All posts in “United Kingdom”

Manipulating an Indian politician’s tweets is worryingly easy to do

Here’s a concerning story from India, where the upcoming election is putting the use of social media in the spotlight.

While the Indian government is putting Facebook, Google and other companies under pressure to prevent their digital platforms from being used for election manipulation, a journalist has demonstrated just how easy it is to control the social media messages published by government ministers.

Pon Radhakrishnan, India’s minister of state for finance and shipping, published a series of puzzling tweets today after Pratik Sinha, a co-founder of fact-checking website Alt News, accessed a Google document of prepared statements and tinkered with the content.

Among the statements tweeted out, Radhakrishnan said Prime Minister Modi’s government had failed the middle classes and had not made development on improving the country’s general welfare. Sinha’s edits also led to the official BJP Assam Pradesh account proclaiming that the prime minister had destroyed all villages and made women slaves to cooking.

These are the opposite of the partisan messages that the accounts intended to send.

The messages were held in an unlocked Google document that contained a range of tweets compiled for the Twitter accounts. Sinha managed to access the document and doctor the messages into improbable statements — which he has done before — in order to show the shocking lack of security and processes behind the social media content.

Sinha said he made the edits “to demonstrate how dangerous this is from the security standpoint for this country.”

“I had fun but it could have disastrous consequences,” he told TechCrunch in a phone interview. “This is a massive security issue from the point of view of a democracy.”

Sinha said he was able to access the document — which was not restricted or locked to prevent changes — through a WhatsApp group that is run by members of the party. Declining to give specifics, he said he had managed to infiltrate the group and thus gain access to a flow of party and government information and, even more surprisingly, get right into the documents and edit them.

What’s equally as stunning is that, even with the message twisted 180 degrees, their content didn’t raise an alarm. The tweets were still loaded and published without any realization. It was only after Sinha went public with the results that Radhakrishnan and BJP Assam Pradesh account begin to delete them.

The Indian government is rightly grilling Facebook and Google to prevent its platform being abused around the election, as evidence suggested happened in the U.S. presidential election and the U.K.’s Brexit vote, but members of the government themselves should reflect on the security of their own systems, too. It would be too easy for these poor systems to be exploited.

The UK now has a law against upskirting

A law change that comes into force in the UK today makes the highly intrusive practice of ‘upskirting’ illegal.

The government said it wants the new law to send a clear message that such behaviour is criminal and will not be tolerated.

Perpetrators in the UK face up to two years in prison under the new law if they’re convicted of taking a photograph or video underneath a person’s clothes for the purpose of viewing their underwear or genitals/buttocks without their knowledge or consent for sexual gratification or to cause humiliation, distress or alarm.

There have been prosecutions for upskirting in England and Wales under an existing common law offence of outraging public decency. But following a campaign started by an upskirting victim the government decided to legislate to plug gaps in the law to make it a sexual offence.

The Voyeurism (Offences) (No. 2) Bill was introduced on June 21 last year and gains royal assent today.

Where the offence of upskirting is committed in order to obtain sexual gratification it can result in the most serious offenders being placed on the sex offenders register.

Under the new law victims are also entitled to automatic protection, such as from being identified in the media.

While the UK government is intending the law change to send a clear message that upskirting is socially unacceptable, there’s no doubt that legislation alone can’t do that. Robust enforcement is essential to counter any problematic attitudes that might be contributing to encourage antisocial uses of technologies in the first place.

For example, in South Korea a law against upskirting carries a maximum sentence of five years in prison yet the legislation has failed to curb an epidemic of offences fuelled by cheap access to tiny hidden spy cameras and baked in societal sexism — the latter seemingly also influencing how police choose to uphold the law, with campaigners complaining most perpetrators get off with small fines.

Facebook urged to offer an API for political ad transparency research

Facebook has been called upon to provide good faith researchers with an API to enable them to study how political ads are spreading and being amplified on its platform.

A coalition of European academics, technologists and human and digital rights groups, led by Mozilla, has signed an open letter to the company demanding far greater transparency about how Facebook’s platform distributes and amplifies political ads ahead of elections to the European parliament which will take place in May.

We’ve reached out to Facebook for a reaction to the open letter.

The company had already announced it will launch some of its self-styled ‘election security’ measures in the EU before then — specifically an authorization and transparency system for political ads.

Last month its new global comms guy — former European politician and one time UK deputy prime minister, Nick Clegg — also announced that, from next month, it will have human-staffed operations centers up and running to monitor how localised political news gets distributed on its platform, with one of the centers located within the EU, in Dublin, Ireland.

But signatories to the letter argue the company’s heavily PR’ed political ad transparency measures don’t go far enough.

They also point out that some of the steps Facebook has taken have blocked independent efforts to monitor its political ad transparency claims.

Last month the Guardian reported on changes Facebook had made to its platform that restricted the ability of an external political transparency campaign group, called WhoTargetsMe, to monitor and track the flow of political ads on its platform.

The UK-based campaign group is one of more than 30 groups that have signed the open letter — calling for Facebook to stop what they couch as “harassment of good faith researchers who are building tools to provide greater transparency into the advertising on your platform”.

Other signatories include the Center for Democracy and Technology, the Open Data Institute and Reporters Without Borders.

“By restricting access to advertising transparency tools available to Facebook users, you are undermining transparencyeliminating the choice of your users to install tools that help them analyse political ads, and wielding control over good faith researchers who try to review data on the platform,” they write.

“Your alternative to these third party tools provides simple keyword search functionality and does not provide the level of data access necessary for meaningful transparency.”

The letter calls on Facebook to roll out “a functional, open Ad Archive API that enables advanced research and development of tools that analyse political ads served to Facebook users in the EU” — and do so by April 1, to enable external developers to have enough time to build transparency tools before the EU elections.

Signatories also urge the company to ensure that all political ads are “clearly distinguished from other content”, as well as being accompanied by “key targeting criteria such as sponsor identity and amount spent on the platform in all EU countries”.

Last year UK policymakers investigating the democratic impacts of online disinformation pressed Facebook on the issue of what the information it provides users about the targeting criteria for political ads. They also asked the company why it doesn’t offer users a complete opt-out from receiving political ads. Facebook’s CTO Mike Schroepfer was unable — or unwilling — to provide clear answers, instead choosing to deflect questions by reiterating the tidbits of data that Facebook has decided it will provide.

Close to a year later and Facebook users in the majority of European markets are still waiting for even a basic layer of political transparency, as the company has been allowed to continue self regulating at its own pace and — crucially — by getting to define what ‘transparency’ means (and therefore how much of the stuff users get).

Facebook launched some of these self-styled political ad transparency measures in the UK last fall — adding ‘paid for by’ disclaimers, and saying ads would be retained in an archive for seven years. (Though its verification checks had to be revised after they were quickly shown to be trivially easy to circumvent.)

Earlier in the year it also briefly suspended accepting ads paid for by foreign entities during a referendum on abortion in Ireland.

However other European elections — such as regional elections — have taken place without Facebook users getting access to any information about the political ads they’re seeing or who’s paying for them.

The EU’s executive body has its eye on the issue. Late last month the European Commission published the first batch of monthly ‘progress reports’ from platforms and ad companies that signed up to a voluntary code of conduct on political disinformation that was announced last December — saying all signatories need to do a lot more and fast.

On Facebook specifically, the Commission said it needs to provide “greater clarity” on how it will deploy consumer empowerment tools, and also boost its cooperation with fact-checkers and the research community across the whole EU — with commissioner Julian King singling the company out for failing to provide independent researchers with access to its data.

Today’s open letter from academics and researchers backs up the Commission’s assessment of feeble first efforts from Facebook and offers further fuel to feed its next monthly assessment.

The Commission has continued to warn it could legislate on the issue if platforms fail to step up their efforts to tackle political disinformation voluntarily.

Pressuring platforms to self-regulate has its own critics too, of course — who point out that it does nothing to tackle the core underlying problem of platforms having too much power in the first place…

Dating apps face questions over age checks after report exposes child abuse

The UK government has said it could legislate to require age verification checks on users of dating apps, following an investigation into underage use of dating apps published by the Sunday Times yesterday.

The newspaper found more than 30 cases of child rape have been investigated by police related to use of dating apps including Grindr and Tinder since 2015. It reports that one 13-year-old boy with a profile on the Grindr app was raped or abused by at least 21 men. 

The Sunday Times also found 60 further instances of child sex offences related to the use of online dating services — including grooming, kidnapping and violent assault, according to the BBC, which covered the report.

The youngest victim is reported to have been just eight years old. The newspaper obtaining the data via freedom of information requests to UK police forces.

Responding to the Sunday Times’ investigation, a Tinder spokesperson told the BBC it uses automated and manual tools, and spends “millions of dollars annually”, to prevent and remove underage users and other inappropriate behaviour, saying it does not want minors on the platform.

Grindr also reacting to the report, providing the Times with a statement saying: “Any account of sexual abuse or other illegal behaviour is troubling to us as well as a clear violation of our terms of service. Our team is constantly working to improve our digital and human screening tools to prevent and remove improper underage use of our app.”

We’ve also reached out to the companies with additional questions.

The UK’s secretary of state for digital, media, culture and sport (DCMS), Jeremy Wright, dubbed the newspaper’s investigation “truly shocking”, describing it as further evidence that “online tech firms must do more to protect children”.

He also suggested the government could expand forthcoming age verification checks for accessing pornography to include dating apps — saying he would write to the dating app companies to ask “what measures they have in place to keep children safe from harm, including verifying their age”.

“If I’m not satisfied with their response, I reserve the right to take further action,” he added.

Age verification checks for viewing online porn are due to come into force in the UK in April, as part of the Digital Economy Act.

Those age checks, which are clearly not without controversy given the huge privacy considerations of creating a database of adult identities linked to porn viewing habits, have also been driven by concern about children’s exposure to graphic content online.

Last year the UK government committed to legislating on social media safety too, although it has yet to set out the detail of its policy plans. But a white paper is due imminently.

A parliamentary committee which reported last week urged the government to put a legal ‘duty of care’ on platforms to protect minors.

It also called for more robust systems for age verification. So it remains at least a possibility that some types of social media content could be age-gated in the country in future.

Last month the BBC reported on the death of a 14-year-old schoolgirl who killed herself in 2017 after being exposed to self-harm imagery on the platform.

Following the report, Instagram’s boss met with Wright and the UK’s health secretary, Matt Hancock, to discuss concerns about the impact of suicide-related content circulating on the platform.

After the meeting Instagram announced it would ban graphic images of self-harm last week.

Earlier the same week the company responded to the public outcry over the story by saying it would no longer allow suicide related content to be promoted via its recommendation algorithms or surfaced via hashtags.

Also last week, the government’s chief medical advisors called for a code of conduct for social media platforms to protect vulnerable users.

The medical experts also called for greater transparency from platform giants to support public interest-based research into the potential mental health impacts of their platforms.

Is Europe closing in on an antitrust fix for surveillance technologists?

The German Federal Cartel Office’s decision to order Facebook to change how it processes users’ personal data this week is a sign the antitrust tide could at last be turning against platform power.

One European Commission source we spoke to, who was commenting in a personal capacity, described it as “clearly pioneering” and “a big deal”, even without Facebook being fined a dime.

The FCO’s decision instead bans the social network from linking user data across different platforms it owns, unless it gains people’s consent (nor can it make use of its services contingent on such consent). Facebook is also prohibited from gathering and linking data on users from third party websites, such as via its tracking pixels and social plugins.

The order is not yet in force, and Facebook is appealing, but should it come into force the social network faces being de facto shrunk by having its platforms siloed at the data level.

To comply with the order Facebook would have to ask users to freely consent to being data-mined — which the company does not do at present.

Yes, Facebook could still manipulate the outcome it wants from users but doing so would open it to further challenge under EU data protection law, as its current approach to consent is already being challenged.

The EU’s updated privacy framework, GDPR, requires consent to be specific, informed and freely given. That standard supports challenges to Facebook’s (still fixed) entry ‘price’ to its social services. To play you still have to agree to hand over your personal data so it can sell your attention to advertisers. But legal experts contend that’s neither privacy by design nor default.

The only ‘alternative’ Facebook offers is to tell users they can delete their account. Not that doing so would stop the company from tracking you around the rest of the mainstream web anyway. Facebook’s tracking infrastructure is also embedded across the wider Internet so it profiles non-users too.

EU data protection regulators are still investigating a very large number of consent-related GDPR complaints.

But the German FCO, which said it liaised with privacy authorities during its investigation of Facebook’s data-gathering, has dubbed this type of behavior “exploitative abuse”, having also deemed the social service to hold a monopoly position in the German market.

So there are now two lines of legal attack — antitrust and privacy law — threatening Facebook (and indeed other adtech companies’) surveillance-based business model across Europe.

A year ago the German antitrust authority also announced a probe of the online advertising sector, responding to concerns about a lack of transparency in the market. Its work here is by no means done.

Data limits

The lack of a big flashy fine attached to the German FCO’s order against Facebook makes this week’s story less of a major headline than recent European Commission antitrust fines handed to Google — such as the record-breaking $5BN penalty issued last summer for anticompetitive behaviour linked to the Android mobile platform.

But the decision is arguably just as, if not more, significant, because of the structural remedies being ordered upon Facebook. These remedies have been likened to an internal break-up of the company — with enforced internal separation of its multiple platform products at the data level.

This of course runs counter to (ad) platform giants’ preferred trajectory, which has long been to tear modesty walls down; pool user data from multiple internal (and indeed external sources), in defiance of the notion of informed consent; and mine all that personal (and sensitive) stuff to build identity-linked profiles to train algorithms that predict (and, some contend, manipulate) individual behavior.

Because if you can predict what a person is going to do you can choose which advert to serve to increase the chance they’ll click. (Or as Mark Zuckerberg puts it: ‘Senator, we run ads.’)

This means that a regulatory intervention that interferes with an ad tech giant’s ability to pool and process personal data starts to look really interesting. Because a Facebook that can’t join data dots across its sprawling social empire — or indeed across the mainstream web — wouldn’t be such a massive giant in terms of data insights. And nor, therefore, surveillance oversight.

Each of its platforms would be forced to be a more discrete (and, well, discreet) kind of business.

Competing against data-siloed platforms with a common owner — instead of a single interlinked mega-surveillance-network — also starts to sound almost possible. It suggests a playing field that’s reset, if not entirely levelled.

(Whereas, in the case of Android, the European Commission did not order any specific remedies — allowing Google to come up with ‘fixes’ itself; and so to shape the most self-serving ‘fix’ it can think of.)

Meanwhile, just look at where Facebook is now aiming to get to: A technical unification of the backend of its different social products.

Such a merger would collapse even more walls and fully enmesh platforms that started life as entirely separate products before were folded into Facebook’s empire (also, let’s not forget, via surveillance-informed acquisitions).

Facebook’s plan to unify its products on a single backend platform looks very much like an attempt to throw up technical barriers to antitrust hammers. It’s at least harder to imagine breaking up a company if its multiple, separate products are merged onto one unified backend which functions to cross and combine data streams.

Set against Facebook’s sudden desire to technically unify its full-flush of dominant social networks (Facebook Messenger; Instagram; WhatsApp) is a rising drum-beat of calls for competition-based scrutiny of tech giants.

This has been building for years, as the market power — and even democracy-denting potential — of surveillance capitalism’s data giants has telescoped into view.

Calls to break up tech giants no longer carry a suggestive punch. Regulators are routinely asked whether it’s time. As the European Commission’s competition chief, Margrethe Vestager, was when she handed down Google’s latest massive antitrust fine last summer.

Her response then was that she wasn’t sure breaking Google up is the right answer — preferring to try remedies that might allow competitors to have a go, while also emphasizing the importance of legislating to ensure “transparency and fairness in the business to platform relationship”.

But it’s interesting that the idea of breaking up tech giants now plays so well as political theatre, suggesting that wildly successful consumer technology companies — which have long dined out on shiny convenience-based marketing claims, made ever so saccharine sweet via the lure of ‘free’ services — have lost a big chunk of their populist pull, dogged as they have been by so many scandals.

From terrorist content and hate speech, to election interference, child exploitation, bullying, abuse. There’s also the matter of how they arrange their tax affairs.

The public perception of tech giants has matured as the ‘costs’ of their ‘free’ services have scaled into view. The upstarts have also become the establishment. People see not a new generation of ‘cuddly capitalists’ but another bunch of multinationals; highly polished but remote money-making machines that take rather more than they give back to the societies they feed off.

Google’s trick of naming each Android iteration after a different sweet treat makes for an interesting parallel to the (also now shifting) public perceptions around sugar, following closer attention to health concerns. What does its sickly sweetness mask? And after the sugar tax, we now have politicians calling for a social media levy.

Just this week the deputy leader of the main opposition party in the UK called for setting up a standalone Internet regulatory with the power to break up tech monopolies.

Talking about breaking up well-oiled, wealth-concentration machines is being seen as a populist vote winner. And companies that political leaders used to flatter and seek out for PR opportunities find themselves treated as political punchbags; Called to attend awkward grilling by hard-grafting committees, or taken to vicious task verbally at the highest profile public podia. (Though some non-democratic heads of state are still keen to press tech giant flesh.)

In Europe, Facebook’s repeat snubs of the UK parliament’s requests last year for Zuckerberg to face policymakers’ questions certainly did not go unnoticed.

Zuckerberg’s empty chair at the DCMS committee has become both a symbol of the company’s failure to accept wider societal responsibility for its products, and an indication of market failure; the CEO so powerful he doesn’t feel answerable to anyone; neither his most vulnerable users nor their elected representatives. Hence UK politicians on both sides of the aisle making political capital by talking about cutting tech giants down to size.

The political fallout from the Cambridge Analytica scandal looks far from done.

Quite how a UK regulator could successfully swing a regulatory hammer to break up a global Internet giant such as Facebook which is headquartered in the U.S. is another matter. But policymakers have already crossed the rubicon of public opinion and are relishing talking up having a go.

That represents a sea-change vs the neoliberal consensus that allowed competition regulators to sit on their hands for more than a decade as technology upstarts quietly hoovered up people’s data and bagged rivals, and basically went about transforming themselves from highly scalable startups into market-distorting giants with Internet-scale data-nets to snag users and buy or block competing ideas.

The political spirit looks willing to go there, and now the mechanism for breaking platforms’ distorting hold on markets may also be shaping up.

The traditional antitrust remedy of breaking a company along its business lines still looks unwieldy when faced with the blistering pace of digital technology. The problem is delivering such a fix fast enough that the business hasn’t already reconfigured to route around the reset. 

Commission antitrust decisions on the tech beat have stepped up impressively in pace on Vestager’s watch. Yet it still feels like watching paper pushers wading through treacle to try and catch a sprinter. (And Europe hasn’t gone so far as trying to impose a platform break up.) 

But the German FCO decision against Facebook hints at an alternative way forward for regulating the dominance of digital monopolies: Structural remedies that focus on controlling access to data which can be relatively swiftly configured and applied.

Vestager, whose term as EC competition chief may be coming to its end this year (even if other Commission roles remain in potential and tantalizing contention), has championed this idea herself.

In an interview on BBC Radio 4’s Today program in December she poured cold water on the stock question about breaking tech giants up — saying instead the Commission could look at how larger firms got access to data and resources as a means of limiting their power. Which is exactly what the German FCO has done in its order to Facebook. 

At the same time, Europe’s updated data protection framework has gained the most attention for the size of the financial penalties that can be issued for major compliance breaches. But the regulation also gives data watchdogs the power to limit or ban processing. And that power could similarly be used to reshape a rights-eroding business model or snuff out such business entirely.

The merging of privacy and antitrust concerns is really just a reflection of the complexity of the challenge regulators now face trying to rein in digital monopolies. But they’re tooling up to meet that challenge.

Speaking in an interview with TechCrunch last fall, Europe’s data protection supervisor, Giovanni Buttarelli, told us the bloc’s privacy regulators are moving towards more joint working with antitrust agencies to respond to platform power. “Europe would like to speak with one voice, not only within data protection but by approaching this issue of digital dividend, monopolies in a better way — not per sectors,” he said. “But first joint enforcement and better co-operation is key.”

The German FCO’s decision represents tangible evidence of the kind of regulatory co-operation that could — finally — crack down on tech giants.

Blogging in support of the decision this week, Buttarelli asserted: “It is not necessary for competition authorities to enforce other areas of law; rather they need simply to identity where the most powerful undertakings are setting a bad example and damaging the interests of consumers.  Data protection authorities are able to assist in this assessment.”

He also had a prediction of his own for surveillance technologists, warning: “This case is the tip of the iceberg — all companies in the digital information ecosystem that rely on tracking, profiling and targeting should be on notice.”

So perhaps, at long last, the regulators have figured out how to move fast and break things.