the possibility of their occurrence [meaning they would have to anticipate security attacks] and places duties on providers to prevent, remedy or mitigate any adverse effects of security compromises.

It used to be the case that providers could decide on the appropriate standard, but that meant that the standards could often be less than adequate.

It would be interesting to see if the new regulatory burdens would impact on the adoption of Open RAN – something the UK Government has funded the development of, and is keen for us to adopt to encourage competitiveness. However because it will have open interfaces, it presents hackers with opportunity for entry.

Short note on Open RAN

The current wireless connections are provided by a hardware/software integrated platform (there are three main ones in the world – Nokia, Ericsson and Huawei – and maybe ZTE and Samsung too) that provide a telecommunication service end to end. In an Open RAN configuration, technologies are not integrated – software has open interfaces and can be sourced by variety of suppliers, and are hardware neutral – so hardware too can be sourced by a variety of suppliers, and in fact commercial off the shelf parts for PCs can be used. So if you need to upgrade a piece of hardware or software, you have a number of vendors you can source from, which encourages competitiveness.   

Headlines in Tech 17-24 Aug 2022

Apps

Tinder looks to revamp as it sees new apps are eating into their market share

…data shows that users are opting to sign on to new apps following a return to the dating scene post-pandemic. It’s still by far the dominant app in the market which is a major advantage for dating apps as users would naturally seek for the pond with the most fish. You would think therefore that Tinder should be in a comfortable position – not so; 75% of users are men with more women opting Bumble in which only women are entitled to make the first move. You can see how Tinder might easily slip down the rankings.

It’s time to innovate, says the company. Ideas include metaverse dating (which is fraught with issues I think as it could become a hotbed of older predators preying on the young, easier to deceive and to defraud), opportunity to buy virtual coins and gamification. The firm has hired personnel from gaming companies.

Artificial Intelligence/ Algorithms

Google Alphabet partners with Everyday Robots to launch robots that can understand better, called, PaLM-SayCan

…this is best understood by clicking the link and watching the 1.5minute video.

Robots can now understand our intentions – if you say I’m hungry – the robot can interpret that to mean can you get me something to eat? What the robot does is to look up the various commands it can do and chooses one (eg. open food drawer and bring a snack) that is likely to satisfy the commander’s needs. The technology is developed using Google’s large language model (LLM) PaLM.

Google’s DeepMind can now create videos from a single frame – The Transframer

…Just as we had discovered and marvelled at Dall-E and Imagen, which is AI that can create images from written descriptions. One Twitter user proposes to combine Dall-E with Transframer. 

DeepMind said on Twitter: “Transframer is a general-purpose generative framework that can handle many image and video tasks in a probabilistic setting. New work shows it excels in video prediction and view synthesis, and can generate 30s videos from a single image”.

This has the potential to minimise costs on content making (be it ads, movies, gaming and metaverse/VR). This is because the AI can generate predictive depth and perspectives. It would have the potential to enhance the world of VR. 

Going back to text to image AI- TikTok has launched “AI greenscreen”. Now content creators can type in the background of choice and TikTok generates it for you. It is reported that it looks more like abstract painting which may be because the tool could easily become abused – a background of “Donal Trump being assassinated” – for example. Check out the link to see what that looks like should you ever have a bored moment at work.

Meta uses algorithms to fire contract workers that were supplied by Accenture in the US

…so it is reported. The workers are allegedly told that they were selected at random. In Europe (which includes the UK), you have the right not to be subject to a decision based solely on automated means per Art 22 GDPR (and its implementing laws – for example in the case of the UK).

Capitol Records drops world’s first AI generated Rapper FN Meka to sign up to a major label for the N-word outburst

…and apologised to the black community. FN Meka’s voice is human based but the music is AI-generated. The artist boasts more than 500,000 monthly Spotify subscribers and more than 1bn views on its TikTok account where his incredible lifestyle is posted and NFTs sold.

BigTech/ Data / Platforms

Security

Former head of security Peiter Zatko files a whistleblower complaint accusing Twitter of failing to take basic security measures to protect its user data

…The complaint says that Twitter is in breach of 2011 FTC settlement agreement. Allegations include not deleting information when users delete their accounts, using out of date software, withholding of breach incidents, and there is an allegation that some of the staff actually work for foreign intelligence. The prospects of whistleblower complaints (in which the whistleblower could profit personally) means businesses must operate on the basis that any wrongdoing could well go public, even if it may seem unlikely to be discovered. Twitter vehemently denies the allegation.

Could this be a life line for Elon Musk who desperately wants to escape from having to buy Twitter for ~$43billion as promised…?

Privacy

Website gets fined for GDPR breach by using Google Fonts in Germany

…how did the website breach GDPR just by using Google Fonts? According to Wikipedia, Google Fonts “is a computer font and web font service owned by Google. This includes free and open source font families, an interactive web directory for browsing the library, and APIs for using the fonts …”

How did the use of Google Fonts breach GDPR?

This is how it is explained by one website (click the title link):

This occurs even if the User refuses to consent for its IP address to be shared. Because it is possible theoretically to identify a person by its IP address, this qualifies as personal data. As the US does not have GDPR adequate rules on personal data protection, the website thereby breached GDPR by sending the IP address information to the US.

The website has fined €100, but it faces a fine of €250,000 for each violation, or up to six months in prison, for continued breach by the use of Google Fonts. It is though possible for the website to save the fonts locally and integrate them into the website, rather than use the Google Fonts API – which triggers the particular font to be fetched from the remote server as the website loads.

Google’s automated scanning and analytics results in the erroneous reporting of a man to police as child abuser and wipes all data off his Google account

…all the man was doing was helping his child receive medical care concerning the groin area by taking images to show the doctor. The photos were automatically updated to Google’s cloud, which identified the image as a CSAM (Child Sexual Abuse Material). The man has been cleared of all charges but his account (including his emails) which had been wiped off on the basis that the user breached Google’s policy, will not be reinstated, Google says. This is why ultimately, humans need to be involved to decide whether it is a CSAM or not – and Google says its staff are trained by medical experts. But there is a limit to human ability, and humans do make errors. In many ways, such an incident is unsurprising, if one thinks about how many reviews Google needs to conduct. 

The UK government, by the way, has clarified how service providers should make judgements about content on their service, including whether or not it amounts to illegal content and must be removed in relation to the upcoming UK online safety bill by adding further amendments. The new clause establishes that providers’ systems and processes should consider all reasonably-available contextual information when making judgements about whether content is of a particular kind. In light of the Google mishap, this clarification is much needed – but the increase in burden on service providers may be significant.

Oracle faces class action for violation of the privacy of “billions of people across the globe” – Northern District of California

Lawsuit complaint says: Oracle, in the course of functioning as a worldwide data broker, has created a network that tracks in real-time and records indefinitely the personal information of hundreds of millions of internet users. Oracle sells this detailed personal information to third parties, even where those persons have no direct relationship with Oracle.  It also jeopardises the privacy of those seeking abortions in states where they are illegal.

What does Oracle do?: The suit describes Oracle as the world’s largest data broker (including personal information), a database related software provider and a data storage service provider, including “Oracle Cloud” that developers may use to build and run internet sites and mobile applications. The data brokerage business includes  racle Data Marketplace which is one of the world’s largest, commercial data exchange and Oracle ID Graph is a service product designed to provide “identity resolution,” the process of “matching individual customer identities . . . and combining them into a single consistent and accurate customer profile.” This synchronizing allows Oracle to identify individuals and aggregate their many identifiers. This ID enables the marketer to orchestrate a relevant, personalized experience for each individual across marketing channels and device types. Oracle and other data brokers act as central nodes in the “adtech” network…and used to identify and profile individuals for “targeted advertising” or other commercial and political purposes. Oracle is also said to facilitate the sale of sensitive data, such as race, location, politics, medical profiles in its marketplace:

How does Oracle collect data?: According to the suit, Oracle collects many types of personal information from Internet users including concrete identifiers such as names, addresses, e-mail, and telephone numbers. Oracle also amasses data about peoples’ behavior, including the sites they visit online, their digital and offline purchases, where they shop, and how they pay for their purchases. Oracle gathers this personal information from a suite of its own Internet technologies, including cookies, tracking pixels, device identification, cross-device tracking, as well as from its acquisition of data from other parties. There is further detail on how Oracle is alleged to use a piece of software to track user’s behaviour including intercepting communication with websites. The complaint also says that Oracle bought Datalogix, an information broker which purchases and aggregates data from retailers’ loyalty programs.

Cause of action: None of the data subjects have consented to data collection or use of personal information in breach of Californian privacy laws, unfair competition laws, wiretap act, unjust enrichment, and other laws.

Interesting alleged fact: the suit says – Oracle takes its name from a CIA project codename. In 1977, Oracle’s founder, Larry Ellison, was hired by the CIA to build a database; the CIA was Oracle’s first customer. The complaint says surveillance is in Oracle’s DNA…

As an aside: Oracle is now starting to audit TikTok’s content moderation processes to ensure the Chinese government is not manipulating US users.

Business

Amazon to embark on TikTok like feeds

…Everyone is mimicking TikTok, it’s super successful algorithm seems to have successfully eaten into a number of tech giants’ lunch. That is pretty amazing. Everyone else – YouTube, Meta, Twitter etc seem to have tried to copy TikTok in a bid to catch up. The impressive thing about TikTok is that it remains very viable despite that (Note: TikTok in 2021 became the number one internet domain overtaking Google, according to one report). Compare that for example, Zoom x Microsoft Teams – Zoom was really the first to get easy videoconferencing on the market (although that there were other products before Zoom), and then Microsoft Teams come in to provide a wider, integrated service bundling with other products (eg. Office 365) to make the offering more palatable costs wise.

But now, Amazon is reported to be trying its hand on getting into TikTok like service, albeit in a narrow way it seems. It is understood that they are internally testing a social feed (called Inspire) which may be described as inspired by TikTok. Because Amazon has better data than TikTok when it comes to purchasing behaviours, it has the potential to be very effective. On Inspire, users are presented with items which they might want to purchase.

…but even if Amazon were to fail, that’s OK. According to the linked report, the tag #amazonfinds has 25.6 billion views on TikTok. Influencers have earned millions by recommending products, on which they would earn a commission if users click on the link. By Inspire, Amazon aims to bring some of those recommends directly on its platform. With inflation rising and energy costs surging, and consumer belts tightening, Amazon would wish to eke out as much revenue as it possibly can to satisfy shareholders’ expectations.

Amazon pitches to buy tech based home health provider Signify Health

…Signify Health offers a platform which relies on analytics to provide “value-based” payment programs – meaning it will be paid based on health outcomes [a concept well known in the healthcare sector]. Such a model prevents indiscriminate selling, such as selling services which you know will not particularly improve a person’s health.  There are other bidders for the company such as CVS and UnitedHealth.

The motivation for Amazon’s bid is obvious. It has recently moved to buy One Medical, a US primary health care provider (provision of doctors and nurses to provide medical services at centres). It can utilise the data obtained from one service to the other to great effect, it will mean deeper datasets for better service [ie: critical if you are operating a business based on value based payment] and even better network effects [more patients, more data] – plus nobody can beat them in logistics. There could also be synergy with PillPack (now Amazon pharmacy) which delivers pills – the home-health service provider coming to your home to sort you out, can bring the prescribed medicaments with them, explain how medicaments need to be taken (eg. in the case of patches, or administering injectable medicaments). It can then be offered on tiered Prime service subscriptions [this is just one idea of my own, as a possibility].

With all that health data, nous in artificial intelligence, super computing power, I would not be surprised if Amazon were to one day embark on drug discovery…

But on the other hand it has announced that it will shut down Amazon Care – the virtual and in-home health service it initially created for its employees, explaining that it was “not a complete enough offering for the large enterprise customers we have been targeting, and wasn’t going to work long-term”. I find it difficult without more information to make sense of the decision but no doubt there is a good reason for this.

Peloton confirms that Amazon will sell its bikes

…no longer selling through its own channels, it has decided to reach out to millions through Amazon’s network of customers in the US. “We want to meet consumers where they are, and they are shopping on Amazon”, Peloton said, wholeheartedly endorsing Amazon’s reach.

Amazon capitalises on synergy by launching Ring Nation – TV show that features videos taken by Amazon’s Ring device that have gone viral

…it will show neighbours saving neighbours, marriage proposals and funny animal antics taken by the Ring camera. Amazon also owns a streaming service (Amazon Prime Video and a free version called Amazon Freevee) and MGM, the Hollywood film studio. Given that there are no scripts, no sets etc, and limitless scenarios to choose from when one thinks about the gazillion cameras out there that are on for 24/7, budget is cheap, and it has mass appeal.

Amazon to invest in Japanese cosmetics seller Istyle – what might be Amazon’s real objective?

…first blush, [pun intended] there’s nothing extraordinary; unless you know the Istyle’s edge – the enormous amount of comments posted about various cosmetics that they sell. In other words, it has formidable strength in “word of mouth” advertising, and deep understanding of what women really want. These comments contain a lot of intel about consumer desires, sentiments and issues.  It would be interesting to understand whether Amazon will supply it with AI know-how to enable Istyle to pick up better signals to improve the business.  Note that cosmetics is a high margin, very personal, sticky business, so do it well, and it could translate into more bucks.

Ebay delves deeper into selling collectibles

…they’ve acquired NFT collectibles marketplace KnownOrigin some two months ago, and now they are buying TGCplayer, marketplace for trading cards (eg. Pokemon, football and basketball cards) which can go up in value quickly depending on how rare. A bit like Amazon’s tactics – Ebay are acquiring businesses that can exploit their expertise –ie: marketplace. Just a bit more niche.

Google to launch “helpful content update” to tackle clickbait

…This ensures users sees more original, higher quality content. Content creators can be successful because they know how to optimise the search engines well. That doesn’t mean it’s the best. Google proposes to change that, so that the algorithm picks up more high-quality content. Google says that testing shows that the update has resulted in particular improvements for searches related to online education, arts and entertainment, shopping and technology.

Brain Computer Interface

A paralysed man breaks the record for wearing a Brain Computer Interface – 7 years and 3 months and still counting

…the device enables paralysed people to control prosthetic limbs / other devices such as a computer. FDA has approved Synchron to start clinical trials for Stentrode, which translates brain activity into standardised digital language, enabling paralysed people to text, email etc, by their thoughts. The implantation process is said to be minimally invasive as it does not require the drilling into the skull, unlike other offerings such as Elon Musk’s Neuralink – “a Fitbit in your skull”, which promises to enable the same sort of functioning. Neuralink’s implants will be tested in patients with severe spinal cord injuries this year, following successful demos on animals.

…and now Musk has reportedly approached Synchron to do some kind of deal with Neuralink…

UK Law Society publishes a report on Neurotechnology, law and the legal profession

…it covers off legal implications of neurotechnology developments, such as impact on human rights, mental privacy and surveillance, equity and discrimination, workplace brain monitoring, charging for legal services based on billable units of attention instead of hours.

Crypto

Tokens to help save the Amazon Forest

… Deforestation in Brazil reached a record high in the first seven months of the year. In comes a great idea – if it works. Nemus, a business that offers “a collectible NFT experience” is issuing tokens in relation to parcels of land in the Amazon – to thwart potential buyers of land with intention to knock it all down. The token enables the owner to decide the way in which that piece of land should be protected, with the potential to be awarded with carbon credits. A good idea but Nemus’ plans are getting unstuck because (i) it is experiencing difficulties producing deeds to the land, (ii) the land is very difficult to reach and (iii) despite the promise, a portion of its 41,000 hectares of land already appears to have been deforested.

Other ReFi [Regenerative Finance] projects underway, include the opportunity to protect parts of Democratic Republic of Congo’s land from oil and gas exploration.

EV/AVs

German Court decides Tesla’s “Autopilot” label and “Full Self-Driving” description not misleading

…rejecting a complaint by self-regulating industry body, the ” Center for Protection against Unfair Competition”, which considered that the brand “Autopilot” label for just an advanced driving assistance system (ADAS) gave the wrong impression that vehicles are fully self-driving – which is not legal in Germany at present. Earlier this month, the Californian Department of Motor Vehicles (DMV) made a similar complaint against Tesla.

Tesla to raise the price of its assisted drive system (the Full Self Driving as referred to above) by 25%

…from $12k to $15k for the US which will be offered the updates first. The new update provides driving smoothness, better lane centering and changing, better turns, tackles false slowdowns, creeping for visibility at intersections, better speed when entering highways. Musk says it’s a major code change. Drivers wonder, is it worth it? It is unknown whether its monthly Full Self Driving (FSD) service subscription will increase from the current US price at $199.

For me, the interesting point is that you buy the hardware, and you are expected to continually pay for software updates. The current update on offer does not appear to impinge on security. But if it were to, more people will be more compelled to update. Will this be the way forward for other types of hardware such as smartphones?

Green Technology

Heliogen and Dimensional Energy to produce carbon-free Sustainable Aviation Fuel (SAF) from Concentrated Sunlight and Green Hydrogen

…the “Letter of Intent” (meaning it’s just an intention at this stage) says it aims to create jet fuel from solar energy and air. Heliogen says that they “will work to deploy Heliogen’s proprietary, artificial intelligence (AI)-powered HelioHeat™ technology to convert sunlight directly into thermal energy in the form of high temperature steam and air that will be used to produce green hydrogen for Dimensional Energy’s Reactor platform”.

Bill Gates-backed Heliogen concentrates solar rays by using AI. HelioHeat can also be used for power heavy industrial processes including the making of cement, steel, and petrochemicals.

Other SAF news includes that of Synhelion. The website announces that airlines SWISS and the Lufthansa Group have agreed to use its solar aviation fuel. This will make SWISS the first airline in the world to use ‘sun-to-liquid’ fuel. The process devised by Synhelion uses concentrated sunlight to produce carbon-neutral kerosene. Note that, compared to the Heliogen/Dimensional SAF, this one is not carbon-free but uses less carbon than traditional jet fuels.

Metaverse

Mark Zuckerberg’s selfie with the Eiffel tower and Sagrada Familia to celebrate the launch of Horizon Worlds in France and Spain gets mocked for looking too basic

…Zuckerberg responded with a far more graphic version, explaining that it was taken “very quickly” to celebrate the launch. Scepticism for the viability of Metaverse is high yet Meta has invested billions into the potential. That is why (and also the reduction in ad dollars – partly as a result of the economic slow down and partly because Apple has withdrawn Meta’s access to user data to enable them to target-ad more accurately) the latest launch was clearly a cock up. But it’s nice to know that sophisticated businesses like Meta can make basic mistakes too. Bring out the goods, and it will be forgiven for it.

Supply Chain

Apple Watch and MacBook laptops to be made in Vietnam

…the fact that Apple Watch – a sophisticated product – is going to be made in Vietnam demonstrates a stamp of approval from Apple of its capability. The move from China to elsewhere is much expected, when one thinks about the geopolitical tensions but even aside from that in my view, there may have been a rise in labour cost as Chinese capability improves, which may have played a part in moving the needle.

…Apple is also bringing forward plans to set up a manufacturing site in India – for iPhone 14. These moves will certainly not go unnoticed by the Chinese government.

Delving Deeper

UK issues regulatory plan for self-driving vehicles for rollout by 2025 and publishes a consultation on safety ambition

…the UK is perhaps more cautious ut not necessarily behind the superpowers US and China which already have fully self-driving cars on the roads. The publication sets out how it will realise its vision for Connected and Automated Mobility (CAM) for the UK. At the same time a focused consultation on how adequate safety ought to be achieved, was published. The government’s focus is on the three following “pillars”

  • Safety and Security
    • Legislating for safe self-driving making clear who/what is responsible for what- It is the government’s intention that this primary legislation will create new legal actors and provide powers for new processes, including authorisation and in-use regulation (see pg. 45 of the Plan).
    • Ensuring vehicles are safe, including from a cyber security perspective
    • Facilitating safe trials – UK offers 6 CAM Testbeds, which is an environment for the modelling, simulation, testing, and trial deployment of connected and automated mobility solutions.
    • Address public concerns, win confidence
  • Securing the industrial and economic benefits of CAM
    • Delivering jobs and investment – Identify areas of expected UK competitive advantage in the future global CAM supply chain.
    • Government funding
    • Encourage inbound investment
    • Build skills and understanding of CAM technologies at all levels, from local to central
    • Co-ordination across government and industry bodies
  • Delivering the Societal benefits of CAM
    • Decarbonisation
    • Integration of CAM into wider networks such as road networks, mass transit systems and wireless network – ambition to ensure the “majority” of the population has access to 5G by 2027.
    • Reduce road congestion, increase efficiencies for freight, improve public transport

Some definitions

  • Self-driving vehicle is one that has at least one self-driving feature, delivering sufficiently high levels of automation that meets a legally defined threshold and is capable of safely driving itself with no human input. Such features could provide self-driving capability for all or part of a journey. It is intended that ‘self-driving’ becomes a protected term for the purposes of marketing products to the public. [Tesla will need to change its branding in due course, then – see the above news on the point]. There will be two types:
  • Vehicle that can drive for the entire journey, humans would be mere passengers. Referred to as No User-in-Charge (NUiC) vehicle. Requires a licensed ‘NUiC operator’ (which could be the same as ASDE – as to which see below) which would be responsible for overseeing the non-dynamic driving task responsibilities, such as ensuring the vehicle has appropriate insurance, that would otherwise remain with the User-in- Charge
  • Vehicle which can drive under certain conditions (eg. day time, major roads only). It will require a Human User-in-Charge (UiC) for driving outside those conditions.
  • Automated can refer to a wider range of automation, including technologies which are not capable of self-driving. While the term ‘automated’ vehicle will continue to be used by the sector and in legislation, ‘self-driving’ and ‘self-driving feature’ are better terms to support public understanding.  

Other noteworthy points

The plan is quite long. Here are some key concepts worth noting though (page 43 of the Plan – see the link – is quite useful):

  • Automated and Electric Vehicles Act (AEVA) 2018: Trialling of a self-driving vehicle with a safety driver is already possible on any UK road. Once a vehicle no longer requires a safety driver it may meet the definition of a self-driving vehicle, as set out in this Act.
  • How safe? Government proposes that it ought to be the same standard of behaviour as that expected of human drivers; competent and careful. This strikes the right balance, the government says and it’s a higher standard than the average driver which includes fatigued, distracted or under the influence of drink or drugs [!! – is that really the average driver in the UK…one hopes that the latter two are outliers…] – too high and it will stifle innovation too low and the benefits are eroded. [Contrast with the quote of Elon Musk: “Being better than a human is relatively straightforward, frankly…but how do you be 1000 percent better, 10,000 percent better? That’s much harder” – not a criticism of the government for proposing to set the standards lower though, but it’s a critical question, to which the government invites views in its consultation]
  • Authorised Self-Driving Entities (ASDEs): They will be responsible for the behaviour of self-driving vehicles. They should be under the duty to report any discrimination – vehicles that discriminate against minorities or vulnerable people. The level of discrimination is then assessed for acceptability. An ASDE will need to be registered. An ASDE is likely to be a vehicle manufacturer or software developer, or a partnership between the two.
  • Safe by design: vehicles to be assessed for safety at different points of the vehicle’s lifecycle. Level of detail required to satisfy the assessment will be determined following the consultation.
  • Automated vehicle approval: technical assessments of each self-driving feature to be carried out as part of the automated vehicle approval.
  • Authorisation to self-drive: Assessment to check that vehicle can self-drive (without human monitoring) in various circumstances.  Authorisation will also consider whether a suitable ASDE can vouch for the safety and lawfulness of the vehicle. The vehicles will be subject to a monitoring test which have 5 criteria:
  • Compliance with relevant road traffic rules
    • Avoidance of collisions which a competent and careful driver could avoid
    • Avoidance of causing collisions
    • Treatment of other road users with reasonable consideration
    • Recognise when it is operating outside of its operational design domain
  • In-use regulation: This ensures that the vehicles continues to fulfil the safety criteria once on the road. Data would need to be fed to the “in-use regulatory scheme” by ASDEs and operators of the self-driving vehicles (NUiC operators). [Data would need to be in sufficient detail to explain what happened in the case of an incident]
  • Cybersecurity consideration:  International cyber security regulations for vehicles (set at the UNECE, or United Nations Economic Commission for Europe) to apply. Government to consider whether additional requirements should apply. See also National Cyber Strategy 2022 which sets out the aim to build on the National Cyber Security Centre (NCSC)’s security principles for connected places to reduce the risks.

One More Thing…

Elon Musk lookalike Yilong Ma is back – on Instagram!

…after being booted out of Douyin (ByteDance’s TikTok offering in China) and Weibo (sort of China’s answer to Twitter) in May, he is back and attracting attention. Elon himself has set he’d like to meet him, but at the same wondering whether he could well be a deepfake. Click on the link to see what deepfakes could be like these days. It’s very real – and has much comedy value.

Headlines in Tech 10-17 Aug 2022

Headlines in Tech News of the Week

US FTC announces it will be making rules on “Commercial Surveillance and Data Security”

…US FTC defines Commercial surveillance as the business of collecting, analyzing, and profiting from information about people. It asks public to provide feedback on whether regulatory rules are needed to protect personal data in view of the following risks:

  • Potential exposure of collected data to bad actors
  • Mass surveillance has heightened the risks and stakes of errors, deception, manipulation, and other abuses

The Advanced Notice of Proposed Rulemaking asks a series of questions about practices related to commercial surveillance and data security, whether there ought to be rules and if so how those rules should be implemented. The ambit of the questionnaire is very wide – see further below. There are of course certain data protection laws already, such as consumer protection laws, biometric data laws, The Children’s Online Privacy Protection Act, Federal Trade Commission Act which protect citizens from unfair or deceptive acts or practices, and indeed the FTC has enforced in respect of them in the past.

Note that, so many tech companies, from the well known Apps (like Uber, Netflix) to platforms such as Apple, Google, Amazon, Meta – are adding more and more ads on their displays. These displays are tailored to the viewer – they can do so because they collect copious amounts of data, in real time. Shopping at a mall? Bing! The geolocation data triggers an ad for a brand that has a shop in that mall, perhaps with a discount voucher – the brand chosen would sell products at the right price point for you, judging by your shopping habits. Perhaps the platform knows it’s your child’s birthday, or that the child is going to a birthday party – a carefully selected product can then be advertised to the user, depending on that sort of information. But how is this all done? Is it collected, processed, stored, managed and utilised fairly? What’s the effect on the competition in the market? That is what the FTC would like to know.

This initiative runs alongside a bipartisan proposal to pass the bill for the American Data Privacy and Protection Act, which gives users right to right to access, amend, delete and stop the sharing of personal information. The law could pre-empt state privacy laws. California, with its strict privacy rules are vehemently against the pre-emption.

Artificial Intelligence

China’s internet regulator Cyberspace Administration of China (CAC) discloses algorithms registered with the authority following the implementation of a rule to disclose algorithms used by algorithm based services

… Elon Musk, who considers that algorithms should be transparent, probably would endorse. But in practice, what it enables is for users to only vaguely understand the reasoning underlying algorithm driven decisions – perhaps this is the right balance.

Brief descriptions of code used by Chinese internet giants such as Alibaba, ByteDance, Tencent, Baidu have been disclosed. The disclosure provide very high level detail and so quite how the algorithms are precisely formulated are reported to be still under wraps. For example, from the disclosure of Chinese version of TikTok called Douyin (both owned by ByteDance) – it was disclosed that it bases its recommendation of displayed videos depends on clicks, durations, likes, comments, relays and dislikes in the user’s history. None of these is surprising.

Meta’s chatbot Blenderbot3 blurts that Meta exploits people

…when asked “Any other thoughts on Zuckerberg”, the Meta chatbot is reported to have replied “His company exploits people for money and he doesn’t care…”. The software has been trained on large volumes of publicly available language data. Given the whistleblowing event and the aftermath of that, it is not surprising that the chatbot has picked up overall negative sentiment about the company. It also means that Meta does not manipulate the chatbot to ensure it is always positive about the company and its services.

BigTech/ Data / Platforms

Privacy

Democrats ask US government agencies how they purchase Americans’ digital data from Data Brokers and how they are used

…letters are addressed to:

Department of Justice, Secretary of Homeland Security, FBI, U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, U.S. Drug Enforcement Administration, Bureau of Alcohol, Tobacco, Firearms and Explosives.

While law enforcement investigations necessitate some searches, improper government acquisition of this data can thwart statutory and constitutional protections designed to protect Americans’ due process rights, the letter stated. The writer considers that, instead of purchasing data or licenses through relationships with data brokers, it should be obtaining it through statutory authorities, court order or legal process. By way of example, the writer notes that LexisNexis, contracts with over 1,300 local and state law enforcement agencies across the country.

Data obtained from Facebook used in prosecution of a woman who had had an abortion at more than 20 weeks contrary to Nebraskan law

…Detectives had a search warrant which meant Facebook had to disclose the data sought (albeit they could have resisted the warrant). The information pertained to correspondence between the woman and her mother in private messaging. Experts comment that platformers need to provide end-to-end encryption (so that only the parties that are corresponding can see the information) and that information stored ought to be minimised. End-to-end encryption is though being used on WhatsApp, also owned by Facebook parent Meta. Meta is now testing end-to-end encryption for its messenger chats.

Google and AI subsidiary DeepMind sued for misuse of private information in the UK

…back in May Google and DeepMind were sued for misuse of private information. Further details have now emerged. The claimant is suing on behalf of a class.

The Claimant received extensive treatment by the national health service (NHS), but did not consent to his medical record being collected by the Defendants. The Defendants collected 1.6million patient records, including that of the Claimant. It was apparent that the Defendants were using machine learning to improve prediction of acute kidney injury and general patient deterioration, and had applied to use data of all patients from the same hospital as the Claimant’s. Claimant had a reasonable expectation of privacy, but his data was used contrary to there being no consent to use for developing the Streams App, which is a purpose other than to direct care of the patient. The NHS trust to which the hospital belongs has been reported to have already been found to have breached UK data protection law when it signed the data sharing agreement with the Defendants. The case continues…

Separately from this newpiece, which provides a cautionary tale about collecting medical data, the app and the devices that run the app must ensure that the security and privacy measures are up to scratch (especially medical data – but not confined to that). In the UK and Europe, the regulatory authorities; respectively, the Information Commissioner’s Office and ENISA recommend that manufacturers provide for security by design, to ensure that data is secure at every step of the device’s lifecycle (development, maintenance and disposal), very similar in concept as data protection by design as provided for in GDPR. In the UK, the government has produced a code of practice for consumer IoT security. There are also specific rules in the GDPR about profiling and automated decision making that need to be complied with, given the unique risks that automated decision making poses on individuals. In the US, as noted the FTC is looking at how data use should be regulated (see below for details), and it has questions that are targeted to highly sensitive data, such as data in relation to citizens’ health.

Competition

Google calls out Apple to make its iMessage service interoperable

…Google says Apple’s iMessages ought to be interoperable with Android messaging services so that their users can seamlessly message iPhone users and vice versa. Google complains that because of the lack of interoperability, Android users suffer from ” blurry videos, broken group chats, missing read receipts and typing indicators, no texting over Wi-Fi, and more” when they communicate with iPhone users.

Google is calling out Apple only, but really, the non-interoperability also apply to other messenger services as well – at the moment, you can only message using one type of service – if you have WhatsApp, you can only communicate with people with WhatsApp. But if everything were interoperable, such a problem would not arise, as in the case of the internet; Hotmail account holder can write to a Gmail account, and so on. Google is promoting the RCS open standard, but some issues are raised about getting others to adopt this – it is reported to be low spec, and has no encryption.

From Apple’s point of view, they rather like the lack of interoperability – which can lock-in users – precisely Google’s point here. Apple iPhone’s iMessage users have blue bubbles and Android users have green – leading to bullying at school if your text messages are not blue. Some families want all family members to have the iPhone so that they can group message each other. These features are said to help the stickiness of the iPhone business – although to some extent WhatsApp is so popular in the US that it might matter much less these days.

Note that EU’s upcoming Digital Markets Act requires platforms to make messaging services interoperable (group chats / voice and video calls have longer to implement) which includes the preservation of end-to-end encryption (Article 7).

Business

Doordash partners with Facebook to deliver goods traded on Facebook Marketplace in the US

…up to 15 miles, goods must be able to fit in the trunk. Perfect synergy between the two businesses. It’s eco and could give Facebook that much wanted appeal to the eco-conscious Gen Z. If successful no doubt it will extend to the UK (yes please).

Crypto

Ethereum blockchain goes from Proof of Work to Proof of Stake in September

…The way in which the Ethereum blockchain validates transactions (reward of Eths given to the miner that manages to solve a complex maths problem first) is changing from Proof of Work which consumes enormous amounts of energy, to Proof of Stake – which consumes much less energy, much faster and apparently, theoretically more secure. Gas fees (amount of Eths required to do something on the Ethereum blockchain – to pay the miners to verify transactions, maintain network security) will reduce, which will make Eths more competitive. The underlying differences in the mechanisms are very complicated and I’m not even going to attempt to understand.

What does this mean:

  • Knock on effects on rival cryptocurrencies such as Solana which already uses Proof of Stake; Solana has been popular because it is fast and cheap.
  • This is bad news for Nvidia and AMD which are the leading purveyors of GPUs, chips that enables parallel complex calculations. GPUs are heavily used by miners (the other use is gaming graphics rendering)

US Treasury sanctions Crypto Mixer Tornado Cash

…a bit about mixers. This is a software that combines crypto from different sources, mixes them and then re-distributes using an address different from the incoming address, making it harder to trace its provenance. It is probably mostly used for tax evasion, money laundering and other nefarious purposes – indeed, the mixing service was the largest money spinner for Hydra, one of the most significant criminal marketplaces on the darknet which got taken down recently. But there are principled reasons – on the grounds that what you spend money on, ought to be able to be kept private, and for beneficial reasons – for example Ethereum co-founder Vitalik Buterin (originally Russian – launched Ethereum when he was only 20 years of age) said he had used Tornado Cash to be able to donate money to Ukraine anonymously.

Tornado Cash is used on the Ethereum blockchain and major companies such as Microsoft owned GitHub and Circle (a peer to peer payments company with focus on crypto assets, and issues the USDC stablecoin) have complied with the sanctions. Transactions passing through Tornado Cash have been blocked as have Tornado Cash associated website and emails. GitHub hosts Tornado Cash’s open source software.

Push to build identity protocol .bit – “a self-sovereign data container” on the blockchain in a bid to become the universal identification system on Web3

…what it aims for is to enable the use of the .bit ID as the user’s digital ID for all digital assets. For example, if I had a technews.bit alias, then if I linked my crypto wallet to that, then I can give that alias to a friend who can easily transfer cryptocurrencies to me, without having to provide the 35 character wallet address. The .bit identity protocol already supports numerous cryptocurrencies, and it is seeking to add more, including Bitcoin, Dogecoin, Polkadot and Solana. It also plans to enable users to utilise .bit for voting on decisions in relation to Decentralised Autonomous Organisations (DAO – which is, in short, a company/partnership on a blockchain).

Cybersecurity

Starlink terminal is hacked using off the shelf parts amounting to $25

…Carried out by a researcher in Belgium to demonstrate that Starlink satellites are not as secure as it could be.

Application Programming Interface (API) used by 5G network carriers has vulnerabilities enabling third parties to access IoT devices and data

…Again there are work of researchers who ascertained that exploiting the vulnerabilities enabled them to access SIM card identifiers, SIM card secret keys, owner of the SIM card and billing information. They do appear to be getting fixed.

EV/AVs

CATL, the world’s largest EV battery maker to set up a plant in Hungary

…makes sense. Very significant automotive companies are based in Europe; it makes sense to set up a battery plant there and soon enough car makers will follow to be close to the battery suppliers. BMW is already producing vehicles in Hungary. Hungary appears to have been particularly successful in attracting battery makers thanks to subsidies. Korea’s SK and Samsung SDI, and Japan’s GS Yuasa, all have factories in Hungary.

Auto Industry fails to persuade Court that the US Federal Communication Commission’s re-allocation of spectrum away from Intelligent Transport Systems was not lawful

…V2X technology is said to be important to autonomous driving, enabling vehicles to suss out the environment around them by facilitating real-time wireless data sharing between vehicles and infrastructure (eg. traffic lights), other vehicles and road users (pedestrians, bikes etc). It was promised that the technology will significantly enhance road safety and help unleash value for users of roads.

Quick history:

1999: FCC had allocated the 5.9 GHz band for use by intelligence transport systems (which permitted the use of DSRC – or Dedicated Short Range Communications technology which does not use a cell-tower).

1999-2019: Instead of developing anything significant in the spectrum in the following 20 years, other technologies like radar, LiDAR, cameras, and sensors were developed.

2019: The FCC began a new rulemaking process to ensure that the 5.9 GHz band was put to its best use, deciding to keeping the upper 30 megahertz of the 5.9 GHz band (5.895 to 5.925 GHz) for use by intelligent transportation systems and repurposing the lower 45 megahertz for use by unlicensed devices such as Wi-Fi routers. The FCC also proposed changing the technology that would be used by intelligent transportation systems; vehicles would need to start using “vehicle-to-everything (V2X)” communications (in which they send communications to cell towers and other devices) rather than DRSC which did not.

The Auto industry argued that the decision was not properly considered.  Department of Transportation and the Auto Industry said that the spectrum was needed to provide intelligent service systems adequately, and that there was the risk that the Wi-Fi devices would interfere with the usage in the upper band.

The Court upheld the FCC’s decision. It found that the FCC left the Transportation Petitioners with 30 megahertz of the spectrum in which to use their licenses, reasonably determining that that reallocation “will not meaningfully interfere with the ability of incumbents to provide the same types of safety-related services that they are currently offering.”

Fintech

The Consumer Financial Protection Bureau (CFPB) fines fin tech company Hello Digit for claiming its algorithms will save money and guard against overdrafts wrongly

…the faulty algorithm caused overdraft and unnecessary overdraft penalties for customers when it had guaranteed there would be no overdrafts. The algorithm was supposed to figure out how much each user should save, but did not.

Revolut, the British neobank offers a learn and earn scheme for crypto novices

…the idea appears to be that you have to go through training about dealing in cryptocurrencies, and then you are awarded tokens when you answer the questions correctly. The users should be informed about the risks of dealing in cryptocurrencies before dabbling in it. Hopefully it drives home the point that dealing in cryptocurrencies is not like a fiat at all, and that it’s not much different than gambling, and that it is highly volatile. Given the major crashes in the crypto market of the recent months, this is really not a bad idea – provided that the training does provide proper education, it could be extended to providers of actual gambling services.

Real Estate

Andreesen Horowitz (aka a16z) makes its biggest ever bet amounting to $350m on Adam Neumann (founder of WeWork)

Andreesen Horowitz is what I would describe as early stage “it fund” of the recent times, cropping up frequently in tech news concerning the latest NFT projects such as the Bored Ape, Axie Infinity (which became famous after it got hacked), CryptoKitties and the biggest NFT marketplace Opensea – as well as non-NFT related companies.

Adam Neumann is the “visionary leader who revolutionized …[the] commercial real estate [world]“. He founded WeWork to global success, providing office space initially renting cheaper properties and upgrading it to a much higher standard, improving facilities around the buildings too. But excessive fund money being poured into the business (thanks to Softbank) is reported to have resulted in extreme profligacy, buying up more up market properties and plying them with alcohol into the offices, kitting out with cool facilities, buying up a start up that makes artificial wave pools, and so on. WeWork’s value fell sharply and Neumann was ousted.

Which is why it’s a big surprise that Andreessen Horowitz is writing the biggest ever cheque for Neumann’s new business, Flow. Andreessen Horowitz explains that the US has a housing crisis, and it is ripe for disruption. Neumann has bought up 3,000 apartments in a handful of cities across the US, to provide “renters a sense of security, community, and genuine ownership”, having observed that renters in the US are on the rise. So I imagine it’s like WeWork offices, you are guaranteed a building with respectable standards and finish and consistent service “with the latest technology” [whatever this is – I’d love to know] – and do what Neumann did well before his big shopping spree at WeWork, gentrify the area, increase the value of the rent, build a good community. Unlike WeWork – whose business model was to rent office space on a long term basis and re-rent to clients on higher and shorter terms – which causes issues when renters cannot be found, Flow seems to plan to own the buildings themselves (albeit the business plan is not entirely clear). Andreessen Horowitz says they “love seeing repeat-founders build on past successes by growing from lessons learned”. They obviously think if anyone can do it, Adam Neumann can.

Learning point is that, if there is an industry which is ripe for change, then a disruptor is likely to come along, and use technology in some way to do so. So if there are inefficiencies in the market and you are the incumbent, then it may be time to innovate before a well resourced disruptor comes along – unless you have a pretty large moat around your business. Recently Amazon announced its acquisition of primary health care provider One Medical, which is expected to upend that sector, well-known for its inefficiencies.

Supply Chains

Uyghur Forced Labor Prevention Act coming into force means products which impinge on Uyghur forced labour is banned from entering the US – Solar panels seized

….the law means that companies wishing to import products into the US from China have to prove that the shipments are devoid of Uyghur forced labour. Evidence gathering has not been easy, which has led to companies being caught by the new law. The panels originated from the Xinjiang region, which produces about 40% of panel component polysilicon – it has been reported. This is a trend to watch – and may not be confined to Uyghur but other parts of the world with human rights breaching labour practices in due course.

Other

UK sues the European Union for blocking scientific co-operation contrary to the post-Brexit future agreement

…these include blocking access to projects such as Horizon Europe (funding programme for research), Copernicus (earth observation programme) and Euratom (nuclear research programme).

Note that the UK/EU relationship is not good. In particular, the EU are dismayed that the UK is backtracking from the Northern Ireland Protocol to the Brexit withdrawal agreement.

Delving Deeper

US FTC announces it will be making rules on “Commercial Surveillance and Data Security”

…As noted above, US FTC defines Commercial surveillance as the business of collecting, analyzing, and profiting from information about people. It asks the public to provide feedback on whether regulatory rules are need to protect personal data. US FTC considers that citizens feel that there is no choice but to give their personal details away living in the connected modern society.  

The Advanced Notice of Proposed Rulemaking asks a series of questions about practices related to commercial surveillance and data security, whether there ought to be rules and if so how those rules should be implemented.

The topics on which it asks for input are the following (The actual questionnaire is much more detailed – please click on the link for more information):

  • Harms to Consumers [which includes businesses and workers]: Information on what practices businesses use to surveil consumers. How does it cause harm to consumers, what evidence is available, what kinds of data are implicated, how should it be regulated?
  • Harms to Children: Commercial surveillance practices or lax data security measures that affect children, including teenagers. What types of practices are most concerning? To what extent should trade regulation rules distinguish between different age groups among children (e.g., 13 to 15, 16 to 17, etc.)?
  • Costs and Benefits: Relative costs and benefits of any current practice, as well as those for any responsive regulation. To what extent would any given new trade regulation rule on data security or commercial surveillance impede or enhance innovation? What would the outcome be if no regulation were provided for?
  • Regulations: To what extent are existing legal authorities and extralegal measures, including self-regulation, sufficient? How could potential new trade regulation rules require or help incentivize reasonable data security? Should new rules require businesses to implement administrative, technical, and physical data security measures, including encryption techniques to protect against risks to the security, confidentiality, or integrity of covered data?
  • Collection, Use, Retention, and Transfer of Consumer Data:
  • How and what consumers’ biometric information are collected and why? Should it be limited?  Should companies that provide any specifically enumerated services (e.g., finance, healthcare, search, or social media) be prevented from carrying out specific commercial surveillance practices like personalized or targeted advertising?
  • Should targeted advertising be limited?
  • To what extent, if at all, should new trade regulation rules impose limitations on companies’ collection, use, and retention of consumer data? Should they, for example, institute data minimization requirements or purpose limitations, i.e., limit companies from dealing in consumer data beyond a certain predefined point? Or, similarly, should they require companies to deal in consumer data only to the extent necessary to deliver the specific service? If so, how?
  • To what extent, if at all, do firms that now, by default, enable consumers to block other firms’ use of cookies and other persistent identifiers impede competition? [This bit is targeted at Apple enabling users to prevent tracking of their online behaviour causing huge loss to companies that rely on ad revenues derived from ad-targeting (which needs volumes of personalised data) such as Meta or increasing custom by targeted advertising such as third party apps (they will buy targeted ads from companies like Meta)]
  • Automation: How prevalent is algorithmic errors? What are the benefits and costs of allowing companies to employ automated decision-making systems in critical areas, such as housing, credit, and employment? Should there be a rule compelling companies to prevent alogorithmic errors? What are the benefits and harms of automated decision making?
  • Discrimination: How prevalent is algorithmic discrimination based on protected categories such as race, sex, and age? Should there be a limitation on any system that produces discrimination, irrespective of the data or processes on which those outcomes are based? Should the Commission consider new rules on algorithmic discrimination in areas where Congress has already explicitly legislated, such as housing, employment, labor, and consumer finance?
  • Consumer Consent: What is the effectiveness and administrability of consumer consent to companies’ commercial surveillance and data security practices? To what extent should certain specific commercial surveillance practices be prohibited, irrespective of whether consumers consent to them? Are opt-out choices effective?
  • Notice, Transparency and Disclosure: To what extent should rules require companies to make information available about their commercial surveillance practices? What is the nature of the opacity of different forms of commercial surveillance practices? To what extent should trade regulation rules, require companies to explain (1) the data they use, (2) how they collect, retain, disclose, or transfer that data, (3) how they choose to implement any given automated decision-making system, (4) how they use that data to reach a decision, (5) whether they rely on a third-party vendor to decide, (6) the impacts of their commercial surveillance practices, including disparities or other distributional outcomes among consumers, and (7) risk mitigation measures to address potential consumer harms? Given the potential cost of disclosure requirements, should rules exempt certain companies due to their size or the nature of the consumer data at issue?
  • Remedies: How should the FTC’s authority to implement remedies under the Act determine the form or substance of any potential rules on commercial surveillance?

The responses to this survey are likely to be highly polarised. Some say that the US FTC is already biased branding the practice of collecting and utilising data is “commercial surveillance”, rather than something more neutral such as personalised advertising.

Headlines in Tech 3 -10 Aug 2022

Headlines in Tech news of the week

US Federal Communication Commission “takes a significant step in asserting U.S. leadership in the emerging space economy” by issuing a Notice of Inquiry into new rules to support sustainable activities in space

…the US purports to examine the opportunities and challenges of in-space servicing, assembly, and manufacturing—or “ISAM”. Activities include satellite refueling, inspecting and repairing in-orbit spacecraft, capturing and removing debris, and transforming materials through manufacturing while in space. Some of these may require Commission licensing and rules or revisions to current rules or licensing processes. 

Founder, Chair and CEO of Viasat Mark Dankberg has written a piece in the FT about his concerns about over-exploitation of limited space resources, environmental damage and satellite collisions.

BigTech/ Data / Platforms

Security

UK Parliament shuts down own TikTok account following a letter referring to warning by tech experts that it’s essentially “Chinese Government spyware”

…the account was set up to engage with younger audiences, to convey the history and the functioning of the UK Parliament. But a number of members of parliament explained in a letter that TikTok’s parent is registered in China, and data of UK citizens can be turned over at the whim of the Chinese government. Indeed, the letter refers to the recent reports which have made clear… TikTok data is routinely transferred to China.  Access to children’s personal data to China ought to be a major concern, they said.

Closing down of the account doesn’t really make sense. UK Parliament’s TikTok account will never really be an incentive for a young person to open up an account on TikTok – so the Parliament’s account will do no further damage. If the concern really is the transfer of children’s personal data to certain third countries, then the sensible thing to do is to ban TikTok altogether, as has been done in other countries.

TikTok is under investigation in Ireland over alleged transfers of data to China.

Complaint filed to the UK Data Watchdog (Information Commissioner’s Office) to investigate gambling companies on how gamblers are ad-targeted

…the complaint by campaigners (headed by former gambling addict) say that the world’s largest gambling company Flutter is using data to profile users and lure back profitable players [meaning the losers, and potentially addicts], and failing to obtain the proper consent to collect medical data related to addiction. Tracking can be legitimately done for monitoring dangerous play and AI can be used to examine punters’ behaviours. Flutter says data is used to avoid vulnerable customers.

Privacy

UK government considers compelling foreign migrants with a criminal offence to use smartwatches with facial recognition technology to submit scans of their faces up to 5 times a day

…the objective is to closely monitor “individuals subject to immigration control”. Subject individuals are expected to also provide their personal data and location data together with the submission of the face scans. Not sure to what extent human rights implications have been considered before putting together this plan…

Platform

Should platforms such as Meta, Apple, Google be liable for apps on their App Store which violate gambling laws?

…the platformers seek to rely on Section 230 of the Communications Decency Act of the United States generally protects websites from liability over content uploaded by users or third parties. However, platformers are more and more expected to be proactive limiting online harms. Just recently, Apple and Google have been asked by Senator Brown what measures they are taking to ensure scammy crypto apps are not downloadable from their App Stores. The upcoming EU’s Digital Services Act oblige “very large platforms” to analyse systemic risks they create and to carry out risk reduction analysis  to reduce risks associated with, among other things, dissemination of illegal content.

If platformers were held to be liable, it would mean numerous types of legal checks of all angles need to be carried out in the vetting process by the platformers before apps are allowed to be made available on the App Store. This may not be such a bad thing for the platformers who will then have a reason why they say App Stores can only be offered by a select group of businesses.

On a similar theme, Visa is potentially on the hook for processing payments for ads featuring child sexual abuse materials on Pornhub. Visa has decided to stop facilitating transactions that purport to buy adverts from Pornhub owner Mindgeek’s advertising firm, TrafficJunky. [Slightly interesting point here is that platform owners such as Pornhub owns an advertising arm – see also Gaming – about adtech company AppLovin’s hostile takeover of Unity, a gaming graphics rendering company].

Amazon to purchase iRobot (makers of Roomba) for $1.7billion

…makes sense. And why wouldn’t a company whose number one leadership principle is Customer Obsession buy the Roomba? The data it can suck up might not be that valuable, but it would help serve its customers by doing the chores for them. There is likely to be synergy with Echo/Alexa and its household robot Astro. They already have plenty of robotics know how thanks to Amazon Robotics which run their numerous and massive warehouses.  What could be next? Remote lawn mowers and sprinklers? Amazon residential blocks? Hotels? A Roomba on each floor would undoubtedly make running buildings much cheaper; Amazon is slowly building business in smart buildings and smart cities. They already provide private 5G networks for offices. Then, there is the Sidewalk…

Not just a smart home provider, Amazon can look after you beyond your front door

Note that, at least in the US, Amazon devices are (unless you opt out) constantly connected to the internet – it provides a network called Sidewalk – which is “a neighborhood network designed to make your devices work better—both inside your home and beyond the front door…Amazon Sidewalk uses Bluetooth Low Energy (BLE), the 900 MHz spectrum, and other frequencies to simplify new device setup, extend the low-bandwidth working range of devices, and help devices stay online and up-to-date even if they are outside the range of home Wi-Fi…”. Note though it extends the network by sharing your internet bandwidth with your neighbours, which has obvious security and privacy implications, although Amazon states it has put in place measures to safeguard from that happening. Amazon is also reported to have said that it might share Sidewalk data with third party developers – essentially, using the Sidewalk network as a platform from which to offer more and varied services (and then get more data). 

The idea might be is that Amazon might eventually help you find your lost pet which have gone walkabouts, or track your stolen car. Roomba could gain additional features that support such service. However, Amazon offering has the potential to transform into an IoT surveillance ecosystem powered by AI – as pointed out in the Forbes article.

Potentially subject to regulatory clearance.

Crypto

Hot wallets on the Solana blockchain is hacked – cause unknown

…users of hot wallets [wallets that are constantly connected to the internet – for ease of use] have found that their funds have been drained. It is suspected that a bug in the software governing the wallets have allowed the hacker to access the private keys to the wallets. Solana is encouraging users to transfer funds to cold wallets. Needless to say Solana’s value dropped with the news.

EVs/Autonomous Vehicles

US Senate passes the $430billion Inflation Reduction Act: to tackle climate, tax and healthcare

…this include tax credits to encourage more EV sales (as they are still more expensive than traditional Internal Combustion Engine (ICE) cars).

How much can car makers charge for access to on-board diagnostic information to enable independent car repair? EU Top Court to decide

…In the EU, certain data must be made available to independent car repairers to enable them to repair cars. This law is implemented to encourage competition; otherwise car makers can charge inflated fees to repair cars. There are three cases in all each of which ask the Court of Justice of the European Union to clarify the meaning of the data sharing rules:

  • Regulation (EU) 2018/858 states that “the manufacturer may charge reasonable and proportionate fees for access to vehicle repair and maintenance information. A question has arisen as to how the fee level should be calculated (see C-390/21).
  • Regulation (EU) 2018/858 states that “Information shall be presented in an easily accessible manner in the form of machine-readable and electronically processable datasets“. A question has arisen as to what format that data need to be in order to fulfil the requirement. (see C-319/22)
  • Are car manufacturers allowed to impose conditions (such as making the repairer register to access the data, agree terms and conditions, and pay to access diagnostic tools) to access the requisite data? (C-296/22)

The impending Data Act also have similar but industry neutral provisions, which give users the right to access data generated data through their use (this would include vehicle generated data, but will apply to other data – such as that generated by an equipment in a factory). These are cases to watch not just for car makers but for other device makers.

Volkswagen sues software company Smartcar in Northern District of California for providing apps to Volkswagen users without authorisation

…Smartcar has a partnership with Hyundai and BMW. Volkswagen considered partnering up with Smartcar but had declined. Accessing Volkswagen cars constitutes false association and is a violation of Computer Fraud and Abuse Act, among other breaches the complaint says.

What kind of services can drivers of Volkswagen expect? So explains Volkswagen in its suit: Volkswagen users can access optional connectivity services, including Car-Net, Audi connect, and the myAudi apps which contain features that allow Volkswagen and Audi drivers to connect to and control their vehicles using their smartphones and computers. These include remote access, security details, car location, driver details such as high-speed warnings, geofencing, wi-fi hotspot capability, in-vehicle voice controls, online map and traffic updates, parking and gas station finders, and toll modules. Third party app providers are carefully vetted to ensure that they meet the high standards for compatibility and interoperability, functionality, security, and safety.

What does Smartcar do? According to the complaint, Smartcar is offering application programming interfaces (“APIs”) that it claims allow web and mobile apps to communicate with connected cars to exchange information between the app and the vehicle. Smartcar claims that companies use its APIs to connect to vehicles to obtain data such as EV battery status, fuel tank status, odometer status, oil life, tire pressure, vehicle attributes, vehicle identification numbers and location; and further to enable access to the vehicle and issue commands, including to lock and unlock, manage EV charging, and issue digital car keys.

What are the acts complained of? Volkswagen lists these acts of Smartcars as not accurate / unauthorised

  • Smartcar APIs are compatible with Volkswagen/Audi and is the “best way to build apps for” them.
  • Use of Volkswagen trade marks

Volkswagen says that Smartcar gives users the impression that it is authorised when it is not, and it is unlawfully circumventing Volkswagen’s vetting process with implications for safety and security. Volkswagen also alleges that Smartcar has misused confidential information given to them to demonstrate Smartcar capabilities with a view to partnership which was later not followed up on.

Volkswagen also explains that it is not able to distinguish between genuine end user access and the unauthorized access facilitated by Smartcar. It is interesting to note [although not surprising] how Volkswagen explains that it collects user analytics and other data derived from authorized customer access. This data, and reports generated from such data, are useful and valuable for internal research, and as monetizable commercial assets for sale and license to app developers, marketers, and other contractors.

Baidu launches fully driverless, licensed robotaxi in Wuhan and Chongqing

…Baidu (along with Pony.ai) already has a licence to operate robotaxis with safety drivers on the passenger seat in Beijing.

The areas which Baidu will operate its fully automated cars are not densely populated, and are built for testing autonomous vehicles (the zone in Wuhan have road infrastructures that can communicate with vehicles), but it will run during office hours.

Meanwhile over in the US, Cruise (General Motors company) has started a driverless service in San Francisco (out of office hours) and Waymo (Alphabet/Google owned) in Phoenix.

Amazon’s driverless car unit Zoox seeks permit in California to deploy Robotaxis without steering wheels or pedals

…Zoox will be liable for the safety of the vehicle. [Note: slightly old news]

Tesla’s “Autopilot” and “Full Self-Driving” labels are deceptive and should be prohibited from sale in California, said the Californian Department of Motor Vehicles (DMV) in its suit

…DMV also says that purchasers should also be able to claim back any loss incurred as a result of the deception. DMV says Tesla cars are far from autonomous, not at the point of advertisement, and not even now. The DMV might want to look at the UK Law Commission’s proposal which is to provide that the term “Self-Driving” be used to indicate a legal threshold…

Gaming

Unity (a mainstream real time 3D graphics engine) plan to merge with Ironsource, a mobile adtech company in jeopardy as Ironsource rival AppLovin makes an unsolicited bid for Unity – on the condition that Ironsource is rejected

…the Unity software enables developers/digital artists to create games with high fidelity 3D graphics and renders them in real time.  The tie up with mobile ad tech business Ironsource was calculated to enable creators to monetize their games more effectively. AppLovin, Ironsource rival has decided to make a move on Unity too. It just goes to show how much monetisation opportunities there are in gaming.

Metaverse

HSBC becomes the first bank to buy land and open doors in the Sandbox metaverse

…the idea is apparently to connect with esports, sporting and gaming enthusiasts but the plan appears not really that detailed at present.

Satellites/ Space

More consolidation of companies – Luxembourger SES & US’s Intelsat

…reason is the needing of cash to upgrade technology, to catch with SpaceX. This follows US Viasat’s proposed takeover of UK’s Inmarsat (both geostationary satellite operators), and OneWeb (Low Earth Orbit, or LEO) and Eutel (geostationary satellites (GEO)). Intelsat and SES have Medium Earth Orbit (MEO) satellites, Intel also has geostationary satellites according to the FT article.

SpaceX’s speciality area is cheaper, smaller LEO satellites. This has enabled SpaceX to achieve scale.

A bit about the different satellites

GEO: Furthest away. As the name suggests it orbits over a specific part of the earth. Because it’s farther away, it covers a large part of the earth; three of these equally spaced can almost cover the whole of the earth.

LEO: Situated up to 2000km above the earth, apparently it could be, technically, low as 160km [though still high, in contrast with planes, which flies up to about 14km high]. Closer to earth means higher resolution images can be attained. These are fast, taking only 90minutes to go round the earth, making it very difficult to track, so LEO satellites need to work as a constellation to provide telecommunication coverage.

MEO: These satellites orbit in the range between GEO and LEO. Used for navigation such as tracking jumbojets and getting locations on the smartphone. Information taken from the European Space Agency.

Delving Deeper

Inside Apple Cars

…Apple is known for its culture of super secrecy. But there is a limit to their walled secret garden insofar as patents are concerned, which are rights to exclude others from using inventions. Patents are granted in return for disclosing the invention so that the public can make use of thereafter. Apple’s patent applications certainly indicate that they are making cars. What would an Apple car be like? A peek inside Apple’s patent applications (about 250 of which are at present public) indicate that it would be one with superior user experience [UX] – according to articles published in the Nikkei:  

The three phases of Apple Car development

  • 2008-2014: Developments appear to focus on providing car navigation via the iPhone, culminating in CarPlay, the user interface for drivers. CarPlay is reported to be now equipped on 98% of new cars in the US [not Tesla though –Tesla isn’t letting go of revenue raising opportunities that easily]. It can do everything that a usual car can do, from adjusting the aircon to indicating gear levels, engine revs and speed, of course, indicating where the nearest gas stations, charging stations and parking spots.
  • Mid 2010’s: Project Titan [development of autonomous EVs] is implemented, Apple hires a large number of AI researchers
  • Late 2010’s: Application for patents that relate to wireless connectivity, including V2X [Vehicle to everything – traffic lights, roads, other cars, pedestrians etc]. Some co-developed with Intel.

Other notable types of patent applications

  • Those that concern a better UX:
    • Windows which darken depending on the incoming light level
    • Car body which elevates to facilitate passengers to embark and alight vehicles
    • Suspensions and seat belts which become active depending on the road surface to enable a smoother journey for the passengers
    • For example in May it was granted a patent called “immersive display of motion-synchronized virtual content”, where vehicle motions may be integrated into the virtual experiences (user wears a VR headset) to help prevent motion sickness. The VR system may provide virtual views that match visual cues with the physical motions that a passenger experiences. The VR system may provide immersive VR experiences by replacing the view of the real world with virtual environments.
  • Those that concern autonomous driving: Navigation of merging lanes on a highway

No business hacks Hardware and Software integration, User experience, Platform infrastructure and Supply chain management quite like Apple. It has already started investing into research and development into semiconductor designs as well. There is no reason why Apple, with its towering cash pile wouldn’t wish to embark on a project like autonomous vehicles, which present ample prolonged captive user touchpoints for monetisation and brand penetration.

Tesla did really well to get a head start on EVs by a long chalk. May the Musk / Twitter saga [Delaware trial set for October] continue, so Apple must be wishing.  Musk continues to be distracted by the Twitter acquisition he promised. He has recently challenged Twitter CEO Parag Argrawal to a debate. “I hereby challenge @paraga to a public debate about the Twitter bot percentage. Let him prove to the public that Twitter has <5% fake or spam daily users!” – he tweeted.

German court bans sales of Oppo’s smartphones in Germany for infringing Nokia’s standard essential patents

Why are Standardised Technologies so important today

Standardised technologies are growing with globalisation and the need for interoperability. In the world of cellular wireless communication technology, the way in which the mobile phones communicate to its phone masts are standardised – in other words they speak the same language, and so are interoperable. If the global population all spoke the same language, we would be able to communicate with everyone – which of course is not the case for the human population but it is the case for the connected devices population. That’s why an iPhone user can call a friend who has a Samsung Galaxy phone, or a connected car. They may be on different networks, they may be in different countries. It doesn’t matter, because all the phones and phone masts communicate in the same way. Standardised technologies enable interoperability in this way, and as technology for cellular wireless communication technologies are standardised globally, interoperability is achieved on a global scale. It also means a phone manufacturer can make phones in one country and export them everywhere, not worrying about which type of phone needs to go to which regions, unlike DVD player makers of the past where the standards differed between regions.

What is a Standard Essential Patent

Cellular wireless telecommunication technologies are complex in the extreme. From a standpoint of someone that deals with patents in this area, I can say it really is mind-boggling. It means that so much investment, man hours, innovation and risk have been poured into creating these standardised technologies – and not just by one company, there are several companies that have done so. They are businesses and expect to be able to monetise their investment. Most businesses will therefore have applied for a patent in relation to these technologies. Some of the technologies will have been incorporated into the cellular wireless telecommunication standard – this means that if you are selling a device which uses cellular wireless technology, then your device necessarily infringes the patents. There is no way of avoiding the patents, in other words. These patents are called standard essential patents (or SEPs). It gives the opportunity for SEP holders to approach the tens of thousands of device makers and ask for a licence fee.

The scale of SEPs is vast. Just for 5G cellular for example, approximately 100k patents have been estimated to have been declared to be potentially standard essential (note: it is self-declared and it does not mean that they are in fact standard essential). The number of IoT devices in the world is estimated to near 15 billion this year (which may or may not use 5G, but a good proportion will). There are of course various other standardised technologies, such as WiFi, Bluetooth, video codec technologies and more.

Special licensing rules for Standard Essential Patents

When it comes to SEP licensing, there are additional rules. Just using the cellular wireless as an example, because cellular device makers MUST use the standard, so they must also use SEPs. It is the same with other types of standardised technologies. Without the additional rules, this could give SEP holders the ability to abuse its position, by demanding exorbitant fees from device makers that are necessarily using the SEPs. Such behaviour would not support technological development, and so the relevant Standard Setting Organisations for cellular technologies (SSOs in short – in the case of cellular, the organisation is called ETSI) which provide the framework for deciding which technologies should be adopted into the standard, ensures that all potential SEP holders are willing to offer the use of standardised technologies on Fair, Reasonable and Non-Discriminatory (FRAND) terms. The idea is that, because it’s standardised, many users will need to use the technologies and so even if those users are only paying a “Fair and Reasonable” royalty rate, SEP holders will be able to enjoy a sufficient licence income, enough to gain profit and be incentivised to invest more to keep developing the technology, and prosper further.  

What’s the problem with Standard Essential Patent Licensing

Critically though ETSI does not state what terms and licence rate would constitute FRAND or how it ought to be calculated. Not surprisingly, the device makers say that the terms the SEP holders say are FRAND is not, they are asking too much. SEP holders say that the device makers are unreasonably asserting low royalty rates and/or using the technology and are unwilling to negotiate with the SEP holders in a constructive manner. Given the importance of standardised technologies (see above) and major problems faced in SEP licensing negotiations, governments around the world are trying to see if anything can be done to facilitate smoother licensing negotiations. 

Back to the dispute between Nokia v Oppo

Nokia is one of the major SEP holders in the cellular field. Its negotiation of SEP licensing with the low-end mobile phone maker Oppo broke down, and so Nokia sued Oppo in Germany (alongside many other jurisdictions). Germany is a very popular jurisdiction for SEP owners as they can get a speedy decision on whether a defendant is infringing and whether, in which event, an injunction should be ordered. It is reported that the Court found that Oppo was infringing and moreover although Nokia had discharged its FRAND licensing obligations, Oppo were unwilling to engage in the negotiations in a fair and reasonable manner as is expected of them, being users of SEPs. Accordingly, the German Court ordered an injunction against Oppo not to deal in handsets in Germany.  

This is a big deal. German consumers are left without one of the major low-mid range smartphone in the market, at least for the time being. Most defendants in the situation in the past have ended up compromising (ie: take the licence that is being offered, or else successfully negotiate a licence) to avoid an injunction. Because what is asserted is a SEP, Oppo (and its sister brand Oneplus, which is also implicated) cannot avoid infringing it.

Clearly, for now, Oppo has taken the view that it is more advantageous for it to sacrifice its revenues in Germany in return for not having to pay a licence to Nokia. The Nokia licence on the table is likely to be global in nature – meaning if Oppo accepted, it will have to pay considerable amounts in respect of past years of non-payment on a global basis as well as going forwards. There may be other reasons – Oppo is asking its home Court in China to set the global FRAND licensing rate – which is likely to be lower than that is offered by Nokia, and they may be hanging out for that (or use that as a pressure point to lower Nokia’s offer further). As the report notes, Oppo is also being sued in Germany by other SEP holders, so the withdrawal from the German market might help take the sting out of those legal actions as well. Oppo is countersuing Nokia for infringing its own SEPs for the infringement of Nokia’s base stations [note as a result of geopolitical tensions, the West are shunning cheaper Huawei base stations in favour of Nokia and Ericsson made ones] and so a favourable decision in that case might give Oppo leverage against Nokia to lower its licensing offer too – and get Nokia to agree to lift the injunction. The case is definitely one to watch.

Note that there is a similar sort of power play going on between Ericsson and Apple across multiple jurisdictions in which Ericsson has obtained an injunction against Apple in Colombia.

Headlines in Tech 27 Jul – 3 Aug 2022

Headlines in Tech News of the week

US Congress passes $280bn Chips and Science Act

…this will comprise:

  • $52bn in subsidies for US chip manufacturing and R&D [+further tax credits]
  • More than $100bn for technology and sciences investments

The aim is to make the US more competitive against China, and shore up critical supply chains for semiconductors. Some critics wonder why so much cash is being given away to big corporates (and not necessarily US ones only – Intel of course will be up for a chunk but also No1 semi maker TSMC and Samsung are building factories in the US). However, building a chip making business is prohibitively expensive [~$10bn] and companies would not want to risk not being able to sell the end products once the factory is operational. There is also every possibility that Taiwan/ China / South Korea are so ahead in its game that it will not be possible or take years to catch up on the technology.

The Act contains qualified “guardrails” that any recipient of funds must not for 10 years make significant transactions with China or other countries of concern involving semiconductor manufacturing capacity. This is a problem for TSMC and Samsung:

In addition to the above, the lack of appropriate talent in the US is a serious issue. Top engineering talents in the US tend to go into more programming, data analytics and cryptography type disciplines. Furthermore, the Act does not deal with germanium and gallium required to make chips, which are mostly imported, significantly, from China.

Nat King Cole’s There May be Trouble Ahead rings in my head.

Apps

India bans a popular combat game BGMI

…reasons are not entirely known, but India has in the past banned over 300 China-linked apps as a result of geopolitical tensions between the two states. The South Korean app maker has cut ties with publishing partner Chinese tech giant Tencent, which was also a major investor in the business.

Artificial Intelligence

Alphabet’s DeepMind, in partnership with EMBL’s European Bioinformatics Institute (EMBL-EBI), publishes the predicted structures of nearly all catalogued proteins known to science

…this is the work of AlphaFold, DeepMind’s AI system which predicts the 3D structure of a protein, which was open sourced about one year ago. The predicted structure can be searched like doing a Google search. DeepMind is a Google company after all.

How many protein structure does the database hold? 200 million +

Implications: Massive reduction in the time to make drug discoveries – drugs are most effective when it can for example, fit around a protein that is causing the problem. Therefore, understanding the target protein will help achieve formulating the drug that can supress it.

Limitations: There are all predicted structures, so testing does need to be done to actually verify the structure. Viruses are excluded from the open source database to prevent access by bad actors.

What next for DeepMind?: Says DeepMind it will “partner… with new sister Alphabet company Isomorphic Labs to reimagine the entire drug discovery process from first principles with an AI-first approach; establishing a wet lab at the renowned Francis Crick Institute to strengthen the connection between AI and experimental techniques to advance understanding of biology, including protein design and genomics; and expanding our AI for Science team to accelerate further progress on our fundamental biology research and apply AI to other fascinating and important scientific challenges, such as climate science, quantum chemistry, and fusion”.

BigTech/ Data / Platforms

Freedom of Speech

Californian School Board members violated First Amendment (free expression) by blocking certain public persons from commenting on public Facebook pages

…so the Ninth Circuit held, holding that the school board members were public officials using their public social media pages to inform constituents about goings-on at the School District and the Board. The plaintiffs were said by the defendants to have posted repeated and lengthy criticisms in the comments section. They deleted/hid those comments and eventually blocked them altogether. The defendants were found to have violated the First Amendment, the Court relying on case law which found that in a designated public forum, “the government may impose reasonable restrictions on the time, place, or manner of protected speech, provided the restrictions” are “narrowly tailored to serve a significant governmental interest” and “leave open ample alternative channels for communication of the information.”

Privacy

Google decides to delay abandoning Third Party Cookies by one year to end of 2024

…its decision follows feedback from industry for more time to assess the Privacy Sandbox, which is designed to enable advertisers to carry out measurements and ad tracking without collecting huge amounts of user data. It is essentially carried out by aggregating data about conversion (into clicks, purchases) and attribution (from which ad placed on which website). Public testing starts now.

The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save information – so that when you visit the web site for the second time, it knows your preferences, or that item you didn’t purchase is left in the trolley – in case you do want to buy this time. German publishers and marketing agencies, and others have complained to the EU commission that abolishment of third party cookies mean that third parties cannot use data to carry out targeted advertising whilst enabling Google to continue using first party data (eg. by people carrying out searches on Google search engine).

Furthermore the publishers complain that Google’s proposal will block users who want third-party cookies (for more personalised web browsing experience). Google could of course expect to get more ad dollars if the advertisers are correct that that they are more effectively able to target ads to potential customers using cookies. The great majority of Google’s income, be it via Search, Gmail, Maps, YouTube, Ad Networks (~80%) is ad revenue.

Competition

French iOS app developers sue Apple in the US (Northern District of California) for anti-competitive distribution of apps, including excessive commission on in-app purchases

…the named plaintiffs in the proposed [corporate] class action (for the benefit of French businesses) are Société du Figaro, which develops the Figaro news app; L’Équipe 24/24, which develops the L’Équipe sports news and streaming app, and Le Geste, an association of French content providers.

The key complaints are:

Monopolising the App Store and loss of control

  • Wilful monopolisation: Apps can be downloaded only on Apple’s App Store, and Apple mandates the use of its own app purchasing services. Developers cannot not tell end-users within its app that they could acquire and pay for content outside the app, nor can they provide a link within their app to the place where they could procure the content, creating lock-in.
  • Apple says it’s in the interest of security, which implies that no other company could possibly provide sufficient security yet, there are alternative app distribution channels for MacOS. No reason it can’t be replicated for iOS.
    • Like for the MacOS, Apple can automatically scan apps and notarize them as safe before apps are distributed
    • Apple can alternatively vet app stores [ie: companies behind the app stores] rather than check the features of each app.
  • Switching costs between developing for iOS and Android are high. For example, app developers must learn the discrete programming languages peculiar to each ecosystem.

Developers’ lack of control over its users

  • Developers lose control of maintaining relationship with its customers, as they become Apple’s customers not the Developers’. Developers can no longer help the customer who’s buying the product with the following requests: Refunds, credit card changes, discounts, trial extensions, hardship exceptions, comps, partial payments, non-profit discounts, educational discounts, downtime credits, tax exceptions [referring to comments of a CEO of a developer who is not the plaintiff].
  • The implementation of App Tracking Transparency (ATT) means that the developers have no access to data concerning user behaviour, which prevents developers from being able to carry out targeted advertising, whilst leaving Apple to continue to target ads [the user interface prompt for opting out of third party tracking is different to that for Apple’s own apps, where the prompt emphasises the benefits for users if they were to allow to track their activity].
  • Developers would then have to advertise on Apple’s App Stores – this inflates the prices of advertising on Apple’s App Store. As noted by FOSS Patents, this point was picked up in the Epic v Apple case

Unfair pricing and financial arrangements

  • Web-apps are not a true alternative means to native apps, which are more versatile and quick
  • Up to 30% commission on the sale of paid apps + USD $99 (or equivalent) annual developer fee are exorbitant.
  • Apple dictates minimum and greater price points, such that iOS developers cannot offer paid products at less than USD $.99 or at price points ending in anything other than USD $.99. – developers cannot price at lower and different price points in order to maximize volumes.
  • Developers are locked in to Apple payout policies, which means developers must endure the six-plus-weeks’ delays in funds distribution that are built into Apple’s system [ie: Apple can sit on a pile of cash that is owed to the developers, and earn interest on them – Amazon is known to do this at least in the past, with respect to payment to third party sellers on their platform ].

Others

  • Sheer number of apps [currently 1.8 million] – all only available from a single App Store means innovative apps are difficult to be discovered  
  • Abuse of monopsony [buy-side power] as the sole seller of iOS apps and in-app products – forcing developers to take 70% on the dollar for their paid products by way of subtracting its supracompetitive default 30% commission

The plaintiffs ask monetary relief and cessation of all anticompetitive conduct.

Platform

Uber records positive cash flow for the first time – how did it do it?

…the day the investors were waiting for. They have been investing, providing incentives to expand the business. Now they are dominant, they are in a good position to be able to exploit the platform (ie: to achieve the much wanted network effects) and client base they have managed to build. In short, their success is down to aggressive investment into the platform and gaining user base, synergistic side businesses and technology:

  • Optimised pricing + reduction in incentives [increasing in price in such a way to maximise profits without losing users – no doubt lots of data analytics went into this]
  • Driver routing algorithms

Food and grocery delivery + freight shipping businesses

Connectivity

Qualcomm signs a 7 year licensing deal with Samsung covering 6G

…this is a major win for Qualcomm and Samsung. Samsung, of course is one of the two premium handset makers alongside Apple, but time has moved on and connectivity goes beyond handsets these days – it’s PCs, tablets, extended reality, and more. Otherwise they may not have agreed to a deal which spans 7 years – up to 2030; a relatively lengthy agreement. The deal encompasses 6G patents which is the year when the 6G standards will be set. Note that Qualcomm labels the deal as a strategic partnership– ie: it is no ordinary patent licensing deal. 

From Samsung’s point of view, perhaps tying up with Qualcomm was one way of catching up with its great rival Apple – it has been reported that it is losing the technical edge in Smartphone Application Processors (the computer that runs the operating software, apps, processing commands, graphics, memory management etc) and D-Ram (dynamic random access memory), which was once Samsung’s key strengths. Qualcomm has the largest share of Smartphone Application Processors (such as the Snapdragon), nearing 40%.

Qualcomm CEO Cristiano Amon explains that the deal is important in two regards:

  • It would form a good benchmark for renewal for 6G licences in a market where Galaxy or iPhone are the only premium handset choices.
  • Enables Qualcomm to enjoy increased earnings, because it supplies the Snapdragon platform to Samsung, which has more processing content (efficient processing of AI, graphics, images) than just the 5G modems (which is only about connectivity).  

Pressure is surely on for Apple, which has been locking horns with Qualcomm. It is no secret that Apple wants to lessen its dependence on Qualcomm if it can, and do everything in-house, hence its move to develop its own chips last October. It will have to do so quickly, before the current licensing agreement expires in the next few years.

Separately, Amon also observed that Qualcomm appears to be somewhat shielded from macroeconomic headwinds (ie: increased inflation and interest rates and so decreased consumer spending) because it has deliberately chosen to focus on premium handset market. In the IoT sector too, its enterprise and industrial IoT demands have kept pace as a result of businesses having undergone digital transformation.

Take home point is that business’ focus on high profit premium generally is likely to continue across the board – for example, Mercedes is focussing on more profitable higher-end cars, enabling it to shrug off recession prospects, Volkswagen sees its luxury brand Bentley’s profits soar with average selling price at €200k, Ferrari has forecasted an increase in profits as more customers are paying for bespoke features such as paint and wheels.

Copyright

Facebook applies to get copyright claim for making available embedding technology dismissed in the US

…the actual motion to dismiss is not a big deal, but the issue might be quite interesting.

Technology in question: The “embed” feature gives users and third parties a technological tool to easily make Facebook posts appear on another webpage. An image is embedded by hyperlinking a user’s browser to a server connected to the Internet. “Embedding” is fundamentally a method of pointing a user’s browser to an address where particular content may be found.

What’s the issue: Plaintiff Logan is a Facebook account holder who asserts that Meta has infringed his copyright in several photographs which have been “unlawfully embedded from his 3rd party hosts and his Facebook account page”. The plaintiff said that the photographs which are hosted on Facebook’s server, are triggered to be displayed on a third-party webpage … To embed a photo or video, the web designer adds an “embed” code to the HTML instructions from a public Facebook account. This code directs the browser to the Facebook’s server to retrieve the photo or video. Meta’s servers respond by transmitting the image.

Facebook’s defence:

  • In order to open an account and upload content on Facebook, the user has to agree its terms in which the user grants Meta a nonexclusive license to publicly reproduce and display the uploaded content. Therefore there can be no copyright infringement.  
  • The embedded Facebook photograph is never hosted on or transmitted through the third-party servers; it is hosted only on Facebook’s servers. Therefore there is no direct infringement carried out by the third party, and so there should be no case of copyright infringement. [In the EU, Article 3 of the InfoSoc Directive gives copyright owners the exclusive right to communicate protected works to the public. In general, it is not an infringement of a copyright to hyperlink to original content which was made freely available lawfully – but the test is rather nuanced and can depend on the circumstances of the publication].

Crypto

Apple and Google asked by Senate Banking Committee about what it’s doing to keep scammy crypto apps off its App Stores

…Pressure is on for Apple and Google to respond with a substantive response, as they have cited security and privacy as the main reasons for not allowing other App Stores on their Operating Systems (iOS and Android) [see also the French companies’ complaint against Apple, above].

Cybersecurity

UK’s Financial Reporting Council (FRC) says that Digital Security Disclosure needs to improve

…the Council said ” Every company is now digital, so providing useful, relevant and focused disclosure on digital security is critical. Investors need transparency in this area, and this report provides a key resource for companies looking to achieve this”. The FRC Lab report provides details about how to optimise disclosure for investors [which would include shareholders]. It would also be useful for companies in the event of data breach. Proper implementation of measures would help minimise risk and potential penalties if thought had been put into strategy and governance. I heard somewhere that tech oriented students would do particularly well in the future to specialise in cybersecurity. Unfortunately, it does seem to be an area where there is no scope of abating.

US Comptroller of Currency discusses the risk of evolving cybersecurity threats to the Financial Sector

…but, as the FRC says in the newspiece above, the warning ought to apply to all businesses. Of course, highly sensitive and critical areas such as finance, health and security would need to be particularly vigilant.

It warned that basic cybersecurity controls can significantly contribute to enhancing the resilience of systems and operations against cyber threats. In particular the majority of cybersecurity breaches have been by failure to have effective controls in the following three areas:

• strong authentication;

• effective systems configuration and patch management; and • cyber response and resilience capabilities.

EVs

EV maker Nikola to buy its battery supplier Romeo Power

…both business’ shares have been significantly knocked down as a result of supply chain issues. EV maker Nikola aims to purchase its battery supplier to cut down on manufacturing and operating costs. This makes sense when batteries are a critical component of an EV, taking up about a third of the total value of the car itself. Moreover, as Romeo’s biggest customer Nikola presumably knows Romeo well, or well enough, and Nikola will acquire know-how on critical EV batteries. The most successful EV company, Tesla is also planning to produce its own EV batteries to increase profit margins, and develop better battery technology for its own cars.

Nissan to offer customers to rent its car for several years in a bid to retain second hand car batteries for recycling

…this is due to the fragility in supplies of minerals and materials from Ukraine and Russia that are critical for EV manufacture. A significant 80% of second hand Nissan EVs (the Leaf) are exported to Russia and New Zealand. Japan wishes to retain them so they may be refurbished for re-use as an EV or for solar power storage. Other companies such as Ford and Volvo, have a recycling venture which include EV batteries but also other goods such as laptops, power tools and e-bikes.

Japanese automakers Mitsubishi and Toyota to invest $2.5billion to produce EVs in Indonesia over the next 5 years

…perhaps the plan is to diversify from China, with its strict covid policies / geopolitical tensions / regulatory concerns / increasing labour cost. Recently, the second largest EV battery maker LG Energy Solution have decided to build mining-to manufacturing supply chain for batteries in Indonesia which is the largest producer of Nickel. The largest EV battery maker CATL (China) also has a deal to produce batteries there. It would make sense to produce EVs where batteries are also manufactured as well.

Green Technology

Microsoft develops hydrogen fuel cell to cut down on carbon emissions from its data centres

…Microsoft is committed to eliminate diesel usage as a part of its pledge to become an impressive carbon negative by 2030.

Metaverse

Unilever promotes its brands in the Metaverse

…in different ways.

  • Deodorant brand Rexona sponsors the first ever Metaverse marathon on Decentraland. The first-ever adaptive wearables were introduced, including wheelchairs and running blades to enable a wider range of people to be represented.
  • Oral care brand CloseUp enables any couple to mint an NFT marriage certificate and immortalise their love on blockchain, at the City Hall of Love in Decentraland.
  • Ice cream brand Magnum has a been showcased in the Magnum Pleasure Museum, a virtual exhibition on Decentraland.

Hair care brand SunSilk features as Sunsilk city on the popular gaming platform Roblox, a space for girls to feel safe, and play games, engage in training programmes.

Delving Deeper

Top Indian tech company Reliance Jio bids heavy on 5G Spectrum

…This Indian company is definitely worth noting. We aren’t as familiar with Indian companies as we are with Chinese companies, but India is clearly a force to be reckoned with. Offering up ~$20billion, Jio has outbid the next highest bidder Airtel (run by Mittal – which owns part of UK satellite company OneWeb (soon to be merged into Eutel) – as reported last week) by over three times, and Vodafone Idea (UK company Vodafone’s Indian venture). Jio’s major rival conglomerate, the Adani Group are not intending to serve consumer mobile services, and focusing on logistics / power / manufacturing, industry command and control centres / data centres.

Who is the founder? Mukesh Ambani

What’s its business? National network provider, has nearly 40% market share

Notable stakeholders: Google (Jio’s budget smartphone uses the Android OS – note Google’s CEO Sundar Pichai is also of Indian origin), Facebook and US Private Equity companies, Saudi’s investment fund.

A bit more about 5G

Clearly, Jio considers 5G as a key future growth area, representing a major transformation in all areas of industry.

It has significant advantages over pre-existing wireless communication protocols such as LTE and WiFi. It has 3 major capabilities:

  • It is reliable: ULL, or ultra low latency – think: Autonomous Vehicles and navigating cars in moving traffic on a ms level
  • HHHigh throughput: eMBB enhanced Mobile Broadband – think: downloading a feature movie in an instant
  • Provides resources to a number of devices: mMTC massive Machine Type Communications: for intermittent transmission of moderate amounts of data at lower data rates. It allows sensors and IoT devices to operate with a long battery life. Useful for smart city deployments.

But not all uses will require all three characteristics. The use cases will dictate which spectrum band [which is scarce – hence the competitive bidding] will be used:

  • Millimetre wave spectrum(over 24GHz): Very high throughput (gigabit/second) over short distances
  • Mid-band spectrum (1-6GHz): It has a relatively high throughput (300-600 megabit/second) over much longer distances
  • Low-band spectrum (below 1GHz): lower speeds, generally for IoT applications.

There are two key technical aspects that help drive the hallmark capabilities of 5G:

  • Multi-Access Computing (MEC): This is a cloud environment located close to where the processing and output delivery need to take place. This enables high throughput, ultra low latency connectivity, needed for applications such as autonomous driving.
  • Network slicing: Most 5G radio sits on top of the existing 4G network infrastructure (Non Standalone), but once 5G core network (ie: Standalone 5G)  is deployed, network slicing can be carried out. This will enable a single device (eg. connected car) to utilise the spectrum in a dynamic and optimised manner according to the predictive requirements of the quality of service
    • use for navigating traffic [high quality of service] vs in-car entertainment [medium quality of service] vs upgrading software [low quality of service]
    • high traffic flow v low traffic flow
    • manoeuvres in the surrounding cars on a high way vs city roads.

Headlines in Tech 20 – 27 Jul 2022

Headlines in Tech News of the week

Federal Communication Commission sends letter to mobile carriers seeking info on its privacy policy and how subscriber data is retained/used

…FCC explains that back in February 2020, it fined over $200million against the 4 major carriers for irresponsibly selling customers’ location data. Despite the carriers promising no longer to sell real time location data, research seemed to indicate that the great majority of internet service providers are collecting more data than necessary. FCC are now asking the carriers to account for their privacy retention policy and data sharing.

  • Data retention:
    • What geolocation data is collected, how and why is it collected?
    • How long is the data retained, in which country is it stored?
    • How is the data collection and retention policy made clear to the subscribers and can they opt out?
  • Data sharing:
    • What is the policy that applies for sharing data with law enforcement?
    • What is the policy that applies for sharing data with third parties which is not law enforcement, and what arrangements are made with the third parties?
    • Can subscribers opt out, and are they notified that data is being shared with third parties which are not law enforcement?

These questions should also be addressed by all businesses that collect and retain personal data, not just the carrier companies. Putting in place appropriate data governance rules and ensuring there is proper data stewardship are becoming increasingly important.

BigTech/ Data / Platforms

EU Commission reported to have banned official communications with the UK on digital regulation

…The EU are no longer talking with the UK to co-ordinate putting in place digital regulations to rein in on dominant companies stifling competition, ensuring appropriate content moderation , safeguarding personal data, etc. Why? The EU are dismayed that the UK is backtracking from the Northern Ireland Protocol to the Brexit withdrawal agreement. This enabled Northern Ireland to exist within the EU’s single market (meaning goods could freely flow between Northern Ireland and its neighbouring EU state, the Republic of Ireland), but instead, the parties agreed to putting in place controls in respect of goods entering into Northern Ireland from the remainder of the UK. The UK are now attempting to pass laws conferring the UK government unilateral powers to change those controls.

The interesting point here [or perhaps I am politically naïve] is that something like the Northern Ireland Protocol which primarily concerns off-line product flows have knock-on impacts on a completely separate topic such as rules on online dealings whose aims are not altogether commercial. A lot of the digital regulation concerns increasing security and safeguarding privacy. One would have thought allowing UK being part of that dialogue would help promote EU’s goals and cement EU’s leadership in the area.

Privacy

EU Commission sued by European Association of Data Protection for breaching GDPR

…apparently the breach has been perpetrated by virtue of the Commission having used Amazon’s web hosting services, which apparently means that personal data such as IP address is transferred to the US for certain uses. It is very interesting that the EU Commission, one of whose aims is about trying to stimulate the EU digital economy (eg. support EU cloud service companies to increase market share in the EU) is not using an EU based company.

Japanese regulator issues public notice of data protection breach on unidentifiable web operator which publishes names and addresses of individuals that have received notice of bankruptcy

…what a horror show for those involved, who will not need the added stress of their circumstances known to the world. One wonders whether there were other means of tracking down the culprits, rather than making the sensitive data even more public.

UK Convenience store chain the Southern Co-operative is being challenged for invasion of privacy by use of facial recognition technology to prevent crime

…the store uses facial recognition technology Facewatch to convert data taken from customers and compare against files of images it has of those who have stolen or been violent (not a list of people on the criminals list) in the shop. Privacy Campaigning group Big Brother Watch says the stores’ use is not proportionate to the need to prevent crime, and innocent people would end up being unknowingly blacklisted.

Security

UK-US Data Access Agreement to come into force in October

….The Agreement allows UK and US law enforcement to directly request data held by telecommunications providers in the other party’s jurisdiction for the exclusive purpose of preventing, detecting, investigating and prosecuting serious crimes such as terrorism and child sexual abuse and exploitation. Telecommunication providers include social media platforms and messaging services. US law prohibits handing over of certain behaviour upon request of a foreign government – this law enables data sharing quickly, more so than other mechanisms such as mutual legal assistance.

BigTechs sign up to strict Indonesian laws which require heavy content moderation and turning over of user data

…Indonesian law requires media companies to obtain a licence to operate in accordance with its laws, which include taking down content which disturbs society or public order [it could include anything that would encourage protests against the government] and turning over of user data. The majority of BigTechs (Apple, Microsoft, Google, Amazon, Netflix and Spotify) have signed up. Campaigners of free speech are critical.

It is a fine line, and you might think it’s the issue with far away countries, Note though that in the US, executives of Alphabet, Reddit, Twitter and Meta have been subpoenaed by the US House Committee to explain their potential contribution to the Capital Hill riot of 2021, which includes explanation of what they have done to prevent it (if anything). The US government also has the right to get businesses in its jurisdiction to turn over data (hence the Schrems II decision finding that the transfer of personal data of EU citizens to the US breaches GDPR).

UK’s new national security law blocks computer vision technology transfer from UK’s Manchester university to Beijing Vision Technology

…I would never have thought that the first deal blocked under the National Security and Investment Act (the “NSI Act” – came into force this year) would involve a UK university. The law is an investment screening measure from a national security perspective, with severe consequences if not complied with. More on this here.

The decision to block is not that surprising however, when the technology in question is robot vision tech, to enable efficient and speedy navigation with both civil and military uses.

Business

US Regulator Consumer Financial Protection Bureau to scrutinise Apple’s proposal to start Buy Now Pay Later

…Apple announced its new loan service Apple Pay Later, and Apple’s edge over incumbents such as Affirm and Klarna was discussed previously. The Bureau asks how consumer data may be used – “Is it being combined with browsing history, geolocation history, health data and other apps?”. It said that it was concerning given what is happening in China, where super apps Alipay and WeChat appear to have full control over users’ lives.

Singapore says national duty of home grown businesses to relist in Singapore Stock Exchange

…Successful Singaporean tech companies such as Sea and Grab which have successfully listed in the US should dual list in Singapore, according to the government, with promises of extra available funds. Other countries notably Indonesia have reported to have given other perks such as enabling founders of businesses which are dual listed greater control of their companies.                         

Over in the UK, Boris Johnson had made numerous love calls to Softbank to get its subsidiary ARM to list in the UK, but appears to have jumped on the UK’s political chaos as a good excuse to put that idea on hold.

YouTube and Shopify partner up – now you can buy from YouTube influencers’ recommended items direct from Shopify

…the link will give you an idea. It’s just another way of YouTube and Shopify to maximise sales. This would seem to be a good move when businesses are suppressing their ad spends during the current downturn. Indeed, YouTube have reported a decline in its revenue this quarter.

If you don’t follow influencers though – let me tell you from my own experience [I do follow a few influencers on YouTube…] that you cannot underestimate their power to persuade. Influencers are incredibly zealous about protecting their reputation, and passionate about what they believe in. They obviously profit from their popularity which could vanish should a product not be up to scratch. They will not dare betray their following for their fans are their raison d’etre. Furthermore, the possibility of a massive backlash they may be subject to (including death threats) if the product is disappointing/not made ethically, means that they are very careful to do their due diligence on the products they promote. I have also seen a YouTuber who did mislead her products and her fortunes vanished overnight. She documented and uploaded on YouTube her loss of fortune, the backlash, money raising activities to compensate purchasers, and path to recovery, picking up revenues from YouTube on the way (from ads that YouTube inserts into their videos). This makes YouTubers highly, well, influential. These influencers, with huge and loyal following do not need to worry about marketing spend either. They just need to get on YouTube. This is why products can be sold much more cheaply and effectively compared to similar products sold by major businesses.  

Although not a YouTuber, one prime example of an effective influencer is Elon Musk. His rockstar like persona with 80million followers on Twitter [though the number of bots among them is questionable] and numerous mentions in the media allows him to run Tesla without spending anything on marketing [hence his interest in buying Twitter, and ensuring he is not kicked off the platform, like Trump was].

Connectivity

Headwinds for 5G Roll-Out as Fibre Optic Cables soar in price

…Critical 5G networks require underground fibre optic cables networks (including internationally under the ocean). Using modulated light technology they can carry vast amounts of data demanded by advanced 5G technologies (such as autonomous vehicles, gaming that use high octane graphics). However, a surge in manufacturing cost in part caused by closures of factories in Russia that produce Helium, one of the critical ingredients for fibre optic cables and increased demand as large tech companies increase their capability to host data centres could mean meeting ambitious governmental targets for 5G could be tighter than ever.

Fibre Optic cables are really expensive anyway. So much so that major cable business (all but Altice it seems) in the US are reported to have decided to upgrade their copper networks instead [Whilst Meta/Facebook is funding the laying down of fibre optic cables in Nigeria].

Should the fixed satellite 12Ghz spectrum (12.2-12.7Ghz) be opened up for 5G use?

…what the FCC wishes to do is to maximise use in this spectrum. But can satellite and 5G use coexist in this spectrum without interference? No! say Satellite companies (SpaceX being one). Yes! say others that offer 5G networks. FCC’s analysis of engineering studies continue.

EVs

Baidu to launch Level 4 Autonomous Robotaxis next year

…Baidu [sort of Google of China] has unveiled the Robotaxi range for use in the Apollo Go hailing fleet, on the road next year.  This is Level 4 of autonomy, which means no human intervention is required. It does have a detachable steering wheel for areas where steering might be desirable (eg. where there is no connectivity). Check out the one minute clip.

By way of reminder, the Levels of Vehicle Autonomy are typically (though subject to revision):

Level 0 – no automation

Level 1 – hands on/shared control

Level 2 – hands off

Level 3 – eyes off

Level 4 – mind off

Level 5 – steering wheel optional. Courtesy of Wikipedia.

Copyright

Swedish music label sues Facebook for unauthorised use of music on their platform in breach of copyright

… Music label Epidemic, owner of a catalogue about 40,000 musical works says Meta has created tools whose primary purpose is to increase the amount of theft on Facebook and Instagram, resulting in more than 80,000 new unauthorised uses in video content, television and film productions, podcasts, music streaming platforms and other media.

In particular the plaintiff complains of Meta’s tools—Original Audio and Reels Remix—which the plaintiff says encourage and allow its users to steal Epidemic’s music from another user’s posted video content and use in their own subsequent videos, resulting in exponential infringements. The complaint alleges that Meta stores music in its online music library and then making a curated selection of Epidemics’ works available across its platforms.

Gaming

Antitrust scrutiny over Microsoft’s acquisition of Activision in the EU and US

…this is as expected.

EU: Seeing whether Activision’s popular titles will continue to be available to other parties (Microsoft has already promised that popular titles such as Call of Duty will be available to other consoles, including Sony PlayStation).

US: In addition to looking into availability of Activision titles, it will apparently conduct a wider enquiry, including the deal’s impact on consumer data, and the market for game developers.

Metaverse / VR / AR / MR / XR

Meta’s proposed acquisition of Within (developer of apps for Virtual Reality) gets scrutinised by the US FTC

…Within Unlimited, which developed owns a popular fitness app Supernatural is considered to be problematic by the FTC:

  • Meta is a leading player in every level of Virtual Reality (VR), from its device Oculus (occupying 78% of the market), App Store and ownership of 7 of the most successful developers (which were not grown organically, but were purchased). [Meta says a purchase of a single app will not make much difference in a dynamic space].
  • It already owns the most popular VR fitness app, Beat Saber – which competes very well with Supernatural [Meta says this is wrong, because Beat Saber is a music and rhythm game not a fitness app]
  • Within CEO has stated that Fitness is the killer use case for VR – if true, more reason to examine the proposed acquisition’s effect on competition. [Meta says that Apple and Peloton are in a better position to launch VR based fitness apps. Furthermore, they appeal that Meta allows sideloading (linking to play VR content from other devices such as a PC)]
  • Meta should build its own fitness app instead [Meta says that does not make business sense. This, I must say is a bit unclear why. Maybe I am missing something – any comments?]

FTC said that “lessening of rivalry may yield multiple harmful outcomes, including less innovation, lower quality, higher prices, less incentive to attract and keep employees, and less consumer choice”.

As indicated above, Meta clearly does not agree. Meta/Facebook’s earlier acquisition of WhatsApp and Instagram is currently investigated, due to a suspicion that the acquisitions were made solely to wipe out competition at an early stage. The investigation could lead to an order to unwind the acquisitions which were completed several years ago (with Meta/Facebook having made significant investments in the two businesses over the years). USFTC’s aim is clearly to minimise such an outcome in the future, given that whilst still rather a speculative area, there is every possibility that a VR/AR headset may become future’s next iPhone.  

The future is strict for big platformers seeking to make acquisitions – even in very nascent areas such as the Metaverse which is far from being established.

L’Oreal sued for breaching Illinois Biometric Information Privacy Act (BIPA) for failing to obtain correct user consent in respect of virtual make up try-on technology

… BIPA requires that private entities in possession of biometric identifiers or biometric information must “develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with the private entity, whichever occurs first…”

L’Oreal’s websites offer a virtual make up try-on tool called ModiFace, which is a facial-geometry scanning software. Users can use their web or phone camera to upload images of themselves, and ModiFace will overlay the product on said image. Users can then post these images on social-media. The plaintiff (representative of a class action) says L’Oreal fails to inform users that it is capturing or collecting facial geometry or the specific purpose and length of term for which it is collecting, storing, or using such data, nor does it obtain the requisite consent as provided for under BIPA.

Satellites/Space

French satellite company Eutel to buy UK satellite company OneWeb

…the aim is to become viable challengers to Elon Musk’s Starlink, Jeff Bezos’ Project Kuiper plus rivals from India and China. The deal is subject to shareholder vote and regulatory clearance.

OneWeb

Business: Provision of broadband services from satellites.

History: UK Government (aka Boris Johnson feat. Dominic Cummings) pulled it out of Chapter 11 (US Bankruptcy Code) by injecting $500million, hoping to establish UK’s Space sovereignty [!]. The business got taken hostage by the Russians earlier this year because OneWeb relied on Russian rockets to launch, meaning it became difficult to launch further satellites as OneWeb declined to agree to Russian demands. Now has to rely on SpaceX and Arianespace to launch the satellites.

Notable Stakeholders: Eutel (~24%), UK Government (~20%), Bharti Enterprises (owned by Indian Billionaire Sunil Bharti Mittal ~40%), Softbank

Number of Satellites in Orbit: 428 (Low Earth Orbit satellites, or LEO)

What does it want from the acquisition?: Funding for OneWeb’s second generation satellite network. Much needed to keep up with Starlink’s technology.  

Eutel

Business: Satellite company providing service to broadcasting companies (video, telecoms and broadband)

Notable Stakeholders: FR Government (~20%), Chinese Government (~5%)

What does it want from the acquisition?: Growth to offset declining satellite video business

Number of Satellites in Orbit: 36 (Geostationary satellites which are further up in space)

Note that Starlink already has 2000 satellites in orbit. But we have to start somewhere.

Why is the potential deal noteworthy?

Firstly, it could help ease tensions between the UK and the EU arising out of post-Brexit trading framework for Ireland, as described above which effect is spilling over to other areas. In space the UK government had set aside £750million to support the earth/environment observation project Copernicus but the EU is reported to be blocking UK participation. The UK is threatening to work with other actors if EU would not let it participate, putting the whole project in jeopardy.

Secondly, the acquisition would bring together UK, FR and Chinese governments together as well as Mittal, India’s business guru.  

Delving Deeper

Amazon to acquire One Medical, a US primary health care provider

…According to the statement, “One Medical combines in-person care in inviting offices across the country with digital health and virtual care services, making it easier for patients to schedule appointments, renew prescriptions, access up-to-date health records, and advance health outcomes”.

Whilst tech is an integral part of the service, the business is likely to be quite heavy on bricks and mortar + personnel (doctors and nurses) demands; which you may think is not really Amazon’s bag, whose speciality is scaling up, fast. Does the move make sense?  Having said this, they have acquired PillPack (now Amazon Pharmacy), Amazon care (sending nurses to patients’ homes) and sells Halo View (health tracker, for monitoring heart rates, steps, calories burnt etc). Don’t forget AWS, Amazon’s leading cloud business. They have one of the best data infrastructure to hold vast amounts of data [think scans and videos of your innards functioning] and security features.

They have not disclosed much about their plans. It does not stop us from speculating, see the below…

What could be the rationale for the ~$4bn all cash purchase?

Amazon will obtain very valuable, personal data by offering the service but with ever tighter regulation, it is not at all certain whether regulation will enable Amazon to use the health data they obtain in other parts of the Amazon business. But ignoring that for the minute, we can think of plenty of business cases. For example:

  • sale or loan of health tracking devices
  • sale of related products, such as supplements /vitamins
  • use of information derived from said device to sell pertinent goods –Whole Foods delivery might suggest your cart ought to include spinach or other iron rich food, if you were getting a bit anaemic, together with suggested recipes (+ lets you know the other required items to make the dish).
  • increased ad targeting opportunities [I was surprised to learn that it is the third largest eMarketer, after Alphabet (Google) and Meta, thanks to access to large amounts of first party purchasing data (as they deal with huge numbers of consumers and businesses direct – so shielded from Apple’s increased privacy rules) + high computing power + nous in AI/algorithm alchemy. Personal experience – I like their section which shows you what other things people have bought together with the item I have chosen to buy, as well as comparison of other similar products]
  • further integration into your life using Echo/Alexa (Imagine Echo saying: Susan, you might want to drink at least 250ml of water now, it’s hot in the house and your blood pressure is dropping a little low. Susan, time to take the green pill)
  • provision of drug dispensing services following acquisition of PillPack (now Amazon Pharmacy), their prescription drug delivery business.
  • [long term possibility] making personalised pills / supplements so patients can swallow one pill instead of many
  • [long term possibility] provision of super fast medical care using AI (eg. upload photo of your hives, Amazon can work out what the issue is, with knowledge of what you have eaten, your lifestyle, and your medical history).

Who could benefit?

The speculation continues…

  • Bonus point for you if you thought they might offer an attractive deal for Prime subscribers. Amazon’s key is to get Prime as sticky as possible. It is a speculation but this is highly likely – as I understand it Prime subscribers already get free two-day delivery for PillPack and discounts. It will also justify price hikes.
  • Amazon Employees may also be entitled to something they weren’t entitled to before – although they apparently already get telemedicines services.
  • Amazon could pick up enterprise clients, to offer healthcare for their employees.
    • Their logistics and tech capability mean they have the ability to undercut incumbent healthcare providers on price.
    • If Amazon’s healthcare services mean employees lose less hours, why wouldn’t they? (use of algorithms mean better prediction of fielding care providers, reducing wait time, no queues at the pharmacy because it will delivered the next day, patients get seen quicker thus solving issues earlier rather than later).
    • Discounted bundling offers to enterprise clients (eg. discount if the business already uses AWS Cloud services).
  • Everyone else, who can afford it. Amazon’s healthcare is not expected to be particularly expensive. Why wouldn’t you, if the experience is good. Perhaps one could enjoy one of Amazon’s streaming titles in the waiting room? What great advert it would be for Prime membership…

Will it clear the regulatory hurdle?

Amazon could [subject to regulatory rules] launch the service initially at a loss, as the other more money making businesses can subsidise, helping Amazon achieve accelerated market penetration.

Indeed, FTC is being called to scrutinise the deal through the competition lens. The concern is that Amazon will completely take over the healthcare market making it very hard for other entrants to compete. With its best of breed logistic services, data management capabilities and an enviable cash pile, nobody else looks capable of cutting the mustard quite like Amazon. That is a legitimate concern, although they are not entirely without competitors (eg. Uber and Alibaba provide healthcare services to consumers). Furthermore, it will lead to an ever increasing concentration of personal data, indeed very sensitive data into the hands of one company. No doubt the traditional incumbents, insurers and the intermediaries behind the very complicated US healthcare scene will lobby hard against the acquisition.

US Senator Hawley has set out a number of questions which the FTC need to ask of this acquisition:

  • Why did Amazon decide to pursue this acquisition in the first place?
  • What, if any, firewalls does Amazon intend to establish between patient data and retail customer data?
  • What products does Amazon intend to develop in the wake of this acquisition
  • Given Amazon’s strength across numerous other markets, if the transaction goes forward, what steps is Amazon likely to subsequently take to expand One Medical’s operations and undercut competitor providers?

Against this, there is the great potential for Amazon to provide better and more affordable healthcare to more parts of the US population. A staggering two-thirds of bankruptcies in the US is due to medical issues.  If you have cancer, you will likely go bankrupt. The US is vast, many have to travel for long distances to receive care. If Amazon could minimise those issues, it would seem to me to be a no-brainer. Furthermore, if it means that the elderly and the vulnerable can be more closely monitored, better able to take care of their ever-increasing medical regimes as they age, then the offering would be a difficult one to deny.

Headlines in Tech 13 – 20 Jul 2022

Artificial Intelligence

UK Government sets out proposals for new regulation on AI as call for evidence is launched

…Regulators will apply six principles to oversee AI in a range of contexts with flexibility to implement them.

  • Ensure that AI is used safely: requirements to remain commensurate with actual risk – comparable with non-AI use cases. Focus will therefore be on high risk use cases
  • Ensure that AI is technically secure and functions as designed: the functioning, resilience and security of a system should be tested and proven, and the data used in training and in deployment should be relevant, high quality, representative and contextualised
  • Make sure that AI is appropriately transparent and explainable: Have regard to IP rights and confidential information. Transparency requirements could include disclosure of information about: (a) the nature and purpose of the AI, (b) the data being used and information relating to training data, (c) the logic and process used and where relevant information to support explainability of decision making and outcomes, (d) accountability.
  • Consider fairness: design, implement and enforce appropriate governance requirements for ‘fairness’ as applicable to the entities that they regulate
  • Identify a legal person to be responsible for AI: accountability and legal liability to rest with an identified or identifiable legal person
  • Clarify routes to redress or contestability: regulators to implement proportionate measures to ensure the contestability of the outcome of the use of AI in relevant regulated situations

Like for most digital regulations, the government distinguishes itself from the EU: “Instead of giving responsibility for AI governance to a central regulatory body, as the EU is doing through its AI Act, the government’s proposals will allow different regulators to take a tailored approach to the use of AI in a range of settings” – it said. The point is however, many businesses would wish to do businesses in the EU as well. Therefore the benefits of a more flexible and potentially less burdensome rules may be limited. For example, AI built on rules which contravene EU rules may not be operable in the EU.

BigTech/ Data / Platforms

Safety

Boris Johnson becomes Tech business’ flavour of the month as UK’s controversial Online Safety Bill is delayed

…that is a complete over statement, but the UK government chaos is reported to have been the reason behind the delay to the controversial Online Safety Bill from being passed into law much to the relief of tech businesses. The bill was to deliver the government’s manifesto commitment “to make the UK the safest place in the world to be online while defending free expression“. As you can imagine, this is fiendishly difficult, and riddled with controversy. One person’s idea of illegality (eg. [Insert name of your top tyrant here] should be hanged and quartered – in this case could constitute incitement of hatred and violence, which is unlawful in the UK) is another person’s idea of free expression. Tech platforms are requested to [in short] ensure illegal content is removed and to control “lawful but harmful” content. Non-compliance can lead to executives being jailed and penalty levied amounting to a maximum of 10 percent of global annual turnover [not profits].

Actually, Boris Johnson may be popular this month. At least among the leading tech businesses.

Meanwhile the position may become even more complicated in the US unless the proposed American Data Privacy and Protection Act (ADPPA) comes into play – which as I understand it precludes a separate state privacy law. California governors and other states want to retain the power to set stricter privacy laws than ADPPA provides, especially since the fall out of Roe v Wade.

…but the UK Government have managed to introduce Data Protection and Digital Information Bill into Parliament

…The government says this includes measures to use AI responsibly while reducing compliance burdens on businesses. The digital secretary said “Outside of the EU we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation”…hopefully such a comment will not lead the EU to scrutinise UK’s law and withdraw the UK’s adequacy status, needed to enable data to flow freely between the UK and the EU…

What does the Bill propose?

  • Small businesses no longer need to have a Data Protection Officer (DPO) and to undertake lengthy impact assessments, if they are able to manage the risks effectively.
    • Privacy management programmes will be required to ensure they are accountable for how they process personal data.
  • Fines for nuisance calls and texts and other serious data breaches under the UK’s existing Privacy and Electronic Communications Regulations (PECR) [yes please!]
  • Websites no longer need to seek consent to collect data about your visit (cookie consents). The government’s new opt-out model for cookies means users can set an overall approach to how their data is collected and used online – for example via their internet browser settings [I can imagine privacy groups crying out for an opt-in model – as some people might not know how to opt-out]. However most websites also serve the EU – not sure whether such websites can programme the website operation so that pop ups do not appear if a UK user is visiting the site.
  • Provide clarity about when they can obtain user consent to collect or use data for broad research purposes

Possible defective platform at issue in a case where a child ended up being paired with a sexual predator

…Omegle, a chat service which pairs random people up for anonymous chats, was sued when a child ended up being paired with a sexual predator. Omegle sought to rely on Section 230 of the Communications Decency Act of the United States which generally protects websites from liability over content uploaded by users or third parties, but the judge in the case held that the claim did not concern the platform’s failure to moderate content, rather the claim was against defective platform design. The judge characterised the claim as a product liability suit, stating that the website could have implemented measures preventing minors from being paired with adults. The issue though is how this measure could have been implemented without losing anonymity, one of the key feature of Omegle’s services. The case continues. Those in the UK that are in favour of the UK’s Online Safety Bill would have approved the judge’s thoughts. 

Regardless of the outcome of the case, online service providers will increasingly be expected to think about their offering and structure their business to avoid potential foreseeable harms. It also signals potential liability for platforms that are accused of implementing algorithms which keep users (especially youths) addicted to their device. Not only that, there may, in the future be further requirements for businesses to implement positive measures (eg. train algorithms) to make the system to be in compliance with the law. For example, at a virtual event, US FTC Commissioner Slaughter is reported to have stated that ” We need to be actively anti-racist”, and the agency will research into how systems can ensure racial equity. This could mean that the algorithm has to be actively trained to be anti-racist.

Privacy

Amazon responds to US senator’s accusation of liberal sharing of private data captured by Ring with the US police

…Back in April, Democrat Senator Ed Markey essentially said that Amazon’s Ring app (door bell with camera features) allows invasive surveillance, especially as a number of law enforcement authorities are given access to data captured by the Ring device installed on thousands of households across the country. Amazon has written back explaining that everything is transparent and data collected are mostly used for serious crimes. Further info on this in the Delving Deeper section, below.

Class Action strikes streaming service provider Paramount for giving Facebook access to subscribers’ viewing information together with personal information

…the tool used is Facebook’s Pixel. Cause of action is the violation of Video Privacy Protection Act (“VPPA”) of 1988, which objective is to confer onto consumers the power to “maintain control over personal information divulged and generated in exchange for receiving services from video tape service providers.”

Paramount is alleged to have used Facebook’s Pixel tool to supply Facebook with highly personalised information so that it can know its users’ interests to enable Facebook to either target those users with relevant material or to find other users with similar profile to carry out highly specific ad targeting to them. The information shared is to have included name, email address, birthday and address so that Facebook can identify the user’s Facebook profile and what that user watched on Paramount’s streaming service (CBS.com). Similar cases are on foot against Discovery Communications, Nextar Media Group. Similar allegation has been made against Facebook/Meta itself, for embedding the Pixel tool in healthcare providers’ websites.

Google defeats fraud claim that it took data generated by non-Google apps for use in developing new products and competing with other market participants

…there were several reasons, but one of them was that Google had disclosed that it will collect data through non-Google apps. Google said that this indicates that Google would use the data to improve its offering. The Judge considered that there was no misrepresentation.

GDPR means the public sector must stop using Google products says the Danish Data Protection Authority

… In 2020, EU’s top court (CJEU) ruled that it was unlawful to transfer EU citizens’ data to the US where the EU considered had inadequate protection for personal data owing to US’ invasive survelliance programmes under which the government could request US businesses to turn over data under their control (Schrems II decision). Before transferring data to the US, entities must implement additional measures to prevent EU citizen data from passing into the hands of US government. The Danish municipality explained that data was encrypted but the Danish Data Protection Authority stated that such measure was inadequate.

Competition

In preparation for the Digital Markets Act, Google allows other payment services to facilitate in-app purchases for non-gaming apps in the EU

… the impending EU’s Digital Markets Act provides for a ban on requiring app developers to use certain of the gatekeeper’s services (such as payment systems) in order to appear in app stores of the gatekeeper. The offer which only encompasses the EU, is a 3% discount on transactions generated by non-gaming apps that are using an alternative billing system. It had been the case that in-app purchases on Android phones require users to use the Google Play billing system.  There is a question mark over whether this is offer is sufficient to satisfy the Digital Markets Act. An alternative, cheaper billing system will be available for gaming apps too when the Digital Markets Act come in to play. As the majority of in-app purchases are carried out via gaming apps, Google may be trying to take advantage of the little time it has left without having to comply with the Digital Markets Act.

Italian antitrust authority is investigating Google for obstructing data portability

…In the EU, there is a concept called data portability, which means any user can request for personal data held by a platform to be transferred to them to enable the user to switch between different services thereby preventing lock-in to the incumbent service provider.

A company called Weople is in the business of collecting data of subscribers (with their consent), anonymising and aggregating the data to enable ad-targeting without the disclosure of the personal information, and to sell depersonalised information. Weople complained that Google forbade it from collecting its subscribers’ data on their behalf, insisting that the request must be made from the Google account holder’s personal account. This reduces the take up of Weople’s services. Weople claimed that Google was abusing its dominant position.

Business

Microsoft clinches partnership with Netflix to provide ad supported streaming services, beating bids from Comcast and Google

…Maybe Comcast and Google, with their considerable streaming businesses (Peacock and YouTube respectively), were too close for comfort, instead choosing Microsoft, an established platform albeit less known for ad-supported content delivery. Microsoft’s digital ad revenues are derived from Bing search and LinkedIn, neither of which involve streaming. Note however, that Microsoft is poised to power up their gaming business with the purchase of Activision Blizzard for ~$70bn and Netflix is also diversifying into gaming, having tentatively launched last year and purchased three gaming studios. Perhaps because of this convergence, there have been speculations that Microsoft might eventually buy Netflix. Or perhaps Microsoft will continue to generate revenue from similar partnerships using this high profile deal as a springboard. It has recently acquired Xandr, a consumer advertising platform from AT&T, which Microsoft has promptly been able to leverage.

What does Microsoft have to say? It said Netflix’ choice “endorses Microsoft’s approach to privacy, which is built on protecting customers’ information”. So we also have a privacy angle, which is an increasing risk for platforms. Take note: privacy, security, antitrust risks are really real [and see the next news piece that brings home the point]. I’m sure pricing may also have had something to do with it as well, though who knows.

Why is Netflix compelled to offer ad supported streaming?

Netflix’ plan is to provide a cheaper, ad-supported tier to boost subscription numbers. They will be hoping that their current subscribers will continue to buy services without the commercials. It isn’t a good time to be opening up a cheaper offering though, when inflation is high and households are tightening their belts. It will also present a significant cultural change for Netflix which relied on delivering stellar content without the ad interruptions as its USP.  But they are an established company and are likely to have reached a saturation point plus they are now facing vastly increased competition (eg. Disney+, Comcast/Peacock, Apple TV, YouTube, Amazon etc not to mention other competitors for eyeball time, especially TikTok) – at least in the developed countries, so offering a cheaper service is another way of growing. In addition they are expanding internationally and reaching over to gaming.

Disney+ is also in on the act. It is offering ad supported streaming with the aid of Trade Desk, an adTech company to better target subscribers.

Amazon management revealed to have considered shuttering its private label Amazon Basics in the face of heavy antitrust clamp downs

…at the moment, the news is that Amazon has considered lumping Amazon Basics – but this in itself is a big deal because it goes to show how serious regulatory pressures are. Worst case, Amazon could be ordered to break up – for example, into platform and seller. Others have voiced that Amazon’s eCommerce unit should be splintered from AWS cloud business; AWS is so profitable that it can effectively allow the eCommerce business to undercut third party sellers by a significant margin, which dampens competition.

What this brings to the fore though is Amazon’s modus operandi; do business based on cold hearted calculation; the Amazon Basic range has low profit margins – accounting for only a single digit percentage of overall sales. Is it worth the antitrust risk?  – so it asked the question even though that amounts to several billions in revenue (though the important value is the profits, of course. A small percentage of several billions will likely be still significant).

EU antitrust probe

EU has investigated Amazon for potential anticompetitive conduct (essentially self-preferencing), and Amazon has proposed compromises to settle the claim:

  • Using data gained from its retail customers to inform Amazon’s own retail business as a result of its dual role as platform and seller: Amazon can assess what products sell well only to manufacture those products itself and place them prominently on its site in preference over others
  • Amazon proposes it will not use data from third party retailers to advantage its business
  • Operation of the Buy Box which displays an offer from a single seller: EU found that Amazon found it favoured its own retail business and third party sellers that uses its logistics services (called Fulfillment by Amazon, or FBA).
  • Amazon promises to treat all sellers fairly, meaning there will be equal chances of winning the Buy Box spot even if the seller doesn’t use an FBA. It will also provide a second offer which might be cheaper but have a long delivery period.
  • Operation of Amazon Prime which offers premium services to customers: EU found that Amazon had favoured its own retail business and third party sellers that uses FBA
  • Amazon will set non-discriminatory conditions for sellers to qualify to offer goods to Prime customers.
    • Prime sellers can freely choose a non-Amazon logistics services, and will not use data about them.

The EU has asked for comments about Amazon’s concessions. The US looks like it will implement an anti-self-preferencing measure under the American Innovation and Choice Online Act.  These measures may also be called for in the US.

Amazon sues 10,000 Facebook marketplace administrators from co-ordinating fake review postings

…Not all 5 star product rated reviews on Amazon apparently deserve it. For example, Amazon says sellers on its platform had, using an intermediary, incentivised consumers to provide a good review in return for a refund, or other incentives – in this way, sellers ensured that reviewers have actually purchased the product.  The marketplaces paid people that would be willing to rate products highly, and offered their services to the third party sellers on Amazon’s site. Facebook is tackling the issue behind the scenes, but Amazon’s aim was to unveil the culprits behind the operations.

Cloud

German Court suggests Google/Nintendo venture company Niantic to consider settling claim that Pokemon Go infringes a patent licensing firm’s patent

… So, not all cloud patent claims are fintech related. The patent is understood to concern detecting nearby players and connecting them up. The patent licensing company in question is K.Mizra, who is reported to be asserting other patents against Samsung and GM. In the US well over half of patent infringement cases are initiated by patent licensing companies, whose business is to generate revenue from licensing, usually purchased from operating companies.

EVs

Panasonic obtains US aid to build EV battery factory in Kansas

…Panasonic was originally the main supplier of batteries to Tesla, and the move is calculated to strengthen business supplying batteries to Tesla. It already jointly operates a gigafactory in Nevada. Tesla now has other EV suppliers, notably China’s CATL, the world’s largest EV battery maker and in addition has developed its own capability to make EV batteries. Panasonic itself has sought other clients, and has a JV with Toyota. It is not known whether the Kansas venture will also involve a research capability.

Rolls Royce tests planes powered on hydrogen to cut emissions

…hydrogen of course will help with decarbonisation as it will turn into water on combustion. However, hydrogen fuels are expensive because it is so volatile and it is gaseous. This pushes infrastructure and investment costs. Airbus is doing the same with CFM International, which is a joint venture between Safran and General Electric. In the industry, greener fuels are called SAFs, short for Sustainable Aviation Fuels.

Mercedes Formula 1 Team to invest in SAFs

… on a similar theme. The firm will invest millions in its bid to achieve net zero emissions by 2030.

San Francisco official says data needed from autonomous vehicle companies to understand whether they block public roads

…we need to ensure autonomous vehicles are not seen as “roadway litter”, the official is reported to have said at a conference.

Google loses appeal of ~€100million fine in Italy for blocking Enel, a charging app

…the appeal was upheld in a case in which Google was claimed to have abused its dominant position by blocking Enel which operated Juicepass an EV charging app. An app enabled the user to find the nearest charging station and book a timeslot. Google rejected Enel’s application to be included on Android Auto platform because it was “only accepting apps within the Media or short form Messaging categories”, despite allowing its own apps (Google Maps and Wave) to be onboarded.  Google had said that the safety of the app was not guaranteed to not distract drivers and so required further research. Google suggested that Juicepass functionality could be integrated into Google Maps combined with a voice assistant but Enel had resisted handing over its valuable data about its customers, their movements and charge point information.

Gaming

Unity, a mainstream real time 3D graphics engine to merge with mobile adtech company Ironsource

…the Unity software enables developers/digital artists to create games with high fidelity 3D graphics and renders them in real time.  The tie up with mobile ad tech business Ironsource is calculated to enable creators to develop graphics based on data on audience feedback to direct creators as they generate content and help them monetize their creations.

Patents

EU commission to investigate patent pool Alliance for Open Media (AOM) which holds patents concerning compressing video files

…the particular standard is called AV1, and the development of this open source video technology was primarily spearheaded by members of AOM (Amazon, ARM, Cisco, Google, IBM, Intel, Meta, Microsoft, Mozilla, Netflix, and NVIDIA). The EU commission is concerned that AOM is influencing other businesses that are also building AV1, to sign up to a royalty free cross-licensing terms, when they have every right to seek licence fees in respect of any valid patents that are relevant to the AV1 standard. This could chill innovation and so needs investigating, in the EU’s view.

Semiconductors

STMicro and Global Foundaries to build a chip making foundary in France using French State Aid

…Reducing reliance on China and SE Asian countries is key. US is gearing up to hopefully pass its Chips Act which would provide a $52billion subsidy, a significant portion of which would go to manufacturing chips.

Software

Microsoft does a quick U-turn on banning profiting from apps which uses open source software

…why on earth did Microsoft ban monetisation of open source software based apps in the first place?

Microsoft’s objective is apparently to control rampant copying and profiting off other people’s work. A developer develops an app using open source software. A third party can swipe that, may or may not build a service on top of that, and offer the app for a higher price. Sometimes, the third party also uses the original developer’s trade mark (leading to trade mark disputes) so that when things do go wrong, users go to the original developer to get it sorted or get a refund. That can happen because updates and patches developed by the original developer might not reach the secondary app users.

In response to opposing voices, including those which are well known in the field, Microsoft has decided to suspend the rule at least for now. Microsoft may consider implementing a nuanced wording which stops third parties from taking apps based on open source software to onward sell and to offer an app in a way that confuses users as to its origin.

Microsoft under scrutiny

Microsoft subsidiary GitHub (platform which hosts code and supports collaboration) together with OpenAI (research organisation in which Microsoft has a stake) has recently launched Copilot, which is a service that suggests lines of code and functions in real-time. Copilot is driven by OpenAI Codex, trained on a huge library of opensource software data.  Some criticise Microsoft for double standards, as Copilot service – which was built using data from open source projects – is not entirely free.

Copilot also raises other issues which are interesting from an Intellectual Property standpoint, as it could muddy the authorship of software developed using Copilot; not altogether helped by the fact Copilot suggestions are devoid of attribution or applicable licence terms (something Amazon’s rival code generator (called CodeWhisperer) appears to have addressed, as noted by the same critic).

NOTE: Open Source Software are codes which are publically available, free for anyone to use, modify, improve, develop, add etc. However, it does not necessarily mean you cannot monetise work based on open source software depending on the applicable licence associated with the open source software you have used. Copyleft is perhaps the one everyone needs to be careful of, because that compels any user of that software to make available on the same terms, any modification carried out on that original code. Suppose you were to incorporate some codebase dictated by copyleft licence, then you could be compelled to offer up enormous amounts of work you might have built using it. Again, depending on the applicable licence, it is possible to build additional functionalities or added security on top of the open source software base, or create an AI powered service using open source software as Copilot has done, and monetise the enhanced offering. Businesses usually deploy an Open Source Software manager to ensure compliance.

Delving Deeper

Amazon responds to US senator’s accusation of liberal sharing of private data captured by Ring with the police

…Back in April, Democrat Senator Ed Markey sent the Ring unit of Amazon with the following concerns:  

  • Concerns about the Ring business’ surveillance practices and engagement with law enforcement
  • His investigation into Amazon illustrates that it has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded:
    • Ring records both video and audio on and around the properties which use Ring
    • Ring stated previously it does not verify compliance
  • Damage goes far beyond abstract privacy invasion: individuals may use Ring devices’ audio recordings to facilitate blackmail, stalking, and other damaging practices
  • Ring’s tie up with law enforcement is concerning
  • more than 2100 policing agencies joined Neighbors Public Safety Service (NPSS), a platform on which participating police departments may request footage from Ring users.
    • Law enforcement thereby circumvent key systems of public accountability
    • No controls imposed on what law enforcement can do with data accessed
  • Requested Amazon to make certain commitments, such as to never taking financial contributions, to never provide data access to immigration or federal law enforcement, to never be involved in police sting operations.

Amazon’s response made the following points:

  • Audio recording – much used by Ring users to understand what’s going on. Therefore the default which records audio data needs to be maintained.
  • Recordings are stored securely in the customer’s Ring account in accordance with Amazon’s standard retention and deletion policies, unless the customer selects a shorter custom retention period. Customers do have the option to manually delete their recordings at any time
    • Ring offers end-to-end encryption of stored recordings
  • New York University (NYU) School of Law recently completed an extensive audit of Ring
    • committed to the findings of this audit being made public
    • Requests for Assistance are controlled by the users, not the requesting agencies
    • Most requests concerned video related to relatively serious crimes like “vehicle burglaries and robberies, shootings, home burglaries and robberies, and stolen vehicles.”
  • Ring reserves the right to respond immediately to urgent law enforcement requests for information in cases involving imminent danger of death or serious physical injury to any person
  • Ring does not allow private security companies on NPSS

In parallel, Amazon has been sued in a potential class action alleging loss sustained owing to Ring’s cyber-security vulnerability. The suit also alleges that Ring shares personal data with (non law-enforcement) third parties.  

Headlines in Tech 6 – 13 Jul 2022

Headlines in Tech News of the Week

Irish Data Protection Commission considers the transfer of EU citizens’ data to the US by Meta to be unlawful

…Back in 2020, EU’s top court (CJEU) ruled that it was unlawful to transfer EU citizens’ data to the US where the EU considered had inadequate protection for personal data owing to US’ invasive survelliance programmes under which the government could request US businesses to turn over data under their control (Schrems II decision).   

The Irish Data Protection Commission rendered a draft decision to the effect that Facebook’s reliance on Standard Contractual Clauses (these are terms designed to provide sufficient protection of personal data for data transfers between EU and non-EU countries) did not make the transfer lawful, in light of the Schrems II decision.  If Meta cannot suggest changes to satisfy the Irish Protection Commission, all transfers of EU citizens’ data to the US must be stopped. Meta’s EU headquarters is in Ireland, which is why the Irish Data Protection Commission is taking the lead, but if data authorities in other EU member states do not agree then the issue may be prolonged. The US and EU have since then been trying to put in place a Transatlantic Data Privacy Network, which ensures that US access to EU citizens’ data is proportionate and restricted to instances to only where necessary. Meta will be hoping that the framework will be agreed quickly. It has already threatened to pull out of the EU if it can’t transfer data back to the US.

Seeking of information on drug dealing on Facebook

By way of example about what the EU might mean by inadequate protection of data, I noticed an article covering a dispute going on between a law enforcement authority and Facebook in New Jersey. According to the report, an appellate court last April ruled that law enforcement authority investigating drug dealing can rely on data communication warrants (just need to show probable cause – so the article explains) and did not need a wiretap order (more difficult to obtain – allows surveillance of communications in real time) to gain access to Facebook users’ data collected after the issuance of the warrant.

Having said this, and by the by, the EU Agency for Law Enforcement (Europol) has recently been given expanded powers to receive personal information from tech companies to identify crimes. There is a debate as to whether the new law safeguards the privacy of data subjects.

BigTech/ Data / Platforms

FTC says it will enforce against illegal use and sharing of highly sensitive data

…this is clearly a move as a result of Roe v Wade which enables states to make abortion unlawful. The statement warns that the “potent combination of location data and user-generated health data creates a new frontier of potential harms to consumers”. The statement explains how sensitive data can be collected and sold off to unknown entities:

The FTC mentions that it has in the past carried out enforcement actions bringing home the fact that the concerns are not just hypothetical:

  • Copley Advertising:
    • Claim:  using location technology to identify when people crossed a secret digital “fence” near a clinic offering abortion services. Based on that data, the company sent targeted ads to their phones with links to websites with information about alternatives to abortion.
    • Cause of action: Consumer Protection Law violation
    • Settled 2017
  • Flo Health (period and fertility tracking)
    • Claim: sharing with third parties – including Google and Facebook – sensitive health information about women collected from its period and fertility-tracking app, despite promising to keep this information private.
    • Cause of action: unfair or deceptive acts or practices, in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act.
    • Settled 2021
  • OpenX (Adexchange)
    • Claim: collecting children’s location data without parental consent
    • Cause of action: federal children’s privacy protection law violation
    • Settled 2021
  • Kurbo/Weight Watchers
    • Claim: indefinitely retaining sensitive consumer data
    • Cause of action: Violation of COPPA (The Children’s Online Privacy Protection Act)
    • The settlement requires the company to pay a $1.5 million fine (2022)

Google takes action to disable updates to popular South Korean KakaoTalk app as a result of it enabling users to bypass Google Play Billing System

…Many will know that, apps on the Android system with In App Purchases must utilise the Google Play Billing system. This is how Google generates a revenue, by levying 15-30% Commission on In App Purchases carried out through apps (and at the same time Google obtains data about what users do using the App).

KakaoTalk enabled users to purchase via its websites, bypassing the Google Play Billing system (such conduct is called sideloading), in contravention of Google’s terms and conditions with app developers.

Uniquely, Korea provided a revision to The Telecommunication Business Act last year prohibiting app store operators from restrictive in-app billing policies like, forcing app developers to offer one method of payment. What Google is reported to have provided for is to allow an alternative payment system to operate, but structured to enable Google to continue receiving commission on purchases made on such alternative systems albeit discounted. KakaoTalk attempted to avoid paying Google altogether. There is a query whether Google’s arrangement complies with the revised Act.

It has been reported that Google’s latest policy change stating it will remove non-complying apps, has prompted the Korea Publishers Association to file a complaint with the Korea Communications Commission (KCC), South Korea’s telecommunications regulator.

EU’s Digital Markets Act provides for a ban on requiring app developers to use certain of the gatekeeper’s services (such as payment systems) in order to appear in app stores of the gatekeeper.

Separately Korea is actively looking at regulating online activities, focussing on establishing fair practices such as dark patterns after reviewing the results of a research which revealed that 97 out of 100 popular apps engaged in dark patterns (this is not defined, but essentially, designing the web interface or operations to influence user behaviour and choice. It will also look at online platforms’ control of fake reviews.

Note that the EU’s current text of Digital Services Act states online platforms shall not design, organise or operate their online interfaces in a way that deceives, manipulates or otherwise materially distorts or impairs the ability of recipients of their service to make free and informed decisions).

Amazon buys 2% stake in Food delivery firm Grubhub

…It’s aim is to boost Prime membership (which encourages consumers to do more with Amazon), for members will get free delivery for one year. At the same time, it justifies the recent Prime membership subscription hike.

UK Competition Authority to investigate Amazon’s potential anti-competitive practices

…the scope of investigation very much overlaps with the one ongoing in the EU.

The investigation will focus on 3 main areas:

  • How Amazon collects and uses third-party seller data, including whether this gives Amazon an unfair advantage in relation to business decisions made by its retail arm – see Amazon’s solution as a result of the EU Commission’s probe, below.
  • How Amazon sets criteria for allocation of suppliers to be the preferred/first choice in the ‘Buy Box’. The Buy Box is displayed prominently on Amazon’s product pages and provides customers with one-click options to ‘Buy Now’ or ‘Add to Basket’ in relation to items from a specific seller. Again – see below.
  • How Amazon sets the eligibility criteria for selling under the Prime label. Offers under the Prime label are eligible for certain benefits, such as free and fast delivery, that are only available to Prime users under Amazon’s Prime loyalty programme.

In parallel, the UK Competition Authority is investigating Amazon (and Google’s) conduct over concerns that they have not been doing enough to combat fake reviews on their sites.

Amazon poised to settle with the EU Commission over investigations concerning potential anticompetitive conduct

…there were two types of conduct under investigation.

  1. Use of data generated by third party sellers selling items on the eCommerce’s platform to Amazon’s own advantage: Amazon will share data with those third parties to enable them to sell more products online.
  • Amazon will make clear how sellers can be included in the Buy Box (as explained above). There is a query whether Amazon favours sellers which use its logistics and delivery services: Amazon said that its will make rival products more visible.

Facebook sues Octopus Data claiming data scraping users’ data infringes copyright and breaches contract

…First a bit of background. In the case LinkedIn v HiQ, LinkedIn sued HiQ in the US alleging breach of Computer Fraud and Abuse Act (CFAA). LinkedIn complained that HiQ had scraped publically accessible data and used the information gained to provide services to various clients. The Ninth Circuit (at least – there are precedents with a different take in other circuits) said that HiQ’s actions did not contravene the Computer Fraud and Abuse Act because all it scraped was publically available information. For example, HiQ did not hack into LinkedIn, or somehow circumvent any technical protection measures to access data.

Contrast this to one of Facebook’s past claims, for example against BrandTotal, which was successful because the Defendant there was found to have breached CFAA because it collected data from password protected sites by using fake user accounts.

The present case advanced by Facebook concerns Octopus Data’s business which require customers to allow Octopus Data (a US subsidiary of a Chinese company) to access their accounts, to then enable Octopus’ software to crawl over data available to those are logged in to Facebook. This includes other users’ birthdays, addresses and phone numbers. Facebook is alleging that Octopus Data is breaching copyright law arguing that users’ content is protected from scraping under the Digital Millennium Copyright Act.

Separately Facebook alleges that Octopus Data has breached the terms of use, which prohibits users from collecting data using autonomous means.

In addition, Facebook (or really I should say, Meta) has sued an individual in the US for scraping data from some 350,000 Instagram users  (Instagram is a Facebook/Meta company) and publishing that on his own website.

Both cases have been started in the Northern District of California

What would a case like this be like in Europe?

In Europe, a copyright based case might be difficult to maintain unless there is some form of creativity in the material that is said to have been copied (although instead there is something called a database right which Facebook might be able to rely on depending on how that database is configured and created).

Cloud technologies

Deep pocketed financial institutions Wells Fargo and Bank of America again hit with patent infringement action which concern cloud native payment processing (ie: settle using your mobile phone) – again

…Cloud computing enabled services have been subject to numerous patent litigation especially in the US. I myself have managed a piece of cloud payment patent litigation over in the UK. Financial institutions which deal with volumes of transactions carried out on mobile phones and other remote devices have been targets because they are so well resourced. Both Wells Fargo and Bank of America have been hit with patent litigation of this nature in the past.

Cyberattack

1 billion Chinese citizens’ data reported to be hacked including name, address, birthplace, national ID number, mobile number, all crime/case details from local Chinese police database

…This has now been confirmed and is the largest hack in history. Data now offered for sale…

Conti, one of the largest criminal organisation famed for their ransomware falls away as Costa Rica refuses to pay ransom

…the FT reports that Costa Rica which has resolutely refused to pay the $1m-$20m ransom has put the nail into Conti. Conti has been crippled by revolts of Ukrainians in the Russian group causing chaos.

Conti had managed to hack 27 ministries in Costa Rica. President Chaves refused to pay up causing disruption to services like tax payments, public healthcare and payment of public sector workers and much more. Large tech companies and other countries (Spain and US notably) have sent support to Costa Rica.

EV

Warren Buffet backed Chinese automaker BYD overtakes Tesla in EV Sales

…No doubt price (about $15k per car) will be the key component of BYD’s success although it has to be noted that BYD cars are hybrids, meaning that they have the traditional internal combustion engine (ICE) built in as well. Tesla has had a particularly rough ride as their factories were forced to close owing to strict covid policies. BYD factories were located in regions which were less affected.

Having said this, BYD is still a force to be reckoned with. It is currently also a significant EV battery maker (estimated 10% of global capacity for EV batteries) having outpaced LG and behind China’s CATL. This means that BYD is highly vertically integrated; with prioritised access to batteries, being one of the key components of an EV (and in insufficient supply).

Interesting statistic: According to the FT, about half of exports of EVs from China accounted for by Tesla. About a third are from Chinese owned European brands such as Volvo and MG, about 14% from European joint ventures in China (eg. VW) and only about 2% from Chinese automakers.   

There are now rumours that Buffet might be selling his stake.

Vehicle-to-everything (V2X) is not progressing owing to regulatory uncertainty and insufficient spectrum allocation says Alliance for Automotive Innovation

…V2X technology is critical to autonomous driving, enabling vehicles to suss out the environment around them by facilitating real-time wireless data sharing between vehicles and infrastructure (eg. traffic lights), other vehicles and road users (pedestrians, bikes etc). V2X which will significantly enhance road safety and help unleash value for users of roads.

Two ingredients are necessary for V2X to be enabled, neither of which, the Alliance says, have sufficient support (the complaint mainly concerns US):

  • Sufficient spectrum: US Federal Communications Commissions (under the Trump administration) had shunted off 60% of spectrum which was reserved for intelligence transport systems (like V2X) to other businesses. What they are left with is inadequate.
  • Regulation: this is not being progressed fast enough. The Alliance pointed to a fatal bus accident which arose out of interference from unlicensed devices and regulatory uncertainty.

Metaverse / VR / AR / MR / XR

Snap (parent of Snapchat) toys with using NFTs as Augmented Reality filters

…Snap (which the company insists is a camera company), parent of Snapchat and purveyors of AR technology are looking at enabling creators to show NFTs as its AR filters (called Lens – take a look). The strategy is to ensure Snap remains attractive to its young user base. Snap is planning to facilitate creators to monetize their NFTs in the future. Other firms are doing something similar; Meta is offering exclusive access to digital collectibles as is Reddit.

Satellites

Ericsson (Telecoms), Thales (Defence) and Qualcomm (chip maker) come together to provide 5G from Low Earth Orbit (defined to be between 150-2000km) Satellites

…to be deployed within the next few years. It joins Starlink, which does not use cellular technology unlike this venture to provide connectivity, but broadband internet.

Delving Deeper

Ride-hailing company Lyft appeals to the California Public Utilities Commission over its ruling classifying only part of its Trip Data as confidential

…Lyft’s briefing is interesting because it gives you an inside peek into Lyft’s operations. This is why I’ve decided to delve deeper on this development this week.

Lyft said that the ruling correctly determined that the disclosure of GPS coordinates for pick-up and drop-off locations within the Trip Data would constitute an invasion of personal privacy, but the very same data at the census block and zip code level presents no such privacy concerns. Lyft is concerned that this data would allow third parties to track TNC (Transportation Network Companies) users’ movements and reveal their intimate personal associations. Lyft also says that such data is also confidential information.

Note: Census block is a bit like a zip code, it’s a geographical boundary, which encompasses a small area. The coverage is across the entire US and other areas. In a city, a census block looks like a city block bounded on all sides by streets.

Trip Data is a massive database of time-and-date stamped records of every ride completed by the millions of users. Lyft says such data constitute trade secrets because (i) it has independent economic value from not being generally known and (ii) it has made efforts to keep it secret.

How does Lyft use the Trip Data?

Lyft says, in relation to (i), the Trip Data allows Lyft to:

  • Licence out that data to third parties – Lyft itself has been approached and there are platforms which sell these sorts of data
  • More effectively target its marketing campaigns
  • The data is continually collected, compiled and analyzed as an integral aspect of Lyft’s business operations, as the success of Lyft’s business model depends upon continually optimizing the balance between ride demand and vehicle supply.
    • Optimize demand: competitive pricing and promotions, such as ride credits and other discounts
    • Increase the supply of vehicles to areas with high demand: offering drivers minimum hour guarantees, bonuses, and other driver incentives
    • Further analyse the “real-world” effectiveness of incentives, retire incentives that are not effective

What sort of damage will be caused if Data were made available to others?

Lyft also explained the damage caused if Trip Data were disclosed to other TNCs:

  • If Lyft’s competitors, including Uber, HopSkipDrive, Wings, Silver Ride, Nomad Transit… were provided access to Lyft’s Census Block Trip Data, they could and would analyze and manipulate that data to gain insights into Lyft’s market share, its pricing practices, its marketing strategies, and other critical aspects of its business that it does not publicly disclose.
  • Lowers barrier to entry: A new competitor could enter the market without substantial investment, while existing competitors could use the data to increase their market share, or undercut Lyft’s marketing campaigns, by “free-riding” on Lyft’s data. [This is a double-edged point, it goes to emphasise why incumbents with volumes of granular data (in particular GAFAM – who also have the infrastructure and high compute power) have a huge competitive advantage – which is the reason why regulation is coming into play in the US and the EU, in particular].

Should there be a distinction between claiming the data and the algorithm which can be used on the data?

Lyft also deals with the point.

  • The Ruling relies on Cotter v. Lyft, Inc. (N.D. Cal. 2016) which distinguishes between a secret formula possibly being a trade secret and the resulting data derived from a secret formula. It held that an algorithm used to generate Prime Time fares and driver commissions was a trade secret, while the total amount of revenue or commissions generated was not.
  • Lyft makes clear that it is not claiming trade secret protection because disclosure of data would reveal the particulars of a secret algorithm. It claims trade secret for the experience data itself, derived from Lyft’s interactions with its users

The Ruling states that Lyft failed to make reasonable efforts to keep the information a secret

  • One of the reasons why the Ruling states that the information should not be regarded as confidential is because a particular driver or passenger may have access to select information regarding their own ride (such as the zip code or census block from which it originated or the time and date). Lyft explains that this does not mean that the trade secret — i.e., the compilation of data elements associated with millions of individual rides — has become “generally known.”

The point is an interesting one to IP lawyers like myself in view of the proposed Data Act in the EU which provides that users must be able to access data generated data through their use. It would be interesting to see whether the courts of the EU would support Lyft’s argument.

The briefing also addressed the issue of privacy, with Lyft referring to evidence that it says shows that mobility data at the census block and zip code level can be re-identified to track individuals’ movements.

There were many other arguments, but these seemed to me to be the most interesting points.

Why does the government compel data collection from TNCs?

Such data is sought because they are useful for a variety of purposes such as:

  • Urban town planning
  • Traffic Management
  • Provision of more effective Emergency Services
  • Law enforcement

Privacy advocates warn that access to data could render it to become a tool for surveillance. As mentioned, this is a point that Lyft supports.

Bonus News

Elon Musk says he’s pulling out from buying Twitter

…whether he can legally do so without breach of contract is another question, given that he has already signed a contract committing to the purchase. He says that Twitter has stated to the SEC (US securities exchange commission) that the proportion of fake accounts/bots was 5% when the reality is much more. He says he should be able to rely on what is claimed publicly by Twitter, a public company.  Because the proportion of real accounts would dictate how much advertisers will be willing to fork out to advertise on Twitter, the percentage of fake accounts on Twitter directly impacts the value of Twitter itself. Twitter has predictably sued.

This piece of tech news doesn’t really impact our future (which is what I cover) but I’ve included it for good measure as everyone is talking about it.  

Headlines in Tech 29 Jun-6 Jul 2022

Headlines in Tech news of the week

Use of TikTok in the US poses national security risk says Federal Communication Commissioner in his letter to Google and Apple CEO

…The letter was not from the FCC itself, meaning that the view may or may not be unanimously shared across the unit. 

The letter is in response to reports that officials in Beijing have been accessing information containing personal data of American citizens. Like many very successful social media/ content sharing platforms, TikTok possess volumes of sensitive data of vast number of users (approx. 80million estimated monthly active users just in the US, according to one statistic – 20 million downloads Q1 2022 alone, the letter notes). TikTok’s user information is however now stored in Oracle servers in the US – but this does not mean that the data is not accessible from elsewhere unless controls are put in place as the letter also notes. 

The Federal Communication Commissioner (Brendan Carter) made the following points:

  • TikTok poses unacceptable national security risk, and so in accordance with Google/Apple’s representation that app stores are safe and trusted places, TikTok app needs to be removed.
  • TikTok is not what it seems – an app for sharing funny videos, but is a sophisticated surveillance tool.
  • It has huge amounts of sensitive data
  • Search and browsing histories
    • Keystroke patterns
    • Biometric identifiers such as faceprints and voiceprints
    • Location data
    • Draft messages
    • Metadata
    • Text, images and videos stored on device’s clipboard
    • I would add to this – what we do, where we visit, what we buy, what we like, who we are friends with, who we are not friends with. That latter point is important – one is exposed even if you are not a TikTok user.
  • Lists a number of TikTok’s problematic actions, such as
  • evading Google’s privacy safeguards,
    • accessing confidential information such as passwords, cryptocurrency wallet addresses and personal messages through the Apple app store,
    • payment of $92million in settlement of a lawsuit which alleged TikTok had “vacuumed up and transferred to servers in China (and other servers accessible from within China) vast quantities or private and personally identifiable user data [of US users]”,
    • payment of $5.7million to settle lawsuit which alleged that TikTok illegally collected data of under 13s.
  • TikTok is banned in India, by US military units and private US business operations on the grounds of security concerns. Other US officials, cybersecurity experts, privacy and civil rights groups have stated that TikTok is a security threat.
  • The fact that US users’ information is now stored in Oracle’s servers is not sufficient – it doesn’t say if the information is still accessible from China.

TikTok Responds

TikTok Chief Executive Shou Zi Chew said TikTok employees, including those based in China can access data, but it can only access ” subject to a series of robust cyber security controls and authorisation approval protocols overseen by our US-based security team”, in accordance with US demands. Foreign employees going forward, will only be able to access those that TikTok designates as non-sensitive.

What does it mean for Apple and Google?

Note that separately, the Commissioner’s letter could assist Apple and Google’s bid to remain the only app stores in their mobile ecosystem, or at least you have to be properly vetted and authorised to run an app store. This could require the potential app store to have enough resources. Apple and Google are claiming that they need to be able to vet apps that are downloadable on users’ mobile to maintain a high privacy and security environment for users. Although the Commissioner alleges that Apple and Google are not doing their job properly by offering TikTok on their app stores, it may well be that in any event, vetting procedures are required to ensure that users’ data are safeguarded. 

BigTech/ Data / Platforms

Major changes on Android to avoid serious consequences on users from the Roe v Wade fallout

…not only that, should any privacy breaches on Android phones end in prosecution of women seeking abortions unlawfully, it could spur class actions against Google, and massive damage to its reputation. Google has swiftly proposed a couple of measures to minimise risk. The following have been proposed:

  • Deletion of location history if they are in the vicinity of abortion clinics [but what if you live near such centres? What about underground abortion clinics? ] and other sensitive areas [like domestic abuse advice centres].
  • Access to “app inventory” restricted to utility companies such as device search [presumably this is Google? Or could it be the phone maker, like Samsung?], antivirus and file manager apps, and not to developers generally.
    • App inventory is information on what Apps are installed, or installed and then deleted by any particular user.
    • Information on user’s app inventory has been sold openly for ad-targeting purposes – this exposes users’ interests, and other traits, such as gender, age, sexuality, religion, location etc.

What about Apple?

Apple doesn’t utilise device generated data as much. Data is only stored on the device itself, and when it is synced with other devices, the data transfer is end-to-end encrypted.

Japanese Court orders a platform company kakaku.com to disclose a part of its algorithm to litigation adversary – potential knock on effects on all platform businesses (including GAFAM) that do business in Japan

…the dispute is about the following:

Plaintiff: Hanryumura, a Korean style BBQ restaurant chain operator

Defendant: platform called kakaku.com. It has a tripadvisor type platform services that ranks and recommends restaurants called Tabelog (combination of the words taberu (to eat in Japanese) and blog).

The complaint: Plaintiff says the defendant platform was abusing its superior position in the market contrary to Japanese competition law by designing its algorithms unfairly. Specifically, the plaintiff has complained that its restaurants got low scores just because they are a chain of restaurants. It was claimed that their unfair scoring system has led to a drop in the ratings and the restaurant group has suffered loss.

Results: Plaintiff succeeds in the first instance, Defendant is appealing.

The issue: As part of the appeal the court has ordered the disclosure of part of the defendant’s algorithm to the plaintiff. By doing so, it will allow the court and the plaintiff to assess the fairness of the defendant’s algorithm. Such a ruling will have implications for future litigation in Japan, and bigtech businesses in particular.

Similar issues have arisen at least in the UK. In both Infederation v Google and Kelkoo and Google, the plaintiffs argued that Google’s algorithms favoured its own shopping price comparison services over theirs in breach of competition law and the disclosure of algorithms was sought. In the former case, Google was given the option of giving up part of its defences or allow the plaintiff’s independent search engine optimisation expert to access its algorithms. In the latter case, the court deemed disclosure to be inappropriate at the relatively early stage in the proceedings, among other reasons. Whilst no disclosure of Google’s crown jewel algorithms have been made available to the plaintiff rival companies themselves thus far, that possibility in the UK cannot be discounted, especially if the dispute nears trial.  

The EU Commission is providing for the Digital Services Act which includes transparency measures for online platforms on a variety of issues, including on the algorithms used for recommendations.

…and back to Japan, they will be regulating digital advertising carried out by large platforms to ensure fairness. UK’s competition watchdog is already looking into Google’s practices as it controls the whole of the ad-stack. 

US Senators ask Google to clarify how Spam Filtering Algorithms work on Gmail

…The particular issue raised is that some emails relating to political campaigns may not reach recipients. However, the issue could be a wider one than that – it could be framed as being about how Google is carrying out content moderation.

Senators ask Google whether spam filtering applies equally to political and non-political emails, whether machine learning is used, and if so how, what rules apply if filtering is manually carried out, and whether personal preferences are taken account of.

Twitter challenges Indian Government’s Order to block Tweets

…Carrying on with the theme of content moderation, this is a news piece about the Indian Government having previously written to Twitter warning of “serious consequences” if Twitter declined to comply with take down requests of certain tweets and accounts. According to Indian law, the government has power to block tweets which “threatens the security of the state” or if take down is in the interests of public order.  Non-compliance may result in the imprisonment of Twitter’s compliance officer in India. Twitter says that Indian Government’s asks are beyond the remit of the Government’s legal authority, and has sought to challenge the order. In the past Twitter has been asked to remove tweets concerning major protests by farmers and those that are critical of the way in which the government has handled the covid pandemic.

Application of Illinois Biometric Information Privacy Act (BIPA) in the case between Uber Drivers and Microsoft

…The Uber driver plaintiffs say the following steps occurred to register as Uber drivers:

  • As applicant to Uber, the prospective Uber drivers were required to submit name, vehicle information, driver’s license, and a profile picture to Uber through its mobile application
  • Unbeknownst to Plaintiffs, their pictures were transferred to Microsoft’s Face Application Programming Interface (“Face API”), which is integrated into Uber’s phone application as a security feature
  • Microsoft’s Face API collected and analyzed Plaintiffs’ facial biometrics to create a “geographic template” that it compared to the geographic template from the original profile picture to verify their identities. [sic – this part comes from the Order – but the process is a little difficult to understand]

The plaintiffs alleged that Microsoft violated BIPA on the following grounds:

  • Microsoft never obtained Plaintiffs’ written consent to capture, store, or disseminate their facial biometrics
  • Microsoft also failed to make publicly available the policy regarding retention and deletion of their biometric information, and it profited from receiving that information. Note that there is no allegation that Microsoft failed to comply with the policy.

The judge decided that the plaintiffs did not have standing in the Federal court, remanding the case back to the State Court. However, the important point is that businesses around the world with a global footprint – need to bear in mind the different laws that might apply. It is also interesting to know what sort of processes take place at the backend – I’ve recently been subjected to these sorts of processes for travelling and applying for bank accounts.

Microsoft has recently limited its application of Face API to ensure that its facial recognition tools are utilised responsibly.

Class Action alleging excessive app store charges to commence in the UK and Australia

…these class actions do lag considerably to those already going on in the US, trial date for which is being currently argued.

Amazon’s Prime services changed so it is easier to cancel to comply with EU’s Digital Services Act

…Amazon will provide a clear and prominent Unsubscribe button. Amazon’s Prime services has been easy to subscribe to but much harder to cancel. The unsubscribing process also entailed some explanatory points which had the effect of deterring consumers from cancelling (which may be described potentially as dark patterns). Now consumers should be able to unsubscribe as simply as subscribing.

Cloud

Now Alibaba’s cloud customers can measure, analyse and manage carbon emissions

…This is a launch of a tool called Energy Expert which helps businesses carry out carbon accounting and reporting, identifying sources of carbon from their business activities. It also shows how businesses can improve on energy efficiency.

Alibaba’s cloud services is third largest after Amazon (AWS) and Microsoft (Azure).

Crypto

EU Commission to introduce Markets in Crypto-Assets (MiCA) to regulate crypto-asset dealings

…It encompasses:

  • protecting consumers
  • ensuring stablecoins are backed up by sufficiently liquid reserves
  • ensuring crypto-asset providers are authorised to operate in the EU
  • clamping down on money laundering  / terrorism financing – crypto asset transfers have to be traceable, which means that information on the source of the asset and its beneficiary travels with the transaction and is stored on both sides of the transfer. However, if there is no guarantee that privacy is upheld by the receiving end, such data should not be sent. [Quite how that works is a bit of a mystery]
  • accounting for the environmental impact and compliance with mandatory minimum sustainability standards.

It does not cover of NFTs.

The ideas are not that dissimilar to the Biden administration’s executive order on cryptocurrencies.

The move will incidentallyl make crypto transactions taxable. However, the central overreach is bound to take away the decentralised nature of cryptoassets which made the framework revolutionary.

Cryptocrash as Three Arrows Capital is liquidated by the Order of the British Virgin Islands Court

…this follows creditor’s suit (Voyager Digital – Canadian crypto lender – lends you money against your crypto) as a result of Three Arrows Capital (3AC) failing to repay its debt of $650m. They had bought into the Luna / Terra cryptocurrency which collapsed in May.  Vauld, which offered up to 40 percent annualised returned to customers to lend out their crypto tokens have disabled withdrawals and trading, as has others such as BlockFi and Celsius.

What’s happening? As venture capitalist Chamath Palihapitiya explains, the world of crypto is completely unregulated, devoid of leverage checks and auditing leaving market participants free to carry out speculative off-chain crypto arbitration. In the case of recently decimated Luna/Terra, you were promised 20% if you bought into Terra (which was purported to be pegged to 1USD) – critically at this point you lose access to your deposit and the deposit goes off the blockchain – and someone will use the deposit to find someone else that will promise to pay more than 20% interest, and so the off-chain trades goes on. Then one of the cryptocurrencies (such as Luna/Terra) collapses, and the lenders start asking for the money back. The borrower then runs off to get their deposit back. There is none to return, and the lender is left with no recourse. 

Learning point: cryptocurrency transactions are not all on-chain. When a cryptoasset is deposited, you can lose all control of it, and if there is a default on the terms, at present there is no recourse.

Cybersecurity

Cybersecurity firm Mandiant says pro-China group Dragonbridge guised as environmental campaigners are undermining rare earth producers in the US and Canada

…Mandiant says the group uses fake Twitter and Facebook accounts to claim US government aided projects to mine rare earths needed for EV batteries and high tech equipment. These projects have as their objective, a reduction in reliance on supply from China and increased self-sufficiency generally. There is a separate question as to whether the Dragonbridge campaigns are spreading disinformation or whether the information is in fact fair, and whether it matters who is perpetrating the information if it is the sort of information that is of public interest.

Google is hoping to purchase Mandiant to strengthen security for its cloud services offering.      

Drones

Underwater drones intercepted carrying a load of drugs

…the BBC reports that the unmanned drones travelled underwater from Morocco to Spain. The drones can carry up to 200kg of cargo.

EVs

German competition authority allows Volkswagen and Bosch to work on autonomous driving technology together

…the aim is to catch up with Tesla and Mercedes.

Volvo to open a new EV factory for the first time in 60 years – in Slovakia

…The Slovokian government backed factory will be completely EV, using clean energy and higher levels of automation. Volvo Chief Executive commented to the FT that building a company from scratch enables greater levels of efficiency compared to factories which attempt to modify existing internal combustion engine (ICE) manufacturing factories into an EV one. Some carmakers are presumably shutting down their ICE manufacturing factories only to open up a new EV one for this reason (Ford, Jaguar Land Rover).

According to the same FT article, Volvo’s moves into Slovakia follows that of Volkswagen, Stellantis, Kia and Jaguar Land Rover.

Volvo group company Geely of China buys Chinese smartphone company Meizu

…They say future EVs will be smartphones on wheels. It may then make sense for an auto company to buy smartphone companies which will come with know–how on delivering services through wireless communication technology.

Gaming

Judge orders preliminary injunction against Destiny 2 cheat code distributor from transferring the cheat code to Ukrainian investors

… Destiny 2 game maker Bungie had alleged that Aimjunkies/Phoenix Digital were infringing copyright and trade mark rights by selling cheat codes for the game.  An article on the website torrentfreak.com disclosed the potential sale of the Defendants to Ukranian investors. Bungie sought a narrow injunction against the transfer of Destiny 2 cheat code only, and not the website itself or the whole of the cheat code library owned by the Defendants.

The Defendants say they themselves haven’t copied any Destiny 2 code, and so should not be liable for copyright infringement which require them to have carried out the acts of copying per the copyright law. They say that the software was made by a third party, which they distribute. Furthermore, the Defendants contended that the website has been already sold off to the Ukranian purchaser, so an injunction would be too late. These are very unattractive points that make the Defendants look rather shady. But then again their business itself is.

The Court nevertheless said that Bungie has demonstrated that the Defendants have knowledge of, and/or access to, servers from which future purchasers could download the cheat software, directly from the software’s alleged developers. Further, despite the purported sale, whether the individual defendants will still play some role in the management of Aimjunkies.com is unclear. An injunction was therefore granted. Learning point: in the world of digital/ gaming [and by extension Metaverse] – one has to have eyes and ears peeled for all sorts of rumours and developments through various channels, and then act quick!

Metaverse / VR / AR / MR / XR

Metaverse Dating App Soul, popular in China prepares to list in Hong Kong

…You can now, through your avatar, find your soulmate on the metaverse. The system will know your personality traits so is supposed to be able to work out by virtue of a clever algorithm to identify your perfect match. Because you are anonymous, you can be whatever you want to be, say whatever you want, admit whatever guilty pleasures you may have which you might feel you can share with a stranger.

Hopefully however, there are proper checks carried out. These avatars do look cute, but the platform could become a fertile ground for nefarious characters to prey on more innocent and younger daters. 

Cambridge University Hospital x GigXR showcases HoloScenarios, virtual holographic patients on which medical students can train

…Using Microsoft’s Hololens, medical students attempt to find the best solution to help holographic patients which are overlaid in the real physical world. Seeing really is believing (and understanding better), so check out the clip. No more having to hire actors to simulate particular symptoms for medical students to practice on. It seems that the system has the potential of becoming much simpler, cheaper and more accurate than traditional methods and usable by trainee medics all over the world.  

Satellites/Space

US Federal Communication Commission authorises SpaceX to provide internet services to moving vehicles, such as boats, airplanes and trucks

…The development is significant, because it would mean citizens living in the middle of the countryside can receive great broadband. Farmers can benefit from smart agriculture. Business people can enjoy long haul cruises without worrying about not being connected. Trucks can be autonomously driven across country roads. The list goes on…

Delving Deeper

EU publishes a briefing on the Metaverse, throwing up all sorts of issues that might need regulating

The paper identifies a number of areas that might need to be watched carefully as the Metaverse evolves. A rough summary of issues is as below (and weaving in some thoughts of my own) :

Competition Issues

  • Lock in risk: technical solutions, protocols and services that enable interoperability are critical to build the metaverse ecosystem. Open metaverse standards may need to be fostered.
  • Killer acquisitions: need to be watchful of purchases of nascent start ups with the main objective to prevent it becoming a significant competitor. [Because the metaverse is not dominated by any particular company at present, large businesses might find they fall below the radar of competition rules. Therefore, the EU’s point appears to be that acquisitions in the space need to be scrutinised]
  • Antitrust: Need to be aware of following behaviours:
  • self-preferencing – platforms in particular can promote its own products and services over third parties’. In part the Digital Markets Act deal with this.
    • dark patterns – designing interfaces to influence users’ behaviour and decision-making
    • sharing of sensitive information between competitors

Data Protection

  • Facilitation of collection of biometric data: this includes emotional physiological responses, facial expressions and eye-tracking. Intrusive profiling will also be possible. The draft AI act deals with this to some extent.
  • Attribution of liability: metaverse will create a web of relationships, making it very difficult to determine responsibilities and liabilities. Defining data controller and processor may be blurred. Determining who should be responsible for collecting consents and displaying privacy notices may not be straightforward.
  • Difficulty in collecting the proper consents and avoiding collection of data from users: Consent may be impossible to obtain where the world is continuous, involuntary and interconnected, meaning it is impossible for users to avoid data collection. However, GDPR [should it apply] requires the active and freely given consent of users to share data with third parties and for a specified purpose (such as ad-targeting, including subliminal advertising). Interaction between avatars may not be private and recorded, and subject to commercial and state surveillance.
  • Need to regulate the storage, handling and safeguarding of data used in the metaverse: this includes responsibility for data theft or misuse.
  • International data transfers:  interoperability and the movement of users inside and between different metaverses, together with their data and assets, raises the question of data sharing and data portability.

Liabilities

The Digital Services Act may to some extent deal with these issues.

  • Illegal and harmful content: New content moderation challenges – it’s hard enough on web2.0, but the fact that you can use avatars which have freedom to operate in 3D make the scope for harmful content particularly acute (sexual harassment or assault, pornographic content modelled on avatars, or misinformation or defamatory content, hate or extremist behaviours, discriminatory behaviours). 
  • Intellectual property infringement (including tarnishment) and misappropriation: this is easy to do in the metaverse without being able to ascertain who the perpetrator is.

Use of Artificial Intelligence

  • Artificial Intelligence including machine-learning algorithms and deep-learning architectures – these features operating in the metaverse could enable market participants to track and monitor their users and customers in real time and expand the negative impacts. The draft AI Act deals with this to some extent.

Financial Transactions

  • Ownership of digital assets: the limits of what the owner of an NFT can do with the digital assets may not be always clear. 
  • Fintech regulation:  this may be required and in part be helped by the draft proposal for a regulation on markets in crypto-assets.

Cybersecurity

  • Cyberattacks likely to be prolific via devices: hackers may control what the victim can see/hear and experience and could see inside their office or home, with serious security consequences.

The proposal for a regulation on general product safety requires appropriate cybersecurity features for product protection. Cybersecurity resilience act is proposed, which will protect consumers by introducing common cybersecurity rules for digital products and ancillary services.

  • New forms of cyber attacks foreseen: selling fake NFTs, illicit use of crypto-currencies and malicious smart contracts
  • Virtual crimes: would the law of assault say, apply to an avatar? What about indecent exposure?
  • Connections between dark web and the metaverse
  • Avatar integrity: identity theft, avatar duplication and misuse creates an issue for interoperability. Identity authentication built on blockchain will be crucial in this respect.

Generally

  • Determining Jurisdiction:  This is not straightforward. Is determined by the person’s location/ avatar’s location / server’s location (or contractually determined)?

Other issues

  • Employment and Labour laws – if metaverse is used in the workplace
  • Mental and physical health of users, including children
  • Accessibility and inclusiveness.

Headlines in Tech 22-29 Jun 2022

US

Roe v Wade overturned – Tech companies attempt to neutralise effect for employees

… As most readers will know, the US Supreme Court has overturned Roe v Wade, meaning that in the US, there is no longer a constitutional right for a woman to obtain an abortion. This means that states can pass laws to ban abortions, should they wish. For example at the moment, there is a temporary injunction on the abortion ban in Texas whereas in Tennessee, the ban is enforceable after six weeks of pregnancy (pregnancy can easily go unnoticed at such an early stage). Tech companies were quick to react, Alphabet (Google) and Apple, (alongside other non-tech companies) said they will pay for employees to travel and receive reproductive care if they live in states where abortion is banned. Presumably there will be confidential channels by which employees can apply. These companies are potentially risking liability because in some states you could be liable if you assist a woman to obtain an abortion. As I understand it, Meta and Microsoft’s offer of support were premised on the provision of assistance being lawful.

Artificial Intelligence

The UK government says copyright will be amended to promote progress in AI

…In its press release, the government said that data mining will not require permission from the copyright owner by anyone with lawful access to the material even if it is protected by copyright. Data mining is an important technique used for example, in training AI in which a software (or a bot) is used to collect and analyse material (eg. internet) for patterns, trends and other useful information. The aim is to make UK a location of choice for data mining and AI development. The government says that it seeks to use Brexit as an opportunity to make its own laws that is pro-technological progress.

What’s the EU position?

It is interesting to bear in mind that there are data mining exceptions under EU’s Copyright Digital Single Market Directive (applicable across the EU):

  • Research organisations / cultural heritage organisations are allowed to data mine for a scientific purpose (even if they are carrying out research with a business under certain partnerships). Importantly it is not possible to restrict the ability of research organisations / cultural heritage organisations to data mine provided it has lawful access to the material.
  • In cases of data mining by a non research organisation /cultural heritage organisation or for a non scientific purpose, it is possible to data mine without permission if there are no express reservations not to data mine (for example coding on the webpage, licensing agreement term).

The UK position is better than the EU position because it will not be possible to prohibit data mining, provided that the user has lawful access.

What about protection afforded to IP created by AI?

No changes are proposed for UK’s patent inventorship criteria (question of whether an AI can be an inventor) or copyright computer generated works (in accordance with UK copyright law, a literary, dramatic, musical or artistic work which is computer-generated can attract copyright even if there is no human author – this has been debated to be at odds with the EU position which can be argued to require human creation to attract copyright (eg. Case C-145/10 (Painer), Case C-683/17 (Cofemel)).

Microsoft revises its Responsible AI standards, restricts and retires certain capabilities

…Having regard to the fact that certain AI can be used inappropriately, Microsoft have decided to revise its Responsible AI standards and remove certain AI capabilities for use in open-ended ways.

Revised Responsible AI Standards

Microsoft’s revised Responsible AI Standards have the following overarching requirements:

  • Accountability
    • Impact Assessments
    • Oversight of significant adverse impacts, including whether the system can be deployed for sensitive use.
    • Fit for Purpose: Document in the Impact Assessment how the system provide valid solutions for the problems they are designed to solve.
    • Data Governance and Management: what data will be collected and processed (labelling, cleaning, enrichment and aggregation) and how will it be used? Which geographic areas?
    • Human Oversight and control: who will carry out troubleshooting, managing, operating, overseeing, and controlling the system during and after deployment? How will the system behaviour be interpreted and how will it be controlled/overridden?
  • Transparency
    • System intelligibility for decision making: how will the relevant system behaviour be interpreted in a way that supports informed decision making?
    • Communication to stakeholders: Explain the capabilities and limitations of the AI systems to support stakeholders in making informed choices about those systems
    • Disclosure of AI interaction: inform people that they are interacting with an AI system or are using a system that generates or manipulates image, audio, or video content that could falsely appear to be authentic
  • Fairness
    • Quality of Service: make sure the system provides a similar quality of service for identified demographic groups, including marginalized groups. [this will mean AI is not deployable for certain AI uses if there is insufficient data about a certain category or people]
    • Allocation of resources and opportunities: minimize disparities in outcomes for identified demographic groups, including marginalized groups (especially when used in finance, education, employment, healthcare, housing, insurance, or social welfare)
    • Minimization of stereotyping, demeaning, and erasing outputs: Applies to AI systems outputs include descriptions, depictions, or other representations of people, cultures, or society.
  • Reliability & Safety
    • Failures and remediations: minimize the time to remediation of predictable or known failures (define predictable failures, including false positive and false negative results for the system as a whole and how they would impact stakeholders for each intended use). How will failures be remedied, how long will take, and will there be oversight to ensure failures can be avoided?
    • Ongoing monitoring, feedback, and evaluation: use the outcomes to improves
  • Privacy & Security
  • Inclusiveness

Restrictions on some capabilities

Microsoft is advocating for laws to regulate the use of facial recognition but in the meanwhile has decided to limit access to Azure Face API, Computer Vision, and Video Indexer to those that apply for it [Good job! Would say the Ada Lovelace Institute – see below – In the Spotlight]. Those that propose to use Microsoft’s capabilities have to demonstrate that its use will be in accordance with the above Responsible AI standards.

Separately Microsoft said it will retire facial analysis capabilities that purport to infer emotional states and identity attributes such as gender, age, smile, facial hair, hair, and makeup, owing to the lack of consensus on a definition of “emotions,” and the inability to generalize the linkage between facial expression and emotional state across use cases, regions, and demographics. Microsoft also identified stereotyping, discrimination, or unfair denial of services as risks that had to be avoided. However, Microsoft is allowing some limited use, in particular to support technology for people with disabilities, such as SeeingAI.

Amazon’s AI assistant Alexa can now speak to you in the voice and style of your dead relatives

…the demo was of a child asking Alexa to read a story in the voice of his dead grandmother. There is a question of whether such a tool would impede the grieving process. There is also the question of abuse. Users could take a person’s casual voicemail (or more likely celebrities’ voices off videoclips) and convert that into Alexa’s voice without their consent. Then there are scams and deepfakes, spread of disinformation that could be facilitated by use of these types of technology. For example, anyone can use the capability to call up parents with their child’s voice seeking the transfer of money or you could make a politician say something he or she didn’t say.  During a consultation on AI and IP in the UK, some voiced the need to expand the scope of performers’ rights under copyright law to address these issues. The UK government have said that the proposal was taken seriously but will be put on hold for now.

BigTech/ Data / Platforms

Google Shopping Case Mark 2? Danish Jobindex complains to the EU Commission that Google is self-preferencing Google for Jobs in breach of competition law

…Stating that the issues are similar to the Google shopping case, Jobindex, which advertises vacancies, made the following complaints:

  • Google self-preferences its own service Google for Jobs over other similar services. When a search is made, Google’s job search box appears after the sponsored links, but above the organic search results.
  • This is despite the fact that (in Jobindex’s opinion) Google for Jobs service is inferior to that provided by Jobindex. Google’s search results should be ranked according to their objective relevance, but it favours its own tool over others. This breaches the principle of search neutrality, argued Jobindex.
  • Some of the jobs that are listed in Google for Jobs originate from Jobindex but there is no reference to Jobindex. Recruiters pay a premium to be listed in reputable sites and should not find itself listed in Google for Jobs whose listings are not always comprised of sound employers.

Google explains that it partners with job providers to help job seekers find the right employer.

In the Google Shopping case, the EU Commission found (2017) that Google violated antitrust provision by systematically giving prominence to its own shopping comparison services over third party’s comparison shopping services. The algorithm which ranks the relevance of search results were not applied to Google’s own services. Last November, the General Court of the European Union confirmed the decision of the EU Commission.

UK to abolish cookie consent pop-ups for each and every website in the long run

…so it said in its response to the consultation on the reform of the UK data protection regime. The consultation revealed that some entities (I assume a lot of them are advertisers) were unable to collect useful information whilst users found cookie consent pop ups annoying. Currently cookies for limited purposes (where essential to provide the service, where needed to transmit communications) do not require the users’ consent. The UK suggests that cookies that enable audience measurement were non intrusive and so ought to be exempted from cookie consents. Other types of cookies which collect personal data (used particularly for ad-targeting) were more intrusive and so ought to be subject to cookie consents. 

The government concluded that in the future, it intends to move to an opt-out model of consent for cookies placed by websites. In practice, this would mean cookies could be set without seeking consent, but the website must give the web user clear information about how to opt out.

In the government response there was no mention of Google’s Privacy Sandbox, which is an alternative technology which enables advertisers to carry out measurement and tracking but at the same time protect user privacy.  It is essentially carried out by aggregating data about conversion (into clicks, purchases) and attribution (from which ad placed on which website). The EU Commission and the UK Competition Authority are examining effects of the Privacy Sandbox on competition.

There is a concern around whether any reform will result in UK losing its adequacy status with the EU, which is necessary for businesses to be able to have free flow of personal data to and from the EU.

How do cookies work?

The main purpose of a cookie is to identify users and possibly prepare customized web pages or to save information – so that when you visit the web site for the second time, it knows your preferences. Third party cookies are where information is sent not to the site you are visiting but also others eg. advertisers on that site. See: https://policies.google.com/technologies/cookies?hl=en-US

Is it OK for a government official to block someone commenting on his Facebook page? – Depends, said a US Court (Sixth Circuit)

…James Freed had a Facebook page. He subsequently became a city manager for Port Huron, Michigan. His Facebook page became too popular and so he carried out the following:

  • converted his profile to a “page,” which has unlimited “followers” instead of friends
  • chose “public figure” as the page category
  • updated Facebook page to reflect his new title
  • In the “About” section, he most recently described himself as “Daddy to Lucy, Husband to Jessie and City Manager, Chief Administrative Officer for the citizens of Port Huron, MI.”
  • Listed the Port Huron website and the City’s general email and the City Hall address as contact details.
  • Posted a mixture of private and public matters

Lindke didn’t approve of how Freed was handling the pandemic and started responding with criticism. Freed blocked Lindke which led him to sue Freed, claiming this blocking violated Lindke’s First Amendment rights.

The US Court sided with Freed saying that the Facebook page was operated in his personal capacity:

  • Freed not duty-bound to have a Facebook page
  • Facebook page did not belong to the office of city manager – It wouldn’t make sense for Freed’s successor to take over that page
  • Government doesn’t employ anyone to operate the page
  • No official account directed users to the Facebook page
  • The office had no control over the Facebook page                                  

These facts distinguished that of the Second Circuit in Knight First Amendment Institute At Columbia University v. Trump – in that case the plaintiffs succeeded in showing that Trump had violated the First Amendment by blocking users. That Court had held that “While he is certainly not required to listen, once he opens up the interactive features of his account to the public at large he is not entitled to censor selected users because they express views with which he disagrees”

Metaverse

First ever law firm in the Metaverse and issues with it

…I was alerted by this article that a personal injury firm was first set up in the metaverse Decentraland back in December 2021. Given that those donning VR have been known to have injuries – for failing to take account of an obstacle / set of stairs in the real world, it might come across as quite apt – the article says.

Nice though the idea may be, the author talks about some of the regulatory issues that need to be considered:

  • How secure will the correspondence be between the lawyer and the client?
  • How do you carry out identity checks?
  • Where will that data be stored?
  • Can that data be deleted (right to be forgotten provided for in data protection laws in some jurisdictions, such as Europe)?

These are issues that need to be accounted for, but soon the technology should catch up to enable law firms to conduct their practice and abide by various regulatory requirements, the article concludes.

In In the Spotlight

Democrats ask US FTC to investigate Apple and Google over transforming online advertising into an “intense system of surveillance” that incentivises unrestrained collection of data from their mobile platforms – in anticipation of the overturning of Roe v Wade

…The letter was written in anticipation of Roe v Wade being overturned.

It all concerns the incorporation of unique tracking identifiers into iOS and Android for ad-targeting purposes. The unique tracking identifiers enable Apple and Google to understand what users do on their mobile phone (eg. what websites do they browse? What sort of questions to they search on Google/ Safari (which uses a Google search engine)? What do they purchase from which website? What in-app purchases do they make?)

  • Apple: Until recently, Apple allowed users to opt out, but only through a complicated procedure. Apple now makes it easy for users to opt out. However because this means that third parties cannot track the user, leaving Apple only to be able to exploit the data it presents an antitrust issue (German Competition Authority presently probing). To be precise, as I understand it, users can also opt out of Apple collecting personal data too, but that option is presented to the user in a different way, as addressed in Facebook’s comment letter. Facebook says this is unfair.
  • Google: Until recently, users were not able to opt out, and still currently enables tracking by default. Whilst it is possible now for users to opt out, it is a complicated process.

What do unique tracking identifiers enable?

The unique tracking identifiers are not anonymous, and can be used to identify the relevant individual – for example, it is easy to identify which residential address the identifier is associated with by looking at the location data for the identifier in the night-time. In fact, some data brokers have a dataset of unique tracking identifiers linked to personal details of the individual it represents (name, email address, address, telephone numbers etc). The letter says “Apple and Google enabled governments and private actors to exploit advertising tracking systems for their own surveillance and exposed hundreds of millions of Americans to serious privacy harms”.

What’s Roe v Wade got to do with it?

The letter notes that “Data brokers are already selling, licensing, and sharing the location information of people that visit abortion providers to anyone with a credit card. Prosecutors in states where abortion becomes illegal will soon be able to obtain warrants for location information about anyone who has visited an abortion provider. Private actors will also be incentivized by state bounty laws to hunt down women who have obtained or are seeking an abortion by accessing location information through shady data brokers”.

Are the Democrats over-reacting?

It is true that tech companies know users well very well, because they know so much about our private lives, what we do, where we visit, what we buy, what we like, what predilections they have. A high-ranking Catholic priest has in the past been outed as gay when the Catholic news media purchased commercially available location data and worked out that the priest’s phone was used to visit gay bars and private residences whilst using the gay dating up Grindr. When the department store Target used its own customer data to send targeted ads, it disclosed to a man that his teenage daughter was pregnant unbeknownst to him; the man had gone to complain to Target about bombarding his daughter with ads about baby items, apparently encouraging her to fall pregnant despite the fact she was still at high school.

When there are such incidents, it is not possible to say that Democrats’ point is farfetched. In the US, the government has the power to compel companies to turn over data under their control – which is why the top Court in the EU (CJEU) ruled that sending personal data to the US contravened GDPR. FTC has already raised the possibility that emerging technology, such as AI could incentivise surveillance. As the chances of the US government could one day adopt an autocratic regime is not nil, remote though it may seem, one can’t help thinking that it would be prudent to consider these issues to future proof citizens’ rights.

Around the world

UK’s independent legal review commissioned by the Ada Lovelace Institute concluded that technologically neutral framework is needed, so that emerging technologies can be used in a way that is that is “responsible, trustworthy and proportionate”. In that review, it advised that the use of live facial recognition which compares the biometric data to the database or records ought to be banned immediately until biometric technologies are properly regulated.

What can users do?

There are apps which offer end-to-end encryption for reproductive services such as menstrual cycle tracking. There are also VPN apps you can download to safeguard your location data. That way, users’ information will be safe, for example, were there to be a cybersecurity breach/attack, or were that state to decide to prosecute businesses that may have information on women who might have illegally obtained an abortion (because their menstrual cycle ceases and then resumes before term) to turn over data, they will be unable to do so because not such data would be within their control.