1. Home /
  2. Tech News /
  3. Headlines in Tech 29 Jun-6 Jul 2022
  • 2022.07.11

Headlines in Tech 29 Jun-6 Jul 2022

Headlines in Tech news of the week

Use of TikTok in the US poses national security risk says Federal Communication Commissioner in his letter to Google and Apple CEO

…The letter was not from the FCC itself, meaning that the view may or may not be unanimously shared across the unit. 

The letter is in response to reports that officials in Beijing have been accessing information containing personal data of American citizens. Like many very successful social media/ content sharing platforms, TikTok possess volumes of sensitive data of vast number of users (approx. 80million estimated monthly active users just in the US, according to one statistic – 20 million downloads Q1 2022 alone, the letter notes). TikTok’s user information is however now stored in Oracle servers in the US – but this does not mean that the data is not accessible from elsewhere unless controls are put in place as the letter also notes. 

The Federal Communication Commissioner (Brendan Carter) made the following points:

  • TikTok poses unacceptable national security risk, and so in accordance with Google/Apple’s representation that app stores are safe and trusted places, TikTok app needs to be removed.
  • TikTok is not what it seems – an app for sharing funny videos, but is a sophisticated surveillance tool.
  • It has huge amounts of sensitive data
  • Search and browsing histories
    • Keystroke patterns
    • Biometric identifiers such as faceprints and voiceprints
    • Location data
    • Draft messages
    • Metadata
    • Text, images and videos stored on device’s clipboard
    • I would add to this – what we do, where we visit, what we buy, what we like, who we are friends with, who we are not friends with. That latter point is important – one is exposed even if you are not a TikTok user.
  • Lists a number of TikTok’s problematic actions, such as
  • evading Google’s privacy safeguards,
    • accessing confidential information such as passwords, cryptocurrency wallet addresses and personal messages through the Apple app store,
    • payment of $92million in settlement of a lawsuit which alleged TikTok had “vacuumed up and transferred to servers in China (and other servers accessible from within China) vast quantities or private and personally identifiable user data [of US users]”,
    • payment of $5.7million to settle lawsuit which alleged that TikTok illegally collected data of under 13s.
  • TikTok is banned in India, by US military units and private US business operations on the grounds of security concerns. Other US officials, cybersecurity experts, privacy and civil rights groups have stated that TikTok is a security threat.
  • The fact that US users’ information is now stored in Oracle’s servers is not sufficient – it doesn’t say if the information is still accessible from China.

TikTok Responds

TikTok Chief Executive Shou Zi Chew said TikTok employees, including those based in China can access data, but it can only access ” subject to a series of robust cyber security controls and authorisation approval protocols overseen by our US-based security team”, in accordance with US demands. Foreign employees going forward, will only be able to access those that TikTok designates as non-sensitive.

What does it mean for Apple and Google?

Note that separately, the Commissioner’s letter could assist Apple and Google’s bid to remain the only app stores in their mobile ecosystem, or at least you have to be properly vetted and authorised to run an app store. This could require the potential app store to have enough resources. Apple and Google are claiming that they need to be able to vet apps that are downloadable on users’ mobile to maintain a high privacy and security environment for users. Although the Commissioner alleges that Apple and Google are not doing their job properly by offering TikTok on their app stores, it may well be that in any event, vetting procedures are required to ensure that users’ data are safeguarded. 

BigTech/ Data / Platforms

Major changes on Android to avoid serious consequences on users from the Roe v Wade fallout

…not only that, should any privacy breaches on Android phones end in prosecution of women seeking abortions unlawfully, it could spur class actions against Google, and massive damage to its reputation. Google has swiftly proposed a couple of measures to minimise risk. The following have been proposed:

  • Deletion of location history if they are in the vicinity of abortion clinics [but what if you live near such centres? What about underground abortion clinics? ] and other sensitive areas [like domestic abuse advice centres].
  • Access to “app inventory” restricted to utility companies such as device search [presumably this is Google? Or could it be the phone maker, like Samsung?], antivirus and file manager apps, and not to developers generally.
    • App inventory is information on what Apps are installed, or installed and then deleted by any particular user.
    • Information on user’s app inventory has been sold openly for ad-targeting purposes – this exposes users’ interests, and other traits, such as gender, age, sexuality, religion, location etc.

What about Apple?

Apple doesn’t utilise device generated data as much. Data is only stored on the device itself, and when it is synced with other devices, the data transfer is end-to-end encrypted.

Japanese Court orders a platform company kakaku.com to disclose a part of its algorithm to litigation adversary – potential knock on effects on all platform businesses (including GAFAM) that do business in Japan

…the dispute is about the following:

Plaintiff: Hanryumura, a Korean style BBQ restaurant chain operator

Defendant: platform called kakaku.com. It has a tripadvisor type platform services that ranks and recommends restaurants called Tabelog (combination of the words taberu (to eat in Japanese) and blog).

The complaint: Plaintiff says the defendant platform was abusing its superior position in the market contrary to Japanese competition law by designing its algorithms unfairly. Specifically, the plaintiff has complained that its restaurants got low scores just because they are a chain of restaurants. It was claimed that their unfair scoring system has led to a drop in the ratings and the restaurant group has suffered loss.

Results: Plaintiff succeeds in the first instance, Defendant is appealing.

The issue: As part of the appeal the court has ordered the disclosure of part of the defendant’s algorithm to the plaintiff. By doing so, it will allow the court and the plaintiff to assess the fairness of the defendant’s algorithm. Such a ruling will have implications for future litigation in Japan, and bigtech businesses in particular.

Similar issues have arisen at least in the UK. In both Infederation v Google and Kelkoo and Google, the plaintiffs argued that Google’s algorithms favoured its own shopping price comparison services over theirs in breach of competition law and the disclosure of algorithms was sought. In the former case, Google was given the option of giving up part of its defences or allow the plaintiff’s independent search engine optimisation expert to access its algorithms. In the latter case, the court deemed disclosure to be inappropriate at the relatively early stage in the proceedings, among other reasons. Whilst no disclosure of Google’s crown jewel algorithms have been made available to the plaintiff rival companies themselves thus far, that possibility in the UK cannot be discounted, especially if the dispute nears trial.  

The EU Commission is providing for the Digital Services Act which includes transparency measures for online platforms on a variety of issues, including on the algorithms used for recommendations.

…and back to Japan, they will be regulating digital advertising carried out by large platforms to ensure fairness. UK’s competition watchdog is already looking into Google’s practices as it controls the whole of the ad-stack. 

US Senators ask Google to clarify how Spam Filtering Algorithms work on Gmail

…The particular issue raised is that some emails relating to political campaigns may not reach recipients. However, the issue could be a wider one than that – it could be framed as being about how Google is carrying out content moderation.

Senators ask Google whether spam filtering applies equally to political and non-political emails, whether machine learning is used, and if so how, what rules apply if filtering is manually carried out, and whether personal preferences are taken account of.

Twitter challenges Indian Government’s Order to block Tweets

…Carrying on with the theme of content moderation, this is a news piece about the Indian Government having previously written to Twitter warning of “serious consequences” if Twitter declined to comply with take down requests of certain tweets and accounts. According to Indian law, the government has power to block tweets which “threatens the security of the state” or if take down is in the interests of public order.  Non-compliance may result in the imprisonment of Twitter’s compliance officer in India. Twitter says that Indian Government’s asks are beyond the remit of the Government’s legal authority, and has sought to challenge the order. In the past Twitter has been asked to remove tweets concerning major protests by farmers and those that are critical of the way in which the government has handled the covid pandemic.

Application of Illinois Biometric Information Privacy Act (BIPA) in the case between Uber Drivers and Microsoft

…The Uber driver plaintiffs say the following steps occurred to register as Uber drivers:

  • As applicant to Uber, the prospective Uber drivers were required to submit name, vehicle information, driver’s license, and a profile picture to Uber through its mobile application
  • Unbeknownst to Plaintiffs, their pictures were transferred to Microsoft’s Face Application Programming Interface (“Face API”), which is integrated into Uber’s phone application as a security feature
  • Microsoft’s Face API collected and analyzed Plaintiffs’ facial biometrics to create a “geographic template” that it compared to the geographic template from the original profile picture to verify their identities. [sic – this part comes from the Order – but the process is a little difficult to understand]

The plaintiffs alleged that Microsoft violated BIPA on the following grounds:

  • Microsoft never obtained Plaintiffs’ written consent to capture, store, or disseminate their facial biometrics
  • Microsoft also failed to make publicly available the policy regarding retention and deletion of their biometric information, and it profited from receiving that information. Note that there is no allegation that Microsoft failed to comply with the policy.

The judge decided that the plaintiffs did not have standing in the Federal court, remanding the case back to the State Court. However, the important point is that businesses around the world with a global footprint – need to bear in mind the different laws that might apply. It is also interesting to know what sort of processes take place at the backend – I’ve recently been subjected to these sorts of processes for travelling and applying for bank accounts.

Microsoft has recently limited its application of Face API to ensure that its facial recognition tools are utilised responsibly.

Class Action alleging excessive app store charges to commence in the UK and Australia

…these class actions do lag considerably to those already going on in the US, trial date for which is being currently argued.

Amazon’s Prime services changed so it is easier to cancel to comply with EU’s Digital Services Act

…Amazon will provide a clear and prominent Unsubscribe button. Amazon’s Prime services has been easy to subscribe to but much harder to cancel. The unsubscribing process also entailed some explanatory points which had the effect of deterring consumers from cancelling (which may be described potentially as dark patterns). Now consumers should be able to unsubscribe as simply as subscribing.

Cloud

Now Alibaba’s cloud customers can measure, analyse and manage carbon emissions

…This is a launch of a tool called Energy Expert which helps businesses carry out carbon accounting and reporting, identifying sources of carbon from their business activities. It also shows how businesses can improve on energy efficiency.

Alibaba’s cloud services is third largest after Amazon (AWS) and Microsoft (Azure).

Crypto

EU Commission to introduce Markets in Crypto-Assets (MiCA) to regulate crypto-asset dealings

…It encompasses:

  • protecting consumers
  • ensuring stablecoins are backed up by sufficiently liquid reserves
  • ensuring crypto-asset providers are authorised to operate in the EU
  • clamping down on money laundering  / terrorism financing – crypto asset transfers have to be traceable, which means that information on the source of the asset and its beneficiary travels with the transaction and is stored on both sides of the transfer. However, if there is no guarantee that privacy is upheld by the receiving end, such data should not be sent. [Quite how that works is a bit of a mystery]
  • accounting for the environmental impact and compliance with mandatory minimum sustainability standards.

It does not cover of NFTs.

The ideas are not that dissimilar to the Biden administration’s executive order on cryptocurrencies.

The move will incidentallyl make crypto transactions taxable. However, the central overreach is bound to take away the decentralised nature of cryptoassets which made the framework revolutionary.

Cryptocrash as Three Arrows Capital is liquidated by the Order of the British Virgin Islands Court

…this follows creditor’s suit (Voyager Digital – Canadian crypto lender – lends you money against your crypto) as a result of Three Arrows Capital (3AC) failing to repay its debt of $650m. They had bought into the Luna / Terra cryptocurrency which collapsed in May.  Vauld, which offered up to 40 percent annualised returned to customers to lend out their crypto tokens have disabled withdrawals and trading, as has others such as BlockFi and Celsius.

What’s happening? As venture capitalist Chamath Palihapitiya explains, the world of crypto is completely unregulated, devoid of leverage checks and auditing leaving market participants free to carry out speculative off-chain crypto arbitration. In the case of recently decimated Luna/Terra, you were promised 20% if you bought into Terra (which was purported to be pegged to 1USD) – critically at this point you lose access to your deposit and the deposit goes off the blockchain – and someone will use the deposit to find someone else that will promise to pay more than 20% interest, and so the off-chain trades goes on. Then one of the cryptocurrencies (such as Luna/Terra) collapses, and the lenders start asking for the money back. The borrower then runs off to get their deposit back. There is none to return, and the lender is left with no recourse. 

Learning point: cryptocurrency transactions are not all on-chain. When a cryptoasset is deposited, you can lose all control of it, and if there is a default on the terms, at present there is no recourse.

Cybersecurity

Cybersecurity firm Mandiant says pro-China group Dragonbridge guised as environmental campaigners are undermining rare earth producers in the US and Canada

…Mandiant says the group uses fake Twitter and Facebook accounts to claim US government aided projects to mine rare earths needed for EV batteries and high tech equipment. These projects have as their objective, a reduction in reliance on supply from China and increased self-sufficiency generally. There is a separate question as to whether the Dragonbridge campaigns are spreading disinformation or whether the information is in fact fair, and whether it matters who is perpetrating the information if it is the sort of information that is of public interest.

Google is hoping to purchase Mandiant to strengthen security for its cloud services offering.      

Drones

Underwater drones intercepted carrying a load of drugs

…the BBC reports that the unmanned drones travelled underwater from Morocco to Spain. The drones can carry up to 200kg of cargo.

EVs

German competition authority allows Volkswagen and Bosch to work on autonomous driving technology together

…the aim is to catch up with Tesla and Mercedes.

Volvo to open a new EV factory for the first time in 60 years – in Slovakia

…The Slovokian government backed factory will be completely EV, using clean energy and higher levels of automation. Volvo Chief Executive commented to the FT that building a company from scratch enables greater levels of efficiency compared to factories which attempt to modify existing internal combustion engine (ICE) manufacturing factories into an EV one. Some carmakers are presumably shutting down their ICE manufacturing factories only to open up a new EV one for this reason (Ford, Jaguar Land Rover).

According to the same FT article, Volvo’s moves into Slovakia follows that of Volkswagen, Stellantis, Kia and Jaguar Land Rover.

Volvo group company Geely of China buys Chinese smartphone company Meizu

…They say future EVs will be smartphones on wheels. It may then make sense for an auto company to buy smartphone companies which will come with know–how on delivering services through wireless communication technology.

Gaming

Judge orders preliminary injunction against Destiny 2 cheat code distributor from transferring the cheat code to Ukrainian investors

… Destiny 2 game maker Bungie had alleged that Aimjunkies/Phoenix Digital were infringing copyright and trade mark rights by selling cheat codes for the game.  An article on the website torrentfreak.com disclosed the potential sale of the Defendants to Ukranian investors. Bungie sought a narrow injunction against the transfer of Destiny 2 cheat code only, and not the website itself or the whole of the cheat code library owned by the Defendants.

The Defendants say they themselves haven’t copied any Destiny 2 code, and so should not be liable for copyright infringement which require them to have carried out the acts of copying per the copyright law. They say that the software was made by a third party, which they distribute. Furthermore, the Defendants contended that the website has been already sold off to the Ukranian purchaser, so an injunction would be too late. These are very unattractive points that make the Defendants look rather shady. But then again their business itself is.

The Court nevertheless said that Bungie has demonstrated that the Defendants have knowledge of, and/or access to, servers from which future purchasers could download the cheat software, directly from the software’s alleged developers. Further, despite the purported sale, whether the individual defendants will still play some role in the management of Aimjunkies.com is unclear. An injunction was therefore granted. Learning point: in the world of digital/ gaming [and by extension Metaverse] – one has to have eyes and ears peeled for all sorts of rumours and developments through various channels, and then act quick!

Metaverse / VR / AR / MR / XR

Metaverse Dating App Soul, popular in China prepares to list in Hong Kong

…You can now, through your avatar, find your soulmate on the metaverse. The system will know your personality traits so is supposed to be able to work out by virtue of a clever algorithm to identify your perfect match. Because you are anonymous, you can be whatever you want to be, say whatever you want, admit whatever guilty pleasures you may have which you might feel you can share with a stranger.

Hopefully however, there are proper checks carried out. These avatars do look cute, but the platform could become a fertile ground for nefarious characters to prey on more innocent and younger daters. 

Cambridge University Hospital x GigXR showcases HoloScenarios, virtual holographic patients on which medical students can train

…Using Microsoft’s Hololens, medical students attempt to find the best solution to help holographic patients which are overlaid in the real physical world. Seeing really is believing (and understanding better), so check out the clip. No more having to hire actors to simulate particular symptoms for medical students to practice on. It seems that the system has the potential of becoming much simpler, cheaper and more accurate than traditional methods and usable by trainee medics all over the world.  

Satellites/Space

US Federal Communication Commission authorises SpaceX to provide internet services to moving vehicles, such as boats, airplanes and trucks

…The development is significant, because it would mean citizens living in the middle of the countryside can receive great broadband. Farmers can benefit from smart agriculture. Business people can enjoy long haul cruises without worrying about not being connected. Trucks can be autonomously driven across country roads. The list goes on…

Delving Deeper

EU publishes a briefing on the Metaverse, throwing up all sorts of issues that might need regulating

The paper identifies a number of areas that might need to be watched carefully as the Metaverse evolves. A rough summary of issues is as below (and weaving in some thoughts of my own) :

Competition Issues

  • Lock in risk: technical solutions, protocols and services that enable interoperability are critical to build the metaverse ecosystem. Open metaverse standards may need to be fostered.
  • Killer acquisitions: need to be watchful of purchases of nascent start ups with the main objective to prevent it becoming a significant competitor. [Because the metaverse is not dominated by any particular company at present, large businesses might find they fall below the radar of competition rules. Therefore, the EU’s point appears to be that acquisitions in the space need to be scrutinised]
  • Antitrust: Need to be aware of following behaviours:
  • self-preferencing – platforms in particular can promote its own products and services over third parties’. In part the Digital Markets Act deal with this.
    • dark patterns – designing interfaces to influence users’ behaviour and decision-making
    • sharing of sensitive information between competitors

Data Protection

  • Facilitation of collection of biometric data: this includes emotional physiological responses, facial expressions and eye-tracking. Intrusive profiling will also be possible. The draft AI act deals with this to some extent.
  • Attribution of liability: metaverse will create a web of relationships, making it very difficult to determine responsibilities and liabilities. Defining data controller and processor may be blurred. Determining who should be responsible for collecting consents and displaying privacy notices may not be straightforward.
  • Difficulty in collecting the proper consents and avoiding collection of data from users: Consent may be impossible to obtain where the world is continuous, involuntary and interconnected, meaning it is impossible for users to avoid data collection. However, GDPR [should it apply] requires the active and freely given consent of users to share data with third parties and for a specified purpose (such as ad-targeting, including subliminal advertising). Interaction between avatars may not be private and recorded, and subject to commercial and state surveillance.
  • Need to regulate the storage, handling and safeguarding of data used in the metaverse: this includes responsibility for data theft or misuse.
  • International data transfers:  interoperability and the movement of users inside and between different metaverses, together with their data and assets, raises the question of data sharing and data portability.

Liabilities

The Digital Services Act may to some extent deal with these issues.

  • Illegal and harmful content: New content moderation challenges – it’s hard enough on web2.0, but the fact that you can use avatars which have freedom to operate in 3D make the scope for harmful content particularly acute (sexual harassment or assault, pornographic content modelled on avatars, or misinformation or defamatory content, hate or extremist behaviours, discriminatory behaviours). 
  • Intellectual property infringement (including tarnishment) and misappropriation: this is easy to do in the metaverse without being able to ascertain who the perpetrator is.

Use of Artificial Intelligence

  • Artificial Intelligence including machine-learning algorithms and deep-learning architectures – these features operating in the metaverse could enable market participants to track and monitor their users and customers in real time and expand the negative impacts. The draft AI Act deals with this to some extent.

Financial Transactions

  • Ownership of digital assets: the limits of what the owner of an NFT can do with the digital assets may not be always clear. 
  • Fintech regulation:  this may be required and in part be helped by the draft proposal for a regulation on markets in crypto-assets.

Cybersecurity

  • Cyberattacks likely to be prolific via devices: hackers may control what the victim can see/hear and experience and could see inside their office or home, with serious security consequences.

The proposal for a regulation on general product safety requires appropriate cybersecurity features for product protection. Cybersecurity resilience act is proposed, which will protect consumers by introducing common cybersecurity rules for digital products and ancillary services.

  • New forms of cyber attacks foreseen: selling fake NFTs, illicit use of crypto-currencies and malicious smart contracts
  • Virtual crimes: would the law of assault say, apply to an avatar? What about indecent exposure?
  • Connections between dark web and the metaverse
  • Avatar integrity: identity theft, avatar duplication and misuse creates an issue for interoperability. Identity authentication built on blockchain will be crucial in this respect.

Generally

  • Determining Jurisdiction:  This is not straightforward. Is determined by the person’s location/ avatar’s location / server’s location (or contractually determined)?

Other issues

  • Employment and Labour laws – if metaverse is used in the workplace
  • Mental and physical health of users, including children
  • Accessibility and inclusiveness.