Categories
Security

Senators call on FTC Chair Khan to investigate TikTok’s data security practices

Federal Trade Commission Chair Lina Khan is facing new pressure from top Senate Intelligence leaders to investigate TikTok after new reports that the company shares US data with China-based workers.

In a letter to Khan on Tuesday, Sens. Mark Warner (D-VA) and Marco Rubio (R-FL), Senate Intelligence Committee leaders, called on the FTC to open an investigation into TikTok’s data security practices. The call comes after a June BuzzFeed News report detailed how China-based ByteDance engineers had access to TikTok’s US data as late as January 2022.

“In light of repeated misrepresentations by TikTok concerning its data security, data processing, and corporate governance practices, we urge you to act promptly on this matter,” the senators wrote.

The senators’ latest call for an investigation comes amid a new wave of regulatory skepticism against TikTok. After the BuzzFeed report was released last month, Brendan Carr, a Republican on the Federal Communications Commission, asked Apple and Google to remove TikTok from their app stores. Later, a bipartisan group of senators wrote to TikTok’s CEO, Shou Zi Chew, demanding answers regarding the app’s data security practices.

On Friday, Chew responded to US lawmakers, confirming that China-based employees could access US user data. Chew also explained that TikTok was working with Oracle to implement “new advanced data security controls that we hope to finalize in the near future.”

Since 2020, government officials have accused TikTok of sharing US user data with the Chinese government, effectively allowing Chinese officials to track and surveil Americans. TikTok has tried to quell lawmaker concerns, but Chew’s latest letter has prompted even more criticism.

In a Tuesday statement, Warner said, “For years, TikTok has assured lawmakers that user data – and business operations – were effectively firewalled from the People’s Republic of China.” He continued, “It’s a real concern when major communications apps are subject to authoritarian government requests.”

In a statement last week, Sen. Marsha Blackburn (R-TN) called for TikTok to testify before Congress in light of recent reports.

“TikTok’s response confirms that our fears regarding CCP influence within the company are well-founded,” Blackburn said. “They should have come clean from the start but instead tried to shroud their work in secrecy. Americans need to know that if they are on TikTok, Communist China has their information. TikTok needs to come back and testify before Congress.”



Repost: Original Source and Author Link

Categories
Computing

Why The FTC and Others Are Blocking Nvidia From Buying ARM

The U.S. Federal Trade Commission (FTC) is suing Nvidia. Why? Well, Nvidia attempted to acquire U.K. chip designer ARM in 2020 to the tune of $40 billion. And since then, it has encountered an onslaught of probes from governing agencies around the world. Now, the U.S. is stepping in, and the FTC clearly isn’t content to do it quietly.

Nvidia has been under a microscope by regulating authorities around the world for more than a year. In what could be the largest semiconductor merger in history, everyone from industry professionals to antitrust regulators have voiced concern. Here’s why, and if Nvidia will ever be able to buy ARM.

Why no one wants Nvidia to buy ARM

The main concern with Nvidia buying ARM is vertical integration — that is to say, two companies at separate steps in the supply chain. Nvidia produces chips, and ARM designs chip intellectual property (IP) and instruction set architectures (ISA). In short, Nvidia and ARM stand at different points in in the life cycle of designing products that use semiconductors and bringing them to market.

A U.K. probe into the deal from July spells out the concern: “Nvidia and ARM are important drivers of technological change in their fields, and the merger would afford the merged business a significant degree of control over key technologies for a range of sectors.” The report concluded that the deal isn’t appropriate given the implications it has for competition.

ARM is, by far, the largest chip designer in the world. The company says its designs are used in 200 billion devices. In 2020, it was estimated that Qualcomm, Apple, and MediaTek made up three-fourths of the mobile computing chip market — and all three companies use ARM designs for their chips. That’s not to mention other types of products in which ARM designs are used . The company designs chips for data centers, GPUs for phones, and edge computing chips (like the ones you find in smart home devices).

Nvidia is one of ARM’s customers, in fact. The company may focus its GPUs toward the consumer crowd, but it has rapidly moved into the world of autonomous vehicles, A.I. supercomputing, and data center security. Its most recent earnings report showed record revenue for its data center business, and for the first time, faster growth than its gaming business. Given the trends now, we could see Nvidia’s data center revenue surpass gaming for the first time within the next year.

Nvidia ARM servers.

If the deal went through, Nvidia would have control over the world’s dominant chip designer. Nvidia already uses ARM designs, and the FTC lawsuit and many probes into the deal allege that Nvidia would be able to stifle competition to its growing data center business if it acquires ARM.

Nvidia says that it would allow ARM to remain independent under the deal, but it’s easy to see the conflict the deal presents. Government agencies aren’t the only ones worried about the merger. One of ARM’s customers, Qualcomm, has reportedly objected to the acquisition. Google and Microsoft have also reportedly joined in the objection.

If those reasons weren’t enough, ARM China’s CEO, Allen Wu, refused to leave the company after being fired in 2020. Wu went as far as to hire his own private security to maintain control, and Chinese regulators weren’t keen on stepping in. To further illustrate how much opposition Nvidia faces, the company already has a dedicated page on its site for Nvidia’s vision for ARM in China.

Although it’s a stretch to say everyone is against this deal — Broadcomm and MediaTek are two notable advocates of it — governmental bodies and massive technology companies aren’t convinced. And with a lawsuit now on the books, Nvidia could be facing its biggest challenge yet.

Why the FTC is suing Nvidia right now

Sign at the FTX office.

The recent FTC lawsuit is far from the first hurdle Nvidia has encountered to a deal that could be worth upwards of $54 billion. Even at the conservative estimate of $40 billion for the deal, it would be the largest semiconductor merger in history.

The U.K. decided that the deal would stifle competition. A probe from the EU expressed similar concerns: “Our analysis shows that the acquisition of ARM by Nvidia could lead to restricted or degraded access to ARM’s IP, with distortive effects in many markets where semiconductors are used,” EU competition chief Margrethe Vestager said in a statement. China is looking at the deal, too, and the U.K. announced a second probe into it in November. Even absent the FTC lawsuit, Nvidia likely wouldn’t be able to proceed with the merger until well into 2022.

FTC commissioners voted unanimously to proceed with the lawsuit. The lawsuit lays out three areas where the merger could eliminate competition:

  1. Autonomous vehicles, and the hardware and software necessary to them
  2. Data center networking products that improve security and efficiency
  3. CPUs for cloud-based applications

Although the lawsuit doesn’t mention graphics cards or consumer PCs, Nvidia has been forward about ARM-based gaming PCs, suggesting it would use the merger in more than just the data center.

Critically, the lawsuit also alleges that the deal would give Nvidia access to its rivals’ confidential trade secrets. “Today, ARM’s licensees — including Nvidia’s rivals — routinely share competitively sensitive information with ARM,” the press release reads. “The acquisition is likely to result in a critical loss of trust in ARM and its ecosystem.”

An ARM booth at CES.
AMD/Twitter

Currently, ARM is considered a neutral party in the semiconductor industry. It has been described as the Switzerland of chips, using an open licensing approach that allows anyone to access the ARM IP for free. The FTC alleges the merger would hurt the integrity of ARM’s status in the industry, giving “Nvidia the ability and incentive to use its control of this technology to undermine its competitors.”

The FTC’s administrative trial is set to begin on August 9, 2022. The second U.K. probe and the ongoing probe from China have already pushed the deal into limbo, and the FTC’s lawsuit is positioned to drag it out even further.

Will Nvidia be able to buy ARM?

Nvidia and ARM CEOs in an interview.
Nvidia and ARM CEOs discussing the merger publicly.

It’s hard to say for sure, but Nvidia’s acquisition of ARM is looking more unlikely than ever. The FTC’s lawsuit is the first firm roadblock the deal has faced, but other governmental agencies around the world have shown that they’re not done with voicing concern. It seems the goal at this point is to drag out the deal until it’s ultimately dropped.

Analysts suggest that the merger won’t go through. When speaking with CNBC, angel investor Ian Hogarth said that he believes it has less than a 25% chance of going through. Alan Priestly, vice president of research outfit Gartner, said that ARM may decide to go public on the stock market if the purchase is dropped.

There isn’t a way to know if Nvidia will be able to buy ARM. Even if the lawsuit is settled in favor of Nvidia, though, this is far from the last blockade Nvidia will face. With the semiconductor industry idly waiting and government agencies eager to shut it down, Nvidia may have to give up on the largest semiconductor merger in history.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

FTC bans spyware app SpyFone, orders it to delete illegally harvested data

On Wednesday, the Federal Trade Commission announced it had banned spyware maker SpyFone and its CEO Scott Zuckerman from the surveillance business. The commission called SpyFone a “stalkerware app company” that allegedly harvested and shared data about people’s movements, phone use, and online activity via a hidden device hack.

“The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence,” the FTC said in a statement. “SpyFone’s lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats.”

In addition to the ban, the FTC ordered SpyFone to delete illegally harvested data and notify device owners when the app had been installed without their knowledge.

“We must be clear eyed about the variety of threats that surveillance businesses pose,” FTC chair Lina Khan said in a statement. “The FTC will be vigilant in its data security and privacy enforcement and will seek to vigorously protect the public from these dangers.”

Stalkwerware apps, which are banned by app stores, can be used to track a user’s movements and online activities without their knowledge, sometimes marketed as ways to for “catching a cheating spouse” or, more subtly, to keep tabs on employees or children, according to the Electronic Frontier Foundation (EFF). Such apps can be used to perpetuate harassment and abuse, according to the Coalition Against Stalkerware.

SpyFone ran at a phone’s root level for several of its functions, the FTC said, including monitoring email and video chats.

The app and its CEO are banned from “offering, promoting, selling, or advertising any surveillance app, service, or business,” according to the FTC.

The EFF praised the FTC’s order. “With the FTC now turning its focus to this industry, victims of stalkerware can begin to find solace in the fact that regulators are beginning to take their concerns seriously,” the foundation’s leadership wrote in a blog post.

The FTC board voted 5-0 to accept the consent order with the company. SpyFone, which is now doing business as Support King, did not admit or deny the FTC’s allegations, according to the consent order agreement (pdf). Commissioner Rohit Chopra issued a separate statement, saying the proposed order “in no way releases or absolves” the company or the CEO from potential criminal liability

“While this action was worthwhile, I am concerned that the FTC will be unable to meaningfully crack down on the underworld of stalking apps using our civil enforcement authorities,” Chopra wrote. “I hope that federal and state enforcers examine the applicability of criminal laws, including the Computer Fraud and Abuse Act, the Wiretap Act, and other criminal laws, to combat illegal surveillance, including the use of stalkerware.”



Repost: Original Source and Author Link

Categories
Security

Twitter Expects Hefty FTC Fine for Alleged Privacy Violations

Twitter says it is expecting the Federal Trade Commission (FTC) to hit it with a fine of between $150 million and $250 million over alleged privacy violations.

In a 10-Q filing with the Securities and Exchange Commission, the San Francisco-based company said it received a draft complaint from the FTC on July 28 detailing alleged violations of Twitter’s 2011 consent order with the commission that required it to stop misleading its users regarding how it protects their personal data.

Specifically, the allegations relate to Twitter’s use of users’ phone numbers and email data that it gathered for safety and security purposes but which was also used for targeted advertising between 2013 and 2019.

The issue came to light in October 2019 when Twitter addressed it publicly. Explaining what had happened, the company said that when an advertiser uploaded their marketing list, “we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes.” It said the action had been carried out “inadvertently” and described it as an “error.” It added that it couldn’t be certain how many people on its platform had had their data used for advertising purposes.

It also said that it put a block on the practice in September 2019 to ensure that gathered phone numbers and emails no longer had any connection with targeted ads served on the site.

The allegation therefore isn’t about whether the incident happened, but whether it violated the agreement between Twitter and the FTC.

Digital Trends has reached out to Twitter for more information on the issue and we will update this article when we hear back.

To be clear, the expected fine has nothing to do with the major hack that recently targeted a number of high-profile Twitter accounts in a scam that tricked some followers into sending money to the perpetrators.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Tech News

5 things to know about Big Tech’s new threat — FTC chair Lina Khan

Big tech has a new threat to its market dominance: FTC chairwoman Lina Khan.

President Joe Biden appointed Khan chair of the Federal Trade Commission on June 15, putting a prominent proponent of breaking up monopolies in charge of the competition regulator.

“I look forward to working with my colleagues to protect the public from corporate abuse,” Khan said in a statement.

Progressives have heralded the appointment as an opportunity to rein in the increasing power of Silicon Valley, which will be keeping a close eye on her next moves. Here are five things you should know about the legal wunderkind.

1. She rose to prominence after writing a critique of Amazon

Khan burst onto the antitrust scene after writing”Amazon’s Antitrust Paradox,” a paper published while she was still a student at Yale Law School. The New York Times described it as “reframing decades of monopoly law.”

[Read: Why entrepreneurship in emerging markets matters]

Khan argued that the current American antitrust focus on keeping prices down for consumers is an outdated approach in the era of big tech platforms, which use predatory pricing to squeeze out smaller competitors and exploit their existing dominance to enter new markets. Instead, she proposed evaluating their impact in a more holistic way:

Applying this idea involves, for example, assessing whether a company’s structure creates certain anticompetitive conflicts of interest; whether it can cross-leverage market advantages across distinct lines of business; and whether the structure of the market incentivizes and permits predatory conduct.

Just five years year after publishing the paper, Khan has the chance to turn her theories into regulatory practice

2. She’s also got history with Google

During a stint at the New America Foundation, a center-left think tank, Khan helped edit a statement from her team that described Google’s market power as “one of the most critical challenges for competition policymakers in the world today.”

The message caught the eye of Eric Schmidt, Google’s then-executive chairman, who together with Google had invested millions in the foundation. He voiced his displeasure to the group’s president, the New York Times reported.

Two months later, Khan’s team separated from the think tank. But the episode hasn’t prevented her from continuing to publicly lambaste Google.

She’s slated the company for illegally reneging on commitments, excluding rivals, and monopolizing markets.

Across markets, Google has consistently promised an open ecosystem only to close it off,” she tweeted in December 2020.

Khan also advised the House Judiciary subcommittee on antitrust in its investigation into Google, Facebook, Amazon, and Apple. According to CNBC, she specifically worked on the section about Google, which has since been sued on antitrust grounds in the US.

3. She’s been called an “antitrust hipster”

Khan has become a figurehead of an antitrust movement known as the New Brandeis School, which asserts that competition laws should focus on more than just consumer pricing.

Critics have denigrated their approach as “antitrust hipsterism.”

Antitrust lawyer Konstantin Medvedovsky, who coined the term, called Khan’s paper “the face of the movement.”

The phrase has also been used by former Federal Trade Commissioner Joshua Wright and ex-Republican Senator Orrin Hatch, as a way to accuse the New Brandeis theory of lacking evidence.

But Khan’s appointment suggests they’re now winning the antitrust argument.

4. Elizabeth Warren loves her

In 2016, Khan and Barry Lynn, who headed her team at The New American Foundation, met Senator Elizabeth Warren for dinner. According to The New Yorker, the duo “suggested several anti-monopoly tools, including breaking up some of these giant companies.”

Warren later called Khan “the leading intellectual force in the modern anti­trust movement.”

The senator described her appointment at the FTC as “tremendous news.”

“With Chair Khan at the helm, we have a huge opportunity to make big, structural change by reviving antitrust enforcement and fighting monopolies that threaten our economy, our society, and our democracy,” she tweeted.

Khan’s confirmation signaled growing bipartisan support for her ideas, as she also received support from several Republicans. However, not everyone in the GOP is a fan.

5. She’s only 32

At 32, Khan is the youngest ever chair of the FTC. The London-born scholar has only been out of law school for four years, and critics argue that she’s not ready for the role.

They include Republican senator Mike Lee, who said she “lacks the experience necessary” for the position. Lee also called her ideas “wildly out of step with a prudent approach to the law.”

However, her experience belies her age. Khan is already an associate professor at Columbia Law School, has worked for the FTC since 2018, and served as counsel to the House Judiciary subcommittee on antitrust, commercial, and administrative law.

Her relative youth could also be an asset. I expect the 32-year-old has a greater understanding of tech than the octogenarian policymakers who don’t understand how online platforms make their money.



Repost: Original Source and Author Link

Categories
AI

FTC settles with photo storage app that pivoted to facial recognition

The Federal Trade Commission has reached a settlement with photo storage app Ever that it says used customers’ photos to develop facial recognition technology without telling them, the agency announced Monday.

Under the terms of the agreement, Everalbum Inc. is required to delete photos and videos of its users who deactivated their accounts, as well as any facial recognition algorithms developed with users’ photos or videos. The company also must delete all “face embeddings,” which it describes as “data reflecting facial features that can be used for facial recognition purposes” that were derived from users’ photos who didn’t give consent for their use.

Everalbum, which shut down Ever in August and rebranded itself as Paravision AI, is also prohibited from misrepresenting how it collects and uses personal information and how it protects users’ privacy. If it markets software to consumers for personal use, the company has to obtain express consent before using any biometric information it collects from users to create face embeddings or to develop facial recognition technology.

In a 2019 report, NBC News detailed how Ever launched as a cloud storage business in 2013, but then switched to be a facial recognition technology provider four years later because it realized its photo app “wasn’t going to be a venture-scale business.” The report found that the Ever app was using customer’s private photos to train its facial recognition algorithm, which it then sold to clients.

The company said at the time that it never shared personal user data. Its privacy policy said “Your files may be used to help improve and train our products and these technologies,” but with little detail.

Photo services often use facial recognition to classify photos — Google, Facebook, and Apple have all been criticized in the past for their systems over privacy concerns — and large photo databases are often used by companies to train their facial recognition algorithms. Still, those services request extensive permissions from the user, and it’s extremely rare for a photo service to pivot entirely into facial recognition without notifying users.

According to the FTC, Everalbum told users that it would delete photos and videos of users who deactivated their accounts, but the agency said the company had failed to do so through at least October 2019, instead retaining them indefinitely.

In an email to The Verge, a Paravision spokesperson said the FTC order “reflects a change that has already taken place,” and the company has “no plans to run a consumer business moving forward.” Paravision’s face recognition model does not use any Ever users’ data, the spokesperson added.

“Face recognition and computer vision technology have the potential to improve our lives in profound ways and we take the gravity of its impacts extremely seriously,” the spokesperson continued, adding that Paravision has been recognized as an “accurate provider” of face recognition technology. “We look forward to maintaining this position with our latest generation model, and are deeply committed to the ethical development and use of this technology.”

Repost: Original Source and Author Link

Categories
Tech News

FTC drops Qualcomm antitrust lawsuit after four-year battle

The past few years have seen various government agencies file complaints or lawsuits against giant tech companies but, back in 2017, that wasn’t a common thing. That’s what made the US FTC’s decision to file an antitrust lawsuit against Qualcomm back then a landmark case that would also rattle the mobile market in its wake. The FTC initially scored a victory in 2019 but lost on appeal last year. Instead of the planned request for review, however, this year’s FTC has decided not to pursue the case further, practically letting Qualcomm get away with the anticompetitive practices it was accused of.

In 2019, District Judge Lucy Koh of Apple v. Samsung fame ruled in favor of the FTC and found Qualcomm guilty of abusing its dominant position to extract excessive licensing fees from its customers, a long list that includes the likes of Apple, Samsung, and almost all smartphone makers. Although best known for making and selling mobile processors, Qualcomm’s biggest profits actually come from its IP licenses and its “no license, no chip” style of business was one of the most contested expressions of its anticompetitive behavior.

Last year, however, a three-judge Appeals Court panel overturned that ruling, arguing that while aggressive, the competition didn’t actually constitute illegal behavior. Qualcomm would have otherwise been forced to change its lucrative business model had it not won that appeal. The chipmaker argued that it was actually that licensing strategy that allowed it to drive innovation in that mobile market.

Under acting chairwoman Rebecca Kelly Slaughter, the FTC has decided it will no longer seek a Supreme Court review of the appeal. The agency makes it clear that it agreed with federal district judge Koh’s ruling but it also faced “significant headwinds” to have the appeal overturned. In other words, it had to choose its battles and it has decided to focus instead on better enforcing antitrust laws.

That decision, however, is pretty much a vindication of Qualcomm’s business practices even if it wasn’t meant to be so. Of course, Qualcomm is very happy to end the four-year legal dispute and will probably now be emboldened to strengthen its licensing strategy even more now that it has stood the test of lawsuits.

Repost: Original Source and Author Link

Categories
Security

Zoom has settled with the FTC over ‘deceptive’ security practices

The Federal Trade Commission announced a settlement with videoconferencing platform Zoom over “misleading claims” about its security. The agency said in a statement that when Zoom incorrectly claimed its video calls were protected by end-to-end encryption, the company engaged in “deceptive and unfair practices that undermined the security of its users.”

Zoom said in March that the phrase “end to end” was “in reference to the connection being encrypted from Zoom end point to Zoom end point,” that “content is not decrypted as it transfers across the Zoom cloud,” and that it only collected user data needed to improve its services.

But according to the FTC, Zoom had the cryptographic keys that could allow the company to access customers’ meetings. “Zoom’s misleading claims gave users a false sense of security, according to the FTC’s complaint, especially for those who used the company’s platform to discuss sensitive topics such as health and financial information,” the agency said.

Zoom finally introduced the first of four phases of its end-to-end encryption in October for free and paid users in meetings with up to 200 participants. The next phase, scheduled to launch next year, will have better identity management and support for single sign-on, the company said.

A Zoom spokesperson said in a statement emailed to The Verge that the security of its users is a top priority and that it had already addressed the issues in the FTC complaint. “Today’s resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience,” the statement reads.

In addition to the end-to-end encryption issue, the FTC also said in its complaint that Zoom had stored unencrypted meeting recordings on its servers for up to 60 days and compromised the security of some users when it “secretly” installed software called ZoomOpener last year. That software allowed Zoom to launch automatically on macOS and bypass safeguards in Apple’s Safari browser meant to block malware, according to the FTC. Zoom released a patch last July, and Apple pushed an update to remove ZoomOpener from users’ devices.

Under the terms of the agreement with the FTC, which has no financial component, Zoom has to take specific steps to address the problems in the agency’s complaint and review software updates for security flaws. The company is also “prohibited from making misrepresentations about its privacy and security practices,” including how it collects and uses customers’ personal data as well as “the extent to which users can control the privacy or security of their personal information.”

Zoom also has to have an independent third-party assess its security every other year and notify the FTC in the event of a data breach.

Repost: Original Source and Author Link