FTC Withdraws Merger Guidelines, Opens Up Petition Process, and Reports on Ten Years of Big Tech Acquisitions
Canada's government reelected and could pursue online harms bill; New DCMS head; and three former U.S. intelligence and military contractors agree to $1.68 million settlement for hacking for UAE
Photo by Katya Austin on Unsplash
The Federal Trade Commission (FTC) held two meetings last week at which the three Democratic Commissioners continued to lay the groundwork for aggressive future action against a number of large companies and the technology field.
At an open meeting, the FTC debated and then took a number of actions as explained in their press release:
ยงย Proposed Policy Statement on Privacy Breaches by Health Apps and Connected Devices:ย The Commission votedย to issue a policy statement on the importance of protecting the public from privacy breaches by health apps and other connected devices.
ยงย Non-HSR Reported Acquisitions by Select Technology Platforms, 2010-2019: An FTC Study:ย Staff presented some findings from the Commissionโs inquiry into large technology platformsโ unreported acquisitions, including an analysis of the structure of deals that customarily fly under enforcersโ radar.
ยงย Proposed Revisions to FTC Procedural Rules Concerning Petitions for Rulemaking:ย The Commission voted on putting in place a process to receive public input on rulemaking petitions by external stakeholders.
ยงย Proposed Withdrawal of 2020 Vertical Merger Guidelines:ย The Commission voted on whether to rescind the Vertical Merger Guidelines adopted in June 2020 and the Commentary on Vertical Merger Enforcement issued in December 2020.
Yesterday we looked at the FTCโs policy statement on privacy breaches by health apps and connected devices (see here for more detail and analysis.)
At the same open meeting, the FTC presented the results of its Section 6(b) investigation of the five largest tech companiesโ (i.e., Amazon, Apple, Google, Facebook, and Microsoft) mergers and acquisitions of companies that were below the threshold needed to trigger reporting the deal to the FTC and the United States (U.S.) Department of Justice (DOJ) (aka the Hart-Scott-Rodino threshold.)
In its report, the FTC does not make any recommendations and does not release any confidential information. Nonetheless, the report does provide valuable data on these deals between 2010 and 2019 that were often considered too small for notice. Overall, the five companies reported an aggregate number of 819 non-HSR acquisitions and after segregating out Hiring Action[1] and Patent Acquisition[2] transactions, there were 627 acquisitions among the five companies over ten years, or almost 63 transactions a year total or an average of 12.5 per year per company. And, these are instances where one of the worldโs five largest technology companies bought out smaller firms, and in some cases (even though this is not part of the FTCโs report) to kill or neutralize a threat or rival technology.
And while these seem like damning numbers, the FTC does not contextualize so a reader has no idea if 12-13 acquisitions a year of much smaller companies is extreme, average, or unremarkable in the world of mergers and acquisitions. Nonetheless, according to the House Judiciary Committee, these acquisitions have chilling effects among venture capitalists because they report not viewing new market entrants as viable against tech giants and therefore not worthy of investment. The committee also adduced evidence that greater market concentration reduced startups and entrepreneurial ventures.
In any event, the FTC summarized its conclusions:
The vote was 5-0 to issue the non-HSR acquisition report. In her statement, Khan claimed that the report proved that large technology companies actively bought their way out of competition unnoticed by U.S. regulators. She called for the agency to tighten loopholes in HSR reporting requirements, but this can only do so much with the statutory thresholds rising each year with inflation. Khan noted that since many of the acquisitions (over one-third) were of non-American firms, the FTC should better coordinate with regulators in other nations. Finally, Khan made a point about how non-compete clauses were used in these acquisitions (in fact over 76%) for founders and key employees, which is another long-recognized means by which companies can tamp down competition. She linked this trend to the FTCโs ongoing work in the realm of non-compete clauses, an issue that has been taken up by Republican commissioners in recent years.
In his statement, Chopra called for the amendment of Hart-Scott-Rodino โto ensure that the very largest firms in the economy report more of their M&A activity to the antitrust agencies, including those transactions that may fall below todayโs existing HSR reporting thresholds.โ He called on the FTC to engage in a formal rulemaking to ban or minimize the use of โavoidance devicesโ (i.e. โtricks that buyers can use to disguise a transaction so that the transaction doesnโt trigger the HSR thresholds.โ) Chopra also urged the FTC to repeal โinformal interpretationsโ of HSR law and rules that function as โa roadmap for dominant firms on how they can avoid reporting.โ
Slaughter expressed her wish that the FTC could publish โcompany-specific data to help the public better understand specific acquisition strategies and conduct among the different companies, but we are prohibited by statute from releasing that granular information.โ Perhaps she is hinting that Congress repeal this limit in antitrust legislation.
The FTC then voted to withdraw the Vertical Merger Guidelines that the agency issued jointly with the DOJ in 2020 under the previous FTC leadership. This was another 3-2 vote with all the Democrats voting for the withdrawal and all the Republicans voting against doing so.
Khan, Chopra, and Slaughter issued a joint statement and contended:
They explained that the withdrawal is in the context of a recently announced FTC-DOJ reappraisal of antitrust regulations and enforcement:
And so, Khan and her colleagues want to rewrite the Vertical Merger Guidelines to include areas the previous version omitted such as the impact of market structure on the likely competitive effects of a merger and the effects of digital gatekeepers and on labor.
Moreover, Khan, Chopra, and Slaughter stressed that until the review is over and new guidelines are issued the FTC will assess mergers on the basis of the underlying statutes (i.e. the Sherman and Clayton Antitrust Acts):
Not surprisingly, Phillips and Wilson in their dissenting statement take after the majority:
They again accuse the majority of acting capriciously and in ways that will confuse market participants, thus introducing uncertainty into an economy struggling to respond to COVID-19. Phillips and Wilson are claim that the withdrawal of these guidelines will hurt U.S. firms looking to revamp and shore up their supply chains.
Phillips and Wilson also argue the majority has dispensed with decades of caselaw in making the erroneous claim that the recognition of pro-competitive effects or efficiencies in mergers is contrary to the statute:
Finally, the FTC considered and approved โRevisions to Procedures for Responding to Petitions for Rulemakingโ by a 4-1 vote with Wilson voting against the measures. Khan and Chopra portrayed the rules change as a means of opening up the FTC to different viewpoints and perspectives and making the agency more responsive to the public and stakeholders. Wilson, to no great surprise, took a much different view and turned many of the majorityโs arguments on their head. She quoted Khan in arguing the agency lacked the resources to do many of its current tasks let alone new ones, many agencies do not consider petitions like these, and the rule changes do not require petitioners to disclose sources of funding which will allow parties to โweaponizeโ petitions. On this latter point, she used traditionally Democratic arguments about the power of โdark moneyโ in politics to argue for greater disclosure of funding sources behind petitioners and pointed to two recently filed petitions (here and here) as being examples of how the agency does not know who truly paid for the efforts.
Other Developments
ยงย Canadaโs Liberal Party appears to have won the most seats in yesterdayโs election but not a majority in Parliament, meaning Prime Minister Justin Trudeau will likely form another minority government. With this victory, the Liberals may pursue its their online harms bill, C-36 (see here for more detail and analysis.)
ยงย United Kingdom (UK) Prime Minister Boris Johnson rearranged his Cabinet and now the UKโs Department for Digital, Culture, Media & Sport (DCMS) will be headed by Nadine Dorries MP. Oliver Dowden MP was serving as the Secretary of State for Digital, Culture, Media and Sport and now Dorries will take over that role.
ยงย The United States (U.S.) Department of Justice (DOJ) announced a $1.68 million settlement with โThree Former U.S. Intelligence Community and Military Personnelโ to resolve alleged โviolations of U.S. export control, computer fraud and access device fraud laws.โ The DOJ contended:
oย ย According to court documents, the defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., โhackingโ) for the benefit of the U.A.E government between 2016 and 2019. Despite being informed on several occasions that their work for U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a โdefense serviceโ requiring a license from the State Departmentโs Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.
oย ย These services included the provision of support, direction and supervision in the creation of sophisticated โzero-clickโ computer hacking and intelligence gathering systems โย i.e., one that could compromise a device without any action by the target. U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.
ยงย Australiaโs Office of the Australian Information Commissioner (OAIC) published its โCorporate Plan 2021โ22โ that โout the strategic priorities for the OAIC and defines how we will measure success in the context of our fast-changing operating environment.โ The OAIC identified these strategic priorities:
oย ย The OAIC will advance online privacy protections for Australians to support the Australian economy, influencing the development of legislation, applying a contemporary approach to regulation (including through collaboration) and raising awareness of online privacy protection frameworks.
oย ย The OAIC has a wide range of regulatory functions and powers under the Privacy Act 1988. These were expanded in 2020 to cover the COVIDSafe app introduced by the Australian Government in response to the pandemic. The OAIC also regulates the privacy aspects of the Consumer Data Right, which began in the banking sector on 1 July 2020 and will be rolled out to the energy sector next.
oย ย The OAIC promotes access to government-held information through the regulation of the Freedom of Information Act 1982 (FOI Act) and our role in information policy. The OAIC will continue to perform our regulatory functions and promote the rights of all members of the community to access government-held information.
oย ย The OAIC will continue to promote a proactive approach to the publication of government-held information. We will focus on making better use of government-held information to support efficient access to information and facilitate innovation and engagement while ensuring privacy is protected.
oย ย The OAIC will take a contemporary approach to our regulatory role in promoting and upholding Australiaโs privacy and FOI laws. This means engaging with and being responsive to community expectations of regulators.
oย ย The OAIC is committed to developing a capable, multidisciplinary workforce with a breadth of technical skills to provide guidance and advice and take regulatory action.
ยงย New Mexicoโs Attorney General Hector Balderas filed suit in United States (U.S.) court against Rovio, the developer of Angry Birds, for alleged violations of the โChildrenโs Online Privacy Protection Actโ (COPPA) and state law. In his press release, Balderas alleged:
oย ย โฆ.that Rovio knowingly collects personal information from children under the age of 13 that play the Angry Birds games. Rovio then sends that information off to a constellation of third party marketing companies that analyze, repackage, resell and otherwise use the information to sell targeted advertising to those children.
oย ย In the suit, Balderas summarized the legal backdrop and grounds for the action:
ยงย Recognizing the potential harms that sophisticated advertising could inflict upon children, Congress enacted the Childrenโs Online Privacy Protection Act, 15 U.S.C. ยงยง 6501, et seq. (โCOPPAโ). COPPA empowers parentsโ through enforcement actions brought by a State Attorney General or the FTCโto protect their children in the online marketplace. COPPA prohibits websites or online services from collecting personal information from children under the age of 13 without first obtaining verifiable parental consent. Specifically, COPPA requires websites and online services: (1) to provide complete disclosure of the information they collect from children and how they use that information; (2) to ensure that disclosure is provided directly to parents; and (3) to obtain verifiable consent from the parent before collecting, using, or disclosing any personal information from children. Without first complying with these requirements, the online tracking of children is illegal. Rovio has violated each one of these requirements mandated by COPPA.
ยงย In addition to violating COPPA, the above acts and practices violate New Mexicoโs Unfair Practices Act, N.M. Stat. Ann. ยงยง 57-12-1, et seq. Defendant relentlessly, repeatedly, and willfully targeted children and surreptitiously harvested their personal information for psychological and commercial exploitation for over a decade. This justifies assessing civil penalties of up to $5,000 for each and every violation of the UPA.
ยงย Defendantโs tracking and profiling of New Mexico children also violates the common-law tort of intrusion upon seclusion. The surreptitious and intentional monitoring, tracking, and profiling of childrenโin direct violation not only of federal law but of longstanding societal normsโis egregious and highly offensive conduct.
ยงย Senators Richard Blumenthal (D-CT) and Edward J. Markey (D-MA) wrote the Federal Trade Commission (FTC), asking the agency to investigate possible violations of federal law by Tesla for โmisleading advertising and marketing of its Autopilot and Full-Self Driving (FSD) features.โ They urged the FTC โto open an investigation into potentially deceptive and unfair practices in Teslaโs advertising and marketing of its driving automation systems and take appropriate enforcement action to ensure the safety of all drivers on the road.โ
ยงย The United States (U.S.) Department of Commerce โestablished a high-level committee to advise the President and other federal agencies on a range of issues related to artificial intelligence (AI).โ In the department and the National Institute of Standards and Technologyโs (NIST) Federal Register notice, the agencies announced the formation of the โNational Artificial Intelligence Advisory Committeeโ and called for nominations to serve on it. Commerce added in its press release:
oย ย The National AI Initiative Act of 2020 calls for the Secretary of Commerce, in consultation with the Director of the Office of Science and Technology Policy and other department officials, the Secretary of Defense, the Secretary of Energy, the Secretary of State, the Attorney General, and the Director of National Intelligence, to establish the NAIAC. The committee is to provide recommendations on topics including the current state of U.S. AI competitiveness; progress in implementing the Initiative; the state of science around AI; issues related to AI workforce, including barriers to employment supporting opportunities for historically underrepresented populations; how to leverage initiative resources; the need to update the initiative; the balance of activities and funding across the initiative; the adequacy of the National AI R&D Strategic Plan; management, coordination, and activities of the initiative; adequacy of addressing societal issues; opportunities for international cooperation; issues related to accountability and legal rights; and how AI can enhance opportunities for diverse geographic regions.
oย ย The NAIAC will consist of expert leaders from a broad and interdisciplinary range of AI-relevant disciplines from across academia, industry, non-profits and civil society, and federal laboratories. These experts will be qualified to provide advice and information on science and technology research, development, ethics, standards, education, fairness, civil rights implications, technology transfer, commercial application, security, and economic competitiveness related to AI.
oย ย With AI already changing how society addresses economic competitiveness, national security challenges, and equitable opportunities, NIST and its researchers are dedicated to ensuring AI technologies are developed and used in a trustworthy and responsible manner that allows for accuracy, security, explainability and interpretability, reliability, privacy, safety, and the mitigation of bias. Trustworthy data, standards, and integration of machine learning and AI in applications are critical for the successful deployment of new technologies and the identification and mitigation of sources of algorithmic bias.
oย ย Nominations for the Committee and Subcommittee on Artificial Intelligence and Law Enforcement will be accepted on an ongoing basis and will be considered as vacancies arise.
ยงย The European Data Protection Supervisor (EDPS) published its opinion on the European Commissionโs (EC) โProposal for a Directive on consumer creditsโ that would โreplace Directive 2008/48/ECย on creditย agreementsย forย consumersย and to adapt the current rules to the ongoing digitalisation of the market and other trends (new operators, such as peer-to-peer lending platforms and new forms of consumer credit, such as short-term high-cost loans).โ The EDPS opined:
oย ย The EDPS welcomes the aim of strengthening consumer protection and recalls the relationship of complementarity between consumer and data protection. The Proposal has a clear impact on the protection of individualsโ rights and freedoms with regard to the processing of personal data, in particular in light of the provisions concerning creditworthiness assessment, personalised offers on the basis of automated processing and the use of personal data in the context of advisory and other activities.
oย ย To promote fair access to credit and data protection, the EDPS recommends clearly delineating the categories and sources of personal data that may be used for the purpose of creditworthiness assessment. In particular, the EDPS invites the legislator to strive for increased consumer protection and harmonisation by clearly specifying the categories of data that should and should not be processed. The EDPS also recommends explicitly prohibiting the use of any special categories of personal data under Article 9 of the GDPR.
oย ย Taking into account the possible adverse consequences for the persons concerned, the EDPS considers that the requirements, role and responsibilities of credit databases or third parties providing โcredit scoresโ should be addressed. Further clarifications should also be provided regarding the situations where consultation of external sources is necessary and proportionate.
oย ย Consumers should always receive meaningful prior information whenever their creditworthiness assessment is based on automated processing. Where the creditworthiness assessment involves the use of profiling or other automated processing of personal data, consumers should be able to request and obtain a human assessment.
oย ย As regards personalised offers on the basis of automated processing, the EDPS recommends introducing the obligation for the creditor to provide clear, meaningful and uniform information about the parameters used to determine the price. Moreover, the EDPS encourages the legislator to clearly delineate the categories of personal data that may be used as parameters to draw up a personalised offer.
oย ย The EDPS recommends explicitly confirming the full applicability of Regulation 2016/679 (โGDPRโ) to any processing of personal data falling within the scope of the Proposal. Having regard to the Proposal for an Artificial Intelligence Act, the EDPS recommends ensuring that the relevant consumer credit and data protection rules are integrated as part of the (third-party) conformity assessment process prior to CE marking.
ยงย The Federal Reserve, Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) published โConducting Due Diligence on Financial Technology Companies - A Guide for Community Banks.โ The agencies stated:
oย ย By providing access to new or innovative technologies, companies specializing in financial technologies (or โfintechโ) can provide community banks with many benefits, such as enhanced products and services, increased efficiency, and reduced costs, all bolstering competitiveness. Like other third-party relationships, arrangements with fintech companies can also introduce risks. Assessing the benefits and risks posed by these relationships is key to a community bankโs due diligence process.
oย ย This guide is intended to be a resource for community banks when performing due diligence on prospective relationships with fintech companies. Use of this guide is voluntary and it does not anticipate all types of third-party relationships and risks. Therefore, a community bank can tailor how it uses relevant information in the guide, based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activity (herein, activities) offered by the fintech company. While the guide is written from a community bank perspective, the fundamental concepts may be useful for banks of varying size and for other types of third-party relationships. Banks should reference federal banking agenciesโ relevant guidance.
oย ย Due diligence is an important component of an effective third-party risk management process, as highlighted in the federal banking agenciesโ respective guidance. During due diligence, a community bank collects and analyzes information to determine whether third-party relationships would support its strategic and financial goals and whether the relationship can be implemented in a safe and sound manner, consistent with applicable legal and regulatory requirements.
ยงย Senator Pat Toomey (R-PA), the ranking member of the Senate Banking, Housing, and Urban Affairs Committee, has commenced with โsoliciting ideas and legislative proposals to ensure federal law supports the development of emerging cryptocurrency and open blockchain network technologies while continuing to protect crypto investors.โ Toomey stated he โintends to use the responses in forming legislation that clarifies ambiguity around how existing laws, especially in the tax and securities realms, may apply to cryptocurrencies.โ Toomey stated:
oย ย Each proposal should include:
ยงย A brief description of the proposal and how it will encourage the growth of cryptocurrency and blockchain technology in the United States;
ยงย Proposed legislative language; and
ยงย Other background material as appropriate.
oย ย Potential topics that proposals should address, but are not limited to:
ยงย Securities implications of cryptocurrencies
ยงย Payments and money transmission supervision
ยงย Stablecoins
ยงย Cryptocurrency exchanges
ยงย Custody regulation
ยงย Banking authorities
ยงย Privacy, due process, investor, and consumer protection
ยงย Decentralized finance (DeFi)
ยงย Removing existing regulatory ambiguities related to cryptocurrency
ยงย Clearly defined goals for appropriate regulations
ยงย Two Dutch entities, the Take Back Your Privacy Foundation (TBYP) and Consumentenbond, are suing TikTok after settlement talks broke down. The two entities stated:
oย ย The Consumentenbond and TBYP demand that TikTok ceases all of its unlawful actions, deletes all illegally collected personal data, and pays damages to the children harmed by TikTokโs conduct. Two types of damages are to be paid by TikTok. First, a total amount of 2 billion EUR is claimed, to allow to pay to each affected child a fixed amount:
ยงย โฌ1,500 for each child who was under 13 when they started using the app;
ยงย โฌ1,250 for each child who was 13, 14 or 15 when they started using the app;
ยงย โฌ1,000 for each child who was 16 or 17 when they started using the app.
oย ย Second, TBYP and the Consumentenbond demand that TikTok pays as damages the profits the company has earned on the backs of Dutch children. In 2020, ByteDance, the parent company behind TikTok, made a profit of USD 19 billion.
ยงย The National Society for the Prevention of Cruelty to Children (NSPCC), a British charity and advocacy organization, claimed the governmentโs โOnline Safety Billโ โfall[s] significantly short of tackling this issue.โ NSPCC claimed the bill must be strengthened in these ways:
oย ย 1. Stop grooming and abuse spreading between apps. There must be a duty on tech firms to tackle cross-platform risks. Groomers often target children on social networks, then move across platforms to encrypted messaging and livestreaming sites. This is why cross-platform risks must be assessed when designing their sites, and companies must work together to proactively share information about offender behaviour, theatres to childrenโs safety, or new features that could lead to child abuse.
oย ย 2. Disrupt abuse at the earliest possible stage. The Online Safety Bill currently fails to effectively tackle how abusers use platforms to organise in plain sight and post โdigital breadcrumbsโ that signpost to child abuse images. The Bill must treat behaviour that directly facilitates child abuse with the same severity as the illegal material it causes in order to prevent abuse at an early stage.
oย ย 3. Fix major gaps in the child safety duty. Currently, the Bill only covers companies with a โsignificantโ number of children on their apps. This means high-risk sites, such as Telegram and OnlyFans, could be excluded from needing to protect children from harmful content. This requirement could mean that instead of tackling harmful content, it simply displaces it to smaller sites.
oย ย 4. Holding senior managers accountable. There should be a Named Persons Scheme which makes individuals at tech companies personally liable when they fail to uphold their duty of care. Companies who fail to tackle childrenโs safety on their platforms should be subject to criminal sanctions for the most significant failings that put children at risks of illegal harm, with lesser sanctions including fines, censure and disbarment.
oย ย 5. Commit to a statutory user advocate for children. The Government must introduce a dedicated user advocacy voice for children, funded by the industry levy. This is a standard part of regulation in other sectors, but currently children at higher risk of sexual abuse receive less statutory advocacy than a customer of a post office or a passenger on a bus.
Further Reading
Photo by Dries De Schepper on Unsplash
ยงย โCompetition is for losersโ By David Runciman โ London Review of Books. Peterโ Thiel is known for so many different things it can be hard to keep up. He co-founded PayPal, which provided the basis for his early fortune as well as Elon Muskโs. He is the eerily prescient angel investor who helped launch Mark Zuckerberg and Facebook on the path to global domination. He is the man who bankrupted Gawker, the online gossip site, by funding Hulk Hoganโs libel action, fulfilling a decade-long vendetta that started after Gawker outed Thiel as gay. Though himself a Stanford graduate, Thiel set up a fellowship programme that pays smart kids to skip college and live their dreams with him in Silicon Valley. He was an early and vocal champion of Trumpโs presidential bid, giving a memorably creepy address at the 2016 Republican National Convention. As a hedge against the looming apocalypse, Thiel has taken out New Zealand citizenship and bought a 500-acre estate, despite spending scarcely any time in the country. He helped to bankroll the Seasteading Institute, which aims to create independent, ocean-based communities free from all government control. Like several other tech titans, Thiel is interested in trying to defy the ageing process, and ideally to defeat it altogether. He is particularly associated with the novel field of biology known as parabiosis, which involves experiments in blood transfusion from the young to the old. Asked about this at a New York Times event in 2018, Thiel responded: โIโm not even sure what Iโm supposed to say. I want to publicly tell you Iโm not a vampire.โ
ยงย โPeter Thiel Gamed Silicon Valley, Donald Trump, and Democracy to Make Billions, Tax-Freeโ By Max Chafkin โ Bloomberg Businessweek. The meeting started with a thank-you. President-elect Donald Trump was planted at a long table on the 25th floor of his Manhattan tower. Trump sat dead center, per custom, and, also per custom, looked deeply satisfied with himself. He was joined by his usual coterie of lackeys and advisers and, for a change, the heads of the largest technology companies in the world. โThese are monster companies,โ Trump declared, beaming at a group that included Appleโs Tim Cook, Amazonโs Jeff Bezos, Microsoftโs Satya Nadella, and the chief executives of Google, Cisco, Oracle, Intel, and IBM. Then he acknowledged the meetingโs organizer, Peter Thiel.
ยงย โWashington says a transatlantic data deal is close. Brussels disagrees.โ By Vincent Manancourt and Mark Scott โ Politico EU.Are the United States and European Union close to a new deal on transatlantic data flows? Depends who you ask. If itโs Washington, the answer is: very close. If itโs Brussels โ forget about it. Ever since the EUโs top courtannulled the so-called Privacy Shield agreement last July, negotiators on both sides of the Atlantic have been hard at work on a replacement deal that would allow companies to shuttle Europeansโ data to the United States with sufficient guarantees that it wonโt be vulnerable to snooping from U.S. intelligence agencies
ยงย โUtilities Would Like to Speak to the Manager About Your Tweetsโ By Molly Taft โ Gizmodo. Until recently, Autumn Johnson thought that criticizing utilities that were putting more dirty energy on the grid was all in a dayโs work. โAs an environmentalist, it is my job to be calling attention to doubling down on fossil fuels when weโre in the midst of a climate crisis,โ she said. But earlier this month, when she began publicly criticizing a recent decision by the Salt River Project (SRP), one of Arizonaโs largest utilities, something surprising happened:Someone at the utility, she said, complained to her employer. Johnsonโs experience isnโt unique, and highlights how utilities, some of the countriesโ biggest decision-makers on energy policy, can also be some of the most sensitive players in the energy space, prone to shutting down valid criticisms or concerns about their policies and decisionsโespecially ones posted on social media.
ยงย โRansomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020โ By Catalin Cimpanu โ The Record. Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh. The numbers are even higher when 2020 is analyzed alone, with almost a third (32%) of all cyber insurance claims filed last year being related to a ransomware incident, the company said in โThe Changing Face of Cyber Claims 2021,โ a report that reviewed the Marsh cyber insurance business from the past half-decade.
ยงย โOnline Safety Bill has โsubstantive weaknessesโ in current form, NSPCC warnsโ By Martyn Landi โ The Standard. The Governmentโs plans to regulate social media risk falling significantly short when it comes to protecting children from online abuse, a new report from the NSPCC says. The childrenโs charity said it believes there are major shortfalls in the draft Online Safety Bill currently being examined by MPs and peers, and the Government risks failing to meet its ambition to make the internet safe for children.
ยงย โMicrosoft Takes Further Action Over NSA Cloud Contractโ By Frank Konkel โ Nextgov. Microsoft filed a supplemental protest with the Government Accountability Office Sept. 2 over a National Security Agency cloud contract worth up to $10 billion that the intelligence agency instead awarded to Amazon Web Services. The tech companyโs supplemental protest follows its initial protestโfiled on July 21โover the NSA contract, which is codenamed โWildandStormy.โ A supplemental protest indicates a company is challenging the award on new legal grounds. However, given the sensitive nature of the intelligence contract, no information regarding Microsoftโs protest grounds are publicly available.
ยงย โSmartphones May Be Too Goodโ By Shira Ovide โ The New York Times. Iโm going to pose an intentionally provocative question: What if smartphones are so successful and useful that they are holding back innovation? Technologists are now imagining what could be the next big thing. But there may never be anything else like the smartphone, the first and perhaps last mass market and globally transformative computer.
ยงย ย โEx-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratisโ By Mark Mazzetti and Adam Goldman โ The New York Times. Three former American intelligence officers hired by the United Arab Emirates to carry out sophisticated cyberoperations admitted to hacking crimes and to violating U.S. export laws that restrict the transfer of military technology to foreign governments, according to court documents made public on Tuesday. The documents detail a conspiracy by the three men to furnish the Emirates with advanced technology and to assist Emirati intelligence operatives in breaches aimed at damaging the perceived enemies of the small but powerful Persian Gulf nation.
ยงย โExpressVPN Knew 'Key Facts' of Executive Who Worked for UAE Spy Unitโ By Joseph Cox โ Vice. ExpressVPN, a popular VPN company, said it was aware of the "key facts" of its chief information officer Daniel Gericke's previous employment before hiring him. On Wednesday, the Department of Justice disclosed in court records that Gericke worked on Project Raven, a surveillance operation for the United Arab Emirates government that involved hacking of Americans, activists, and heads of state. "Weโve known the key facts relating to Danielโs employment history since before we hired him, as he disclosed them proactively and transparently with us from the start. In fact, it was his history and expertise that made him an invaluable hire for our mission to protect usersโ privacy and security," ExpressVPN told Motherboard in a statement.
Coming Eventsย
Photo by Charles Deluvio on Unsplash
ยงย 21 September
oย ย The Senate Homeland Security and Governmental Affairs Committee will hold a hearing titled โThreats to the Homeland: Evaluating the Landscape 20 Years After 9/11โ with these witnesses:
ยงย Secretary of Homeland Security Alejandro N. Mayorkas
ยงย Federal Bureau of Investigation Director Christopher A. Wray
ยงย National Counterterrorism Center Director Christine Abizaid
oย ย The House Financial Services Committeeโs Task Force on Financial Technology will hold a hearing titled โPreserving the Right of Consumers to Access Personal Financial Dataโ
oย ย The Senate Banking, Housing, and Urban Affairs Committee will consider the nomination of Alan F. Estevez to be Under Secretary of Commerce for Industry and Security.
oย ย The Senate Judiciary Committeeโs Competition Policy, Antitrust, and Consumer Rights Subcommittee will hold a hearing titled โBig Data, Big Questions: Implications for Competition and Consumers.โ
ยงย 22 September
oย ย The House Homeland Security Committee will hold a hearing titled โThreats to the Homeland: Evaluating the Landscape 20 Years After 9/11โ with these witnesses:
ยงย Secretary of Homeland Security Alejandro N. Mayorkas
ยงย Federal Bureau of Investigation Director Christopher A. Wray
ยงย National Counterterrorism Center Director Christine Abizaid
ยงย 23 September
oย ย The United Kingdomโs Joint Select Committee will hold a hearing on the governmentโs draft โOnline Safety Bill.โ
oย ย The Senate Homeland Security and Governmental Affairs will hold a hearing titled โNational Cybersecurity Strategy: Protection of Federal and Critical Infrastructure Systems,โ with these witnesses:
ยงย National Cyber Director Chris Inglis
ยงย Cybersecurity and Infrastructure Security Agency Director Jen Easterly
ยงย Federal Chief Information Security Officer Christopher DeRusha
oย ย The House Judiciary Committeeโs Antitrust, Commercial, and Administrative Law Subcommittee will hold a hearing titled โReviving Competition, Part 4: 21st Century Antitrust Reforms and the American Worker.โ
ยงย 24 September
oย ย The California Privacy Protection Agency Board will be holding a meeting.
ยงย 28 September
oย ย The Information Security and Privacy Advisory Board (ISPAB) will hold an open meeting and โThe agenda is expected to include the following items:
ยงย โBoard Discussion on Executive Order 14028, Improving the Nation's Cybersecurity (May 12, 2021) deliverables and impacts to date,
ยงย โPresentation by NIST, the Department of Homeland Security, and the General Services Administration on upcoming work specified in Executive Order 14028,
ยงย โPresentation by the Office of Management and Budget on Executive Order 14028 directions and memoranda to U.S. Federal Agencies,
ยงย โBoard Discussion on recommendations and issues related to Executive Order 14028.
ยงย 29 September
oย ย The White House announced a meeting of the U.S.-EU Trade and Technology Council (TTC), a body created in June 2021, established โto expand and deepen trade and transatlantic investment ties and update the rules of the road for the 21st century economy.โ
ยงย 30 September
oย ย The Federal Communications Commission (FCC) will hold an open meeting with this tentative agenda:
ยงย Promoting More Resilient Networks. The Commission will consider a Notice of Proposed Rulemaking to examine the Wireless Network Resiliency Cooperative Framework, the FCCโs network outage reporting rules, and strategies to address the effect of power outages on communications networks. (PS Docket Nos. 21-346, 15-80; ET Docket No. 04-35)
ยงย Reassessing 4.9 GHz Band for Public Safety. The Commission will consider an Order on Reconsideration that would vacate the 2020 Sixth Report and Order, which adopted a state-by-state leasing framework for the 4.9 GHz (4940-4900 MHz) band. The Commission also will consider an Eighth Further Notice of Proposed Rulemaking that would seek comment on a nationwide framework for the 4.9 GHz band, ways to foster greater public safety use, and ways to facilitate compatible non-public safety access to the band. (WP Docket No. 07-100)
ยงย Authorizing 6 GHz Band Automated Frequency Coordination Systems. The Commission will consider a Public Notice beginning the process for authorizing Automated Frequency Coordination Systems to govern the operation of standard-power devices in the 6 GHz band (5.925-7.125 GHz). (ET Docket No. 21-352)
ยงย Spectrum Requirements for the Internet of Things. The Commission will consider a Notice of Inquiry seeking comment on current and future spectrum needs to enable better connectivity relating to the Internet of Things (IoT). (ET Docket No. 21-353)
ยงย Shielding 911 Call Centers from Robocalls. The Commission will consider a Further Notice of Proposed Rulemaking to update the Commission's rules regarding the implementation of the Public Safety Answering Point (PSAP) Do-Not-Call registry in order to protect PSAPs from unwanted robocalls. (CG Docket No. 12-129; PS Docket No. 21-343)
ยงย Stopping Illegal Robocalls From Entering American Phone Networks. The Commission will consider a Further Notice of Proposed Rulemaking that proposes to impose obligations on gateway providers to help stop illegal robocalls originating abroad from reaching U.S. consumers and businesses. (CG Docket No. 17-59; WC Docket No. 17-97)
ยงย Supporting Broadband for Tribal Libraries Through E-Rate. The Commission will consider a Notice of Proposed Rulemaking that proposes to update sections 54.500 and 54.501(b)(1) of the Commissionโs rules to amend the definition of library and to clarify Tribal libraries are eligible for support through the E-Rate Program. (CC Docket No. 02-6)
ยงย Strengthening Security Review of Companies with Foreign Ownership. The Commission will consider a Second Report and Order that would adopt Standard Questions โ a baseline set of national security and law enforcement questions โ that certain applicants with reportable foreign ownership must provide to the Executive Branch prior to or at the same time they file their applications with the Commission, thus expediting the Executive Branchโs review for national security and law enforcement concerns. (IB Docket No. 16-155)
[1] โinstances where, within a one-year period, the company hired 25 percent or more non-sales employees of an Entity, division, office, or subsidiary of an Entity, or product, research or development group of an Entity.โ
[2] โthe purchase of one or more patents that is not otherwise defined as another category of acquisition.โ