from Digital and Cyberspace Policy Program and Net Politics

Week in Review: December 18, 2020

An activist of Avaaz wears a mask depicting the face of Facebook CEO Mark Zuckerberg during a protest in Brussels.
An activist of Avaaz wears a mask depicting the face of Facebook CEO Mark Zuckerberg during a protest in Brussels. REUTERS/Francois Walschaerts

Big tech's terrible, horrible, no good, very bad week; Russia’s SolarWinds hack compromises thousands of customers; Facebook calls out France and Russia for misinformation operations in Africa; Germany refuses to exclude Huawei; and European Union introduces cybersecurity strategy.

December 18, 2020, 7:00 am (EST)

An activist of Avaaz wears a mask depicting the face of Facebook CEO Mark Zuckerberg during a protest in Brussels.
An activist of Avaaz wears a mask depicting the face of Facebook CEO Mark Zuckerberg during a protest in Brussels. REUTERS/Francois Walschaerts
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Editor’s Note: In observance of the holidays, the Week in Review will be taking the next two weeks off. It will return on January 8, 2021.

Big Tech's Terrible, Horrible, No Good, Very Bad Week

On Saturday, China’s State Administration for Market Regulation fined Alibaba and Tencent’s e-book spinoff China Literature 500,000 yuan (approximately $76,500) for violating anti-monopoly laws. Under particular scrutiny are a pair of years-old deals that purportedly lacked proper government approval. In 2017, Alibaba grew its share of Intime Retail Group Co. to almost 74 percent, and in 2018, China Literature purchased film studio New Classics Media. Regulators are also investigating Tencent for a planned merger between two of its investments: gaming giants Douyu and Huya. Scott Yu, a lawyer specializing in antitrust at Zhong Lun Law Firm, said, “Despite its relative modest amount, the penalty announced today has a symbolic importance.”

More on:

Cybersecurity

Technology and Innovation

European Union

France

Russia

On Monday, Google, Amazon, ByteDance, Discord, Facebook (including WhatsApp), Reddit, Snap, Twitter, and YouTube were ordered by the Federal Trade Commission (FTC) to share detailed documentation about their data collection and processing operations, including algorithms, advertising information, and “each User Attribute that the Company uses, tracks, estimates, or derives.” FTC commissioners Rohit Chopra, Rebecca Slaughter, and Christine Wilson insisted in a statement justifying the order that “too much about the industry remains dangerously opaque.” The order, which follows the FTC’s lawsuit against Facebook last week, is part of a broader investigation into big tech’s business practices.

On Tuesday, the United Kingdom (UK) and the European Union (EU) debuted long-awaited proposals, including the Digital Services Act and Digital Markets Act, aiming to reign in big tech. In addition to regulating hate speech and harmful content, European authorities unveiled transparency measures seeking to limit merchants such as Google and Amazon from prioritizing their own products in search results and rankings. Large tech companies would also be prohibited from leveraging data to undermine third-party merchants selling on their platforms, echoing the lawsuit filed by the EU against Amazon last month. Non-compliance would result in fines of up to 10 percent of annual revenue, and repeat violations could lead regulators to mandate a break-up. James Lewis, director of the Strategic Technologies program at the Center for Strategic and International Studies, said, “2021 will be the year of regulation for the tech giants — they are a mature industry now, not shiny young start-ups. We used to say too big to fail for banks, but banks are highly regulated and these guys are moving in this direction too.”

Also on Tuesday, Twitter was fined €450,000 (approximately $547,000) by the Irish Data Protection Commission (IDPC) for violating Europe’s General Data Protection Regulation (GDPR). According to the IDPC, Twitter failed to properly document a breach and report it to authorities. The fine, although small (amounting to about 0.016 percent of Twitter’s annual revenue), is the first fine levied for violating the GDPR on a tech company based in the United States. 

On Wednesday, ten states sued Google for allegedly maintaining a monopoly on search advertising by illegally colluding with rivals such as Facebook, and, on Thursday, thirty-eight states filed suit against Google for allegedly monopolizing search and search advertising through anticompetitive behavior, including exclusionary contracts. In addition to abusing its advertising prowess to siphon revenue from other advertisers, Google is accused of intentionally ranking businesses in competing industries, such as travel or home improvement, lower on search results. The complaint [PDF] filed in Texas federal court argues that in the online advertising market, “Google is pitcher, batter, and umpire, all at the same time.”

Russia’s SolarWinds Hack Compromises Thousands of Customers

On Monday, software provider SolarWinds acknowledged that thousands of its customers, including 425 of the Fortune 500 companies, the five branches of the military, the National Security Agency, and the Justice and State departments, were likely compromised by a months-long Russian state hacking campaign. Thus far, the U.S. departments of Commerce, Homeland Security, State, and several divisions of the Pentagon are all confirmed to have been breached. FireEye, which was breached in a related, suspected Russian attack, noted that the Russian hackers also infiltrated government and private sector companies in Asia, Europe, and the Middle East. The hackers spied on emails for months, though it remains unknown what other critical data and systems have been exposed. The Russian operation exposed critical flaws in both supply chain security and the United States’ cybersecurity defenses, including Einstein, a multi-billion dollar tool developed by the Cybersecurity and Infrastructure Security Agency to detect malware.

More on:

Cybersecurity

Technology and Innovation

European Union

France

Russia

Facebook Calls Out France and Russia for Misinformation Operations in Africa

On Tuesday, Facebook accused individuals associated with Russia’s Internet Research Agency and the French military of running competing misinformation operations in Africa. The individuals connected to the French military allegedly posed as locals and disseminated posts on current events and election security as well as criticism of Russian and praise for French policies in Africa. Meanwhile, the Russian operation spread content denouncing French foreign policy, praising Russia’s vaccine efforts, lauding the Central African Republic government, and criticizing a non-existent coup d’etat in Equatorial Guinea. In their report, social media analysis firm Graphika wrote, “Geopolitical sparring on the ground in Africa is playing out in parallel across social media — not just Facebook, but also Twitter, YouTube, and long-form news articles written by the operations.” Facebook’s announcement is the first call-out of a Western country for a misinformation operation on the platform.

Germany Refuses to Exclude Huawei

On Wednesday, the German government debuted a bill that could allow Huawei to have a role in Germany’s 5G network. Under the bill, providers hoping to join Germany’s 5G buildout, including Huawei, will be required to demonstrate that their equipment doesn’t enable terrorism, espionage, or sabotage. German authorities would reserve the right to later remove or block 5G equipment “if it conflicts with the overriding public interest, in particular security policy concerns.” Unlike the UK and Sweden, Germany, whose largest trading partner is China, has long resisted banning Huawei outright. Nonetheless, members of Germany’s parliament have noted that the stringent criteria could ultimately exclude Huawei. Nils Schmid, a member from Germany’s Social Democratic Party, remarked, “it gives us the ability to exclude Huawei. Now it all depends on whether the political will is there to do it.”

European Union Introduces Cybersecurity Strategy

On Wednesday, the European Union (EU) unveiled an updated cybersecurity strategy. In addition to an AI-powered “cybersecurity shield” meant to detect and deter attacks, the European Commission is creating a Joint Cyber Unit and hoping to further cooperate with governments worldwide on cybersecurity regulation, defense, human rights, and more. “With today's strategy the EU is stepping up to protect its governments, citizens and businesses from global cyber threats, and to provide leadership in cyberspace, making sure everybody can reap the benefits of the Internet and the use of technologies,” said Josep Borrell, High Representative of the EU.

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close