LaLiga fined $280k for soccer app’s privacy violating spy mode

Spanish soccer’s premier league, LaLiga, has netted itself a €250,000 (~$280k) fine for privacy violations of Europe’s General Data Protection Regulation (GDPR) related to its official app.

As we reported a year ago, users of the LaLiga app were outraged to discover the smartphone software does rather more than show minute-by-minute commentary of football matches — but can use the microphone and GPS of fans’ phones to record their surroundings in a bid to identify bars which are unofficially streaming games instead of coughing up for broadcasting rights.

Unwitting fans who hadn’t read the tea leaves of opaque app permissions took to social media to vent their anger at finding they’d been co-opted into an unofficial LaLiga piracy police force as the app repurposed their smartphone sensors to rat out their favorite local bars.

The spy mode function is not mentioned in the app’s description.

El Diaro reports the fine being issued by Spain’s data protection watchdog, the AEPD. A spokesperson for the watchdog confirmed the penalty but told us the full decision has not yet been published.

Per El Diaro’s report, the AEPD found LaLiga failed to be adequately clear about how the app recorded audio, violating Article 5.1 of the GDPR — which requires that personal data be processed lawfully, fairly and in a transparent manner. It said LaLiga should have indicated to app users every time the app remotely switched on the microphone to record their surroundings.

If LaLiga had done so that would have required some form of in-app notification once per minute every time a football match is in play, being as — once granted permission to record audio — the app does so for five sections every minute when a league game is happening.

Instead the app only asks for permission to use the microphone twice per user (per LaLiga’s explanation).

The AEPD found the level of notification the app provides to users inadequate — pointing out, per El Diaro’s reports, that users are unlikely to remember what they have previously consented each time they use the app.

It suggests active notification could be provided to users each time the app is recording, such as by displaying an icon that indicates the microphone is listening in, according to the newspaper. 

The watchdog also found LaLiga to have violated Article 7.3 of the GDPR which stipulates that when consent is being used as the legal basis for processing personal data users should have the right to withdraw their consent at any time. Whereas, again, the LaLiga app does not offer users an ongoing chance to withdraw consent to its spy mode recording after the initial permission requests.

LaLiga has been given a month to correct the violations with the app. However in a statement responding to the AEPD’s decision the association has denied any wrongdoing — and said it plans to appeal the fine.

“LaLiga disagrees deeply with the interpretation of the AEPD and believes that it has not made the effort to understand how the technology [functions],” it writes. “For the microphone functionality to be active, the user has to expressly, proactively and on two occasions grant consent, so it can not be attributed to LaLiga lack of
transparency or information about this functionality.”

“LaLiga will appeal the decision in court to prove that has acted in accordance with data protection regulations,” it adds.

A video produced by LaLiga to try to sell the spy mode function to fans following last year’s social media backlash claims it does not capture any personal data — and describes the dual permission requests to use the microphone as “an exercise in transparency”.

Clearly, the AEPD takes a very different view.

LaLiga’s argument against the AEPD’s decision that it violated the GDPR appears to rest on its suggestion that the watchdog does not understand the technology it’s using — which it claims “neither record, store, or listen to conversations”.

So it looks to be trying to push its own self-serving interpretation of what is and isn’t personal data. (Nor is it the only commercial entity attempting that, of course.)

In the response statement, which we’ve translated from Spanish, LaLiga writes:

The technology used is designed to generate exclusively a specific sound footprint (fingerprint acoustic). This fingerprint only contains 0.75% of the information, discarding the remaining 99.25%, so it is technically impossible to interpret the voice or human conversations.

This fingerprint is transformed into an alphanumeric code (hash) that cannot be reversed to recreate the original sound. The technology’s operation is backed by an independent expert report, that among other arguments that favor our position, concludes that it “does not allow LaLiga to know the contents of any conversation or identify potential speakers”. Furthermore, it adds that this fraud control mechanism “does not store the information captured from the microphone of the mobile” and “the information captured by the microphone of the mobile is subjected to a complex transformation process that is irreversible”.

In comments to El Diaro, LaLiga also likens its technology to the Shazam app — which compares an audio fingerprint to try to identify a song also being recorded in real-time via the phone’s microphone.

However Shazam users manually activate its listening feature, and are shown a visual ‘listening’ icon during the process. Whereas LaLiga has created an embedded spy mode that systematically switches itself after a couple of initial permissions. So it’s perhaps not the best comparison to try to suggest.

LaLiga’s statement adds that the audio eavesdropping on fans’ surroundings is intended to “achieve a legitimate goal” of fighting piracy. 

“LaLiga would not be acting diligently if it did not use all means and technologies at its fingertips to fight against piracy,” it writes. “It is a particularly relevant task taking into account the enormous magnitude of fraud in the marketing system, which is estimated at approximately 400 million euros per year.”

LaLiga also says it will not be making any changes to how the app functions because it already intends to remove what it describes to El Diario as “experimental” functionality at the end of the current football season, which ends June 30.

Revolut adds Apple Pay support in 16 markets

Fintech startup Revolut has expanded its support for Apple Pay, confirming that from today the payment option is available for users in 16 European markets.

The list of supported markets is: UK, France, Poland, Germany, Czech Republic, Spain, Italy, Switzerland, Ireland, Belgium, Austria, Sweden, Denmark, Norway, Finland and Iceland.

Press reports last month suggested the UK challenger bank had inked Apple Pay agreements in markets including the UK, France, Germany and Switzerland.

It’s not clear what took Revolut so long to join the Apple Pay party.

Customers in the supported markets can add their Revolut card to Apple Pay via the Revolut app or via Apple’s Wallet app. Those without a plastic card can add a virtual card to Apple Wallet via the Revolut app and are able to start spending immediately, without having to wait for the physical card to arrive in the post.

Commenting in statement, Arthur Johanet, product owner for card payments at Revolut, said: “Revolut’s ultimate goal is to give our customers a useful tool to manage every aspect of their financial lives, and the ability to make payments quickly, conveniently and securely is vital to achieving this. Our customers have been requesting Apple Pay for a long time, so we are delighted to kick off our rollout, starting with our customers in 16 markets. This is a very positive step forward in enabling our customers to use their money in the way that they want to.”

Sources: Bird is in talks to acquire scooter startup Scoot

If you are among those who thought that the scooter market sounded a little overhyped and overcrowded, we’ve gotten wind of a deal that could point to some impending consolidation. The on-demand scooter business Bird has agreed to acquire Scoot, a smaller two-wheeled mobility startup, sources tell TechCrunch.

The stage of the negotiations is not clear although from what our sources tell us, it sounds like the deal is not closed. Contacted for a response, both Scoot and Bird said they declined to comment on speculation.

If accurate, it would be far from a merger of equals. Scoot was last valued at around $71 million, having raised about $47 million in equity funding to date from Scout Ventures, Vision Ridge Partners, angel investor Joanne Wilson and more.

Bird is significantly larger. Led by chief executive officer Travis VanderZanden, earlier this year the company was working on a round of financing reportedly worth $300 million at a $2.3 billion valuation. We’ve been able to confirm that this round has now closed, although we don’t yet know the final amount or who the investors are. (Backers of Bird include Sequoia, Index, Charles River Ventures, Tusk Ventures, Upfront Ventures and dozens more.) Scoot would be Bird’s first full acquisition.

Scooting toward consolidation

It’s still very early days in the scooter market in terms of consumer adoption, but that hasn’t stopped people from launching a lot of startups and raising funding to capitalise on what many believe will be a big opportunity longer term.

That promise is made bigger by the regulatory structure of the scooter market. Similar to their approach to bikes, many cities restrict the number of licenses they give out to companies to run on-street, hourly scooter services. Winning a license can give a company a near-monopoly on building a business in that city.

It also means that a combination between two companies whose geographic footprints do not overlap becomes a much cheaper and faster way of instantly creating a bigger business.

Notably, Scoot has a license to operate a pick-up/drop-off street service in the key market of San Francisco — where it competes with Skip, the only other licensed operator in the city. (Note: Bird last month did start up business again in SF, but only for the less popular offer of monthly rentals.)

What’s more, the two startups do not have any overlap in the rest of their footprints. Scoot is active in Barcelona, Spain and Santiago, Chile. Bird, on the other hand, has launched in about 100 cities spanning the U.S. and Europe, but its list does not include any of the cities where Scoot has rolled out its service.

Bird announced its new, two-seated electric vehicle earlier this week

On the vehicle front, the story is a little different. The two are providing, more or less, the same kinds of vehicles. Scoot has built out a network focused primarily on electric push scooters, seated scooters and electric bikes. Bird, meanwhile, has mostly built its service around electric push scooters, but just yesterday the company debuted its first seated vehicle to expand into a new product class.

Bird acquiring Scoot will help the two achieve better economies of scale in terms of vehicle purchasing power and device R&D.

It also helps them compete against the big boys. The market for scooters and other two-wheeled vehicles (collectively termed “micro-mobility”) is still a relatively new one, but Lyft and Uber have also waded in early to establish market share, as part of their own strategies to position themselves as the go-to platforms for any and all transportation needs.

Bird buying Scoot is one likely M&A move, but it’s not the only one.

Sources have told TechCrunch that an Uber acquisition of Skip (the other provider in SF) could also be in the works. Skip, much like Scoot, is another small player in the e-scooter market. To date, it has secured $31 million in venture capital funding from Initialized Capital, Accel and others.

Uber is already an active acquirer in the area of mico-mobility. If you remember, it acquired JUMP Bikes for $200 million in April 2018.

Uber’s acquisition of JUMP wasn’t surprising. In January 2018, the ride-hailing giant partnered with JUMP to launch Uber Bike, which lets Uber riders book JUMP bikes via the Uber app.

Other acquisitions in the nascent micro-mobility space include Lyft’s purchase of Motivate, a deal announced roughly one year ago. Motivate, the oldest and largest electric bike-share company in North America, did not disclose terms of the deal, though reports indicated it was asking for at least $250 million.

Bird — founded in 2017 — has yet to announce any acquisitions, although a spokesperson for the company said there have been quiet acqui-hires before now.

It was itself the subject of acquisition rumors for several months in 2018, too. Prior to Uber filing to go public in what was one of the most highly anticipated initial public offerings of the decade, many expected it to shell out cash for either Bird or Lime. From what we know, Uber was in discussions to acquire Bird, but ultimately it wasn’t able to meet Bird’s steep asking price.

How Kubernetes came to rule the world

Open source has become the de facto standard for building the software that underpins the complex infrastructure that runs everything from your favorite mobile apps to your company’s barely usable expense tool. Over the course of the last few years, a lot of new software is being deployed on top of Kubernetes, the tool for managing large server clusters running containers that Google open sourced five years ago.

Today, Kubernetes is the fastest growing open-source project and earlier this month, the bi-annual KubeCon+CloudNativeCon conference attracted almost 8,000 developers to sunny Barcelona, Spain, making the event the largest open-source conference in Europe yet.

To talk about how Kubernetes came to be, I sat down with Craig McLuckie, one of the co-founders of Kubernetes at Google (who then went on to his own startup, Heptio, which he sold to VMware); Tim Hockin, another Googler who was an early member on the project and was also on Google’s Borg team; and Gabe Monroy, who co-founded Deis, one of the first successful Kubernetes startups, and then sold it to Microsoft, where he is now the lead PM for Azure Container Compute (and often the public face of Microsoft’s efforts in this area).

Google’s cloud and the rise of containers

To set the stage a bit, it’s worth remembering where Google Cloud and container management were five years ago.

Facebook found hosting masses of far right EU disinformation networks

A multi-month hunt for political disinformation spreading on Facebook in Europe suggests there are concerted efforts to use the platform to spread bogus far right propaganda to millions of voters ahead of a key EU vote which kicks off tomorrow.

Following the independent investigation, Facebook has taken down a total of 77 pages and 230 accounts from Germany, UK, France, Italy, Spain and Poland — which had been followed by an estimated 32 million people and generated 67 million ‘interactions’ (i.e. comments, likes, shares) in the last three months alone.

The bogus mainly far-right disinformation networks were not identified by Facebook — but had been reported to it by campaign group Avaaz — which says the fake pages had more Facebook followers and interactions than all the main EU far right and anti-EU parties combined.

“The results are overwhelming: the disinformation networks upon which Facebook acted had more interactions (13 million) in the past three months than the main party pages of the League, AfD, VOX, Brexit Party, Rassemblement National and PiS combined (9 million),” it writes in a new report.

Although interactions is the figure that best illustrates the impact and reach of these networks, comparing the number of followers of the networks taken down reveals an even clearer image. The Facebook networks takedown had almost three times (5.9 million) the number of followers as AfD, VOX, Brexit Party, Rassemblement National and PiS’s main Facebook pages combined (2 million).”

Avaaz has previously found and announced far right disinformation networks operating in Spain, Italy and Poland — and a spokesman confirmed to us it’s re-reporting some of its findings now (such as the ~30 pages and groups in Spain that had racked up 1.7M followers and 7.4M interactions, which we covered last month) to highlight an overall total for the investigation.

“Our report contains new information for France, United Kingdom and Germany,” the spokesman added.

Examples of politically charged disinformation being spread via Facebook by the bogus networks it found include a fake viral video seen by 10 million people that supposedly shows migrants in Italy destroying a police car (but was actually from a movie; which Avaaz adds that this fake had been “debunked years ago”); a story in Poland claiming that migrant taxi drivers rape European women, including a fake image; and fake news about a child cancer center being closed down by Catalan separatists in Spain.

There’s lots more country-specific detail in its full report.

In all, Avaaz reported more than 500 suspicious pages and groups to Facebook related to the three-month investigation of Facebook disinformation networks in Europe. Though Facebook only took down a subset of the far right muck-spreaders — around 15% of the suspicious pages reported to it.

“The networks were either spreading disinformation or using tactics to amplify their mainly anti-immigration, anti-EU, or racist content, in a way that appears to breach Facebook’s own policies,” Avaaz writes of what it found.

It estimates that content posted by all the suspicious pages it reported had been viewed some 533 million times over the pre-election period. Albeit, there’s no way to know whether or not everything it judged suspicious actually was.

In a statement responding to Avaaz’s findings, Facebook told us:

We thank Avaaz for sharing their research for us to investigate. As we have said, we are focused on protecting the integrity of elections across the European Union and around the world. We have removed a number of fake and duplicate accounts that were violating our authenticity policies, as well as multiple Pages for name change and other violations. We also took action against some additional Pages that repeatedly posted misinformation. We will take further action if we find additional violations.

The company did not respond to our question asking why it failed to unearth this political disinformation itself.

Ahead of the EU parliament vote, which begins tomorrow, Facebook invited a select group of journalists to tour a new Dublin-based election security ‘war room’ — where it talked about a “five pillars of countering disinformation” strategy to prevent cynical attempts to manipulate voters’ views.

But as Avaaz’s investigation shows there’s plenty of political disinformation flying by entirely unchecked.

One major ongoing issue where political disinformation and Facebook’s platform is concerned is that how the company enforces its own rules remains entirely opaque.

We don’t get to see all the detail — so can’t judge and assess all its decisions. Yet Facebook has been known to shut down swathes of accounts deemed fake ahead of elections, while apparently failing entirely to find other fakes (such as in this case).

It’s a situation that does not look compatible with the continued functioning of democracy given Facebook’s massive reach and power to influence.

Nor is the company under an obligation to report every fake account it confirms. Instead, Facebook gets to control the timing and flow of any official announcements it chooses to make about “coordinated inauthentic behaviour” — dropping these self-selected disclosures as and when it sees fit, and making them sound as routine as possible by cloaking them in its standard, dryly worded newspeak.

Back in January, Facebook COO Sheryl Sandberg admitted publicly that the company is blocking more than 1M fake accounts every day. If Facebook was reporting every fake it finds it would therefore need to do so via a real-time dashboard — not sporadic newsroom blog posts that inherently play down the scale of what is clearly embedded into its platform, and may be so massive and ongoing that it’s not really possible to know where Facebook stops and ‘Fakebook’ starts.

The suspicious behaviours that Avaaz attached to the pages and groups it found that appeared to be in breach of Facebook’s stated rules include the use of fake accounts, spamming, misleading page name changes and suspected coordinated inauthentic behavior.

When Avaaz previously reported the Spanish far right networks Facebook subsequently told us it had removed “a number” of pages violating its “authenticity policies”, including one page for name change violations but claimed “we aren’t removing accounts or Pages for coordinated inauthentic behavior”.

So again, it’s worth emphasizing that Facebook gets to define what is and isn’t acceptable on its platform — including creating terms that seek to normalize its own inherently dysfunctional ‘rules’ and their ‘enforcement’.

Such as by creating terms like “coordinated inauthentic behavior”, which sets a threshold of Facebook’s own choosing for what it will and won’t judge political disinformation. It’s inherently self-serving.

Given that Facebook only acted on a small proportion of what Avaaz found and reported overall, we might posit that the company is setting a very high bar for acting against suspicious activity. And that plenty of election fiddling is free flowing under its feeble radar. (When we previously asked Facebook whether it was disputing Avaaz’s finding of coordinated inauthentic behaviour vis-a-vis the far right disinformation networks it reported in Spain the company did not respond to the question.)

Much of the publicity around Facebook’s self-styled “election security” efforts has also focused on how it’s enforcing new disclosure rules around political ads. But again political disinformation masquerading as organic content continues being spread across its platform — where it’s being shown to be racking up millions of interactions with people’s brains and eyeballs.

Plus, as we reported yesterday, research conducted by the Oxford Internet Institute into pre-EU election content sharing on Facebook has found that sources of disinformation-spreading ‘junk news’ generate far greater engagement on its platform than professional journalism.

So while Facebook’s platform is also clearly full of real people sharing actual news and views, the fake BS which Avaaz’s findings imply is also flooding the platform, gets spread around more, on a per unit basis. And it’s democracy that suffers — because vote manipulators are able to pass off manipulative propaganda and hate speech as bona fide news and views as a consequence of Facebook publishing the fake stuff alongside genuine opinions and professional journalism.

It does not have algorithms that can perfectly distinguish one from the other, and has suggested it never will.

The bottom line is that even if Facebook dedicates far more resource (human and AI) to rooting out ‘election interference’ the wider problem is that a commercial entity which benefits from engagement on an ad-funded platform is also the referee setting the rules.

Indeed, the whole loud Facebook publicity effort around “election security” looks like a cynical attempt to distract the rest of us from how broken its rules are. Or, in other words, a platform that accelerates propaganda is also seeking to manipulate and skew our views.

Amazon leads $575M investment in Deliveroo

Amazon is taking a slice of Europe’s food delivery market after the U.S. e-commerce giant led a $575 million investment in Deliveroo .

First reported by Sky yesterday, the Series G round was confirmed in an early UK morning announcement from Deliveroo, which confirmed that existing backers including T. Rowe Price, Fidelity Management and Research Company, and Greenoaks also took part. The deal takes Deliveroo to just over $1.5 billion raised to date. The company was valued at over $2 billion following its previous raise in late 2017, no updated valuation was provided today.

London-based Deliveroo operates in 14 countries, including the U.K, France, Germany and Spain, and — outside of Europe — Singapore, Taiwan, Australia and the UAE. Across those markets, it claims it works with 80,000 restaurants with a fleet of 60,000 delivery people and 2,500 permanent employees.

It isn’t immediately clear how Amazon plans to use its new strategic relationship with Deliveroo — it could, for example, integrate it with Prime membership — but this isn’t the firm’s first dalliance with food delivery. The U.S. firm closed its Amazon Restaurants UK takeout business last year after it struggled to compete with Deliveroo and Uber Eats. The service remains operational in the U.S, however.

“Amazon has been an inspiration to me personally and to the company, and we look forward to working with such a customer-obsessed organization,” said Deliveroo CEO and founder Will Shu in a statement.

Shu said the new money will go towards initiatives that include growing Deliveroo’s London-based engineering team, expanding its reach and focusing on new products, including cloud kitchens that can cook up delivery meals faster and more cost-efficiently.

[Center] Will Shu, Deliveroo CEO and co-founder, on stage at TechCrunch Disrupt London

Amazon leads $575M investment in Deliveroo

Amazon is taking a slice of Europe’s food delivery market after the U.S. e-commerce giant led a $575 million investment in Deliveroo .

First reported by Sky yesterday, the Series G round was confirmed in an early UK morning announcement from Deliveroo, which confirmed that existing backers including T. Rowe Price, Fidelity Management and Research Company, and Greenoaks also took part. The deal takes Deliveroo to just over $1.5 billion raised to date. The company was valued at over $2 billion following its previous raise in late 2017, no updated valuation was provided today.

London-based Deliveroo operates in 14 countries, including the U.K, France, Germany and Spain, and — outside of Europe — Singapore, Taiwan, Australia and the UAE. Across those markets, it claims it works with 80,000 restaurants with a fleet of 60,000 delivery people and 2,500 permanent employees.

It isn’t immediately clear how Amazon plans to use its new strategic relationship with Deliveroo — it could, for example, integrate it with Prime membership — but this isn’t the firm’s first dalliance with food delivery. The U.S. firm closed its Amazon Restaurants UK takeout business last year after it struggled to compete with Deliveroo and Uber Eats. The service remains operational in the U.S, however.

“Amazon has been an inspiration to me personally and to the company, and we look forward to working with such a customer-obsessed organization,” said Deliveroo CEO and founder Will Shu in a statement.

Shu said the new money will go towards initiatives that include growing Deliveroo’s London-based engineering team, expanding its reach and focusing on new products, including cloud kitchens that can cook up delivery meals faster and more cost-efficiently.

[Center] Will Shu, Deliveroo CEO and co-founder, on stage at TechCrunch Disrupt London

When it comes to elections, Facebook moves slow, may still break things

This week, Facebook invited a small group of journalists — which didn’t include TechCrunch — to look at the “war room” it has set up in Dublin, Ireland, to help monitor its products for election-related content that violates its policies. (“Time and space constraints” limited the numbers, a spokesperson told us when he asked why we weren’t invited.)

Facebook announced it would be setting up this Dublin hub — which will bring together data scientists, researchers, legal and community team members, and others in the organization to tackle issues like fake news, hate speech and voter suppression — back in January. The company has said it has nearly 40 teams working on elections across its family of apps, without breaking out the number of staff it has dedicated to countering political disinformation. 

We have been told that there would be “no news items” during the closed tour — which, despite that, is “under embargo” until Sunday — beyond what Facebook and its executives discussed last Friday in a press conference about its European election preparations.

The tour looks to be a direct copy-paste of the one Facebook held to show off its US election “war room” last year, which it did invite us on. (In that case it was forced to claim it had not disbanded the room soon after heavily PR’ing its existence — saying the monitoring hub would be used again for future elections.)

We understand — via a non-Facebook source — that several broadcast journalists were among the invites to its Dublin “war room”. So expect to see a few gauzy inside views at the end of the weekend, as Facebook’s PR machine spins up a gear ahead of the vote to elect the next European Parliament later this month.

It’s clearly hoping shots of serious-looking Facebook employees crowded around banks of monitors will play well on camera and help influence public opinion that it’s delivering an even social media playing field for the EU parliament election. The European Commission is also keeping a close watch on how platforms handle political disinformation before a key vote.

But with the pan-EU elections set to start May 23, and a general election already held in Spain last month, we believe the lack of new developments to secure EU elections is very much to the company’s discredit.

The EU parliament elections are now a mere three weeks away, and there are a lot of unresolved questions and issues Facebook has yet to address. Yet we’re told the attending journalists were once again not allowed to put any questions to the fresh-faced Facebook employees staffing the “war room”.

Ahead of the looming batch of Sunday evening ‘war room tour’ news reports, which Facebook will be hoping contain its “five pillars of countering disinformation” talking points, we’ve compiled a run down of some key concerns and complications flowing from the company’s still highly centralized oversight of political campaigning on its platform — even as it seeks to gloss over how much dubious stuff keeps falling through the cracks.

Worthwhile counterpoints to another highly managed Facebook “election security” PR tour.

No overview of political ads in most EU markets

Since political disinformation created an existential nightmare for Facebook’s ad business with the revelations of Kremlin-backed propaganda targeting the 2016 US presidential election, the company has vowed to deliver transparency — via the launch of a searchable political ad archive for ads running across its products.

The Facebook Ad Library now shines a narrow beam of light into the murky world of political advertising. Before this, each Facebook user could only see the propaganda targeted specifically at them. Now, such ads stick around in its searchable repository for seven years. This is a major step up on total obscurity. (Obscurity that Facebook isn’t wholly keen to lift the lid on, we should add; Its political data releases to researchers so far haven’t gone back before 2017.)

However, in its current form, in the vast majority of markets, the Ad Library makes the user do all the leg work — running searches manually to try to understand and quantify how Facebook’s platform is being used to spread political messages intended to influence voters.

Facebook does also offer an Ad Library Report — a downloadable weekly summary of ads viewed and highest spending advertisers. But it only offers this in four countries globally right now: the US, India, Israel and the UK.

It has said it intends to ship an update to the reports in mid-May. But it’s not clear whether that will make them available in every EU country. (Mid-May would also be pretty late for elections that start May 23.)

So while the UK report makes clear that the new ‘Brexit Party’ is now a leading spender ahead of the EU election, what about the other 27 members of the bloc? Don’t they deserve an overview too?

A spokesperson we talked to about this week’s closed briefing said Facebook had no updates on expanding Ad Library Reports to more countries, in Europe or otherwise.

So, as it stands, the vast majority of EU citizens are missing out on meaningful reports that could help them understand which political advertisers are trying to reach them and how much they’re spending.

Which brings us to…

Facebook’s Ad Archive API is far too limited

In another positive step Facebook has launched an API for the ad archive that developers and researchers can use to query the data. However, as we reported earlier this week, many respected researchers have voiced disappointed with what it’s offering so far — saying the rate-limited API is not nearly open or accessible enough to get a complete picture of all ads running on its platform.

Following this criticism, Facebook’s director of product, Rob Leathern, tweeted a response, saying the API would improve. “With a new undertaking, we’re committed to feedback & want to improve in a privacy-safe way,” he wrote.

The question is when will researchers have a fit-for-purpose tool to understand how political propaganda is flowing over Facebook’s platform? Apparently not in time for the EU elections, either: We asked about this on Thursday and were pointed to Leathern’s tweets as the only update.

This issue is compounded by Facebook also restricting the ability of political transparency campaigners — such as the UK group WhoTargetsMe and US investigative journalism site ProPublica — to monitor ads via browser plug-ins, as the Guardian reported in January.

The net effect is that Facebook is making life hard for civil society groups and public interest researchers to study the flow of political messaging on its platform to try to quantify democratic impacts, and offering only a highly managed level of access to ad data that falls far short of the “political ads transparency” Facebook’s PR has been loudly trumpeting since 2017.

Ad loopholes remain ripe for exploiting

Facebook’s Ad Library includes data on political ads that were active on its platform but subsequently got pulled (made “inactive” in its parlance) because they broke its disclosure rules.

There are multiple examples of inactive ads for the Spanish far right party Vox visible in Facebook’s Ad Library that were pulled for running without the required disclaimer label, for example.

“After the ad started running, we determined that the ad was related to politics and issues of national importance and required the label. The ad was taken down,” runs the standard explainer Facebook offers if you click on the little ‘i’ next to an observation that “this ad ran without a disclaimer”.

What is not at all clear is how quickly Facebook acted to removed rule-breaking political ads.

It is possible to click on each individual ad to get some additional details. Here Facebook provides a per ad breakdown of impressions; genders, ages, and regional locations of the people who saw the ad; and how much was spent on it.

But all those clicks don’t scale. So it’s not possible to get an overview of how effectively Facebook is handling political ad rule breakers. Unless, well, you literally go in clicking and counting on each and every ad…

There is then also the wider question of whether a political advertiser that is found to be systematically breaking Facebook rules should be allowed to keep running ads on its platform.

Because if Facebook does allow that to happen there’s a pretty obvious (and massive) workaround for its disclosure rules: Bad faith political advertisers could simply keep submitting fresh ads after the last batch got taken down.

We were, for instance, able to find inactive Vox ads taken down for lacking a disclaimer that had still been able to rack up thousands — and even tens of thousands — of impressions in the time they were still active.

Facebook needs to be much clearer about how it handles systematic rule breakers.

Definition of political issue ads is still opaque

Facebook currently requires that all political advertisers in the EU go through its authorization process in the country where ads are being delivered if they relate to the European Parliamentary elections, as a step to try and prevent foreign interference.

This means it asks political advertisers to submit documents and runs technical checks to confirm their identity and location. Though it noted, on last week’s call, that it cannot guarantee this ID system cannot be circumvented. (As it was last year when UK journalists were able to successfully place ads paid for by ‘Cambridge Analytica’.)

One other big potential workaround is the question of what is a political ad? And what is an issue ad?

Facebook says these types of ads on Facebook and Instagram in the EU “must now be clearly labeled, including a paid-for-by disclosure from the advertiser at the top of the ad” — so users can see who is paying for the ads and, if there’s a business or organization behind it, their contact details, plus some disclosure about who, if anyone, saw the ads.

But the big question is how is Facebook defining political and issue ads across Europe?

While political ads might seem fairly easy to categorize — assuming they’re attached to registered political parties and candidates, issues are a whole lot more subjective.

Currently Facebook defines issue ads as those relating to “any national legislative issue of public importance in any place where the ad is being run.” It says it worked with EU barometer, YouGov and other third parties to develop an initial list of key issues — examples for Europe include immigration, civil and social rights, political values, security and foreign policy, the economy and environmental politics — that it will “refine… over time.”

Again specifics on when and how that will be refined are not clear. Yet ads that Facebook does not deem political/issue ads will slip right under its radar. They won’t be included in the Ad Library; they won’t be searchable; but they will be able to influence Facebook users under the perfect cover of its commercial ad platform — as before.

So if any maliciously minded propaganda slips through Facebook’s net, because the company decides it’s a non-political issue, it will once again leave no auditable trace.

In recent years the company has also had a habit of announcing major takedowns of what it badges “fake accounts” ahead of major votes. But again voters have to take it on trust that Facebook is getting those judgement calls right.

Facebook continues to bar pan-EU campaigns

On the flip side of weeding out non-transparent political propaganda and/or political disinformation, Facebook is currently blocking the free flow of legal pan-EU political campaigning on its platform.

This issue first came to light several weeks ago, when it emerged that European officials had written to Nick Clegg (Facebook’s vice president of global affairs) to point out that its current rules — i.e. that require those campaigning via Facebook ads to have a registered office in the country where the ad is running — run counter to the pan-European nature of this particular election.

It means EU institutions are in the strange position of not being able to run Facebook ads for their own pan-EU election everywhere across the region. “This runs counter to the nature of EU institutions. By definition, our constituency is multinational and our target audience are in all EU countries and beyond,” the EU’s most senior civil servants pointed out in a letter to the company last month.

This issue impacts not just EU institutions and organizations advocating for particular policies and candidates across EU borders, but even NGOs wanting to run vanilla “get out the vote” campaigns Europe-wide — leading to a number to accuse Facebook of breaching their electoral rights and freedoms.

Facebook claimed last week that the ball is effectively in the regulators’ court on this issue — saying it’s open to making the changes but has to get their agreement to do so. A spokesperson confirmed to us that there is no update to that situation, either.

Of course the company may be trying to err on the side of caution, to prevent bad actors being able to interfere with the vote across Europe. But at what cost to democratic freedoms?

What about fake news spreading on WhatsApp?

Facebook’s ‘election security’ initiatives have focused on political and/or politically charged ads running across its products. But there’s no shortage of political disinformation flowing unchecked across its platforms as user uploaded ‘content’.

On the Facebook-owned messaging app WhatsApp, which is hugely popular in some European markets, the presence of end-to-end encryption further complicates this issue by providing a cloak for the spread of political propaganda that’s not being regulated by Facebook.

In a recent study of political messages spread via WhatsApp ahead of last month’s general election in Spain, the campaign group Avaaz dubbed it “social media’s dark web” — claiming the app had been “flooded with lies and hate”.

Posts range from fake news about Prime Minister Pedro Sánchez signing a secret deal for Catalan independence to conspiracy theories about migrants receiving big cash payouts, propaganda against gay people and an endless flood of hateful, sexist, racist memes and outright lies,” it wrote. 

Avaaz compiled this snapshot of politically charged messages and memes being shared on Spanish WhatsApp by co-opting 5,833 local members to forward election-related content that they deemed false, misleading or hateful.

It says it received a total of 2,461 submissions — which is of course just a tiny, tiny fraction of the stuff being shared in WhatsApp groups and chats. Which makes this app the elephant in Facebook’s election ‘war room’.

What exactly is a war room anyway?

Facebook has said its Dublin Elections Operation Center — to give it its official title — is “focused on the EU elections”, while also suggesting it will plug into a network of global teams “to better coordinate in real time across regions and with our headquarters in California [and] accelerate our rapid response times to fight bad actors and bad content”.

But we’re concerned Facebook is sending out mixed — and potentially misleading — messages about how its election-focused resources are being allocated.

Our (non-Facebook) source told us the 40-odd staffers in the Dublin hub during the press tour were simultaneously looking at the Indian elections. If that’s the case, it does not sound entirely “focused” on either the EU or India’s elections. 

Facebook’s eponymous platform has 2.375 billion monthly active users globally, with some 384 million MAUs in Europe. That’s more users than in the US (243M MAUs). Though Europe is Facebook’s second-biggest market in terms of revenues after the US. Last quarter, it pulled in $3.65BN in sales for Facebook (versus $7.3BN for the US) out of $15BN overall.

Apart from any kind of moral or legal pressure that Facebook might have for running a more responsible platform when it comes to supporting democratic processes, these numbers underscore the business imperative that it has to get this sorted out in Europe in a better way.

Having a “war room” may sound like a start, but unfortunately Facebook is presenting it as an end in itself. And its foot-dragging on all of the bigger issues that need tackling, in effect, means the war will continue to drag on.

Vue.ai raises $17M to equip online retailers with AI smarts

Vue.ai, a U.S/India startup that develops an AI platform to help online retailers work more efficiently and sell more, has announced a $17 million Series B round.

The investment is led by Falcon Edge Capital with participation from Japan’s Global Brain and existing backer Sequoia Capital India. Parent company Mad Street Den was founded in 2014 and it raised $1.5 million a year later, Sequoia then bought into the business via an undisclosed deal in 2016. Vue.ai is described as an “AI brand” from Mad Street Den and, all combined, the two entities have now raised $27 million from investors.

In an interview with TechCrunch, Vue.ai CEO and co-founder Ashwini Asokan — who started Mad Street Den with her husband Anand Chandrasekaran — explained that Vue.ai is a “retail vertical” of Mad Street Den that launched in 2016, she said that the company may add “another vertical in a year or two.”

Vue.ai is solely focused on working with online retailers, predominantly in the fashion space, and it does so in a number of ways. That includes expected areas such as automating product tagging and personalized recommendations (based on that tag library), as well as visual search using photos as input and tailored product discovery.

Areas that Vue.ai also plays in which surprised me, at least, include generating human models who wear clothing items — thus saving considerable time, money and effort on photo shoots — and an AI stylist that doesn’t take human form but does learn a user’s style and help them outfit themselves accordingly.

Tagging and visuals may appear boring, but these are hugely important areas for retailers who have huge amounts of SKUs, items for sale, on their site. Making sure the right person finds the right item is critical to making a sale, and Vue.ai’s goal is to automate as much of that heavy-lifting as possible. Even tagging is essential because it needs to be done consistently if it is to work properly.

Ashwini Asokan, CEO and Founder of Vue.ai

More than just working correctly, Vue.ai aims to help online retailers, who often run a tight ship in terms of profitability, save money and get new product online and in front of consumer eyeballs quickly.

“These are solutions that optimize the bottom line for retail companies,” said Asokan, who spent over a decade working in the U.S before returning home in India in 2015. “We are digitizing products 10X faster than you did before… you cannot afford to lose productivity and efficiency, online retail is not somewhere you can lose money.”

“We want to be that data brain mapping digital products,” she added.

Vue.ai is now pushing into new areas, which include advertising and development of videos and marketing content.

“The future of retail is entertainment and the experience economy is the small start of that era,” Asokan said, reflecting on the trend of social media buying through platforms like Instagram and the rise of live-streaming e-commerce in China.

“The electricity that powers all of these complicated retail interactions is content; we need to understand content and every customer style profile and merchandise,” she added.

Some of Vue.ai’s public customers include Macy’s and Diesel in the U.S, Latin American e-commerce firm Mercadolibre and Indian conglomerate Tata .

Vue.ai is headquartered in Redwood City with an office in Chennai, India. Asokan said it is planning to expand that presence with new locations in Seattle, for tech hires, and Japan and Spain to help provide closer support for customers. The company doesn’t disclose raw numbers, but it said that annual revenue grew by four hundred percent in 2018, which was its third year since incorporation.

Facebook has quietly removed three bogus far-right networks in Spain ahead of Sunday’s elections

Facebook has quietly removed three far-right networks that were engaged in coordinated inauthentic behavior intended to spread politically divisive content in Spain ahead of a general election in the country, which takes place on Sunday.

The networks had a total reach of almost 1.7 million followers and had generated close to 7.4 million interactions in the past three months alone, according to analysis by the independent group that identified the bogus activity on Facebook’s platform.

The fake far-right activity was apparently not picked up by Facebook.

Instead, activist not-for-profit Avaaz unearthed the inauthentic content, and presented its findings to the social networking giant earlier this month, on April 12. In a press release issued today, the campaigning organization said Facebook has now removed the fakes — apparently vindicating its findings.

“Facebook did a great job in acting fast, but these networks are likely just the tip of the disinformation iceberg — and if Facebook doesn’t scale up, such operations could sink democracy across the continent,” said Christoph Schott, campaign director at Avaaz, in a statement.

“This is how hate goes viral. A bunch of extremists use fake and duplicate accounts to create entire networks to fake public support for their divisive agenda. It’s how voters were misled in the U.S., and it happened again in Spain,” he added.

We reached out to Facebook for comment but at the time of writing the company had not responded to the request or to several questions we also put to it.

Avaaz said the networks it found comprised around 30 pages and groups spreading far-right propaganda — including anti-immigrant, anti-LGBT, anti-feminist and anti-Islam content.

Examples of the inauthentic content can be viewed in Avaaz’s executive summary of the report. They include fake data about foreigners committing the majority of rapes in Spain; fake news about Catalonia’s pro independence leader; and various posts targeting left-wing political party Podemos — including an image superimposing the head of its leader onto the body of Hitler performing a Nazi salute.

One of the networks — which Avaaz calls Unidad ​Nacional Española (after the most popular page in the network) — was apparently created and coordinated by an individual called ​Javier Ramón Capdevila Grau, who had multiple personal Facebook accounts (also) in contravention of Facebook’s community standards. 

This network, which had a reach of more than 1.2 million followers, comprised at least 10 pages that Avaaz identified as working in a coordinated fashion to spread “politically divisive content.”

Its report details how word-for-word identical posts were published across multiple Facebook pages and groups in the network just minutes apart, with nothing to indicate they weren’t original postings on each page. 

Here’s an example post it found copy-pasted across the Unidad ​Nacional Española network:

Translated the posted text reads: “In Spain, if a criminal enters your house without your permission the only thing you can do is hide, since if you touch a hair on his head or prevent him from being able to rob you you’ll spend more time in prison than him.”

Avaaz found another smaller network targeting left-wing views, called Todos Contra Podemos, which included seven pages and groups with around 114,000 followers — also apparently run by a single individual (in this case using the name Antonio Leal Felix Aguilar) who also operated multiple Facebook profiles

A third network, Lucha por España​, comprised 12 pages and groups with around 378,000 followers.

Avaaz said it was unable to identify the individual/s behind that network. 

While Facebook has not publicized the removals of these particular political disinformation networks, despite its now steady habit of issuing PR when it finds and removes “coordinated inauthentic behavior” (though, of course, there’s no way to be sure it’s disclosing everything it finds on its platform), test searches for the main pages identified by Avaaz returned either no results or what appear to be other unrelated Facebook pages using the same name.

Since the 2016 U.S. presidential election was (infamously) targeted by divisive Kremlin propaganda seeded and amplified via social media, Facebook has launched what it markets as “election security” initiatives in a handful of countries around the world — such as searchable ad archives and political ad authentication and/or disclosure requirements.

However, these efforts continue to face criticism for being patchy, piecemeal and, even in countries where they have been applied to its platform, weak and trivially easy to work around.

Its political ads transparency measures do not always apply to issue-based ads (and/or content), for instance, which punches a democracy-denting hole in the self-styled “guardrails” by allowing divisive propaganda to continue to flow.

In Spain, Facebook has not even launched a system of political ad transparency, let alone launched systems addressing issue-based political ads — despite the country’s looming general election on April 28; its third in four years. (Since 2015 elections in Spain have yielded heavily fragmented parliaments — making another imminent election not at all unlikely.)

In February, when we asked Facebook whether it would commit to launching ad transparency tools in Spain before the April 28 election, it offered no such commitment — saying instead that it sets up internal cross-functional teams for elections in every market to assess the biggest risks, and make contact with the relevant electoral commission and other key stakeholders.

Again, it’s not possible for outsiders to assess the efficacy of such internal efforts. But Avaaz’s findings suggest Facebook’s risk assessment of Spain’s general election has had a pretty hefty blind spot when it comes to proactively picking up malicious attempts to inflate far-right propaganda.

Yet, at the same time, a regional election in Andalusia late last year returned a shocking result and warning signs — with the tiny (and previously unelected) far-right party Vox gaining around 10 percent of the vote to take 12 seats.

Avaaz’s findings vis-à-vis the three bogus far-right networks suggest that as well as seeking to slur left-wing/liberal political views and parties, some of the inauthentic pages were involved in actively trying to amplify Vox — with one bogus page, Orgullo Nacional España, sharing a pro-Vox Facebook page 155 times in a three-month period. 

Avaaz used the Facebook-owned social media monitoring tool Crowdtangle to get a read on how much impact the fake networks might have had.

It found that while the three inauthentic far-right Facebook networks produced just 3.7 percent of the posts in its Spanish elections data set, they garnered an impressive 12.6 percent of total engagement over the three-month period it pulled data on (between January 5 and April 8) — despite consisting of just 27 Facebook pages and groups out of a total of 910 in the full data set. 

Or, to put it another way, a handful of bad actors managed to generate enough divisive politically charged noise that more than one in 10 of those engaging in Spanish election chatter on Facebook, per its data set, at very least took note.

It’s a finding which neatly illustrates that divisive content being more clickable is not at all a crazy idea — whatever the founder of Facebook once said.