China’s crackdown on Jack Ma’s empire is far from over: The country’s regulators have ordered the Ma-founded Alibaba affiliate Ant Group to scale down its business. In particular, they’ve ordered the company to “return to its origins” as a payment provider. Ant Group started out as Alipay, which became China’s largest digital payment platform, though it eventually expanded to offer investment and savings accounts, as well as lending, insurance and wealth management services. Pan Gongsheng, the deputy governor of China’s central bank, called those services “illegal” and said the company must “strictly rectify” those activities. As The Guardian noted, those services are the group’s most profitable and fastest-growing divisions.

Gongsheng listed all the steps Ant Group are required to take as ordered by Chinese regulators in a release posted on the bank’s official website. Those requirements include prohibiting unfair competition, improving corporate governance and ensuring everything it does is “in accordance with the law.” As for the company, it told The Guardian in a statement that it would form a “rectification working group” to implement those requirements. A spokesperson explained:

“We will enlarge the scope and magnitude of opening up for win-win collaboration, review and rectify our work in consumer rights protection, and comprehensively improve our business compliance and sense of social responsibility. Ant will make its rectification plan and working timetable in a timely manner and seek regulators’ guidance in the process.”

Back in November, Chinese regulators blocked Ant’s planned IPO in Hong Kong and Shanghai, which was expected to raise $34 billion. Authorities also introduced new draft laws to oversee tech companies’ data collecting activities, along with other rules they say are meant to protect consumers. And just a few days ago, regulators opened an investigation into Alibaba’s “suspected monopolistic conduct.”

Ma’s businesses seem to have become a target after he called Chinese banks state-owned “pawnshops” for handing out unnecessary loans at a finance summit in Shanghai in October. According to Bloomberg, his companies have been in crisis mode since then and his executives even formed a task force to deal with government watchdogs on a daily basis.

Source: China pushes Alibaba founder Jack Ma to downsize his finance business | Engadget

China kicked off an investigation into alleged monopolistic practices at Alibaba Group Holding and summoned affiliate Ant Group Co. to a high-level meeting over financial regulations, escalating scrutiny over the twin pillars of billionaire Jack Ma’s internet empire.

The probe announced Thursday marks the formal start of the Communist Party’s crackdown on the crown jewel of Ma’s sprawling dominion, spanning everything from e-commerce to logistics and social media. The pressure on Ma is central to a broader effort to rein in an increasingly influential internet sphere: Draft anti-monopoly rules released November gave the government unusually wide latitude to rein in entrepreneurs like Ma who until recently enjoyed unusual freedom to expand their realms.

Once hailed as drivers of economic prosperity and symbols of the country’s technological prowess, Alibaba and rivals like Tencent Holdings face increasing pressure from regulators after amassing hundreds of millions of users and gaining influence over almost every aspect of daily life in China.

“It’s clearly an escalation of coordinated efforts to rein in Jack Ma’s empire, which symbolized China’s new ‘too-big-to-fail’ entities,” said Dong Ximiao, a researcher at Zhongguancun Internet Finance Institute. “Chinese authorities want to see a smaller, less dominant and more compliant firm.”

[…]

Ma isn’t on the verge of a personal downfall, those familiar with the situation have said. His very public rebuke is instead a warning Beijing has lost patience with the outsize power of its technology moguls, increasingly perceived as a threat to the political and financial stability President Xi Jinping prizes most.

[…]

The country’s internet ecosystem — long protected from competition by the likes of Google and Facebook — is dominated by two companies, Alibaba and Tencent, through a labyrinthine network of investment that encompasses the vast majority of the country’s startups in arenas from AI to digital finance. Their patronage has also groomed a new generation of titans including food and travel giant Meituan and Didi Chuxing — China’s Uber. Those that prosper outside their aura, the largest being TikTok-owner ByteDance Ltd., are rare.

The anti-monopoly rules now threaten to upset that status quo with a range of potential outcomes, from a benign scenario of fines to a break-up of industry leaders. Beijing’s diverse agencies appear to be coordinating their efforts — a bad sign for the internet sector.

“There is nothing that Chinese Communist Party doesn’t control and anything that does appear to be gyrating out of its orbit in any way is going to get pulled back very quickly,” said Alex Capri, a Singapore-based research fellow at the Hinrich Foundation.

The campaign against Alibaba and its peers got into high gear in November, after Ma famously attacked Chinese regulators in a public address for lagging the times. Market overseers subsequently suspended Ant’s IPO — the world’s largest at $35 billion — while the anti-monopoly watchdog threw markets into a tailspin shortly after with its draft legislation.

[…]

 

Source: China Targets Jack Ma’s Alibaba With Monopoly Investigation | Time

YouTube says it has found a “smoking gun” to prove that a class-action lawsuit filed by Grammy award-winning musician Maria Schneider and Pirate Monitor Ltd was filed in bad faith. According to the Google-owned platform, the same IP address used to upload ‘pirate’ movies to the platform also sent DMCA notices targeting the same batch of content.

[…]

Schneider told the court that a number of her songs had been posted to YouTube without her permission. Pirate Monitor Ltd argued similarly, stating that pirated copies of its works had been uploaded to the site. Both further said they had been denied access to Content ID.

In its response, YouTube focused on Pirate Monitor, alleging that the company or its agents uploaded the ‘pirate’ movies and then claimed mass infringement, something which disqualified them from accessing Content ID.

[…]

“Through agents using pseudonyms to hide their identities, Pirate Monitor uploaded some two thousand videos to YouTube, each time representing that the content did not infringe anyone’s copyright. Shortly thereafter, Pirate Monitor invoked the notice-and-takedown provisions of the Digital Millennium Copyright Act to demand that YouTube remove the same videos its agents had just uploaded.”

[…]

In all, YouTube processed nearly 2,000 DMCA notices it received by Pirate Monitor in the fall of 2019. All of the targeted videos had a uniform length, around 30 seconds each, generated from “obscure Hungarian movies”. They had been uploaded in bulk from users with IP addresses allocated to Pakistan.

“That alone was suspicious, there is no obvious reason why short clips from relatively unknown Hungarian-language movies should be uploaded to YouTube from accounts and devices in Pakistan,” YouTube writes.

Furthermore, YouTube notes that the videos were uploaded by users with similar names, such as RansomNova11 and RansomNova12, who gave the clips nondescript titles. Perhaps even more telling, the takedown notices were sent soon after the videos were uploaded, sometimes before the videos had been seen by anyone.

[…]

After considerable digging, YouTube found a smoking gun. In November 2019, amidst a raft of takedown notices from Pirate Monitor, one of the ‘RansomNova’ users that had been uploading clips via IP addresses in Pakistan logged into their YouTube account from a computer connected to the Internet via an IP address in Hungary,” YouTube explains.

“Pirate Monitor had been sending YouTube its takedown notices from a computer assigned that very same unique numeric address in Hungary. Simply put, whoever RansomNova is, he or she was sharing Pirate Monitor’s computer and/or Internet connection, and doing so at the same time Pirate Monitor was using the same computer and/or connection to send YouTube takedown notices.”

Source: YouTube Class Action: Same IP Address Used to Upload ‘Pirate’ Movies & File DMCA Notices * TorrentFreak

Cydia, the original app store for jailbroken iPhones, has joined a wave of companies and regulators in targeting Apple over antitrust concerns. In a lawsuit it filed on Thursday, it accused Apple of “anti-competitive acquisition and maintenance of an illegal monopoly over iOS app distribution.”

Were that not the case, Cydia argues, users would “be able to choose how and where to locate and obtain iOS apps, and developers would be able to use the iOS app distributor of their choice.” Apple rejected accusations it has a monopoly and told Motherboard it would review the lawsuit.

Apple launched the App Store in 2008, the year after Cydia arrived. The unofficial store allows users who jailbreak their iPhone and iPad to download apps and add features that Apple hasn’t necessarily approved.

Over time, Apple has made jailbreaking its devices more difficult and Cydia isn’t as prominent or popular as it once was. In 2010, Cydia developer Jay “Saurik” Freeman said 4.5 million users were searching the store for apps.

Like the App Store, Cydia took a cut of app sales and revenue peaked at around $10 million in 2011 and 2012, according to the Washington Post. Freeman ended purchases from Cydia’s store in 2018.

The suit follows a number of high-profile moves against Apple for similar reasons. Back in August, Epic Games sued Apple over its App Store rules after trying to bypass them. A coalition of companies, including Epic and Spotify, has formed to pressure Apple and Google into changing their app store practices. Apple is also under antitrust scrutiny from regulators in Europe and the US.

Source: Jailbreak app store Cydia files its own antitrust lawsuit against Apple | Engadget

Wall Street has begun trading water as a commodity, like gold or oil. The country’s first water market launched on the Chicago Mercantile Exchange this week with $1.1 billion in contracts tied to water prices in California, Bloomberg News reported.

The market allows farmers, hedge funds, and municipalities to hedge bets on the future price of water and water availability in the American West. The new trading scheme was announced in September, prompted by the region’s worsening heat, drought, and wildfires fueled by climate change. There were two trades when the market went live Monday.

“Climate change, droughts, population growth, and pollution are likely to make water scarcity issues and pricing a hot topic for years to come,” RBC Capital Markets managing director and analyst Deane Dray told Bloomberg. “We are definitely going to watch how this new water futures contract develops.”

[…]

Source: Wall Street Begins Trading Water Futures as a Commodity – Yale E360

In 2017, Zunum Aero was flying high. The Kirkland, Washington-based aviation startup came out of stealth mode with bold plans to build a fleet of 12-seat hybrid electric jets for short, regional hops between cities. The company, which had received millions of dollars from the venture arms of Boeing and JetBlue, said it would be ready to fly by 2022.

Not long after, those dreams came crashing down to earth. In 2018, Zunum ran out of cash, forcing it to lay off nearly all of its employees and vacate its headquarters. It struggled to raise additional funds that it needed to get its plans back in motion. And now, Zunum is striking back at one of its former investors. The company filed a lawsuit in Washington Superior Court this week accusing aerospace giant Boeing of fraud, technology theft, breach of contract, and misappropriation of trade secrets.

Zunum said that Boeing “colluded with other key aerospace manufacturers and funders” to sabotage its efforts to raise additional cash and tried to poach Zunum’s engineers during the process. The startup claims that Boeing saw its superior technology and potential to disrupt air travel as a threat to its own dominance in the aviation world and sought to undermine it. Using its due diligence as an investor as subtext, Zunum said Boeing gained access to its business plan and proprietary technology, and “exploited” Zunum for its own benefit.

“Boeing saw an innovative venture, with a dramatically improved path to the future, and presented itself as interested in investing and partnering with Zunum,” the company claims in court filings. “But instead, Boeing stole Zunum’s technology and intentionally hobbled the upstart entrant in order to maintain its dominant position in commercial aviation by stifling competition.”

It’s rare that a startup would sue one of its investors after failing to deliver on its promises. But Zunum said its setbacks weren’t because of bad technology or a faulty business plan. Rather, the company claims it was sabotaged by Boeing, which misused its position as an investor to pillage its talent and patents before eventually scuttling the company’s ability to continue to raise money.

Zunum also names HorizonX, Boeing’s venture capital arm, and French engine supplier Safran as co-defendants. The company is seeking compensatory and punitive damages. A spokesperson for Boeing said the lawsuit was without merit and that the company would “vigorously” contest it in court.

[…]

Zunum puts the blame on Boeing. The Chicago-based company repeatedly reneged on promises for additional funds and dissuaded other investors from putting money in, the lawsuit alleges.

“Boeing also kept Zunum beholden to it for much-needed capital and market validation, stringing Zunum along with the prospects of an anchor investment and providing leadership on further fundraising,” the lawsuit says. “Although Zunum also sought investments elsewhere, Boeing actively interfered with and undermined those business relationships while inducing Zunum to continue its reliance on Boeing by holding out the prospect of a strategic partnership or merger.”

[…]

“Zunum discovered that Boeing was secretly developing a replica prototype of Zunum’s flagship aircraft design, staffed by the very same engineers and other professionals whom Boeing had assigned to conduct extensive due diligence on Zunum, under non-disclosure and non-use obligations,” the lawsuit reads.

Source: Struggling electric jet startup Zunum sues Boeing for fraud and misuse of trade secrets – The Verge

Don’t be surprised if you start seeing ads on videos made by smaller YouTube creators. The video-sharing website has updated its Terms of Service, and it includes a new section that gives it the right to monetize videos from channels not big enough to be part of its Partner Program. That doesn’t mean new creators can start earning from their videos right away, though — YouTube said in a forum post explaining the changes to its ToS that non-YPP members won’t be getting a cut from those ads.

To become eligible for the YouTube Partner Program, a creator has to be living in a country where it’s active, has to have 4,000 public watch hours in the last 12 months and has to have over 1,000 subscribers. YouTube only used to run ads on videos from channels that don’t meet those criteria under special circumstances, such as if the channel was previously a YPP member. Going forward, though, the website can monetize any video, so long as it meets its ad-friendly guidelines.

Source: YouTube will run ads on smaller creators’ videos without paying them | Engadget

iOS 14.3 will prompt some users to install selected third-party applications during setup, in what is likely an attempt to stifle any allegations of anticompetitive behaviour from regulators.

The feature, which is buried deep within the beta version of the upcoming iOS release and was first spotted by 9to5Mac, is believed to be activated depending on the location of the user, and states: “In compliance with regional legal requirements, continue to view available apps to download.”

Although iOS is not the most widely installed mobile operating system (that particular crown belongs to Android), it is unique insofar as the control exerted by Apple on the ecosystem, famously dubbed the Walled Garden. This limits where users can download third-party software – exclusively the App Store – and forces developers to use Apple’s payment processing methods, which take a 30 per cent cut of all transactions. Moreover, until recently, users were unable to select third-party products for their default browser and email apps.

This has prompted antitrust investigations in several jurisdictions, including the US, Japan, and the EU, often prompted by the complaints of competitors, such as Spotify and Rakuten. This is in addition to the legal action taken by Epic Games, which has claimed Apple deliberately tries to disadvantage third-party developers through its app store policies.

[…]

Source: Apple braces for antitrust woes by letting users select and install third-party apps during setup of iOS 14.3 • The Register

This is something I have been talking about since early 2019 and it’s good to see action happening on it

The European Union is serving formal antitrust charges to Amazon, saying that the retailer has misused its position to compete against third-party businesses using its platform. Officials, led by competition chief Margrethe Vestager, believe there is enough evidence to charge the company for this misuse. This data, so the claim goes, was used by Amazon to build copycat products to undercut these independent businesses, especially in large markets like France and Germany.

At the same time, regulators have opened a second investigation into favorable treatment around the “Buy Box” and the “Prime Label.” Officials suspect that independent sellers that use Amazon’s own logistics network are able to use features that those with their own logistics networks do not. Vestager said that they want those independents to be able to “compete on the merits” rather than on any sort of lock-in.

Amazon, very broadly, is a retailer itself, but it’s also a retail platform that lets third parties sell their wares side by side with Amazon’s own. These independent, unaffiliated companies can even piggyback on Amazon’s vast logistics and warehousing network. But there’s a catch: If a small seller makes a surprisingly popular product, Amazon can see that sales data on its own system. There could be the temptation for Amazon to make a similar product and direct sales toward itself.

We reached the preliminary conclusion that @amazon illegally has abused its dominant position as a marketplace service provider in DE & FR. @amazon may have used sensitive data big scale to compete against smaller retailers. Now for @amazon to respond. @EU_Competition

— Margrethe Vestager (@vestager) November 10, 2020

This isn’t a hypothetical, and The Wall Street Journal published a report in April claiming the company was doing this very thing. Former employees have claimed that Amazon can not only identify hot trends but also use that data to price their own products competitively. In one example, the makers of a popular car trunk organizer found that, a while after, Amazon launched a very similar product as part of its private label offering.

Now, Amazon has said that using third-party seller data in this manner is against its own policies and affirmed that position in Congress. Amazon has also said that the practice of producing “private label” goods is used by every major retailer, and isn’t a threat to the independent brands they sell. But regulators in both the US and Europe aren’t satisfied with that answer and are pushing for more information. In July 2019, the EU opened a formal investigation to see if what Amazon was doing violated local competition rules, with today’s charges the result of that procedure.

[…]

 

Source: European Commission charges Amazon over misuse of seller data | Engadget

I have been talking about this since early 2019, it’s good to see action on this!

The US Department of Justice on Thursday filed a legal request to formally take control of more than $1bn in Bitcoin (BTC) generated from the sales of illicit goods at Silk Road.

It is believed the crypto-coins were stolen from the dark-web market at some point, and now the Feds want to take ownership of the haul.

Between 2011 and 2013, Silk Road sold a variety of illegal drugs and services online, until it was shut down by US law enforcement. In 2015, the site’s operator, Ross Ulbricht, was sentenced to life in prison without the possibility of parole. Now the Feds say they have an agreement to get a billion-dollar payday with Bitcoins used on the site.

In that brief period, the site racked up total revenue of more than 9.5m BTC resulting in about 600K BTC of sales commissions, according to the DoJ’s forfeiture filing.

When Ulbricht was arrested in October, 2013, the FBI said it had seized 144,336 BTC from Ulbricht’s hardware, plus 29,655 BTC from a prior seizure, totaling 173,991 BTC, which was worth about $33.6m at the time or about $2.6bn at the current exchange rate.

Prior to that, in May, 2012, according to Tom Robinson, chief scientist and co-founder of cryptocurrency analytics biz Elliptic, about 70,000 BTC left Silk Road’s digital wallet before being moved to a Bitcoin wallet with the address 1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx in 2013.

Since then, there have been a few transactions between BTC addresses related to the Silk Road funds that have remained beyond the reach of US authorities. According to a Dept of Justice court filing [PDF] today, law enforcement officers earlier this year worked with a third-party Bitcoin attribution company to analyze unattributed transactions and noticed an unusual pattern among some of them.

“These 54 transactions were not noted in the Silk Road database as a vendor withdrawal or a Silk Road employee withdrawal and therefore appear to represent Bitcoin that was stolen from Silk Road,” the court filing explained, noting that they amounted to 70,411.46 BTC. Worth about $354,000 at the time of the transfers, the value of that digital currency has skyrocketed to over $1bn today.

Investigators managed to link an unidentified individual with these transactions and the Bitcoin wallet identified above that begins 1HQ3.

“According to the investigation, Individual X was able to hack into Silk Road and gain unauthorized and illegal access to Silk Road and thereby steal the illicit cryptocurrency from Silk Road and move it into wallets that Individual X controlled,” the filing claimed. “…Ulbricht became aware of Individual X’s online identity and threatened Individual X for return of the cryptocurrency to Ulbricht.”

The government contends that Individual X failed to return the funds and kept the cryptocurrency without spending it. The complaint goes on to state that on Tuesday, Individual X signed an agreement with the US Attorney’s Office in Northern California to surrender the hacked funds.

Also on Tuesday, the 1HQ3 wallet shows a transfer of 69,369 BTC, worth about $1bn – presumably this represents Individual X providing the government with access to the funds it hopes to formally seize.

The Register has asked the Department of Justice to confirm that it controls the receiving digital wallet but we’ve not heard back.

The DoJ legal filing signals to the court that the government will present evidence that the cited property can be lawfully forfeited. If the court approves the forfeiture, the Feds will officially gain control of the funds

Source: Uncle Sam’s legal eagles hope to get their claws on $1bn in Bitcoin ‘stolen by hacker’ from dark-web souk Silk Road • The Register

We all knew it was coming. Today, the US government’s Department of Justice filed an antitrust lawsuit against Google. The company, which is a part of Alphabet, is accused of having an unfair monopoly over search and search-related advertising. In addition, the department disagrees with the terms around Android, the most widely-used mobile operating system, that forces phone manufacturers to pre-load Google applications and set Google as the default search engine. That decision stops rival search providers from gaining traction and, as a consequence, ensures that Google continues to make enormous amounts of cash via search-related advertising.

“Google pays billions of dollars each year to distributors—including popular-device manufacturers such as Apple, LG, Motorola, and Samsung; major U.S. wireless carriers such as AT&T, T-Mobile, and Verizon; and browser developers such as Mozilla, Opera, and UCWeb— to secure default status for its general search engine and, in many cases, to specifically prohibit Google’s counterparties from dealing with Google’s competitors,” the lawsuit filing reads.

[…]

Walker also argued that Google competes with platforms such as Twitter, Expedia and OpenTable, which let you search for news, flights and restaurant reservations respectively.” Every day, Americans choose to use all these services and thousands more,” he said.

Some of Google’s rivals feel differently. “We’re pleased the DOJ has taken this key step in holding Google accountable for the ways it has blocked competition, locked people into using its products, and achieved a market position so dominant they refuse to even talk about it out loud,” Gabriel Weinberg, CEO of search engine provider DuckDuckGo said in a Twitter thread. “While Google’s anti-competitive practices hurt companies like us, the negative impact on society and democracy wrought by their surveillance business model is far worse. People should be able to opt out in one click.”

As the Wall Street Journal explains, the Justice Department has been preparing to launch this case for over a year. “Over the course of the last 16 months, the Antitrust Division collected convincing evidence that Google no longer competes only on the merits but instead uses its monopoly power – and billions in monopoly profits – to lock up key pathways to search on mobile phones, browsers, and next generation devices, depriving rivals of distribution and scale,” the Department said in a statement today.

[…]

Today’s lawsuit is arguably the biggest antitrust move since the government’s case against Microsoft in 1998. Back then, the technology company was accused of using its Windows monopoly to push Microsoft-made software such as Internet Explorer. A judge eventually ordered Microsoft to break up into two separate companies. The technology giant appealed, however, and by the end of 2001 it had reached a settlement with the department. “Back then, Google claimed Microsoft’s practices were anticompetitive, and yet, now, Google deploys the same playbook to sustain its own monopolies,” the Justice Department argues in today’s lawsuit filing.

Source: The Department of Justice sues Google over antitrust concerns | Engadget

The timing of this is not coincidental. The DoJ was apparently pushed into this before it was ready in order to look good for the elections.

I have been talking about this since early 2019 and it’s great to see how this has been gaining traction since then

After spending years promising Congress that the data it collected from third-party sellers wasn’t used to beef up its private-label products, today Amazon decided to roll out a product meant to do exactly that. The Amazon Shopper Panel, as it’s called, promises to pay Amazon customers that offer intel to the ecommerce giant about where they shop when they’re not shopping on Amazon dot com.

Here’s how the Shopper Panel works: After getting an IRL or e-receipt from any business that isn’t owned by Amazon (so Whole Foods or Four Star locations are not eligible), panelists can either submit a picture of that receipt through the app, or in the case of digital copies, forward their emailed details to a panel-specific email address. According to the Panel website, folks that upload “at least” 10 receipts per month can either cash that in for $10 in Amazon credit or $10 donated to their charity of choice. Along with that baseline payout, the app will also dole out additional earnings to panelists who answer the occasional survey about certain brands or products within the app.

Not every receipt counts toward this program. Per Amazon, receipts from grocery stores, drug stores, restaurants, and movie theaters—along with just about any other “retailer” or “entertainment outlet”—are fair game. Receipts from casinos, gun stores, transit fare, tuition or apartment rentals aren’t.

While the program is invite-only for now, any curious Amazon customer based in the U.S. can download the Panel app from the iOS App Store or the Google Play Store if they want to put their name on the waitlist.

[…]

nder the Amazon Panel site’s “Privacy” tab, the company notes that any receipts that you share will go toward “[helping] brands offer better products and [making] ads more relevant on Amazon.” The company also notes any data gleaned from these receipts or surveys might also be used to “ improve the product selection on Amazon.com and affiliate stores such as Whole Foods Market,” and to “improve the content offered through Amazon services such as Prime Video.”

That’s why this rollout is a particularly gutsy move for Amazon to take right now. Recent months have seen the company come under an increasing barrage of regulatory fire from authorities both in the U.S. and in Europe over a scandal that largely revolved around tracking consumers’ purchase data—not unlike the data pulled from the average receipt—on its platform. This past spring, an investigation from the Wall Street Journal revealed that Amazon had spent years surveilling the purchases earned by the platform’s third party sellers specifically to create its own competing products under the Amazon private label. This story came out barely a year after Amazon’s associate general council, Nate Sutton, told Congress that the company didn’t use “individual seller data” to do just that.

[…]

Source: Amazon’s New Panel Program Is An Anticompetitive Nightmare

Source: Weer ophef over Thuiskopievergoeding – Emerce

British Airways has been fined £20m ($26m) by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers.

The breach took place in 2018 and affected both personal and credit card data.

The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019.

It said “the economic impact of Covid-19” had been taken into account.

However, it is still the largest penalty issued by the ICO to date.

The incident took place when BA’s systems were compromised by its attackers, and then modified to harvest customers’ details as they were input.

It was two months before BA was made aware of it by a security researcher, and then notified the ICO.

• How did hackers get into British Airways?
• BA boss apologises for data breach

The data stolen included log in, payment card and travel booking details as well name and address information.

A subsequent investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at the time.

The ICO noted that some of these measures were available on the Microsoft operating system that BA was using at the time.

“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security,” said Information Commissioner Elizabeth Denman.

British Airways said it had alerted customers as soon as it had found out about the attack on its systems.

“We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation,” said a spokesman.

Data protection officer Carl Gottlieb said that in the current climate, £20m was a “massive” fine.

“It shows the ICO means business and is not letting struggling companies off the hook for their data protection failures,” he said.

The company breached data protection law and failed to protect themselves from preventable cyber attack. It then failed to detect the hack until the damage was done to hundreds of thousands of customers.

The lag between incident and fine has raised eyebrows in privacy circles but I understand the Information Commissioner’s Office has been working methodically to get it right. This is the commissioner’s first major fine under the EU data regulation GDPR and was being watched closely by the rest of Europe as a potential landmark decision.

The final figure of £20m has come as a shock to many who were expecting it to be closer to the eye-watering £183m initially proposed but it is still a significant moment for data privacy and GDPR. Other companies will look at the fine as a shape of things to come if they also fail to protect customers.

Source: British Airways fined £20m over data breach – BBC News

On Thursday, Amazon Web Services launched CloudWatch Synthetics Recorder, a Chrome browser extension for recording browser interactions that it copied from the Headless Recorder project created by developer Tim Nolet.

It broke no law in doing so – the software is published under the permissive Apache License v2 – and developers expect such open-source projects will be copied forked. But Amazon’s move didn’t win any fans for failing to publicly acknowledge the code’s creator.

There is a mention buried in the NOTICE.txt file bundled with the CloudWatch extension that credits Headless Recorder, under its previous name “puppeteer-recorder,” as required by the license. But there’s an expectation among open source developers that biz as big as AWS should show more courtesy.

“The core of the problem here (for me at least) is not the letter of the license, it’s the spirit,” said Nolet in a message to The Register.

“It’s the fact that no one inside of AWS cared enough to stop and think ‘is this a dick move? Is this something I would want to have happen to me?’ Hence the current PR damage control campaign. They know it’s wrong. Not illegal, but wrong. Someone just had to tell them that.”

Nolet runs a software monitoring service called Checkly and developed the Headless Recorder browser extension as a tool for his company and customers. He said he hadn’t given the license for Headless Recorder a lot of thought because it’s just a browser extension full of client-side code – meaning it’s visible to anyone familiar with browser development tools.

“Amazon should have opened a PR [pull request] and proposed ‘let’s add this feature to your code. Or they could have simply kept their fork open source,” he said.

“In the least, they could have mentioned that their work was based on my work. I do this in the README.md of the project itself where I acknowledge the creators of an old project by segment.io that I used as inspiration.”

This is not the first time AWS has taken the work of open source developers and turned it into an AWS product. Last year, it launched Open Distro for Elasticsearch, to the dismay of Elasticsearch, a company formed to make a business out of the Elasticsearch open source project. And earlier that year it released DocumentDB, based on an outdated version of the open source MongoDB code.

Many popular open source licenses allow this, but because AWS brings billions in infrastructure assets into the competition, smaller companies trying to commercialize open source projects find the challenge difficult to deal with.

Source: Come on, Amazon: If you’re going to copy open-source code for a new product, at least credit the creator

Part of the problem is that open source zealots make a point of refusing any kind of money for FOSS licensed projects, which is fine for the zealots as they are paid by a university or foundation. Developers themselves, meanwhile have to contend with other people monetising their work and having to accept it. Projects are hijacked and closed and the original impetus and community around that are killed by large companies.

This is something I have been talking about since 2017 in my talk Open Source XOR Money

It took Soraya Bagheri a day to learn that 450 shares of Moderna Inc. had been liquidated in her Robinhood account and that $10,000 in withdrawals were pending. But after alerting the online brokerage to what she believed was a theft in progress, she received a frustrating email.

The firm wrote it would investigate and respond within “a few weeks.” Now her money is gone

Bagheri is among five Robinhood customers who recounted similar experiences to Bloomberg News, saying they’ve been left in limbo in recent weeks after someone sold their investments and withdrew funds. Because the wildly popular app has no emergency phone number, some said they tried in vain to intervene, only to watch helplessly as their money vanished.

“A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood,” a spokesman for the company said in an email. “We’re actively working with those impacted to secure their accounts.”

[…]

Bagheri, a Washington attorney, and three other Robinhood users said they also contacted authorities including the Securities and Exchange Commission and the Financial Industry Regulatory Authority. Two of those customers said they have heard back from an official at the SEC seeking more information.

Finra and the SEC declined to comment.

[…]

Now, even though the firm said this year that it has more than doubled its customer-service team, clients complain they’re struggling to get quick help when their funds are disappearing.

“They don’t have a customer service line, which I’m quite shocked about,” Bagheri said.

[…]

Rao showed Bloomberg the same emailed response from Robinhood that Bagheri received. “We understand the sensitivity of your situation and will be escalating the matter to our fraud investigations team,” Robinhood customer service agents wrote them. “Please be aware that this process may take a few weeks, and the team working on your case won’t be able to provide constant updates.”

Rao said he had previously set up two-factor authentication to access his account, and Bagheri said she’s certain her Robinhood password is unique from all others, including her email. Neither believed they had been duped by phishing scams or malware. Both said they use the same email for Robinhood and other accounts, and that only Robinhood has been affected.

[…]

They also said Robinhood’s online portal showed their money went to a recipient at Revolut, another popular financial-technology startup. London-based Revolut, which offers a money transfer and exchange app, expanded to the U.S. this year.

“Revolut has been made aware of the issue and is investigating urgently,” a company spokesman said Friday in an email.

Bill Hurley, who owns a metal-fabrication shop in Windsor, Connecticut, said he received notifications that stock and Bitcoin had been sold from his account on Sept. 21, and that $5,000 was transferred to Revolut accounts in two transactions. He said he emailed Robinhood for assistance while the transactions were pending but received none.

“They’ve had more than enough time to deal with this,” he said.

Source: Robinhood Users Says There’s No One To Call When Accounts Are Hacked – Bloomberg

Just as you suspected, Big Tech is dominated by monopolies, a House Judiciary antitrust subcommittee found.

After more than a year of investigating Apple, Facebook, Google, and Amazon’s behavior, lawmakers released a 449-page report with their findings on Tuesday, complete with recommendations that the four companies be broken up to make the market more competitive.

The committee found that each company dominated its respective markets—Facebook in social networking, Google in general online search and search advertising, Amazon in online retail, and Apple in mobile operating systems—to such an extent as to be anticompetitive. The companies “abuse their power by charging exorbitant fees, imposing oppressive contract terms, and extracting valuable data from the people who rely on them,” the Democratic-led committee’s report outlined.

The report goes on to eviscerate the four companies: “To put it simply, companies that once were scrappy, underdog startups that challenged the status quo have become the kinds of monopolies we last saw in the era of oil barons and railroad tycoons. Although these firms have delivered clear benefits to society, the dominance of Amazon, Apple, Facebook, and Google has come at a price. These firms typically run the marketplace while also competing in it — a position that enables them to write one set of rules for others, while they play by another, or to engage in a form of their own private quasi regulation that is unaccountable to anyone but themselves.”

Not only do those companies acquire smaller ones, either to hire their talent or to kill or incorporate their products, but their mere existence chills potential investment to start-ups that may be considered competitive, the committee found.

The committee also noted that Big Tech’s acquisitions haven’t been closely vetted by regulators. For example, Facebook has snatched up nearly 100 smaller companies over the years, and just one, its deal to acquire Instagram in 2012, received scrutiny from the Federal Trade Commission.

That lack of oversight, according to the findings, has degraded the user experience in many cases because tech companies don’t have any competition to do better—particularly when it comes to privacy.

“In the absence of adequate privacy guardrails in the United States, the persistent collection and misuse of consumer data is an indicator of market power online,” the committee noted. “Online platforms rarely charge consumers a monetary price—products appear to be ‘free’ but are monetized through people’s attention or with their data. In the absence of genuine competitive threats, dominant firms offer fewer privacy protections than they otherwise would, and the quality of these services has deteriorated over time. As a result, consumers are forced to either use a service with poor privacy safeguards or forego the service altogether.”

In addition to recommending that the companies effectively be broken up, the committee recommended that antitrust laws and federal antitrust agencies be restored “to full strength.” Specifically, the committee advised that strengthening Section 7 of the Clayton Act and Section 2 of the Sherman Act would go a long way toward giving antitrust legislation more teeth.

Of course, the Big Four aren’t going to take this lying down. Amazon released a lengthy statement in which it argued that being a big company doesn’t necessarily make it an anticompetitive one, and that it comprises just 4% of the U.S. retail market. (Frankly, I am not at all sure how it arrived at that number—the antitrust committee pegged Amazon as controlling more than 40% of all online U.S. retail sales.) The company also argued that it helps consumers find low prices and small businesses find new markets. The committee noted that 37% of all third-party sellers on Amazon rely on the platform exclusively for income.

Source: Apple, Facebook, Google, Amazon Are Monopolies: Antitrust Committee

I have been talking about exactly this since the beginning of 2019 – it’s good to see others agree with me!