Waymo opens-up data treasure trove for autonomous vehicles

Waymo has pulled back the curtain on valuable datasets to help researchers better hone self-driving algorithms.

While this is a nice gesture from the team, we suspect the lid will be kept shut on further datasets unless the idea becomes more mainstream. Data is king in the world of autonomous vehicles and this could prove to be a valuable bonanza for researchers and application developers throughout the world.

Waymo has said the datasets are not available for commercial use, though researchers in commercial organizations are free to access the data for their own development purposes.

“When it comes to research in machine learning, having access to data can turn an idea into a real innovation,” the team said in a Medium post.

“This data has the potential to help researchers make advances in 2D and 3D perception, and progress on areas such as domain adaptation, scene understanding and behaviour prediction. We hope that the research community will generate more exciting directions with our data that will not only help to make self-driving vehicles more capable, but also impact other related fields and applications, such as computer vision and robotics.”

When you look at the development of autonomous vehicles, nothing is more valuable than the right data, and those who collect it are usually very protective. Part of the reason for this is the effort which must be exerted to collect it, with companies like Waymo clocking up millions of miles on the road.

This release contains data from 1,000 driving segments, each capturing 20 seconds of continuous driving, corresponding to 200,000 frames at 10 Hz per sensor. Each segment contains sensor data from five high-resolution Waymo lidars and five front-and-side-facing cameras, offering a 360° view, as well as a total of 12 million 3D labels and 1.2 million 2D labels.

Such data would allow researchers to train models to track and predict the behaviour of other road users, as well as simulate certain situations to find the most appropriate outcome. The dataset covers various environments, from dense urban to suburban landscapes, as well as during day and night, at dawn and dusk, in sunshine and rain.

What is worth noting, as while this is the largest release of data for autonomous vehicles, it is not the first. Lyft released data last month, and Argo AI did so the month before.

The more data which is released to researchers, the quicker the autonomous dream can be realised, and the safer the final product will actually be. It does technically lessen the commercial edge of these organizations, but the final goal of getting autonomous vehicles on the road sooner rather than later seems to be more valuable.

IBM and Google reportedly swap morals for cash in Chinese surveillance JV

IBM and Google executives should be bracing for impact as the comet of controversy heads directly towards their offices.

Reports have emerged, via the Intercept, suggesting two of the US’ most influential and powerful technology giants have indirectly been assisting the Chinese Government with its campaign of mass-surveillance and censorship. Both will try to distance themselves from the controversy, but this could have a significant impact on both firms.

The drama here is focused around a joint-venture, the OpenPower Foundation, founded in 2013 by Google and IBM, but features members such as Red Hat, Broadcom, Mellanox, Xilinx and Rackspace. The aim of the open-ecosystem organization is to facilitate and share advances in networking, server, data storage, and processing technology.

To date, the group has been little more than another relatively uninteresting NPO, serving a niche in the industry, though one initiative is causing the stir. The OpenPower Foundation has been working with Xilinx and Chinese firm Semptian to create a new breed of chips capable of enabling computers to process incredible amounts of data. This might not seem extraordinary, though the application is where the issue has been found.

On the surface, Semptian is a relatively ordinary Chinese semiconductor business, but when you look at its most profitable division, iNext, the story becomes a lot more sinister. iNext specialises in selling equipment to the Chinese Government to enable the mass-surveillance and censorship projects which have become so infamous.

It will come as little surprise a Chinese firm is aiding the Government with its nefarious objectives, but a link to IBM and Google, as well as a host of other US firms, will have some twitching with discomfort. We can imagine the only people who are pleased at this news are the politicians who are looking to get their faces on TV by theatrically condemning the whole saga.

Let’s start with what iNext actually does before moving onto the US firms involved in the controversy. iNext works with Chinese Government agencies by providing a product called Aegis. Aegis is an interception and analysis system which has been embedded into various phone and internet networks throughout the country. This is one of the products which enables the Chinese Government to have such a close eye on the activities of its citizens.

Documentation acquired by The Intercept outlines the proposition in more detail.

“Aegis is not only the standard interception system but also the powerful analysis system with early warning and timely action capabilities. Aegis can work with all kinds of networks and 3rd party systems, from recovering, analysing, exploring, warning, early warning, locating to capturing. Aegis provides LEA with an end to end solution described as Deep Insight, Early Warning and Timely Action.”

Although the majority of this statement is corporate fluff, it does provide some insight into the way in which the technology actually works. This is an incredibly powerful surveillance system, which is capable of locating individuals through application usernames, IP addresses or phone numbers, as well as accurately tracking the location of said individuals on a real-time basis.

Perhaps one of the most worrying aspect of this system is the ‘pre-crime’ element. Although the idea of predictive analytics in some societies has been met with controversy and considerable resistance, we suspect the Chinese Government does not have the same reservations.

iNext promises this feature can help prevent crime through the introduction of an early warning system. This raises all sorts of ethical questions, as while the data estimates might be accurate to five nines, can you arrest someone when they haven’t actually committed a crime. This is the sticky position Google and IBM might have found itself in.

OpenPower has said that it was not aware of the commercial applications of the projects it manages, while its charter prevents it from getting involved. The objective of the foundation is to facilitate the progress of technology, not to act as judge and jury for its application. It’s a nice little way to keep controversy at arm’s length; inaction and negligence is seen as an appropriate defence plea.

For IBM and Google, who are noted as founding members of the OpenPower Foundation, a stance of ignorance might be enough to satisfy institutions of innocence, but the court of public opinion could swing heavily the other direction. An indirect tie to such nefarious activities is enough for many to pass judgment.

When it comes to IBM, the pursuit of innocence becomes a little bit trickier. IBM is directly mentioned on the Semptian website, suggesting Big Blue has been working closely with the Chinese firm for some time, though the details of this relationship are unknown for the moment.

For any of the US firms which have been mentioned here, it is not a comfortable situation to be in. Although they might be able to plead ignorance, it is quite difficult to believe. These are monstrous multi-national billion-dollar corporations, with hordes of lawyers, some of whom will be tasked with making sure the technology is not being utilised in situations which would get the firm in trouble.

Of course, this is not the first time US technology firms have found themselves on the wrong side of right. There have been numerous protests from employees of the technology giants as to how the technology is being applied in the real-world. Google is a prime example.

In April 2018, Google employees revolted over an initiative the firm was participating in with the US Government. Known as Project Maven, Google’s AI technology was used to improve the accuracy of drone strikes. As you can imagine, the Googlers were not happy at the thought of helping the US Government blow people up. Project Dragonfly was another which brought internal uproar, this time the Googlers were helping to create a version of the Google news app for China which would filter out certain stories which the Government deemed undesirable.

Most of the internet giants will plead their case, suggesting their intentions are only to advance society, but there are numerous examples of contracts and initiatives which contradict this position.

Most developers or engineers, especially the ones who work for a Silicon Valley giant, work for the highest bidder, but there is a moral line few will cross. As we’ve seen before, employees are not happy to aide governments in the business of death, surveillance or censorship, and we suspect the same storyline will play out here.

Google and IBM should be preparing themselves for significant internal and external backlash.

Google’s Sidewalk’s bet is a nightmare for the privacy conscious

If you’re concerned about whether Google is listening to you through your phone or smart speaker, soon enough you’ll have to worry about lampposts having ears, or at least if your live in Toronto.

For those who have not been keeping up-to-date with the Canadian tech scene, Google’s Sidewalk Labs is currently working in partnership with Toronto to demonstrate the vision of tomorrow; the smart city. Plans are still being drawn up, though it looks like two neighbourhoods will be created with a new Google campus bang in the middle.

The Master Innovation and Development Plan (MIDP) hope to create the city of tomorrow and will be governed by Waterfront Toronto, a publicly-funded organization. In a move to seemingly appease the data concerns of Waterfront Toronto, Google has now stated all the systems would be run by analysing data, but Sidewalk Labs will not disclose personal information to third parties without explicit consent and will not sell personal information.

This is the first bit of insight we’ve had on this initiative for a while. Having secured the project in 2017, Sidewalk Labs has been in R&D mode. The team is attempting to prove the business case and the products, though it won’t be long before work is underway. Assuming of course Google is able to duck and weave through the red-tape which is going to be presented over the next 12-18 months.

The most recent development is a series of white papers which are addressing numerous topics from sustainable production plans, mobility, data protection and privacy and the envisioned usecases. If you have a spare few hours, you can find all the documentation here.

Of course, there are plenty of smart city initiatives around the world but what makes this one interesting is that the concept of ‘smart’ is being built from the foundations. This is a greenfield project not brownfield, which is substantially easier. Buildings, street furniture and infrastructure can be built with connectivity in mind.

This is the challenge which other cities are facing, lets take London as an example. Construction on the London Underground system started in 1863, while the London sewage system was plumbed in between 1859 and 1865. The city itself, and the basic layout, was established in 50 AD. Although there are creative solutions to enhance connectivity, most cities were built in the days before most could even conceive of the internet.

The Quayside and Villiers West neighbourhoods will be home to almost 7,000 residents and offer jobs to even more, anchored by the new Google campus. The buildings will offer ‘adaptable’ spaces, including floor plates and sliding walls panels to accelerate renovations and reduce vacancies. It will also be incredibly energy friendly, featuring a thermal energy grid which could heat and cool homes using the natural temperature of the earth.

But onto the areas which most people in the industry will be interested in; the introduction of new technologies and access to data.

High-speed internet connections will be promised to all residents and businesses, intelligent traffic lights and curbs will be deployed to better regulate traffic, smart awnings will be introduced for those into gimmicky technology and the neighbours will be designed to allow for an army of underground delivery robots to function.

Autonomous driving is one technology area which fits perfectly into the greenfield advantage. The complications of creating a landscape for autonomous vehicles in older cities are great, but by building up the regions with connectivity in mind many of these challenges can be averted. Not only can the introduction of self-driving vehicles be accelerated, but ride-sharing (Zipcar) or hailing (Uber) alternatives can be assisted while other options such as e-scooters are more realistic.

Such is the ambition nurtured in the Google business, if there is a crazy idea which can be applied to the smart city concept, Sidewalk Labs have probably factored it into the design and build process.

And now onto the data. This is where the project has drawn criticism as Google does not necessarily have the most glistening record when it comes to data privacy and protection. Small print littered throughout various applications has ensured Google is never too far away from criticism. In fairness, this is a problem which is industry wide, but a cloud of scepticism has been placed over any initiative which has data as the fuel.

The latest announcement from Google/Sidewalk Labs focuses on this very issue. Sidewalk Labs will not sell any personal information, this data will not be used to fuel the advertising mechanisms and it will not disclose this insight to third-parties. Explicit consent would have to be provided in any of these circumstances.

Whether these conditions will be up to the standards defined by Waterfront Toronto remains to be seen. This body has the final say and may choose to set its own standards at a higher or lower level. Anonymity might be called into play as many activists have been pushing. This is not a scenario which Google would want to see.

While expanding into new services might seem like an attractive idea, if this expansion can be coupled with additional access to data to fuel the Google data machine, it is a massive win for the internet giant. Let’s not forget, everything which Google has done to date (perhaps excluding Loon and the failed Fiber business) has paid homage to the advertising mechanisms.

Fi offers it interesting data on customer locations, the smart speakers are simply an extension of the core advertising business through a new user interface and Android allowed Google to place incredibly profitable products as default on billions of phones and devices. If Google can start to access new data sets it can offer new services, engage new customers and create new revenues for investors.

Let’s say it can start collecting data on traffic flow, this could become important insight for traffic management and city planners when it comes to adding or altering bus routes. This data could also be used to reduce energy consumption on street lights or traffic lights; if there is no-one there, do they actually need to be on? It could also help retailers forecast demand for new stores and aid the police with their work.

These ideas might not sound revolutionary or that they would bring in billions, but always remember, Google never does anything for free. This is a company which seems to see ideas before anyone else and can monetize them like few others. If Google is paying this much attention to an idea or project, there must be money to be made and we bet there is quite a bit.

But this is where Google is facing the greatest opposition. Because it is so good at extracting insight and value from data, it is one of the companies which is facing the fiercest criticism. This will be the most notable the further afield Google spreads its wings. It seems the world is content with Google sucking value out of personal data when it comes to search engines or mobile apps, but pavements, lampposts and bus stops might be a step too far for some.

Of course, criticism might disappear when jealousy emerges. The hardcore privacy advocates will never rest, but most simply don’t care that much. Privacy violations will of course cause uproar, but if there is a fair trade-off, most will accept Google’s role. If Google can prove these neighbourhoods not only improve the quality of life, but also offer advantages to entertainment and business (for example), this initiative could prove to be very popular with the general public, governments and businesses.

A weak France overshadowed Orange’s Q1

The telecom operator Orange reported a flat Q1, with a weak performance in its home market partially compensated by the strength in Africa and the Middle East.

Orange reported a set of stable top line numbers in its first quarter results. On Group level, the total revenue of €10.185 billion was largely flat from a year ago (-0.1%), and the EBITDAaL (earnings before interest, tax, depreciation and amortisation after lease) improved by 0.7% to reach €2.583. Due to the 8% increase in eCAPEX (“economic” CAPEX), the total operating cash flow decline by 10.2% to €951 million.

Orange 2019Q1 Group level numbers.pdf

Commenting on the results, Stéphane Richard, Chairman and CEO of the Orange Group, said that “the Group succeeded in maintaining its high quality commercial performance in spite of a particularly challenging competitive context notably in our two principal countries of France and Spain. Our strategy is paying off since EBITDAal is continuing to grow while revenues remain stable, allo wing us to reaffirm our 2019 objectives”

On geography level, France, its home and biggest market is going through a weak period. Despite registering net gain in the number of customers, the total income dropped by 1.8% to €4.408 billion, the first quarterly decline in two years. The company blamed competition, a one-off promotion of digital reading offer towards the end of the quarter, and “a weaker performance on high-end equipment sales in the 1st quarter of this year”. The move to “Convergence” was positive, but not fast enough to offset the lose in narrowband customers. The competition pressure is still visible. The Sosh package (home broadband + mobile) Orange rolled out to combat Free is gaining weight among its broadband customers, which resulted in a decline of revenues despite the growth in customer base.

Orange’s European markets, including Spain and the rest of Europe, reported modest growth, with strength in Poland (+2.6%) and Belgium & Luxembourg (+3.8%) offset by a weaker Central Europe (-1.9%). The bright spot was Africa and Middle East, which registered a 5.3% growth to reach €1.349 billion revenue, taking the market’s total revenue above Spain and just marginally behind the rest of Europe. The company’s drive to extend its 4G coverage in Africa is paying off, with mobile data service contributing to 2/3 of its mobile growth. Orange Money also saw strong enthusiasm, with the revenue up by 29% and total number of monthly active users totalling 15.5 million.

Both the Q1 results and outlook to the rest of the year spelled mixed messages for the wider telecom market and Orange’s suppliers, but negatives look to outweigh positives. On the consumer market side, the slowdown of high-end smartphone sales and prolonged replacement cycle has once again been demonstrated in the weak numbers in France. On the network market side, Orange predicts more efficiency. This includes both the network sharing deal signed with Vodafone Spain, which is expected to deliver €800 million savings over ten years, and an overall reduction in CAPEX this year.

As the CEO said, “while the level of eCapex for this quarter is higher, it should reduce slightly for 2019 as a whole, as predicted, excluding the effect of the network sharing agreement with Vodafone in Spain announced on 25 April.” This means, to achieve the annual target of reduced CAPEX, the spending will drop much faster in the rest of year. There is no timetable to start 5G auction in France yet, but it will be safe to say that any expectations of 5G spending extravaganza will be misplaced.

On the positive side, Orange has seen its efforts to diversify its business gaining traction, especially in IoT and smart homes. But these areas, fast as the growth may be, only make a small portion of Orange’s total business.

If 52% don’t understand data-sharing economy, is opt-in redundant?

Nieman Lab has unveiled the results of research suggesting more than half of adults do not realise Google is collecting and storing personal data through usage of its platforms.

The research itself is quite shocking and outlines a serious issue as we stride deeper into the digital economy. If the general population does not understand the basic principles behind the data-sharing economy, how are they possibly going to protect themselves against the nefarious intentions from the darker corners of the virtual world?

You also have to question whether there is any point in the internet players seeking consent if the user does not understand what he/she is signing up for.

According to the research, 52% of the survey respondents do not expect Google to collect data about a person’s activities when using its platforms, such as search engines or YouTube, while 57% do not believe Google is tracking their web activity in order to create more tailored advertisements.

While most working in the TMT industry would assume the business models of the Google and the other internet are common knowledge, the data here suggests otherwise.

66% also do not realise Google will have access to personal data when using non-Google apps, while 64% are unaware third-party information will be used to enhance the accuracy of adverts served on the Google platforms. Surprisingly, only 57% of the survey respondents realise Google will merge the data collected on each of its own platforms to create profiles of users.

Although this survey has been focused on Google, it would be fair to assume the same respondents do not appreciate this is how many newly emerging companies are fuelling their spreadsheets. The data-sharing economy is the very reason many of the services we enjoy today are free, though if users are not aware of how this segment functions, you have to question whether Google and the other internet giants are doing their jobs.

The ideas of opt-in and consent are critically important nowadays. New rules in the European Union, GDPR, set about significant changes to dictate how companies collect, store and use personal information collected by the service providers. These rules were supposed to enforce transparency and encourage the user to be in control of their personal information, though this research does not offer much encouragement.

If the research suggests more than half of adults do not understand how Google collects personal information or uses it to enhance its own advertising capabilities, what is the point of the opt-in process in the first place?

Reports like this suggest the opt-in process is largely meaningless as users do not understand what they are giving the likes of Google permission to do. The blame for this lack of education is split between the internet giants, who have become experts at muddying the waters, and the users themselves.

Those who use the services for free but do not question the continued existence of ‘free’ platforms should forgo the right to be annoyed when scandals emerge. Not taking the time to understand, or at least attempt to, the intricacies of the data-sharing economy is the reason many of these scandals emerge in the first place; users have been blindly handing power to the internet giants.

The internet players need to do more to educate the world on their business models, however the user does have to take some of the responsibility. We’re not suggesting everyone becomes an internet economy expert, but gaining a basic understanding is not incredibly difficult. However, it does seem ignorance is bliss.

Facebook calls on governments to help control content on the Internet

Facebook founder and CEO Mark Zuckerberg has governments and regulators to play a more active role in developing new rules for the internet.

In an op-ed for the Washington Post, Zuck claimed that the current rules of the internet have served his generation of entrepreneurs well, but “it’s time to update these rules to define clear responsibilities for people, companies and governments going forward.” He argued that companies like Facebook should not make daily judgments on the nature of all the content going through its platform just by themselves. “I believe we need a more active role for governments and regulators,” Zuckerberg said. For what he called the new rules for the internet, Zuckerberg proposed that the parties involved in the governance of the internet should focus on four areas.

“Harmful content” came on top of his list. Zuckerberg conceded that Facebook is having too much power over speech, and believed there is a need for an independent oversight body, dubbed by some media as a “Facebook Supreme Court”, which the company is building up. “First, it will prevent the concentration of too much decision-making within our teams. Second, it will create accountability and oversight. Third, it will provide assurance that these decisions are made in the best interests of our community and not for commercial reasons,” Zuckerberg explained the rationale when the content governance and enforcement plan was published last November.

Zuckerberg also cited the example of the company’s collaboration with the French government to highlight the Facebook’s willingness to work with regulators. Starting from January Facebook has hosted a group of French senior civil servants including those from the telecom regulator l’Arcep (Autorité de régulation des communications électroniques et des Postes) or the Ministry of Justice, whereby they can identify Facebook’s good practice that the delegation can approve. Incidentally, France raised nearly 38,000 requests for Facebook pages to be taken down in 2015, by far the highest number of all countries, according to a stat by Statista from a few years back, cited by the French media outlet Le Journal du Net (JDN) (pictured).

Second on Zuckerberg’s list is “election integrity”. Recognising the significant role Facebook data, and the misuse of it, has played in recent political campaigns, the company is implementing new rules related to political ads, in the run-up to the European Parliamentary election in May. Users are able to search who is behind a certain ad, how much is paid, the number of times the ad has been viewed, as well as the demographics of those that have viewed it. The “Ads Library” will be stored by Facebook for seven years.

However, Zuckerberg also recognised both the difficulty of identifying political ads (“deciding whether an ad is political isn’t always straightforward”), and the inadequacy of the current rules on political campaigns including online political advertising. Therefore, he was calling for both common standards for verifying political actors, and for updates on the laws to keep up with the fast-changing online realities. At about the same time, Facebook published a post to explain how “Why am I seeing this post?” and “Why am I seeing this ad?” work, to further its efforts to be more transparent.

“Privacy” is the next on Zuckerberg’s list. He focused on the topic of privacy in a long post recently, so he did not spell out the measures Facebook is taking. Instead, Zuckerberg was calling on governments and regulators from all countries to develop a common global framework modelled on the GDPR regime in the EU.

Last on the list is “data portability”, i.e. users should be able to seamlessly and securely move their data from one platform to another. This is centred on the Data Transfer Project (DTP) that Facebook is contributing to, together with Google, Microsoft, and Twitter, and is not directly related to governments or regulators. The project aims to build “a common framework with open-source code that can connect any two online service providers”. When the user initiates a data transfer request, DTP will use the “services’ existing APIs and authorization mechanisms to access data. It then uses service specific adapters to transfer that data into a common format, and then back into the new service’s API.”

Zuckerberg has extended plenty of goodwill recently, and there is no reason to question his sincerity. However, in addition to the lack of implementation details in his proposal, his call for actively working with governments and regulators can be a double-edged sword. On one hand, a global oversight body could be able to define a set of common rules that all internet companies can be regulated by and assessed on. On the other hand, how to avoid being dictated by the agenda of individual governments, especially in countries where the demarcation between politicians and professional, supposedly neutral civil servants is less clear, is a hard question to answer. For example, how fundamentally different is Facebook’s collaboration with the French government from Google’s clandestine efforts to satisfy the Chinese government’s censorship requests?

Nokia-branded phones sent personal data from Norway to China

Norwegian media is reporting that private data of Nokia 7 Plus users may have been sent to a server in China for months. Finland’s data protection ombudsman will investigate and may escalate the case to the EU.

Henrik Austad, a Nokia 7 Plus user in Norway, alerted the Norwegian public media group NRK in February when he noticed every time he powered on his phone it would ping a server in China and batches of data would be sent. The data included the phone’s IMEI numbers, SIM card numbers, the cell ID of the base station the phone is connected to, and its network address (the MAC address), and they have been sent unencrypted. Investigation by NRK discovered that the recipient of the data is a domain (“http://zzhc.vnet.cn”) belonging to China Telecom.

Nokia 7 Plus pinging China server

Because HMD Global, the company behind the Nokia-branded phones that was set up by former Nokia executives and has licensed the Nokia brand, is a Finland-registered company, the news was quickly brought to the attention of Reijo Aarnio, Finland’s data protection ombudsman . “We started the investigation after receiving the news from the Norwegian Broadcasting Company (NRK) and I also consulted our IT experts. The findings showed this looks rather bad,” Aarnio said.

When talking to the Finnish state broadcaster YLE and the country’s biggest broadsheet newspaper Helsingin Sanomat (HS), the ombudsman also raised a couple of serious concerns he said he would seek clarifications from HMD Global early next week:

  • Are the users aware that their personal data are being transferred to China?
  • On what legal ground, if any, are personal data transferred outside of the EU?
  • Have corrective actions been taken to prevent similar cases from happening again?

Earlier when writing to NRK, Aarnio said his first thought was this could be a breach of GDPR, and, if true, the case would be brought in front of the European Union. (Although Norway is not a EU member state, Iceland, Liechtenstein, and Norway, the three EEA countries which are not part of the EU, agreed to accept GDPR two months after it came into effect in the EU.)

Replying to Telecoms.com’s enquiry, HMD Global, through its PR agency, sent this statement:

We can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed and no person could have been identified based on this data. This error has already been identified and fixed in February 2019 by switching the client to the right country variant. All affected devices have received this fix and nearly all devices have already installed it.

Collecting one-time device activation data when the phone is taken first time into use is an industry practice and allows manufacturers to activate phone warranty. HMD Global takes the security and privacy of its consumers seriously.

Jarkko Saarimäki, Director Finland’s National Cyber Security Centre (Kyberturvallisuuskeskus), which offered to support the ombudsman if needed, raised another point while talking to YLE, “In cases of this kind, the company should report the case to the Office of the Data Protection Ombudsman (tietosuojavaltuutetun toimisto) and inform the customers of the data security risk.” It looks what HMD Global has done is exactly the opposite: it quietly fixed the issue with a software update.

What exactly happened remains unclear, but the investigation from NRK may shed some light. Further research into the data transfer took NRK investigators to GitHub, where they discovered a set of code that would generate data transmission similar to that on the Nokia 7 Plus in question, and to the same destination. This code resides in a subfolder called “China Telecom”. On the same level there are also subfolders for China Mobile, China Unicom as well as other folders for different purposes. Henrik Lied, the NRK journalist who first reported the case, shared with Telecoms.com this subfolder structure that he captured on GitHub:

GitHub snapshot

Closer analyses of the code in question on GitHub by Telecoms.com seem to have given us a bit more insight. This is what we assume has happened: HMD Global or its ODM partner sourced the code from a developer by the GitHub username of “bcyj” to transfer user data when a phone on China Telecom network is started. But, by mistake, HMD Global has loaded this set of code on a number of Nokia 7 Plus meant for Norway (“our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus”). When it realised the mistake by whatever means HMD Global released a software update to overwrite this code.

Incidentally it looks the code was originally written for a Chinese OEM LeEco (which is largely defunct now) whose product, e.g. the Le Max 2, was running on the Snapdragon 820 platform with the MSM8996 modem. The modem was later incorporated in the mid-tier platform Snapdragon 660 which powers the Nokia 7 Plus.

There are still quite a few questions HMD Global’s statement does not answer.

  • How many users have been affected? And in what countries? The award-winning Nokia 7 Plus is one of the more popular models from HMD Global, and it is highly unlikely a batch of products were specifically made for the Norwegian market with its limited size. Could the same products have been shipped to other Northern European markets too?
  • Is China Telecom the only operator in China that requires phones on its network to be equipped with a software that regularly sends personal data? We do not find similar programmes under the China Mobile or China Unicom subfolders on the same GitHub location.
  • Is HMD Global the only culprit? Or other OEMs’ products on China Telecom network and on the same Qualcomm modem are also running the same script every time the phone is powered on, but they have not made the same mistake by mixing up regional variants as HMD Global did?
  • On what ground could HMD Global claim that the recipients of the data or any other parties who have access to the data (as they are sent unencrypted), will not be able to identify the individuals (“no person could have been identified based on this data”)? To defend itself, in its statement to NRK, HMD Global referred to the Patrick Breyer vs Bundesrepublik Deutschland case when the Court of Justice of the European Union (CJEU) ruled that whether a certain type of data would qualify as “personal data” should generally need to be assessed based on a “subjective / relative approach”. In the present case HMD Global seems to be arguing that the recipients of the data sent from the phones are not able to establish the identities of the users. It may have its point as China Telecom (or other identities in China that receive the data) does not have the identity information of the users. However, this is a weak defence. The CJEU sided with the German Federal Court of Justice because the point of dispute was dynamic IP only, and the court deemed “that dynamic IP addresses collected by an online media service provider only constitute personal data if the possibility to combine the address with data necessary to identify the user of a website held by a third party (i.e. user’s internet service provider) constitutes a mean “likely reasonably to be used to identify” the individual”, as was summarised by the legal experts Fabian Niemann and Lennart Schüßler. In the HMD Global case, however, a full set of private data were transmitted, not to mention transmitted unencrypted.
  • On what evidence did HMD Global claim that the data transmitted has not been processed or shared with third parties?

To be fair to HMD Global, this is not the first, and by no means the biggest data leaking incident by communication products. For example the IT and communication system at the African Union headquarters, supplied and installed by Huawei, was sending data every night from Addis Ababa to Shanghai for over four years before it was uncovered by accident. Huawei’s founder later claimed that the data leaking “had nothing to do with Huawei”, though it was not clear whether he was denying that Huawei was aware of it or claiming Huawei was not playing an active role in it.

EE takes step towards content aggregator model

Content is a tricky topic to discuss around EE and BT, such is the scale of the disaster over the last few years, but a tie up with Amazon Prime and MTV Play is a step in the right direction.

The new content offer will see EE customers receive six-month memberships to both Amazon’s Prime Video service and MTV Play. The news starts to make a more comprehensive content platform for the MNO, with customers already able to access Apple Music and BT Sport, all of which is covered under the EE Video Data Pass, a zero-rating initiative available to all customers.

“It’s our ambition to offer our customers unrivalled choice, with the best content, smartest devices, and the latest technology through working with the world’s best content providers,” said Marc Allera, CEO of BT’s Consumer division.

“In offering all EE pay monthly mobile customers Prime Video and MTV Play access, in addition to BT Sport and Apple Music – we’re providing them with a wealth of great entertainment they can experience in more places thanks to our superfast 4G network, and soon to be launched 5G service. So, if they want music on a Monday, telly on a Tuesday, films on a Friday or sport on a Saturday, we’ve got something for them.”

While the content play over the last couple of years have been pretty dismal this is an approach to content and diversification which we like. It allows the telco to leverage the scale of their customer bases, while also adding value to the existing relationship with said customers.

Content fragmentation is an irk for many customers, not only because of the various apps which need to be installed, but also the number of different bills. EE doesn’t seem to be addressing the first issue but consolidating bills to a single provider might well be of interest to some customers. It also has the advantage of making EE a ‘stickier’ provider, perhaps having a positive impact on churn.

“Content is a key differentiator for telcos,” said Paolo Pescatore of PP Foresight. “However, consumers are now spoilt for choice resulting in too much fragmentation. Telcos are very well placed to aggregate content, integrate billing and provide universal search. Whoever achieves this first will have a significant advantage over their rivals.”

Sky is one of the companies which has had a good crack at addressing the fragmentation challenge, Sky and Netflix content is available on the same platform and through the same universal search function, though EE’s push on the mobile side would certainly attract attention. Consumers no-longer consider entertainment as simply for the living room, new trends show more preference for on-the-go content.

While this is a step in the right direction for EE, this is only one step. The content options need to offer more depth to meet the demands of the user, while streamlining all the content into a single app would be a strong step forward. It would certainly be difficult to convince partners to hand over customer experience to a third-party, Netflix has shown much resistance to this idea making the Sky tie-up all the more impressive, though whoever nails this aspect of the aggregator model would certainly leap to the front.

Nick Clegg defends Facebook’s business model from EU’s privacy regulation

Facebook’s head of PR reportedly had a series of meetings with EU and UK officials aiming to safeguard the social network’s business model heavily relying on targeted advertising.

Sir Nick Clegg, the former UK Deputy Prime Minister, now Facebook’s VP for Global Affairs and Communications, met three EU commissioners during the World Economic Forum in Davos and shortly after the event in Brussels, according to a report by the Telegraph. These commissioners’ portfolios include Digital Single Market (Andrus Ansip), Justice, Consumers and Gender Equality (Věra Jourová), and Research, Science and Innovation (Carlos Moedas). Clegg’s mission, according to the Telegraph report, was to present Facebook’s case to defend its ads-based business model in the face of new EU legislation related to consumer privacy.

According to a meeting minutes from the Ansip meeting, seen by the Telegraph, “Nick Clegg stated as main Facebook’s concern the fact that the said rules are considered to call into question the Facebook business model, which should not be ‘outlawed’ (e.g. Facebook would like to measure the effectiveness of its ads, which requires data processing). He stated that the General Data Protection Regulation is more flexible (by providing more grounds for processing).”

In response, Ansip defended the proposed ePrivacy Regulation as a complement to GDPR and it is primarily about protecting the confidentiality of consumers’ communications. In addition, the ePrivacy Regulation will be more up to date and will provide more clarity and certainty, compared with the current ePrivacy Directive, which originated in 2002 and last updated in 2009. Member states could interprete and implement the current Directive more restrictively, Ansip warned.

Facebook’s current security setup makes it possible to access users’ communication and able to target them with advertisements based on the communications. Under the proposed Regulation, platforms like Facebook need to get explicit consent from account holders to access the content of their communications, for either advertisement serving, or effectiveness measuring.

There are two issues with Facebook’s case. The first one is, as Ansip put it, companies like Facebook would still be able to monetise data after obtaining the consent of users. They just need to do it in a way more respectful of users’ privacy, which 92% of EU consumers think important, according to the findings of Eurobarometer, a bi-annual EU wide survey.

Another is Facebook’s own strategy announced by Zuckerberg recently. The new plan will make it impossible for Facebook to read users’ private communications with its end-to-end WhatsApp-like encryption. This means, even if consumers are asked and do grant consent, Facebook in the future will not be able to access the content for targeted advertising. Zuckerberg repeatedly talked about trade-offs in his message. This would be one of them.

On the other hand, last November the EU member states’ telecom ministers agreed to delay the vote on ePrivacy Regulations, which means it will be highly unlikely that the bill will be passed and come into effect before the next European Parliament election in May.

The office of Jeremy Wright, the UK’s Secretary of State for Digital, Culture, Media and Sport, did not release much detail related to the meeting with Clegg, other than claiming “We are at a crucial stage in the formulation of our internet safety strategy and as a result we are engaging with many stakeholders to discuss issues pertinent to the policy. This includes discussions with social media companies such as Facebook. It is in these crucial times that ministers, officials and external parties need space in which to develop their thinking and explore different options in a free and frank manner.”

The Telegraph believed Clegg’s objective was to minimise Facebook’s exposure to risks from the impending government proposals that could “place social media firms under a statutory duty of care, which could see them fined or prosecuted” if they fail to protect users, especially children, from online harms.

It is also highly conceivable that the meeting with the UK officials was related to influence post-Brexit regulatory setup in the country, when it will not longer be governed by EU laws. Facebook may want to have its voice heard before the UK starts to make its own privacy and online regulations.