Editor’s Note: In observance of the holidays, the Week in Review will be taking the next two weeks off. It will return on January 8, 2021.
Big Tech's Terrible, Horrible, No Good, Very Bad Week
On Saturday, China’s State Administration for Market Regulation fined Alibaba and Tencent’s e-book spinoff China Literature 500,000 yuan (approximately $76,500) for violating anti-monopoly laws. Under particular scrutiny are a pair of years-old deals that purportedly lacked proper government approval. In 2017, Alibaba grew its share of Intime Retail Group Co. to almost 74 percent, and in 2018, China Literature purchased film studio New Classics Media. Regulators are also investigating Tencent for a planned merger between two of its investments: gaming giants Douyu and Huya. Scott Yu, a lawyer specializing in antitrust at Zhong Lun Law Firm, said, “Despite its relative modest amount, the penalty announced today has a symbolic importance.”
On Monday, Google, Amazon, ByteDance, Discord, Facebook (including WhatsApp), Reddit, Snap, Twitter, and YouTube were ordered by the Federal Trade Commission (FTC) to share detailed documentation about their data collection and processing operations, including algorithms, advertising information, and “each User Attribute that the Company uses, tracks, estimates, or derives.” FTC commissioners Rohit Chopra, Rebecca Slaughter, and Christine Wilson insisted in a statement justifying the order that “too much about the industry remains dangerously opaque.” The order, which follows the FTC’s lawsuit against Facebook last week, is part of a broader investigation into big tech’s business practices.
On Tuesday, the United Kingdom (UK) and the European Union (EU) debuted long-awaited proposals, including the Digital Services Act and Digital Markets Act, aiming to reign in big tech. In addition to regulating hate speech and harmful content, European authorities unveiled transparency measures seeking to limit merchants such as Google and Amazon from prioritizing their own products in search results and rankings. Large tech companies would also be prohibited from leveraging data to undermine third-party merchants selling on their platforms, echoing the lawsuit filed by the EU against Amazon last month. Non-compliance would result in fines of up to 10 percent of annual revenue, and repeat violations could lead regulators to mandate a break-up. James Lewis, director of the Strategic Technologies program at the Center for Strategic and International Studies, said, “2021 will be the year of regulation for the tech giants — they are a mature industry now, not shiny young start-ups. We used to say too big to fail for banks, but banks are highly regulated and these guys are moving in this direction too.”
Also on Tuesday, Twitter was fined €450,000 (approximately $547,000) by the Irish Data Protection Commission (IDPC) for violating Europe’s General Data Protection Regulation (GDPR). According to the IDPC, Twitter failed to properly document a breach and report it to authorities. The fine, although small (amounting to about 0.016 percent of Twitter’s annual revenue), is the first fine levied for violating the GDPR on a tech company based in the United States.
On Wednesday, ten states sued Google for allegedly maintaining a monopoly on search advertising by illegally colluding with rivals such as Facebook, and, on Thursday, thirty-eight states filed suit against Google for allegedly monopolizing search and search advertising through anticompetitive behavior, including exclusionary contracts. In addition to abusing its advertising prowess to siphon revenue from other advertisers, Google is accused of intentionally ranking businesses in competing industries, such as travel or home improvement, lower on search results. The complaint [PDF] filed in Texas federal court argues that in the online advertising market, “Google is pitcher, batter, and umpire, all at the same time.”
Russia’s SolarWinds Hack Compromises Thousands of Customers
On Monday, software provider SolarWinds acknowledged that thousands of its customers, including 425 of the Fortune 500 companies, the five branches of the military, the National Security Agency, and the Justice and State departments, were likely compromised by a months-long Russian state hacking campaign. Thus far, the U.S. departments of Commerce, Homeland Security, State, and several divisions of the Pentagon are all confirmed to have been breached. FireEye, which was breached in a related, suspected Russian attack, noted that the Russian hackers also infiltrated government and private sector companies in Asia, Europe, and the Middle East. The hackers spied on emails for months, though it remains unknown what other critical data and systems have been exposed. The Russian operation exposed critical flaws in both supply chain security and the United States’ cybersecurity defenses, including Einstein, a multi-billion dollar tool developed by the Cybersecurity and Infrastructure Security Agency to detect malware.
Facebook Calls Out France and Russia for Misinformation Operations in Africa
On Tuesday, Facebook accused individuals associated with Russia’s Internet Research Agency and the French military of running competing misinformation operations in Africa. The individuals connected to the French military allegedly posed as locals and disseminated posts on current events and election security as well as criticism of Russian and praise for French policies in Africa. Meanwhile, the Russian operation spread content denouncing French foreign policy, praising Russia’s vaccine efforts, lauding the Central African Republic government, and criticizing a non-existent coup d’etat in Equatorial Guinea. In their report, social media analysis firm Graphika wrote, “Geopolitical sparring on the ground in Africa is playing out in parallel across social media — not just Facebook, but also Twitter, YouTube, and long-form news articles written by the operations.” Facebook’s announcement is the first call-out of a Western country for a misinformation operation on the platform.
Germany Refuses to Exclude Huawei
On Wednesday, the German government debuted a bill that could allow Huawei to have a role in Germany’s 5G network. Under the bill, providers hoping to join Germany’s 5G buildout, including Huawei, will be required to demonstrate that their equipment doesn’t enable terrorism, espionage, or sabotage. German authorities would reserve the right to later remove or block 5G equipment “if it conflicts with the overriding public interest, in particular security policy concerns.” Unlike the UK and Sweden, Germany, whose largest trading partner is China, has long resisted banning Huawei outright. Nonetheless, members of Germany’s parliament have noted that the stringent criteria could ultimately exclude Huawei. Nils Schmid, a member from Germany’s Social Democratic Party, remarked, “it gives us the ability to exclude Huawei. Now it all depends on whether the political will is there to do it.”
European Union Introduces Cybersecurity Strategy
On Wednesday, the European Union (EU) unveiled an updated cybersecurity strategy. In addition to an AI-powered “cybersecurity shield” meant to detect and deter attacks, the European Commission is creating a Joint Cyber Unit and hoping to further cooperate with governments worldwide on cybersecurity regulation, defense, human rights, and more. “With today's strategy the EU is stepping up to protect its governments, citizens and businesses from global cyber threats, and to provide leadership in cyberspace, making sure everybody can reap the benefits of the Internet and the use of technologies,” said Josep Borrell, High Representative of the EU.