TikTok announces first data center in Europe

TikTok, the Chinese video sharing app that’s found itself at the center of a geopolitical power struggle which threatens to put hard limits on its global growth this year, said today it will build its first data center in Europe.

The announcement of a TikTok data center in the EU also follows a landmark ruling by Europe’s top court last month that put international data transfers in the spotlight, dialling up the legal risk around processing data outside the bloc.

TikTok said the forthcoming data center, which will be located in Ireland, will store the data of its European users once it’s up and running (which is expected by early 2022) — with a slated investment into the country of around €420M (~$497M), according to a blog post penned by global CISO, Roland Cloutier.

“This investment in Ireland… will create hundreds of new jobs and play a key role in further strengthening the safeguarding and protection of TikTok user data, with a state of the art physical and network security defense system planned around this new operation,” Cloutier wrote, adding that the regional data centre will have the added boon for European users of faster load times, improving the overall experience of using the app.

The social media app does not break out regional users — but a leaked ad deck suggested it had 17M+ MAUs in Europe at the start of last year.

The flipside of TikTok’s rise to hot social media app beloved of teens everywhere has been earning itself the ire of US president Trump — who earlier this month threatened to use executive powers to ban TikTok in the US unless it sells its US business to an American company. (Microsoft is in the frame as a buyer.)

Whether Trump has the power to block TikTok’s app is debatable. Tech savvy teenagers will surely deploy all their smarts to get around any geoblocks. But operational disruption looks inevitable — and that has been forcing TikTok to make a series of strategic tweaks in a bid to limit damage and/or avoid the very worst outcomes.

Since taking office the US president has shown himself willing to make international business extremely difficult for Chinese tech firms. In the case of mobile device and network kit maker, Huawei, Trump has limited domestic use of its tech and leant on allies to lock it out of their 5G networks (with some success) — citing national security concerns from links to the Chinese Communist Party.

His beef with TikTok is the same stated national security concerns, centered on its access to user data. (Though Trump may have his own personal reasons to dislike the app.)

TikTok, like every major social media app, gathers huge amounts of user data — which its privacy policy specifies it may share user data with third parties, including to fulfil “government inquiries”. So while its appetite for personal data looks much the same as US social media giants (like Facebook) its parent company, Beijing-based ByteDance, is subject to China’s Internet Security Law — which since 2017 has given the Chinese Chinese Communist Party sweeping powers to obtain data from digital companies. And while the US has its own intrusive digital surveillance laws, the existence of a Chinese mirror of the US state-linked data industrial complex has put tech firms right at the heart of geopolitics.

TikTok has been taking steps to try to insulate its international business from US-fuelled security concerns — and also provide some incentives to Trump for not quashing it — hiring Disney executive Kevin Mayer on as CEO of TikTok and COO of ByteDance in May, and promising to create 10,000 jobs in the U.S., as well as claiming US user data is stored in the US.

In parallel it’s been reconfiguring how it operates in Europe, setting up an EMEA Trust and Safety Hub in Dublin, Ireland at the start of this year and building out its team on the ground. In June it also updated its regional terms of service — naming its Irish subsidiary as the local data controller alongside its UK entity, meaning European users’ data no longer falls under its US entity, TikTok Inc.

This reflects distinct rules around personal data which apply across the European Union and European Economic Area. So while European political leaders have not been actively attacking TikTok in the same way as Trump, the company still faces increased legal risk in the region.

Last month CJEU judges made it clear that data transfers to third countries can only be legal if EU users’ data is not being put at risk by problematic surveillance laws and practices. The CJEU ruling (aka ‘Schrems II’) means data processing in countries such as China and India — and, indeed, the US — are now firmly in the risk frame where EU data protection law is concerned.

One way of avoiding this risk is to process European users’ data locally. So TikTok opening a data center in Ireland may also be a response to Schrems II — in that it will offer a way for it to ensure it can comply with requirements flowing from the ruling.

Privacy commentators have suggested the CJEU decision may accelerate data localization efforts — a trend that’s also being seen in countries such as China and Russia (and, under Trump, the US too it seems).

EU data watchdogs have also warned there will be no grace period following the CJEU invalidating the US-EU Privacy Shield data transfer mechanism. While those using other still valid tools for international transfers are bound to carry out an assessment — and either suspend data flows if they identify risks or inform a supervisor that the data is still flowing (which could in turn trigger an investigation).

The EU’s data protection framework, GDPR, bakes in stiff penalties for violations — with fines that can hit 4% of a company’s global annual turnover. So the business risk around EU data protection is no longer small, even as wider geopolitical risks are upping the uncertainty for global Internet players.

“Protecting our community’s privacy and data is and will continue to be our priority,” TikTok’s CISO writes, adding: “Today’s announcement is just the latest part of our ongoing work to enhance our global capability and efforts to protect our users and the TikTok community.”

Twitter warns investors of possible fine from FTC consent order probe

Twitter has disclosed it’s facing a potential fine of more than a hundred million dollars as a result of a probe by the Federal Trade Commission (FTC) which believes the company violated a 2011 consent order by using data provided by users for a security purpose to target them with ads.

In an SEC filing, reported on earlier by the New York Times, Twitter revealed it received the draft complaint from the FTC late last month. The activity the regulator is complaining about is alleged to have taken place between 2013 and 2019.

Last October the social media firm publicly disclosed it had used phone numbers and email addresses provided by users to set up two-factor authentication to bolster the security of their accounts in order to serve targeted ads — blaming the SNAFU on a tailored audiences program, which allows companies to target ads against their own marketing lists.

Twitter found that when advertisers uploaded their own marketing lists (of emails and/or phone numbers) it matched users to data they had submitted purely to set up two-factor authentication on their Twitter account.

“The allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019,” Twitter writes in the SEC filing. “The Company estimates that the range of probable loss in this matter is $150.0 million to $250.0 million and has recorded an accrual of $150.0 million.”

“The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome,” it adds.

We’ve reached out to Twitter with questions. Update: A company spokeswoman said it had nothing to add outside this statement:

Following the announcement of our Q2 financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order. Following standard accounting rules we included an estimated range for settlement in our 10Q filed on August 3.

The company has had a torrid few weeks on the security front, suffering a major security incident last month after hackers gained access to its internal account management tools, enabling them to access accounts of scores of verified Twitter users, including Bill Gates, Elon Musk and Joe Biden, and use them to send cryptocurrency scam tweets. Police have since charged three people with the hack, including a 17-year-old Florida teen.

In June Twitter also disclosed a security lapse may have exposed some business customers’ information. While it was forced to report another crop of security incidents last year — including after a researcher identifying a bug that allowed him to discover phone numbers associated with millions of Twitter accounts.

Twitter also admitted it gave account location data to one of its partners, even if the user had opted-out of having their data shared; and inadvertently gave its ad partners more data than it should have.

Additionally, the company is now at the front of a long queue of tech giants pending enforcement in Europe, related to major GDPR complaints — where regional fines for data violations can scale to 4% of a company’s global annual turnover. Twitter’s lead data protection regulator, Ireland’s DPC, submitted a draft decision related to a probe of one of its security breaches to the bloc’s other data agencies in May — with a final decision slated as likely this summer.

The decision relates to an investigation the regulator instigated following yet another major security fail by Twitter in 2018 — when it revealed a bug had resulted in some passwords being stored in plain text.

As we reported at the time it’s pretty unusual for a company of such size to make such a basic security mistake. But Twitter has a very long history of failing to protect users’ data — with additional hacking incidents all the way back in 2009 leading to the 2011 FTC consent order.

Under the terms of that settlement Twitter was barred for 20 years from misleading consumers about the safety of their data in order to resolve FTC charges that it had “deceived consumers and put their privacy at risk by failing to safeguard their personal information”.

It also agreed to establish and maintain “a comprehensive information security program”, with independent auditor assessments taking place every other year for 10 years.

Given the terms of that order a fine does indeed look inevitable. However the wider failing here is that of US regulators — which, for over a decade, have failed to grapple with the exploitative, surveillance-based business models that have led to breaches and security lapses by a number of data-mining adtech giants, not just Twitter.

What brands need to do if they want to break up with Facebook

With more than 90 major advertisers and counting announcing plans to dump Facebook, a significant question lingers: Where will brands go next for their digital marketing needs?

The case for the breakup is clear: Brands want to distance themselves from third-party business practices that do not align with their values. Specifically, they are disenchanted by what even some members of Congress are calling Facebook’s “lackadaisical” approach to enforcing community standards, allowing an epidemic of paid political misinformation and hate speech to persist on the user-driven platform.

However, with Google, Facebook and Amazon representing just under 70% of global digital ad revenue, a clean break from the tech giants is easier said than done. Advertisers, like anyone facing a breakup, must look within. After all, they don’t want to make the same mistakes and they cannot just throw newly freed up advertising dollars at a new social network ad platform, where similar conflicts could easily follow.

With introspection, advertisers will see that this is more than just a war on disinformation and hate speech. A data war is brewing, pressuring businesses to diversify data sources. As brands compete to understand the needs and preferences of today’s consumers, consumers are concurrently responding with more guarded protection of their online data.

To win this war, brands must reclaim data autonomy and infuse their digital media strategy with more diversified data. But they cannot do it alone and they cannot do it within the current system.

Time to brandish holistic data

Whether Facebook adjusts its community standards to appease dismayed advertisers has yet to be seen. But in the interim, as advertisers walk out the door, it’s worth noting that Facebook’s reliance on online data may soon be obsolete anyway.

One of the key differentiators for Facebook’s ad platform has been its ability to help level the playing field for smaller brands by cost-effectively captivating the right audiences. But the platform primarily draws insights from audiences’ behaviors online. The next wave of data-based marketing must employ tools that blend first-party data and qualified third-party data to offer a holistic view of customer behaviors, both online and offline.

Offline data sets, which include location intelligence, interactions, purchase history, contact information and demographics are lynchpins in the next digital media wave because they allow brands to develop a more human view of consumer data and create meaningful marketing moments. For example, location intelligence, an extremely potent tool that is currently helping brands pivot during COVID-19 disruptions and is even protecting public health, can drive personalized, alluring marketing campaigns with massive ROI opportunities.

The leading integrated data providers are managing extremely rich datasets, which increase in value daily as consistent tracking yields higher quality data. Such powerful and enriched data stacks offers brands visitor insights based on a specific location after an ad is interacted with on any device — requiring no guesswork for the marketing team. Brands are able to pinpoint exactly which messages resonate with which segments of their audience at which time. This precision ultimately helps them craft the right message for the target consumer — and deliver it at the exact right moment.

Marching orders for combat

Brands want to cut Facebook loose but where do they go next? How do they achieve data autonomy and make omnichannel strides in digital marketing? If the boycott movement is to succeed, revolutionary changes to the digital marketplace are needed.

A newly imagined system must be organized outside the proprietary grasp of any one single tech conglomerate. Otherwise, advertisers will lack ownership of the data they need to reach new audiences. Or they’ll once again get mixed up with similar paid political disinformation and hate speech across user-generated platforms, sending them straight back into the arms of Facebook.

Rather than rely on a single centralized social media platform, transparent media partners and publishers must come together on a shared central system that takes an omnichannel approach to building lookalike (LAL) audiences. A LAL puts advertisers in front of new audiences by finding users that, while they may be unfamiliar with their brand, are very similar to the buyer personas of their current customers. The LAL for each advertiser would be constantly tested and refined to keep pace with the rapidly changing marketplace.

Facebook currently operates on a LAL model but it is almost exclusively generated by online data from their users. The next step is expanding on this model and infusing offline and third-party data with a company’s first-party data, putting them in front of a LAL across a range of media partners and platforms. This will help build a core conversion audience, while constantly scaling new LALs for each brand.

Such a system would require collaboration, enlisting many players in a co-op style undertaking. For example, to get it off the ground, it would be helpful if about 20 of the large brands boycotting Facebook invest some of their newly freed advertising dollars to establish the data and publisher sharing co-op network.

Once the advertiser framework is set, the co-op would need to identify media outlet partners such as news websites, blogs, apps, podcasts and social media outlets. The co-op would negotiate a performance-based publisher relationship for every player, effectively increasing content monetization for publishers’ content channels.

Reinventing the digital media landscape

This would be a transformational movement, galvanizing brands with data autonomy and increasing customer engagement across an entire network of media platforms — not just one platform. Each advertiser’s first-party data, which they’ve already given to Facebook, would be analyzed to isolate data overlaps within the co-op. This would essentially lay the foundation for building a core conversation audience, helping each advertiser tap new LALs.

Brands advertising with the co-op would gain access to more enriched, robust insights on consumers than Facebook could ever offer, leading to a higher return on investment for the $336 billion spend on digital advertising annually.

Most importantly, it would help brands future-proof their digital marketing efforts and grant them greater freedom in choosing where their advertising dollars are being spent.

That is how the war is won.

Twitter survey reveals the subscription options it’s eyeing, including an ‘Undo Send’ button

Earlier this month, Twitter told investors it’s considering a subscription model as a means of generating additional revenue to support its business. Now we know what sort of value-add features Twitter may be eyeing. In a new survey, the company asks users to evaluate paid features like “undo send” (an alternative to an edit button), as well as other ideas like custom colors, the ability to publish longer and more high-def videos, support for profile badges, auto responses, additional “social listening” analytics, and the ability to run brand surveys about ads.

The survey asks users to select the options they felt were most or least important to them. 

Details of the survey were first published to none other than Twitter itself by Twitter user @WFBrother. The findings were then amplified by eagle-eyed social media consultant, Matt Navarra, who had also seen the survey.

 

A Twitter spokesperson confirmed the questions had come from a survey the company was running to evaluate options for a membership model, as the survey describes.

The company declined to offer any further comment, but noted its Q2 shareholder letter had detailed its plans in this area:

“We are also in the early stages of exploring additional potential revenue product opportunities to compliment our advertising business,” the letter had said. “These may include subscriptions and other approaches, and although our exploration is very early and we do not expect any revenue attributable to these opportunities in 2020, you may see tests or hear us talk more about them as our work progresses,” it noted.

Specifically, the survey asked users about the following options:

  • Undo Send: A 30 seconds window for you to recall/withdraw a Tweet before anyone can see it. This has been something Twitter has suggested in the past could be a viable alternative to an “Edit” button — something users have demanded for years. Instead of allowing unlimited edits to tweets, and the significant engineering investment that would entail — users could instead quickly fix a typo they spotted shortly after posting.
  • Custom Colors: In addition to “Night Mode,” you could change the fonts and theme color of Twitter on your phone and computer. Background color, links, mentions, hashtags, and icons would appear in whatever color you choose.
  • Video Publishing: You could publish videos up to 5x longer than current default, which a much higher maximum resolution (8192×8192)
  • Badges: You get a badge(s) on your profile that links to businesses you own or work for (Example: A journalist can have a badge showing the magazines they write for.)
  • Auto responses: Able to write and set a menu of auto responses to use in replies. This would likely be more useful to brands who wanted to redirect customer inquiries to official channels.
  • Social listening: You can see conversation around your account on Twitter, including total volume, the people and businesses who are talking most often, and what they are saying. This, again, would largely appeal to brands.
  • Brand Surveys: You could be able to survey people about the ads you run to better understand if you ad was memorable and if people are likely to buy the products or services featured. Twitter today already runs similar ads, so this feature would be relatively easy for it to implement.

The survey does not represent features Twitter will definitely roll out as part of any future membership model, of course. It’s only the first step to gathering consumer feedback about what people believe is worth paying for.

Not on the survey? A real “edit” button, of course. That one just may never happen!

What does accountability look like in 2020?

“What happens after a company gets called out?” he asked over the phone. “Do you know what happens to the people in-house that come forward?”

I didn’t.

A Black male engineer at a fashion tech company who wished to remain anonymous was telling me how he’d been passed over for promotions white counterparts later received after they’d pursued risky and unsuccessful projects. At one point, he said management tasked him with doing recon on a superior who made disparaging comments about women because his subordinates were uncomfortable reporting it directly to HR.

When human resources eventually took up the matter, the engineer said his participation was used against him.

More recently, his company brought furloughed employees back and managers promoted a younger, white subordinate over him. When he asked about the move, his direct supervisor said he was too aggressive and needed to be more of a role model to be considered in the future.

In the absence of industry leadership, there’s no blueprint to remedy institutional problems like these. The lack of substantial progress toward true representation, diversity and inclusion across several industries illustrates what hasn’t worked.

Audrey Gelman, former CEO of women-focused co-working/community space The Wing, stepped down in June following a virtual employee walkout. Three months earlier, a New York Times exposé interviewed 26 former and current employees there who described systemic discrimination and mistreatment. At the time, about 40% of its executive staff consisted of women of color, the article reported.

Within days, Refinery29’s EIC Christene Barberich also resigned after allegations of racism, bullying and leadership abuses surfaced with hashtag #BlackatR29.

In December 2019, The Verge reported allegations of a toxic work environment at Away under CEO Steph Korey. After a series of updates and corrections in reporting, it seemed she would be stepping away from her role or accelerating an existing plan for a new CEO to take over. But the following month, she returned to the company as co-CEO, sharing the statement: “Frankly, we let some inaccurate reporting influence the timeline of a transition plan that we had.”

Last month, after Korey posted a series of Instagram stories that negatively characterized her media coverage, the company again announced she would step down.

Bon Appétit former editor-in-chief Adam Rapaport resigned his position the same month after news broke that the cooking brand didn’t prioritize representation in its content or hiring, failed to pay women of color equally and freelance writer Tammie Teclemariam shared a 2013 photo of Rappaport in brown face.

In a public apology, staffs of Bon Appétit and Epicurious acknowledged that they had “been complicit with a culture we don’t agree with and are committed to change.”

Removing one problematic employee doesn’t upend company culture or help someone who’s been denied an opportunity. But with so much at stake when it comes to employing Instagram-ready branding, the lane is wide open for companies to meet the moment when it comes to doing the right thing.

A 2017 report by the Ascend Foundation found few Asian, Black and Latinx people were represented in leadership pipelines, and at that point, the numbers were actually getting worse. Seemingly, in an effort for transparency and accountability to do better, 17 tech companies shared diversity statistics and their plans to improve with Business Insider in June 2020. The numbers were staggering, especially for an initiative supposedly prioritized industry-wide in 2014:

Underrepresented minorities like Black and Latinx people still only make up single-digit percentages of the workforce at many major tech companies. When you look at the leadership statistics, the numbers are even bleaker.

While tech’s shortcomings show up clearly in a longstanding lack of diversity, companies in other industries polished their brands sufficiently to skate by — until COVID-19 and the call for racial justice after George Floyd’s murder called for lasting change.

In June, Adidas employees protested outside the company’s U.S. headquarters in Portland, Oregon and shared stories about internal racism. Just a year ago, The New York Times interviewed current and former employees about “the company’s predominantly white leadership struggling with issues of race and discrimination.”

In 2000, an Adidas employee filed a federal discrimination suit alleging that his supervisor called him a “monkey” and described his output as “monkey work.” When spokesperson Kanye West said in 2018 that he believed slavery was a choice, CEO Kasper Rorsted discussed his positive financial impact on the brand and avoided commenting on West’s statement.

In response to the internal turmoil at Adidas, the brand originally pledged to invest $20 million into Black communities in the U.S. over the next four years, increasing it to $120 million and releasing an outline of what they plan to do internally, Footwear News reported.

On June 30, Karen Parkin stepped down from her role as Adidas’ global head of HR in mutual agreement with the brand. In an all-employee meeting in August 2019, she reportedly described concerns about racism as “noise” that only Americans deal with. She’d been with the brand for 23 years.

Routinely protecting employees perceived as racist, misogynistic or abusive is bad for business. According to a 2017 “tech leavers” study conducted by the Kapor Center, employee turnover and its associated costs set the tech industry back $16 billion.

POC experience-centered social and wellness club Ethel’s Club invested into its community’s well-being and has not only managed to stay open (virtually) through the COVID-19 pandemic, it has managed to grow. Meanwhile, The Wing lost 95% of its business.

So, what really happens after the companies are called out? Often, the bare minimum. While the perpetrators of the injustice may endure backlash, abusers in corporate structures are often shifted into other roles.

Tiffany Wines, a former social media and editorial staffer at media/entertainment company Complex, posted an open letter to Twitter on June 19 alleging that Black women at the outlet were mistreated, sharing a story in which she claimed to have ingested marijuana brownies left in an office that was billed as a drug-free environment. Wines said she blacked out and accused superiors of covering up the incident after she reported it.

Her decision to speak up prompted other former employees to share stories alleging misogyny, racism, sexual assault and protection of abusers. One anonymous editor said she was asked if she would be comfortable with a workplace that had a “locker room culture” during a 2010 interview. (She did not end up working there.)

Complex Media Group put out a statement four days later on its corporate Twitter account, which had approximately 100 followers — as opposed to its main account, which has 2.3 million followers.

“We believe Complex Networks is a great place to work, but it is by no means perfect,” read the statement. “It’s our passion for our brands, communities, colleagues, and the belief that a safe and inclusive workplace should be the expectation for everyone.” It went on to state that they’ve taken immediate action, but it’s unclear if anyone has been terminated. [Complex is co-owned by Verizon Media, TechCrunch’s parent company.]

Members of the fashion community have formed multiple groups to combat systemic racism, establish accountability and advance Black people in the industry.

Set to launch in July 2020, The Black In Fashion Council, founded by Teen Vogue editor-in-chief Lindsay Peoples Wagner and fashion publicist Sandrine Charles, works to advance Black individuals in fashion and beauty.

The Kelly Initiative is comprised of 250 Black fashion professionals hoping to blaze equitable inroads, and they’ve publicly addressed the Council of Fashion Designers of America in a letter accusing them of “exploitative cultures of prejudice, tokenism and employment discrimination to thrive.”

Co-founders of True To Size, Jazerai Allen-Lord and Mazin Melegy, an extension of the New York-based branding agency Crush & Lovely, started offering their Check The Fit solutions to the brands they were working with in 2019. The initiative is an audit process created to align in-house teams and ensure sufficient representation is in place for brands’ storytelling.

Check The Fit determines who the consumer is, what the internal team’s history is with that demographic and the message they’re trying to communicate to them, and how the team engage’s with that subject matter in everyday life and in the office. Melegy says, “that look inward is a step that is overlooked almost everywhere.”

“At most companies, we’ve seen a lack of coherence within the organization, because each department’s director is approaching the problem from a siloed perspective. We were able to bring 15 leaders across departments together, distill through a list of concerns, find points of leverage and agree on a common goal. It was noted that it was the first time they were able to feel unified in their mission and felt prepared to move forward,” Lord says of their work with Reebok last year.

Brooklyn-based retailer Aurora James established the 15 Percent Pledge campaign, which urges retailers to have merchandise that reflects today’s demographics: 15% of the population should represent 15% of the shelves.

During the melee that transpired largely on Twitter and Instagram only to attempt to be reconciled in boardrooms, one Condé Nast employee and ally has been suspended. On June 12, Bon Appétit video editor Matt Hunziker tweeted, “Why would we hire someone who’s not racist when we could simply [checks industry handbook] uhh hire a racist and provide them with anti-racism training…” As his colleagues shared an outpouring of support online, a Condé Nast representative said in a statement, “There have been many concerns raised about Matt that the company is obligated to investigate and he has been suspended until we reach a resolution.”

Simply reading through accusers’ first-person accounts, it often seems like these stories end up on public forums because little to nothing is done in favor of the people who step forward. The protection has consistently been of the company.

The Black engineer I spoke to escalated his concerns to his company’s CEO and said the executive was unaware of the allegations and seemed deeply concerned.

Seeing someone who seemed genuinely invested in doing the right thing “obviously, means a lot,” he said.

“But at the same time, I’m still really concerned knowing the broader environment of the company, and it’s never just one person.”

After ad revenue drop, Twitter tells investors it’s eyeing subscription options

After reporting Q2 earnings that showed a marked dip in ad revenue, Twitter has said its exploring alternatives — dangling the possibility of a subscription option.

Earlier today the social media giant reported ad revenues of $562M, down almost a quarter (23%) on a year ago — saying that the pandemic and “civil unrest” leading many advertisers to pause campaigns had both contributed to the decline. While the US, its biggest market, saw a drop of 25% in ad spend.

Twitter CEO Jack Dorsey told investors it’ll likely run subscription “tests” this year (via CNN), though he also said the bar for charging users for aspects of the service would be set “really high”.

So presumably it’s not considering a ‘your first ten tweets are free’ style pay-to-tweet model.

“We want to make sure any new line of revenue is complementary to our advertising business,” CNN reports Dorsey remarking during the investor call. “We do think there is a world where subscription is complementary, where commerce is complementary, where helping people manage paywalls… we think is complementary.”

The prospect of a paid version of Twitter — free from trackers, annoying ads and irritating algorithms which meddle with the clean chronology of the timeline — has been a holy grail for certain Twitter addicts since (basically) forever. So plenty of its most fervent users will be watching keenly to see exactly what Dorsey cooks up.

We’re spitballing here — but perhaps Twitter could charge, er, certain high profile, high risk users billions of dollars per month for the privilege of tweet-threatening the rest of humanity… Just a thought.

Twitter casting around for ad revenue diversification looks interesting in light of broader digital privacy trends that have put the ad tracking industry under increasing (and increasingly awkward) scrutiny.

Certain adtech players and mechanisms are facing challenges under European data protection rules, for instance, while there are also moves afoot in California to further tighten the consumer protections introduced this year, under the Consumer Privacy Act, which could see more US users blocking the tracking industry’s access to their data.

Last week’s massive Twitter security breach also hardly throws a positive light on the company from a privacy perspective. Dorsey addressed the breach in remarks on today’s call, with CNN reporting he apologized to investors — admitting the company “fell behind” on its security obligations.

“We feel terrible about the security incident,” he said. “Security doesn’t have an end point. It’s a constant iteration… We will continue to go above and beyond here as we continue to secure our systems and as we continue to work with external firms and law enforcement.”

UK gov’t asleep at the wheel on Russia cyber ops threat, report warns

The UK lacks a comprehensive and cohesive high level strategy to respond to the cyber threat posed by Russia and other hostile states using online disinformation and influence ops to target democratic institutions and values, a parliamentary committee has warned in a long-delayed report that’s finally been published today.

“The UK is clearly a target for Russia’s disinformation campaigns and political influence operations and must therefore equip itself to counter such efforts,” the committee warns, calling for legislation to tackle the multi-pronged threat posed by hostile foreign influence operations in the digital era.

The report also urges the government to do the leg work of attributing state-backed cyber attacks — recommending a tactic of ‘naming and shaming’ perpetrators, while recognizing that UK agencies have, since the WannaCry attack, been more willing to publicly attribute a cyber attack to a state actor like Russia than they were in decades past. (Last week the government did just that in relation to COVID-19 vaccine R&D efforts — attacking Russia for targeting the work with custom malware, as UK ministers sought to get out ahead of the committee’s recommendations.)

“Russia’s cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security,” the committee warns.

On the threat posed to democracy by state-backed online disinformation and influence campaigns, the committee also points a finger of blame at social media giants for “failing to play their part”.

“It is the social media companies which hold the key and yet are failing to play their part,” the committee writes, urging the government to establish “a protocol” with platform giants to ensure they “take covert hostile state use of their platforms seriously, and have clear timescales within which they commit to removing such material”.

“Government should ‘name and shame’ those which fail to act,” the committee adds, suggesting such a protocol could be “usefully expanded” to other areas where the government is seeking action from platforms giants.

Russia report

The Intelligence and Security Committee (ISC) prepared the dossier for publication last year, after conducting a lengthy enquiry into Russian state influence in the UK — including examining how money from Russian oligarchs flows into the country, and especially into London, via wealthy ex-pats and their establishment links; as well as looking at Russia’s use of hostile cyber operations to attempt to influence UK elections.

UK prime minister Boris Johnson blocked publication ahead of last year’s general election — meaning it’s taken a full nine months for the report to make it into the public domain, despite then committee chair urging publication ahead of polling day. The UK’s next election, meanwhile, is not likely for some half a decade’s time. (Related: Johnson was able to capitalize on unregulated social media ads during his own election campaign last year, so, er… )

The DCMS committee, which was one of the bodies that submitted evidence to the ISC’s inquiry, has similarly been warning for years about the threats posed to democracy by online disinformation and political targeting — as have the national data watchdog and others. Yet successive Conservative-led governments have failed to act on urgent recommendations in this area.

Last year ministers set out a proposal to regulate a broad swathe of ‘online harms’, although the focus is not specifically on political disinformation — and draft legislation still hasn’t been laid before parliament.

“The clearest requirement for immediate action is for new legislation,” the ISC committee writes of the threat posed by Russia. “The Intelligence Community must be given the tools it needs and be put in the best possible position if it is to tackle this very capable adversary, and this means a new statutory framework to tackle espionage, the illicit financial dealings of the Russian elite and the ‘enablers’ who support this activity.”

The report labels foreign disinformation operations and online influence campaigns something of a “hot potato” no UK agency wants to handle. A key gap the report highlights is this lack of ministerial responsibility for combating the democratic threat posed by hostile foreign states, leveraging connectivity to spread propaganda or deploy malware.

“Protecting our democratic discourse and processes from hostile foreign interference is a central responsibility of Government, and should be a ministerial priority,” the committee writes, flagging both the lack of central, ministerial responsibility and a reluctance by the UK’s intelligence and security agencies to involve themselves in actively defending democratic processes.

“Whilst we understand the nervousness around any suggestion that the intelligence and security Agencies might be involved in democratic processes – certainly a fear that is writ large in other countries – that cannot apply when it comes to the protection of those processes. And without seeking in any way to imply that DCMS [the Department for Digital, Culture, Media and Sport] is not capable, or that the Electoral Commission is not a staunch defender of democracy, it is a question of scale and access. DCMS is a small Whitehall policy department and the Electoral Commission is an arm’s length body; neither is in the central position required to tackle a major hostile state threat to our democracy.”

Last July the government did announce what it called its Defending Democracy programme, which — per the ISC committee report — is intended to “co-ordinate work on protecting democratic discourse and processes from interference under the leadership of the Cabinet Office, with the Chancellor of the Duchy of Lancaster and the Deputy National Security Adviser holding overall responsibility at ministerial and official level respectively”.

However the committee points out this structure is “still rather fragmented”, noting that at least ten separate teams are involved across government.

It also questions the level of priority being attached to the issue, writing that: “It seems to have been afforded a rather low priority: it was signed off by the National Security Council only in February 2019, almost three years after the EU referendum campaign and the US presidential election which brought these issues to the fore.”

“In the Committee’s view, a foreign power seeking to interfere in our democratic processes – whether it is successful or not – cannot be taken lightly; our democracy is intrinsic to our country’s success and well-being and any threat to it must be treated as a serious national security issue by those tasked with defending us,” it adds.

The lack of an overarching ministerial body invested with central responsibility to tackle online threats to democracy goes a long way to explaining the damp squib of a response around breaches of UK election law which relate to the Brexit vote — when social media platforms were used to funnel in dark money to fund digital ads aimed at influencing the outcome of what should have been a UK-only vote.

(A redacted footnote in the report touches on the £8M donation by Arron Banks to the Leave.EU campaign — “the biggest donor in British political history”; noting how the Electoral Commission, which had been investigating the source of the donation, referred the case to the National Crime Agency — “which investigated it ***” [redacting any committee commentary on what was or was not found by the NCA]; before adding: “In September 2019, the National Crime Agency announced that it had concluded the investigation, having found no evidence that any criminal offences had been committed under the Political Parties, Elections and Referendums Act 2000 or company law by any of the individuals or organisations referred to it by the Electoral Commission.”)

“The regulation of political advertising falls outside this Committee’s remit,” the ISC report adds, under a brief section on ‘Political advertising on social media’. “We agree, however, with the DCMS Select Committee’s conclusion that the regulatory framework needs urgent review if it is to be fit for purpose in the age of widespread social media.

“In particular, we note and affirm the Select Committee’s recommendation that all online political adverts should include an imprint stating who is paying for it. We would add to that a requirement for social media companies to co-operate with MI5 where it is suspected that a hostile foreign state may be covertly running a campaign.”

On Brexit itself, and the heavily polarizing question of how much influence Russia was able to exert over the UK’s vote to leave the European Union, the committee suggests this would be “difficult” or even “impossible” to assess. But it emphasizes: “it is important to establish whether a hostile state took deliberate action with the aim of influencing a UK democratic process, irrespective of whether it was successful or not.”

The report then goes on to query the lack of evidence of an attempt by the UK government or security agencies to do just that.

In one interesting — and heavily redacted paragraph — the committee notes it sought to ascertain whether UK intelligence agencies hold “secret intelligence” that might support or supplement open source studies that have pointed to attempts by Russia to influence the Brexit vote — but was sent only a very brief response.

Here the committee writes:

In response to our request for written evidence at the outset of the Inquiry, MI5 initially provided just six lines of text. It stated that ***, before referring to academic studies. This was noteworthy in terms of the way it was couched (***) and the reference to open source studies ***. The brevity was also, to us, again, indicative of the extreme caution amongst the intelligence and security Agencies at the thought that they might have any role in relation to the UK’s democratic processes, and particularly one as contentious as the EU referendum. We repeat that this attitude is illogical; this is about the protection of the process and mechanism from hostile state interference, which should fall to our intelligence and security Agencies.

The report also records a gap in the government’s response on this issue — with the committee being told of no active attempt by government to understand whether or not UK elections have been targeted by Russia.

“The written evidence provided to us appeared to suggest that HMG had not seen or sought evidence of successful interference in UK democratic processes or any activity that has had a material impact on an election, for example influencing results,” it writes.

A later redacted paragraph indicates an assessment by the committee that the government failed to fully take into account open source material which had indicated attempts to influence Brexit (such as the studies of attempts to influence the referendum using Russia state mouthpieces RT and Sputnik; or via social media campaigns).

“Given that the Committee has previously been informed that open source material is now fully represented in the Government’s understanding of the threat picture, it was surprising to us that in this instance it was not,” the committee adds.

The committee also raises an eyebrow at the lack of any post-referendum analysis of Russian attempts to influence the vote by UK intelligence agencies — which it describes as in “stark contrast” to the US agency response following the revelations of Russian disops targeted at the 2016 US presidential election.

“Whilst the issues at stake in the EU referendum campaign are less clear-cut, it is nonetheless the Committee’s view that the UK Intelligence Community should produce an analogous assessment of potential Russian interference in the EU referendum and that an unclassified summary of it be published,” it suggests.

In other recommendations related to Russia’s “offensive cyber” capabilities, the committee reiterates that there’s a need for “a common international approach” to tackling the threat.

“It is clear there is now a pressing requirement for the introduction of a doctrine, or set of protocols, to ensure that there is a common approach to Offensive Cyber. While the UN has agreed that international law, and in particular the UN Charter, applies in cyberspace, there is still a need for a greater global understanding of how this should work in practice,” it writes, noting that it made the same recommendation in its 2016-17 annual
report.

“It is imperative that there are now tangible developments in this area in light of the increasing threat from Russia (and others, including China, Iran and the Democratic People’s Republic of Korea). Achieving a consensus on this common approach will be a challenging process, but as a leading proponent of the Rules Based International Order it is essential that the UK helps to promote and shape Rules of Engagement, working
with our allies.”

The security-cleared committee notes that the public report is a redacted summary of a more detailed dossier it felt unable to publish on account of classified information and the risk of Russia being able to use it to glean too much intelligence on the level of UK intelligence of its activities. Hence opting for a more truncated (and redacted) document than it would usually publish — which again raises questions over why Johnson sought repeatedly to delay publication.

Plenty of sections of the report contain a string of asterisk at a crucial point, eliding strategic specifics (e.g. this paragraph on exactly how Russia is targeting critical UK infrastructure: “Russia has also undertaken cyber pre-positioning activity on other nations’ Critical National Infrastructure (CNI). The National Cyber Security Centre (NCSC) has advised that there is *** Russian cyber intrusion into the UK’s CNI – particularly marked in the *** sectors.)”)

Most recently Number 10 sought to influence the election of the ISC committee chair by seeking to parachute a preferred candidate into the seat — which could have further delayed publication of the report. However the attempt at stacking the committee was thwarted when new chair, Conservative MP Julian Lewis, sided with opposition MPs to vote for himself. After which the newly elected committee voted unanimously to release the Russia report before the summer recess of parliament, avoiding another multi-month delay.

Another major chunk of the report, which tackles the topic of Russian expatriate oligarchs and their money; how they’ve been welcomed into UK society with “open arms”, enabling their illicit finance to be recycled through “the London ‘laundromat’, and to find its way inexorably into political party coffers, may explain the government’s reluctance for the report to be made public.

The committee’s commentary here makes particularly awkward reading for a political party with major Russian donors. And a prime minister with Russian oligarch friends

“It is widely recognised that the key to London’s appeal was the exploitation of the UK’s investor visa scheme, introduced in 1994, followed by the promotion of a light and limited touch to regulation, with London’s strong capital and housing markets offering sound investment opportunities,” the committee writes, further noting that Russian money was also invested in “extending patronage and building influence across a wide sphere of the British establishment – PR firms, charities, political interests, academia and cultural institutions were all willing beneficiaries of Russian money, contributing to a ‘reputation laundering’ process”.

“In brief, Russian influence in the UK is ‘the new normal’, and there are a lot of Russians with very close links to Putin who are well integrated into the UK business and social scene, and accepted because of their wealth,” it adds.

You can read the full report here.

A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam

A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.

The account hijacks hit some of the most prominent users on the social media platform, including leading cryptocurrency sites, but also ensnared several celebrity accounts, notably Bill Gates, Jeff Bezos, Elon Musk and Democratic presidential hopeful Joe Biden.

Vice earlier on Wednesday reported details of the Twitter admin tool.

A Twitter spokesperson, when reached, did not comment on the claims. Twitter later confirmed in a series of tweets that the attack was caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

A person involved in the underground hacking scene told TechCrunch that a hacker, who goes by the handle “Kirk” — likely not their real name — generated over $100,000 in the matter of hours by gaining access to an internal Twitter tool, which they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed whatever funds a victim sent “will be sent back doubled.”

The person told TechCrunch that Kirk had started out by selling access to vanity Twitter accounts, such as usernames that are short, simple and recognizable. It’s big business, if not still illegal. A stolen username or social media handle can go for anywhere between a few hundred dollars or thousands.

Kirk is said to have contacted a “trusted” member on OGUsers, a forum popular with traders of hacked social media handles. Kirk needed the trusted member to help sell stolen vanity usernames.

In several screenshots of a Discord chat shared with TechCrunch, Kirk said: “Send me @’s and BTC,” referring to Twitter usernames and cryptocurrency. “And I’ll get ur shit done,” he said, referring to hijacking Twitter accounts.

But then later in the day, Kirk “started hacking everything,” the person told TechCrunch.

Kirk allegedly had access to an internal tool on Twitter’s network, which allowed them to effectively take control of a user’s account. A screenshot shared with TechCrunch shows the apparent admin tool. (Twitter is removing tweets and suspending users that share screenshots of the tool.)

A screenshot of the alleged internal Twitter account tool. (Image supplied)

The tool appears to allow users — ostensibly Twitter employees — to control access to a user’s account, including changing the email associated with the account and even suspending the user altogether. (We’ve redacted details from the screenshot, as it appears to represent a real user.)

The person did not say exactly how Kirk got access to Twitter’s internal tools, but hypothesized that a Twitter employee’s corporate account was hijacked. With a hijacked employee account, Kirk could make their way into the company’s internal network. The person also said it was unlikely that a Twitter employee was involved with the account takeovers.

As part of their hacking campaign, Kirk targeted @binance first, the person said, then quickly moved to popular cryptocurrency accounts. The person said Kirk made more money in an hour than selling usernames.

To gain control of the platform, Twitter briefly suspended some account actions — as well as prevented verified users from tweeting — in an apparent effort to stem the account hijacks. Twitter later tweeted it “was working to get things back to normal as quickly as possible.”

White Castle becomes the first fast food chain to test out the robot fry cook, Flippy, from Miso Robotics

The next time Harold and Kumar go to a White Castle, there may be a robot making their French Fries.

In one of the first trials of a robotic fry cook at a national burger chain, White Castle said it would work with Pasadena, Calif.-based Miso Robotics to test that company’s robotic chef at a restaurant in the Chicago area. It’s a  trial run for potentially bringing the robot to other White Castle kitchens across the country, the company said.

White Castle first began talking about using the Miso Robotics robots in its kitchens about nine months ago according to White Castle’s vice president of shareholder relations, Jamie Richardson. For the company, it was a question of, “How can we start to make the kitchen of tomorrow today?” 

Already a success on social media, where videos of Miso Robotics’ Flippy robot have racked up hundreds of thousands of views, White Castle was intrigued about the prospects of a burger flipping, chicken, onion, and french frying robot in its locations, Richardson said.

“I think automation is here to stay and this is the first example of a really large credible player starting down that journey,” said Miso Robotics chief executive Buck Jordan of the new collaboration with White Castle. 

White Castle has a fairly interesting track record when it comes to working with startups. The company was the first fast food chain to embrace Impossible Foods for its sliders.

At an undisclosed restaurant in the Chicago area, Miso Robotics is already working to install the latest version of its Flippy robot. The robotic fry cook will be integrated with the company’s point of sale system so that the robot can begin preparation as soon as an order is taken at the register.

That first robot will be coming online in September, according to Richardson.

And Richardson said that White Castle employees don’t need to worry about a robot coming for all of their jobs… yet. 

“It’s going to save us money in food costs because there will be less waste,” said Richardson.  “The other savings will be in terms of output… that’s going to be helpful.. If you maintain speed of service that’s getting a little bit better and a little better you do see more visits… that’s where we see it having the biggest impact… we’re not looking at this as a way to reduce people power.” 

A typical installation of a Miso Robotics system in a kitchen would cost a restaurant $30,000 upfront and then another $15,000 per year. However, with White Castle, the terms (which were undisclosed) were a little different.

Jordan said the goal is to bring the cost of the robotic system down to $15,000 for the entire system, obviating the need for any upfront costs, and convincing restaurants and franchisors that the robot can pay for itself right out of the gate.

There’s a clear path to getting that down to 20K,” said Jordan. “I’m trying to chisel that down to 15K,… at that kind of price and these things have lifetimes of seven to ten years we can afford to take the loss upfront.”

The robots have taken on new significance in the post COVID-19 era as restaurants like White Castle become essential services even as they struggle to keep the lights on with fewer customers. 

At White Castle that meant pay cuts for executives in order to retain staff. “We cut a lot of investment and we didn’t want to lose one job,” Richardson said. However, even with the strategic cuts, the implementation of at least this first robotic system remained a priority.

“There were things that we thought, COVID or no COVID were important,” Richardson said. “This project falls under that banner.”

White Castle’s decision to pilot Flippy in the kitchen creates an avenue for reduced human contact with food during the cooking process – reducing potential for transmission of food pathogens. The implementation also brings intelligence to cooking, tapping into sensors, intelligent monitoring and anticipated kitchen needs to keep food temperatures consistent, that ensure optimal quality and a perfect bite for customers. With Flippy in the kitchen automating repetitive, time consuming and dangerous tasks like frying, team members can be redeployed to more customer-experience driven tasks.

Image Credit: Miso Robotics

How Thor Fridriksson’s ‘Trivia Royale’ earned 2.5M downloads in 3 weeks

In its first few weeks of release, the latest game from QuizUp founder Thor Fridriksson took the top spot in the Games Section of Apple’s App Store and was the top app (for a brief time) in the App Store at large.

Since its launch on June 17, Trivia Royale has been downloaded more than 2.5 million times, with day-one retention of 45% and week-one retention of 45% on iOS, according to the company. Average daily usage per user is around 30 minutes. It currently sits in the number six spot in the Free Games category on the App Store.

There is no shortage of mobile games, but in such a cluttered space, it’s difficult to break through the noise. So how did Trivia Royale do it?

The game, which lets users compete in a 1,000-person, single-elimination trivia tournament, is built on the Teatime Games platform. Teatime emphasizes the fun of playing against other humans in the mobile gaming landscape, giving users the ability to communicate via video chat while they play in a game on their smartphone.

The platform allows game developers to use this video chat functionality, which comes with Snapchat-like face filters or Apple Memoji-style avatars, on their own games. But for Teatime to truly succeed as a gaming platform, the company needed a hit game, Fridriksson said.

The serial entrepreneur told TechCrunch that he decided to take off his CEO hat and return to his product roots by focusing on a category that few people know as well as he does: trivia.

The Trivia Royale tournament combines the scale of Battle Royale with the durability of trivia — whether it’s Jeopardy, HQ Trivia, bar trivia or this, we can’t get enough of it — or lets users match against one other player in a single category of trivia.

I’ve played around on the game for a while now and can say that it’s very well done, from the design to the production value. But more important than the mechanics of the tournament or the typeface or even the content of the questions are the avatars, which let users express themselves through customization and their real-life facial expressions.

But none of that means anything if players don’t join the game. So how did Trivia Royale earn more than 2.5 million downloads (and climbing) in a matter of days?

A big bet on TikTok

Fridriksson told TechCrunch that he has to give a ton of credit to his kids (who are 15 and 11). His daughter told him about TikTok and gave him a list of her favorite stars, including Addison Rae and Dixie D’Amelio.