President Bolsonaro should boost Brazil’s entrepreneurial ecosystem

In late October following a significant victory for Jair Bolsonaro in Brazil’s presidential elections, the stock market for Latin America’s largest country shot up. Financial markets reacted favorably to the news because Bolsonaro, a free-market proponent, promises to deliver broad economic reforms, fight corruption and work to reshape Brazil through a pro-business agenda. While some have dubbed him as a far-right “Trump of the Tropics” against a backdrop of many Brazilians feeling that government has failed them, the business outlook is extremely positive.

When President-elect Bolsonaro appointed Santander executive Roberto Campos as new head of Brazil’s central bank in mid-November, Brazil’s stock market cheered again with Sao Paulo’s Bovespa stocks surging as much as 2.65 percent on the day news was announced. According to Reuters, “analysts said Bolsonaro, a former army captain and lawmaker who has admitted to having scant knowledge of economics, was assembling an experienced economic team to implement his plans to slash government spending, simplify Brazil’s complex tax system and sell off state-run companies.”

Admittedly, there are some challenges as well. Most notably, pension-system reform tops the list of priorities to get on the right track quickly. A costly pension system is increasing the country’s debt and contributed to Brazil losing its investment-grade credit rating in 2015. According to the new administration, Brazil’s domestic product could grow by 3.5 percent during 2019 if Congress approves pension reform soon. The other issue that’s cropped up to tarnish the glow of Bolsonaro coming into power are suspect payments made to his son that are being examined by COAF, the financial crimes unit.

While the jury is still out on Bolsonaro’s impact on Brazilian society at large after being portrayed as the Brazilian Trump by the opposition party, he’s come across as less authoritarian during his first days in office. Since the election, his tone is calmer and he’s repeatedly said that he plans to govern for all Brazilians, not just those who voted for him. In his first speech as president, he invited his wife to speak first which has never happened before.

Still, according to The New York Times, “some Brazilians remain deeply divided on the new president, a former army captain who has hailed the country’s military dictators and made disparaging remarks about women and minority groups.”

Others have expressed concern about his environment impact with the “an assault on environmental and Amazon protections” through an executive order within hours of taking office earlier this week. However, some major press outlets have been more upbeat: “With his mix of market-friendly economic policies and social conservativism at home, Mr. Bolsonaro plans to align Brazil more closely with developed nations and particularly the U.S.,” according to the Wall Street Journal this week.

Based on his publicly stated plans, here’s why President Bolsonaro will be good for business and how his administration will help build an even stronger entrepreneurial ecosystem in Brazil:

Bolsonaro’s Ministerial Reform

President Temer leaves office with 29 government ministries. President Bolsonaro plans to reduce the number of ministries to 22, which will reduce spending and make the government smaller and run more efficiently. We expect to see more modern technology implemented to eliminate bureaucratic red tape and government inefficiencies.

Importantly, this will open up more partnerships and contracting of tech startups’ solutions. Government contacts for new technology will be used across nearly all the ministries including mobility, transportation, health, finance, management and legal administration – which will have a positive financial impact especially for the rich and booming SaaS market players in Brazil.

Government Company Privatization

Of Brazil’s 418 government-controlled companies, there are 138 of them on the federal level that could be privatized. In comparison to Brazil’s 418, Chile has 25 government-controlled companies, the U.S. has 12, Australia and Japan each have eight, and Switzerland has four. Together, Brazil-owned companies employ more than 800,000 people today, including about 500,000 federal employees. Some of the largest ones include petroleum company Petrobras, electric utilities company EletrobrasBanco do Brasil, Latin America’s largest bank in terms of its assets, and Caixa Economica Federal, the largest 100 percent government-owned financial institution in Latin America.

The process of privatizing companies is known to be cumbersome and inefficient, and the transformation from political appointments to professional management will surge the need for better management tools, especially for enterprise SaaS solutions.

STEAM Education to Boost Brazil’s Tech Talent

Based on Bolsonaro’s original plan to move the oversight of university and post-graduate education from the Education Ministry to the Science and Technology Ministry, it’s clear the new presidential administration is favoring more STEAM courses that are focused on Science, Technology, Engineering, the Arts and Mathematics.

Previous administrations threw further support behind humanities-focused education programs. Similar STEAM-focused higher education systems from countries such as Singapore and South Korea have helped to generate a bigger pipeline of qualified engineers and technical talent badly needed by Brazilian startups and larger companies doing business in the country. The additional tech talent boost in the country will help Brazil better compete on the global stage.

The Chicago Boys’ “Super” Ministry

The merger of the Ministry of Economy with the Treasury, Planning and Industry and Foreign Trade and Services ministries will create a super ministry to be run by Dr. Paulo Guedes and his team of Chicago Boys. Trained at the Department of Economics in the University of Chicago under Milton Friedman and Arnold Harberger, the Chicago Boys are a group of prominent Chilean economists who are credited with transforming Chile into Latin America’s best performing economies and one of the world’s most business-friendly jurisdictions. Joaquim Levi, the recently appointed chief of BNDES (Brazilian Development Bank), is also a Chicago Boy and a strong believer in venture capital and startups.

Previously, Guedes was a general partner in Bozano Investimentos, a pioneering private equity firm, before accepting the invitation to take the helm of the world’s eighth-largest economy in Brazil. To have a team of economists who deeply understand the importance of rapid-growth companies is good news for Brazil’s entrepreneurial ecosystem. This group of 30,000 startup companies are responsible for 50 percent of the job openings in Brazil and they’re growing far faster than the country’s GDP.

Bolsonaro’s Pro-Business Cabinet Appointments

President Bolsonaro has appointed a majority of technical experts to be part of his new cabinet. Eight of them have strong technology backgrounds, and this deeper knowledge of the tech sector will better inform decisions and open the way to more funding for innovation.

One of those appointments, Sergio Moro, is the federal judge for the anti-corruption initiative knows as “Operation Car Wash.” With Moro’s nomination to Chief of the Justice Department and his anticipated fight against corruption could generate economic growth and help reduce unemployment in the country. Bolsonaro’s cabinet is also expected to simplify the crazy and overwhelming tax system. More than 40 different taxes could be whittled down to a dozen, making it easier for entrepreneurs to launch new companies.

In general terms, Brazil and Latin America have long suffered from deep inefficiencies. With Bolsonaro’s administration, there’s new promise that there will be an increase in long-term infrastructure investments, reforms to reduce corruption and bureaucratic red tape, and enthusiasm and support for startup investments in entrepreneurs who will lead the country’s fastest-growing companies and make significant technology advancements to “lift all boats.”

Facebook’s got 99 problems but Trump’s latest “bias” tweet ain’t one

By any measure Facebook hasn’t had the best of years in 2018.

But while toxic problems keep piling up and, well, raining acidly down on the social networking giant — from election interference, to fake accounts, faulty metrics, security flaws, ethics failuresprivacy outrages and much more besides — the silver lining of having a core business now widely perceived as hostile to democratic processes and civilized sentiment, and the tool of choice for shitposters agitating for hate and societal division, well, everywhere in the world, is that Facebook has frankly far more important things to worry about than the latest anti-tech-industry salvo from President Trump.

In an early morning tweet today, Trump (again) attacked what he dubbed anti-conservative “bias” in the digital social sphere — hitting out at not just Facebook but tech’s holy trinity of social giants, with a claim that “Facebook, Twitter and Google are so biased towards the Dems it is ridiculous!”

Time was when Facebook was so sensitive to accusations of internal anti-conservative bias that it fired a bunch of journalists it had contracted and replaced them with algorithms — which almost immediately pumped up a bunch of fake news. RIP irony.

Not today, though.

When asked if it had a response to Trump’s accusation of bias a Facebook spokesperson told us: “We don’t have anything to add here.”

The brevity and alacrity of the response suggested the spokesperson had a really cheerful expression on their face when they typed it.

The relief of Facebook not having to give a shit this time was kinda palpable, even in pixel form.

It was also a far cry from the screeds the company routinely dispenses these days to try to muffle journalistic — and indeed political — enquiry.

Trump evidently doesn’t factor ‘bigly’ on Facebook’s oversubscribed risk-list.

Even though Facebook was the first name on the president’s (non-alphabetical) tech giant hit-list.

Still, Twitter appeared to have irked Trump more, as his tweet singled out the short-form platform — with an accusation that Twitter has made it “much more difficult for people to join [sic] @realDonaldTrump”. (We think by “join” he means follow. But we’re speculating wildly.)

This is perhaps why Twitter felt moved to provide a response to the claim of bias, albeit also without wasting a lot of words.

Here’s its statement:

Our focus is on the health of the service, and that includes work to remove fake accounts to prevent malicious behavior. Many prominent accounts have seen follower counts drop, but the result is higher confidence that the followers they have are real, engaged people.

Presumably the president failed to read our report, from July, when we trailed Twitter’s forthcoming spam purge, warning it would result in users with lots of followers taking a noticeable hit in the coming days. In a word: Sad.

Of course we also asked Google for a response to Trump’s bias claim. But just got radio silence.

In similar “bias” tweets from August the company got a bigger Trump-lashing. And in a response statement then it told us: “We never rank search results to manipulate political sentiment.”

Google CEO Sundar Pichai has also just had to sit through some three hours of questions from Republicans in Congress on this very theme.

So the company probably feels it’s exhausted the political bias canard.

Even while, as the claims drone on and on, it might truly come to understand what it feels like to be stuck inside a filter bubble.

In any case there are far more pressing things to accuse Google’s algorithms of than being ‘anti-Trump’.

So it’s just as well it didn’t waste time on another presidential sideshow intended to distract from problems of Trump’s own making.

A long and winding road to new copyright legislation

Back in May, as part of a settlement, Spotify agreed to pay more than $112 million to clean up some copyright problems. Even for a service with millions of users, that had to leave a mark. No one wants to be dragged into court all the time, not even bold, disruptive technology start-ups.

On October 11th, the President signed the Hatch-Goodlatte Music Modernization Act (the “Act”, or “MMA”). The MMA goes back, legislatively, to at least 2013, when Chairman Goodlatte (R-VA) announced that, as Chairman of the House Judiciary Committee, he planned to conduct a “comprehensive” review of issues in US copyright law. Ranking Member Jerry Nadler (D-NY) was also deeply involved in this process, as were Senators Hatch (R-UT) Leahy (D-VT), and Wyden (D-OR). But this legislation didn’t fall from the sky; far from it.

After many hearings, several “roadshow” panels around the country, and a couple of elections, in early 2018 Goodlatte announced his intent to move forward on addressing several looming issues in music copyright before his planned retirement from Congress at the end of his current term (January 2019).  With that deadline in place, the push was on, and through the spring and summer, the House Judiciary Committee and their colleagues in the Senate worked to complete the text of the legislation and move it through to process. By late September, the House and Senate versions had been reconciled and the bill moved to the President’s desk.

What’s all this about streaming?

As enacted, the Act instantiates several changes to music copyright in the US, especially as regards streaming music services. What does “streaming” refer to in this context? Basically, it occurs when a provider makes music available to listeners, over the internet, without creating a downloadable or storable copy: “Streaming differs from downloads in that no copy of the music is saved to your hard drive.”

“It’s all about the Benjamins.”

One part, by far the largest change in terms of money, provides that a new royalty regime be created for digital streaming of musical works, e.g. by services like Spotify and Apple Music. Pre-1972 recordings — and the creators involved in making them (including, for the first time, for audio engineers, studio mixers and record producers) — are also brought under this royalty umbrella.

These are significant, generally beneficial results for a piece of legislation. But to make this revenue bounty fully effective, a to-be-created licensing entity will have to be set up with the ability to first collect, and then distribute, the money. Think “ASCAP/BMI for streaming.” This new non-profit will be the first such “collective licensing” copyright organization set up in the US in quite some time.

Collective Licensing: It’s not “Money for Nothing”, right?

What do we mean by “collective licensing” in this context, and how will this new organization be created and organized to engage in it? Collective licensing is primarily an economically efficient mechanism for (A) gathering up monies due for certain uses of works under copyright– in this case, digital streaming of musical recordings, and (B) distributing the royalty checks back to the rights-holding parties ( e.g. recording artists, their estates in some cases, and record labels).  Generally speaking, in collective licensing:

 “…rights holders collect money that would otherwise be in tiny little bits that they could not afford to collect, and in that way they are able to protect their copyright rights. On the flip side, substantial users of lots of other people’s copyrighted materials are prepared to pay for it, as long as the transaction costs are not extreme.”

—Fred Haber, VP and Corporate Counsel, Copyright Clearance Center

The Act envisions the new organization as setting up and implementing a new, extensive —and, publicly accessible —database of musical works and the rights attached to them. Nothing quite like this is currently available, although resources like SONY’s Gracenote suggest a good start along those lines. After it is set up and the initial database has a sufficient number of records, the new collective licensing agency will then get down to the business of offering licenses:

“…a blanket statutory license administered by a nonprofit mechanical licensing collective. This collective will collect and distribute royalties, work to identify songs and their owners for payment, and maintain a comprehensive, publicly accessible database for music ownership information.”

— Regan A. Smith, General Counsel and Associate Register of Copyrights

(AP Photo) The Liverpool beat group The Beatles, with John Lennon, Paul McCartney, George Harrison and Ringo Starr, take it easy resting their feet on a table, during a break in rehearsals for the Royal variety show at the Prince of Wales Theater, London, England, November 4, 1963. (AP Photo)

You “Can’t Buy Me Love”, so who is all this going to benefit?

In theory, the listening public should be the primary beneficiary. More music available through digital streaming services means more exposure —and potentially more money —for recording artists. For students of music, the new database of recorded works and licenses will serve to clarify who is (or was) responsible for what. Another public benefit will be fewer actions on digital streaming issues clogging up the courts.

There’s an interesting wrinkle in the Act providing for the otherwise authorized use of “orphaned” musical works such that these can now be played in library or archival (i.e. non-profit) contexts. “Orphan works” are those which may still protected under copyright, but for which the legitimate rights holders are unknown, and, sometimes, undiscoverable. This is the first implementation of orphan works authorization in US copyright law.  Cultural services – like Open Culture – can look forward to being able to stream more musical works without incurring risk or hindrance (provided that the proper forms are filled out) and this implies that some great music is now more likely to find new audiences and thereby be preserved for posterity. Even the Electronic Frontier Foundation (EFF), generally no great fan of new copyright legislation, finds something to like in the Act.

In the land of copyright wonks, and in another line of infringement suits, this resolution of the copyright status of musical recordings released before 1972 seems, in my opinion, fair and workable. In order to accomplish that, the Act also had to address the matter of the duration of these new copyright protections, which is always (post-1998) a touchy subject:

  • For recordings first published before 1923, the additional time period ends on December 31, 2021.
  • For recordings created between 1923-1946, the additional time period is 5 years after the general 95-year term.
  • For recordings created between 1947-1956, the additional time period is 15 years after the general 95-year term.
  • For works first published between 1957-February 15, 1972 the additional time period ends on February 15, 2067.

(Source: US Copyright Office)

 (Photo by Theo Wargo/Getty Images for Live Nation)

Money (That’s What I Want – and lots and lots of listeners, too.)

For the digital music services themselves, this statutory or ‘blanket’ license arrangement should mean fewer infringement actions being brought; this might even help their prospects for investment and encourage  new and more innovative services to come into the mix.

“And, in The End…”

This new legislation, now the law of the land, extends the history of American copyright law in new and substantial ways. Its actual implementation is only now beginning. Although five years might seem like a lifetime in popular culture, in politics it amounts to several eons. And let’s not lose sight of the fact that the industry got over its perceived short-term self-interests enough, this time, to agree to support something that Congress could pass. That’s rare enough to take note of and applaud.

This law lacks perfection, as all laws do. The licensing regime it envisions will not satisfy everyone, but every constituent, every stakeholder, got something. From the perspective of right now, chances seem good that, a few years from now, the achievement of the Hatch-Goodlatte Music Modernization Act will be viewed as a net positive for creators of music, for the distributors of music, for scholars, fans of ‘open culture’, and for the listening public. In copyright, you can’t do better than that.

In letter to Congress, Apple sends strongest denial over ‘spy chip’ story

Apple has doubled down on its repudiation of Bloomberg’s report last week that claimed its systems had been compromised by Chinese spies.

The blockbuster story cited more than a dozen sources claiming that China installed tiny chips on motherboards built by Supermicro, which companies across the U.S. tech industry — including Amazon and Apple — have used to power servers in their datacenters. Bloomberg’s report also claimed that the chip can reportedly compromise data on the server, allowing China to spy on some of the world’s most powerful tech companies.

Now, in a letter to Congress, Apple’s vice president of information security George Stathakopoulos sent the company’s strongest denial to date.

“Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” he said. “We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation.”

It follows a statement by both the U.K. National Cyber Security Center and U.S. Homeland Security stating that they had “no reason to doubt” statements by Apple, Amazon and Supermicro denying the claims.

Stathakopoulos added that Apple “repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts.”

Apple’s statement is far stronger than its earlier remarks. A key detail missing in the Bloomberg story is that its many sources, albeit anonymous, provided the reporters with a first hand account of the alleged spy chips.

Without any evidence that the chips exist beyond eyewitness accounts and sources, Bloomberg’s story remains on shaky grounds.

Facebook is weaponizing security to erode privacy

At a Senate hearing this week in which US lawmakers quizzed tech giants on how they should go about drawing up comprehensive Federal consumer privacy protection legislation, Apple’s VP of software technology described privacy as a “core value” for the company.

“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.

Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.

But the company could hardly have made such a claim had it been in the room, given that its business is based on trying to know everything about you in order to dart you with ads.

You could say Facebook has ‘hostility to privacy‘ as a core value.

Earlier this year one US senator wondered of Mark Zuckerberg how Facebook could run its service given it doesn’t charge users for access. “Senator we run ads,” was the almost startled response, as if the Facebook founder couldn’t believe his luck at the not-even-surface-level political probing his platform was getting.

But there have been tougher moments of scrutiny for Zuckerberg and his company in 2018, as public awareness about how people’s data is being ceaselessly sucked out of platforms and passed around in the background, as fuel for a certain slice of the digital economy, has grown and grown — fuelled by a steady parade of data breaches and privacy scandals which provide a glimpse behind the curtain.

On the data scandal front Facebook has reigned supreme, whether it’s as an ‘oops we just didn’t think of that’ spreader of socially divisive ads paid for by Kremlin agents (sometimes with roubles!); or as a carefree host for third party apps to party at its users’ expense by silently hovering up info on their friends, in the multi-millions.

Facebook’s response to the Cambridge Analytica debacle was to loudly claim it was ‘locking the platform down‘. And try to paint everyone else as the rogue data sucker — to avoid the obvious and awkward fact that its own business functions in much the same way.

All this scandalabra has kept Facebook execs very busy with year, with policy staffers and execs being grilled by lawmakers on an increasing number of fronts and issues — from election interference and data misuse, to ad transparencyhate speech and abuse, and also directly, and at times closely, on consumer privacy and control

Facebook shielded its founder from one sought for grilling on data misuse, as UK MPs investigated online disinformation vs democracy, as well as examining wider issues around consumer control and privacy. (They’ve since recommended a social media levy to safeguard society from platform power.) 

The DCMS committee wanted Zuckerberg to testify to unpick how Facebook’s platform contributes to the spread of disinformation online. The company sent various reps to face questions (including its CTO) — but never the founder (not even via video link). And committee chair Damian Collins was withering and public in his criticism of Facebook sidestepping close questioning — saying the company had displayed a “pattern” of uncooperative behaviour, and “an unwillingness to engage, and a desire to hold onto information and not disclose it.”

As a result, Zuckerberg’s tally of public appearances before lawmakers this year stands at just two domestic hearings, in the US Senate and Congress, and one at a meeting of the EU parliament’s conference of presidents (which switched from a behind closed doors format to being streamed online after a revolt by parliamentarians) — and where he was heckled by MEPs for avoiding their questions.

But three sessions in a handful of months is still a lot more political grillings than Zuckerberg has ever faced before.

He’s going to need to get used to awkward questions now that lawmakers have woken up to the power and risk of his platform.

Security, weaponized 

What has become increasingly clear from the growing sound and fury over privacy and Facebook (and Facebook and privacy), is that a key plank of the company’s strategy to fight against the rise of consumer privacy as a mainstream concern is misdirection and cynical exploitation of valid security concerns.

Simply put, Facebook is weaponizing security to shield its erosion of privacy.

Privacy legislation is perhaps the only thing that could pose an existential threat to a business that’s entirely powered by watching and recording what people do at vast scale. And relying on that scale (and its own dark pattern design) to manipulate consent flows to acquire the private data it needs to profit.

Only robust privacy laws could bring Facebook’s self-serving house of cards tumbling down. User growth on its main service isn’t what it was but the company has shown itself very adept at picking up (and picking off) potential competitors — applying its surveillance practices to crushing competition too.

In Europe lawmakers have already tightened privacy oversight on digital businesses and massively beefed up penalties for data misuse. Under the region’s new GDPR framework compliance violations can attract fines as high as 4% of a company’s global annual turnover.

Which would mean billions of dollars in Facebook’s case — vs the pinprick penalties it has been dealing with for data abuse up to now.

Though fines aren’t the real point; if Facebook is forced to change its processes, so how it harvests and mines people’s data, that could knock a major, major hole right through its profit-center.

Hence the existential nature of the threat.

The GDPR came into force in May and multiple investigations are already underway. This summer the EU’s data protection supervisor, Giovanni Buttarelli, told the Washington Post to expect the first results by the end of the year.

Which means 2018 could result in some very well known tech giants being hit with major fines. And — more interestingly — being forced to change how they approach privacy.

One target for GDPR complainants is so-called ‘forced consent‘ — where consumers are told by platforms leveraging powerful network effects that they must accept giving up their privacy as the ‘take it or leave it’ price of accessing the service. Which doesn’t exactly smell like the ‘free choice’ EU law actually requires.

It’s not just Europe, either. Regulators across the globe are paying greater attention than ever to the use and abuse of people’s data. And also, therefore, to Facebook’s business — which profits, so very handsomely, by exploiting privacy to build profiles on literally billions of people in order to dart them with ads.

US lawmakers are now directly asking tech firms whether they should implement GDPR style legislation at home.

Unsurprisingly, tech giants are not at all keen — arguing, as they did at this week’s hearing, for the need to “balance” individual privacy rights against “freedom to innovate”.

So a lobbying joint-front to try to water down any US privacy clampdown is in full effect. (Though also asked this week whether they would leave Europe or California as a result of tougher-than-they’d-like privacy laws none of the tech giants said they would.)

The state of California passed its own robust privacy law, the California Consumer Privacy Act, this summer, which is due to come into force in 2020. And the tech industry is not a fan. So its engagement with federal lawmakers now is a clear attempt to secure a weaker federal framework to ride over any more stringent state laws.

Europe and its GDPR obviously can’t be rolled over like that, though. Even as tech giants like Facebook have certainly been seeing how much they can get away with — to force a expensive and time-consuming legal fight.

While ‘innovation’ is one oft-trotted angle tech firms use to argue against consumer privacy protections, Facebook included, the company has another tactic too: Deploying the ‘S’ word — security — both to fend off increasingly tricky questions from lawmakers, as they finally get up to speed and start to grapple with what it’s actually doing; and — more broadly — to keep its people-mining, ad-targeting business steamrollering on by greasing the pipe that keeps the personal data flowing in.

In recent years multiple major data misuse scandals have undoubtedly raised consumer awareness about privacy, and put greater emphasis on the value of robustly securing personal data. Scandals that even seem to have begun to impact how some Facebook users Facebook. So the risks for its business are clear.

Part of its strategic response, then, looks like an attempt to collapse the distinction between security and privacy — by using security concerns to shield privacy hostile practices from critical scrutiny, specifically by chain-linking its data-harvesting activities to some vaguely invoked “security purposes”, whether that’s security for all Facebook users against malicious non-users trying to hack them; or, wider still, for every engaged citizen who wants democracy to be protected from fake accounts spreading malicious propaganda.

So the game Facebook is here playing is to use security as a very broad-brush to try to defang legislation that could radically shrink its access to people’s data.

Here, for example, is Zuckerberg responding to a question from an MEP in the EU parliament asking for answers on so-called ‘shadow profiles’ (aka the personal data the company collects on non-users) — emphasis mine:

It’s very important that we don’t have people who aren’t Facebook users that are coming to our service and trying to scrape the public data that’s available. And one of the ways that we do that is people use our service and even if they’re not signed in we need to understand how they’re using the service to prevent bad activity.

At this point in the meeting Zuckerberg also suggestively referenced MEPs’ concerns about election interference — to better play on a security fear that’s inexorably close to their hearts. (With the spectre of re-election looming next spring.) So he’s making good use of his psychology major.

“On the security side we think it’s important to keep it to protect people in our community,” he also said when pressed by MEPs to answer how a person who isn’t a Facebook user could delete its shadow profile of them.

He was also questioned about shadow profiles by the House Energy and Commerce Committee in April. And used the same security justification for harvesting data on people who aren’t Facebook users.

“Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers],” he said. “In order to prevent people from scraping public information… we need to know when someone is repeatedly trying to access our services.”

He claimed not to know “off the top of my head” how many data points Facebook holds on non-users (nor even on users, which the congressman had also asked for, for comparative purposes).

These sorts of exchanges are very telling because for years Facebook has relied upon people not knowing or really understanding how its platform works to keep what are clearly ethically questionable practices from closer scrutiny.

But, as political attention has dialled up around privacy, and its become harder for the company to simply deny or fog what it’s actually doing, Facebook appears to be evolving its defence strategy — by defiantly arguing it simply must profile everyone, including non-users, for user security.

No matter this is the same company which, despite maintaining all those shadow profiles on its servers, famously failed to spot Kremlin election interference going on at massive scale in its own back yard — and thus failed to protect its users from malicious propaganda.

TechCrunch/Bryce Durbin

Nor was Facebook capable of preventing its platform from being repurposed as a conduit for accelerating ethnic hate in a country such as Myanmar — with some truly tragic consequences. Yet it must, presumably, hold shadow profiles on non-users there too. Yet was seemingly unable (or unwilling) to use that intelligence to help protect actual lives…

So when Zuckerberg invokes overarching “security purposes” as a justification for violating people’s privacy en masse it pays to ask critical questions about what kind of security it’s actually purporting to be able deliver. Beyond, y’know, continued security for its own business model as it comes under increasing attack.

What Facebook indisputably does do with ‘shadow contact information’, acquired about people via other means than the person themselves handing it over, is to use it to target people with ads. So it uses intelligence harvested without consent to make money.

Facebook confirmed as much this week, when Gizmodo asked it to respond to a study by some US academics that showed how a piece of personal data that had never been knowingly provided to Facebook by its owner could still be used to target an ad at that person.

Responding to the study, Facebook admitted it was “likely” the academic had been shown the ad “because someone else uploaded his contact information via contact importer”.

“People own their address books. We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them,” it told Gizmodo.

So essentially Facebook has finally admitted that consentless scraped contact information is a core part of its ad targeting apparatus.

Safe to say, that’s not going to play at all well in Europe.

Basically Facebook is saying you own and control your personal data until it can acquire it from someone else — and then, er, nope!

Yet given the reach of its network, the chances of your data not sitting on its servers somewhere seems very, very slim. So Facebook is essentially invading the privacy of pretty much everyone in the world who has ever used a mobile phone. (Something like two-thirds of the global population then.)

In other contexts this would be called spying — or, well, ‘mass surveillance’.

It’s also how Facebook makes money.

And yet when called in front of lawmakers to asking about the ethics of spying on the majority of the people on the planet, the company seeks to justify this supermassive privacy intrusion by suggesting that gathering data about every phone user without their consent is necessary for some fuzzily-defined “security purposes” — even as its own record on security really isn’t looking so shiny these days.

WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

It’s as if Facebook is trying to lift a page out of national intelligence agency playbooks — when governments claim ‘mass surveillance’ of populations is necessary for security purposes like counterterrorism.

Except Facebook is a commercial company, not the NSA.

So it’s only fighting to keep being able to carpet-bomb the planet with ads.

Profiting from shadow profiles

Another example of Facebook weaponizing security to erode privacy was also confirmed via Gizmodo’s reportage. The same academics found the company uses phone numbers provided to it by users for the specific (security) purpose of enabling two-factor authentication, which is a technique intended to make it harder for a hacker to take over an account, to also target them with ads.

In a nutshell, Facebook is exploiting its users’ valid security fears about being hacked in order to make itself more money.

Any security expert worth their salt will have spent long years encouraging web users to turn on two factor authentication for as many of their accounts as possible in order to reduce the risk of being hacked. So Facebook exploiting that security vector to boost its profits is truly awful. Because it works against those valiant infosec efforts — so risks eroding users’ security as well as trampling all over their privacy.

It’s just a double whammy of awful, awful behavior.

And of course, there’s more.

A third example of how Facebook seeks to play on people’s security fears to enable deeper privacy intrusion comes by way of the recent rollout of its facial recognition technology in Europe.

In this region the company had previously been forced to pull the plug on facial recognition after being leaned on by privacy conscious regulators. But after having to redesign its consent flows to come up with its version of ‘GDPR compliance’ in time for May 25, Facebook used this opportunity to revisit a rollout of the technology on Europeans — by asking users there to consent to switching it on.

Now you might think that asking for consent sounds okay on the surface. But it pays to remember that Facebook is a master of dark pattern design.

Which means it’s expert at extracting outcomes from people by applying these manipulative dark arts. (Don’t forget, it has even directly experimented in manipulating users’ emotions.)

So can it be a free consent if ‘individual choice’ is set against a powerful technology platform that’s both in charge of the consent wording, button placement and button design, and which can also data-mine the behavior of its 2BN+ users to further inform and tweak (via A/B testing) the design of the aforementioned ‘consent flow’? (Or, to put it another way, is it still ‘yes’ if the tiny greyscale ‘no’ button fades away when your cursor approaches while the big ‘YES’ button pops and blinks suggestively?)

In the case of facial recognition, Facebook used a manipulative consent flow that included a couple of self-serving ‘examples’ — selling the ‘benefits’ of the technology to users before they landed on the screen where they could choose either yes switch it on, or no leave it off.

One of which explicitly played on people’s security fears — by suggesting that without the technology enabled users were at risk of being impersonated by strangers. Whereas, by agreeing to do what Facebook wanted you to do, Facebook said it would help “protect you from a stranger using your photo to impersonate you”…

That example shows the company is not above actively jerking on the chain of people’s security fears, as well as passively exploiting similar security worries when it jerkily repurposes 2FA digits for ad targeting.

There’s even more too; Facebook has been positioning itself to pull off what is arguably the greatest (in the ‘largest’ sense of the word) appropriation of security concerns yet to shield its behind-the-scenes trampling of user privacy — when, from next year, it will begin injecting ads into the WhatsApp messaging platform.

These will be targeted ads, because Facebook has already changed the WhatsApp T&Cs to link Facebook and WhatsApp accounts — via phone number matching and other technical means that enable it to connect distinct accounts across two otherwise entirely separate social services.

Thing is, WhatsApp got fat on its founders promise of 100% ad-free messaging. The founders were also privacy and security champions, pushing to roll e2e encryption right across the platform — even after selling their app to the adtech giant in 2014.

WhatsApp’s robust e2e encryption means Facebook literally cannot read the messages users are sending each other. But that does not mean Facebook is respecting WhatsApp users’ privacy.

On the contrary; The company has given itself broader rights to user data by changing the WhatsApp T&Cs and by matching accounts.

So, really, it’s all just one big Facebook profile now — whichever of its products you do (or don’t) use.

This means that even without literally reading your WhatsApps, Facebook can still know plenty about a WhatsApp user, thanks to any other Facebook Group profiles they have ever had and any shadow profiles it maintains in parallel. WhatsApp users will soon become 1.5BN+ bullseyes for yet more creepily intrusive Facebook ads to seek their target.

No private spaces, then, in Facebook’s empire as the company capitalizes on people’s fears to shift the debate away from personal privacy and onto the self-serving notion of ‘secured by Facebook spaces’ — in order that it can keep sucking up people’s personal data.

Yet this is a very dangerous strategy, though.

Because if Facebook can’t even deliver security for its users, thereby undermining those “security purposes” it keeps banging on about, it might find it difficult to sell the world on going naked just so Facebook Inc can keep turning a profit.

What’s the best security practice of all? That’s super simple: Not holding data in the first place.

White House says a draft executive order reviewing social media companies is not “official”

A draft executive order circulating around the White House “is not the result of an official White House policymaking process,” according to deputy White House press secretary, Lindsay Walters.

According to a report in The Washington Post, Walters denied that White House staff had worked on a draft executive order that would require every federal agency to study how social media platforms moderate user behavior and refer any instances of perceived bias to the Justice Department for further study and potential legal action.

Bloomberg first reported the draft executive order and a copy of the document was acquired and published by Business Insider.

Here’s the relevant text of the draft (from Business Insider):

Section 2. Agency Responsibilities. (a) Executive departments and agencies with authorities that could be used to enhance competition among online platforms (agencies) shall, where consistent with other laws, use those authorities to promote competition and ensure that no online platform exercises market power in a way that harms consumers, including through the exercise of bias.

(b) Agencies with authority to investigate anticompetitive conduct shall thoroughly investigate whether any online platform has acted in violation of the antitrust laws, as defined in subsection (a) of the first section of the Clayton Act, 15 U.S.C. § 12, or any other law intended to protect competition.

(c) Should an agency learn of possible or actual anticompetitive conduct by a platform that the agency lacks the authority to investigate and/or prosecute, the matter should be referred to the Antitrust Division of the Department of Justice and the Bureau of Competition of the Federal Trade Commission.

While there are several reasonable arguments to be made for and against the regulation of social media platforms, “bias” is probably the least among them.

That hasn’t stopped the steady drumbeat of accusations of bias under the guise of “anticompetitive regulation” against platforms like Facebook, Google, YouTube, and Twitter from increasing in volume and tempo in recent months.

Bias was the key concern Republican lawmakers brought up when Mark Zuckerberg was called to testify before Congress earlier this year. And bias was front and center in Republican lawmakers’ questioning of Jack Dorsey, Sheryl Sandberg, and Google’s empty chair when they were called before Congress earlier this month to testify in front of the Senate Intelligence Committee.

The Justice Department has even called in the attorneys general of several states to review the legality of the moderation policies of social media platforms later this month (spoiler alert: they’re totally legal).

With all of this activity focused on tech companies, it’s no surprise that the administration would turn to the Executive Order — a preferred weapon of choice for Presidents who find their agenda stalled in the face of an uncooperative legislature (or prevailing rule of law).

However, as the Post reported, aides in the White House said there’s little chance of this becoming actual policy.

… three White House aides soon insisted they didn’t write the draft order, didn’t know where it came from, and generally found it to be unworkable policy anyway. One senior White House official confirmed the document had been floating around the White House but had not gone through the formal process, which is controlled by the staff secretary.

White House says a draft executive order reviewing social media companies is not “official”

A draft executive order circulating around the White House “is not the result of an official White House policymaking process,” according to deputy White House press secretary, Lindsay Walters.

According to a report in The Washington Post, Walters denied that White House staff had worked on a draft executive order that would require every federal agency to study how social media platforms moderate user behavior and refer any instances of perceived bias to the Justice Department for further study and potential legal action.

Bloomberg first reported the draft executive order and a copy of the document was acquired and published by Business Insider.

Here’s the relevant text of the draft (from Business Insider):

Section 2. Agency Responsibilities. (a) Executive departments and agencies with authorities that could be used to enhance competition among online platforms (agencies) shall, where consistent with other laws, use those authorities to promote competition and ensure that no online platform exercises market power in a way that harms consumers, including through the exercise of bias.

(b) Agencies with authority to investigate anticompetitive conduct shall thoroughly investigate whether any online platform has acted in violation of the antitrust laws, as defined in subsection (a) of the first section of the Clayton Act, 15 U.S.C. § 12, or any other law intended to protect competition.

(c) Should an agency learn of possible or actual anticompetitive conduct by a platform that the agency lacks the authority to investigate and/or prosecute, the matter should be referred to the Antitrust Division of the Department of Justice and the Bureau of Competition of the Federal Trade Commission.

While there are several reasonable arguments to be made for and against the regulation of social media platforms, “bias” is probably the least among them.

That hasn’t stopped the steady drumbeat of accusations of bias under the guise of “anticompetitive regulation” against platforms like Facebook, Google, YouTube, and Twitter from increasing in volume and tempo in recent months.

Bias was the key concern Republican lawmakers brought up when Mark Zuckerberg was called to testify before Congress earlier this year. And bias was front and center in Republican lawmakers’ questioning of Jack Dorsey, Sheryl Sandberg, and Google’s empty chair when they were called before Congress earlier this month to testify in front of the Senate Intelligence Committee.

The Justice Department has even called in the attorneys general of several states to review the legality of the moderation policies of social media platforms later this month (spoiler alert: they’re totally legal).

With all of this activity focused on tech companies, it’s no surprise that the administration would turn to the Executive Order — a preferred weapon of choice for Presidents who find their agenda stalled in the face of an uncooperative legislature (or prevailing rule of law).

However, as the Post reported, aides in the White House said there’s little chance of this becoming actual policy.

… three White House aides soon insisted they didn’t write the draft order, didn’t know where it came from, and generally found it to be unworkable policy anyway. One senior White House official confirmed the document had been floating around the White House but had not gone through the formal process, which is controlled by the staff secretary.

Washington hit China hard on tech influence this week

After months of back-and-forth negotiations, Washington moved rapidly this past week to fend off the increasing transcendence of China’s tech industry, with Congress passing expanded national security controls over M&A transactions and the Trump administration heaping more pressure on China with threats of increased tariffs.

We’ve been following the reforms to CFIUS — the Committee on Foreign Investment in the United States — since the proposal was first floated late last year. The committee is charged with protecting America’s economic interests by preventing takeovers of companies by foreign entities where the transaction could have deleterious national security consequences. The committee and its antecedents have slowly gained powers over the past few decades since the Korean War, but this week, it suddenly gained a whole lot more.

Through the Foreign Investment Risk Review Modernization Act of 2018, which was rolled into the must-pass National Defense Authorization Act and passed by Congress this week, CFIUS is gaining a number of new powers, more resources and staff, more oversight, and a charge to massively expand its influence in any M&A process involving foreign entities.

Lawfare has a great summary of the final text of the bill and its ramifications, but I want to highlight a few of the changes that I think are going to have an outsized effect on Silicon Valley and the tech industry more widely.

One of the top priorities of this legislation was to make it more difficult for Chinese venture capital firms to invest in American startups and pilfer intellectual property or acquire confidential user data.

Congress fulfilled that goal in two ways. First, the definition of a “covered transaction” has been massively expanded, with a focus on “critical technology” industries. In the past, there was an expectation that a foreign entity had to essentially buy out a company in order to trigger a CFIUS review. That jurisdiction has now been expanded to include such actions as adding a member to a company’s board of directors, even in cases where an investment is essentially passive.

That means that the typical VC round could now trigger a review in Washington — and in the fast timelines of startup fundraising, that might be enough friction to keep Chinese venture capital out of the American ecosystem. Given that Chinese venture capital (at least by some measures) has outpaced U.S. venture capital in the first half of this year, this provision will have huge ramifications for startups and their valuations.

The second element Congress added was requiring that CFIUS receive all partnership agreements that a company has signed with a foreign investor. Often in a transaction, there is a main agreement spelling out the overall structure of a deal, and then side agreements with individual investors with special terms not shared with the wider syndicate, such as the right to access internal company data or intellectual property. By requiring further disclosure, CFIUS will have a more holistic picture of a deal and any risks it might add for national security.

It’s important to note that Congress was keen on balancing the need for investment with the need of national security. Through oversight provisions, including allowing CFIUS decisions to be contested in the DC Court of Appeals, Congress has designed the reform to be fairer, even as it takes a harder line on certain transactions.

It will take many months for the provisions to come in full force, so some of the effects of this bill won’t be felt until the end of next year. Nonetheless, Congress has sent a clear message of its intent.

Congress’ national security concerns in financial transactions are also crossing the Atlantic. British Prime Minister Theresa May and her government are spearheading new controls over foreign investment transactions, and the EU has also launched more screenings to ensure that transactions are in the best interests of the continent. All of these legislative moves are a response to Chinese foreign direct investment, which has skyrocketed in Europe while almost disappearing in North America.

President Trump signed tariffs on China earlier this year. Now, the administration wants to more than double them.

That disappearance is a function of the on-going trade dispute between the U.S. and China, which crescendoed this past week. The Trump administration said it is considering increasing tariffs from 10% to 25% on $200 billion worth of Chinese goods, significantly heightening the tariffs it had put in place earlier this year.

That threat got a swift response from China overnight, with the Chinese Commerce Ministry saying that it would put tariffs on $60 billion worth of American goods in retaliation if the U.S. followed through with its threat.

So far, the tech industry appears to have been more insulated from the back-and-forth than expected, although the increasing scope and intensity of tariffs could change that calculus. Apple updated its quarterly filing this week to include a new risk around trade disputes, saying that “Tariffs could also make the Company’s products more expensive for customers, which could make the Company’s products less competitive and reduce consumer demand.” Legal boilerplate for sure, but it is the first time the company has included such a provision in its filing.

The tariffs drama is going to continue in the weeks and months ahead. But this week in particularly was a watershed for U.S. and China technology relations, and a busy week for tech lobbyists and policy officials.

For startups, most of this news basically boils down to the following: the U.S. is one market, and China is another. Cross-investing and cross-distribution just aren’t going to be easy as they were even a few months ago. Pick a market — one market — and focus your energies there. Clearly, it’s going to be tough times for anyone caught in the middle between the two.

Russian hackers already targeted a Missouri senator up for reelection in 2018

A Democratic senator seeking reelection this fall appears to be the first identifiable target of Russian hacking in the 2018 midterm race. In a new story on the Daily Beast, Andrew Desiderio and Kevin Poulsen reported that Democratic Missouri Senator Claire McCaskill was targeted in a campaign-related phishing attack. That clears up one unspecified target from last week’s statement by Microsoft’s Tom Burt that three midterm election candidates had been targeted by Russian phishing campaigns.

Russian Election Interference

The report cites its own forensic research in determining the attacker is likely Fancy Bear, a hacking group believed to be affiliated with Russian military intelligence.

“We did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for elections in the midterm elections,” Burt said during the Aspen Security Forum. Microsoft removed the domain and noted that the attack was unsuccessful.

Sen. McCaskill confirmed in a press release that she was targeted by the attack, which appears to have taken place in August 2017:

Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable. While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.

TechCrunch has reached out to Sen. McCaskill’s office for additional details on the incident. McCaskill, a vocal Russia critic, will likely face Republican frontrunner and Trump pick Josh Hawley this fall.

Twitter’s efforts to suspend fake accounts have doubled since last year

Bots, your days of tweeting politically divisive nonsense might be numbered. The Washington Post reported Friday that in the last few months the company has aggressively suspended accounts in an effort to stem the spread of disinformation running rampant on its platform.

The Washington Post reports that Twitter suspended as many as 70 million accounts between May and June of this year, with no signs of slowing down in July. According to data obtained by the Post, the platform suspended 13 million accounts during a weeklong spike of bot banning activity in mid-May.

Sources tell the Post that the uptick in suspensions is tied to the company’s efforts to comply with scrutiny from the Congressional investigation into Russian disinformation on social platforms. The report adds that Twitter investigates bots and other fake accounts through an internal project known as “Operation Megaphone” through which it buys suspicious accounts and then investigates their connections.

Twitter declined to provide additional information about the Washington Post report but pointed us to a blog post from last week in which it disclosed other numbers related to its bot hunting efforts. In May of 2018, Twitter identified more than 9.9 million suspicious accounts — triple its efforts in late 2017.

Chart via Twitter

When Twitter identifies an account that it deems suspicious it then “challenges” that account, giving legitimate Twitter users an opportunity to prove their sentience by confirming a phone number. When an account fails this test it gets the boot, while accounts that pass are reinstated.

As Twitter noted in its recent blog post, bots can make users look good by artificially inflating follower counts.

“As a result of these improvements, some people may notice their own account metrics change more regularly,” Twitter warned. The company noted that cracking down on fake accounts means that “malicious actors” won’t be able to promote their own content and accounts as easily by inflating their own numbers. Kicking users off a platform, fake or not, is a risk for a company that regularly reports its monthly active users, though only a temporary one.

As the report notes, at least one insider expects Twitter’s Q2 active user numbers to dip, reflecting its shift in enforcement. Still, any temporary user number setback would prove nominal for a platform that should focus on healthy user growth. Facebook is facing a similar reckoning as a result of the Russian bot scandal, as the company anticipates user engagement stats to dip as it moves to emphasize quality user experiences over juiced up quarterly numbers. In both cases, it’s a worthy tradeoff.