Italians clearly aren’t that suspicious of Huawei

Despite governments around the world turning against Chinese vendors, Telecom Italia has agreed a new partnership with Huawei based on Software Defined Wide Area Network (SD-WAN) technology.

As part of a strategy aimed at evolving TIM’s network solutions for business customers, Huawei’s SD-WAN technology will be incorporated to create a new TIM service model which will allow customers companies to manage their networks through a single console.

“Today, more than ever, companies need networks that can adapt to different business needs over time, in particular to enable Cloud and VoIP services,” said Luigi Zabatta, Head of Fixed Offer for TIM Chief Business & Top Clients Office. “Thanks to the most advanced technologies available, these networks can be managed both jointly and by customers themselves through simple tools.

“The partnership with Huawei allows us to expand our value proposition for companies and to enrich our offer through the adoption of a technological model that is increasingly and rapidly emerging in the ICT industry.”

The partnership is a major win for Huawei considering the pressure the firm must be feeling over suspicions being peaked around the world. Just as more countries are clamping down on the ability for Huawei to do business, TIM has offered a windfall.

Aside from the on-going Chinese witch hunt over in the US, the Australians have banned Huawei from participating in the 5G bonanza and Korean telcos have left the vendor off preferred supplier lists. Just to add more misery, the UK is seemingly joining in on the trends.

In recent weeks, a letter was sent out from the Department of Digital, Culture, Media and Sport, and the National Cyber Security Centre, warning telcos of potential impacts to the 5G supply chain from the Future Telecom Infrastructure Review. China was not mentioned specifically, and neither was Huawei, but sceptical individuals might suggest China would be most squeezed by a security and resilience review.

The rest of the world might be tip-toeing around the big question of China, but this partnership suggests TIM doesn’t have the same reservations.

Privacy International lines up US firms for GDPR breaches

UK data protection and privacy advocacy group Privacy International has submitted complaints to European watchdogs suggesting GDPR violations at several US firms including Oracle, Equifax and Experian.

The complaints have been submitted to regulators in the UK, Ireland and France, bringing the data broker activities of Oracle and Acxiom into question, as well as ad-tech companies Criteo, Quantcast and Tapad, and credit referencing agencies Equifax and Experian. The complaints are specifically focused on the depth of personal data processing, which Privacy International believes violates Articles five and six of the General Data Protection Regulation (GDPR).

“It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect,” a Privacy International statement read. “Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more stringent obligations on those processing personal data, and provides for stronger regulatory enforcement powers – in theory. In practice, the real test for GDPR will be in its enforcement.

“Nowhere is this more evident than for data broker and ad-tech industries that are premised on exploiting people’s data. Despite exploiting the data of millions of people, are on the whole non-consumer facing and therefore rarely have their practices challenged.”

The GDPR Articles in question relate to the collection and processing of information. Article Five dictates a company has to be completely transparent in how it collects and processes information, but also the reasons for doing so. Reasonable steps must be taken to ensure data is erased once the purpose has been fulfilled, this is known as data minimisation. Article Six states a company must seek consent from the individual to collect and process information for an explicit purpose; broad brush collection, storage and continued exploitation of data is being tackled here.

In both articles, the objective is to ensure companies are being specific in their collection of personal information, and that it is utilised in a timely manner before being deleted once it has served its purpose. These are two of the articles which will hit the data-sharing economy the hardest, and it will be interesting to see how stringently GDPR will be enforced if there is any evidence of wrong-doing.

This is where Privacy International is finding issue with the firms. The advocacy group is challenging the business practises on the principles of transparency, fairness, lawfulness, purpose limitation,

data minimisation, accuracy and integrity and confidentiality. It is also requesting further investigations into Articles 13 and 14 (the right to information), Article 15 (the right of access), Article 22 (automated decision making and profiling), Article 25 (data protection and by design and default) and Article 35 (data protection impact assessments).

While GDPR sounds very scary, the reality is no-one has been punished to the full extent of the regulation yet. This might be because every company has taken the guidance on effectively and is operating entirely within the legal parameters, though we doubt this is the case. It is probably a case of no-one being caught yet.

The threat of a €20 million fine, or one which is up to 3% of a business’ total revenues, is nothing more than a piece of paper at the moment. If there is no evidence or fear authorities will punish to the full extent of the law, GDPR doesn’t act as much of a protection mechanism or a deterrent. When a genuine violation of GDPR is uncovered, Europe needs to bear its teeth and demonstrate there will be no breathing room.

This has been the problem for years in the technology industry; fines have been dished out, though there has been no material impact on the business. The staggering growth of revenues in the industry has far exceeded the ability of regulators to act as judge and executioner. Take the recent fines for Apple and Samsung over planned obsolescence in Italy. The $10 million and $5 million fines for Apple and Samsung would have taken 20 and 16 minutes respectively to pay off. This is not good enough.

Regulators now have the authority to hold the suspect characters in the industry accountable for nefarious actions concerning data protection and privacy, but it has to prove itself capable of wielding the axe. Until Europe shows it has a menacing side, nothing will change for the better.

EU divided on digital tax

Fears over a reaction from the US has sent Finance Ministers from Ireland, Sweden and Denmark cowering back to their spreadsheets as the EU digital tax hits an early stumbling block.

While the collective bargaining power and protection afforded by the European Union is certainly useful, the cumbersome nature of the bureaucratic beast and unanimous decision making ensures it is anything but. As with many proposed rule changes in the past, objections from a handful of member states have slammed the emergency brakes on the digital tax, aimed at holding the internet giants accountable.

According to the Guardian, the Finance Ministers of Ireland, Sweden and Denmark have all aired their criticism not on the concept of the tax, but fears over what President Trump might suggest as a retaliation. There’s a pragmatic approach to business and there’s spineless appeasement to a bully, we’ll let you decide which one this is.

Of course, it would be unfair to herd all of the EU member states into the same cowardly-corner as Ireland, Sweden and Denmark. 12 member states are already moving ahead with their own plans to create a localised digital tax, including the UK as was announced during the Autumn Budget, and some are acting somewhat hawkish about it. The French Government has suggested it would like the tax rates on the playing field by the end of 2018, though Germany seems to be favouring a more watered-down version of the rules.

The EU wide tax on those taking advantage of creative tax regimes, would be the best solution however. A united front against the slippery Silicon Valley internet giants, as well as those from other nations around the world, would of course be the best way to claim that 3% of local revenues, but it is becoming more difficult to imagine that a reality.

The fainthearted trio do of course have something to worry about. Despite Trump slapping tariffs on Chinese goods, and threatening to revamp tax laws so Amazon cannot take advantage of the US tax havens, he would most likely take the US tax as an attack on American values and a threat to the borders. The President is a man or rarely recognises consistency and before too long will probably be describing Jeff Bezos as a close family friend who have been relentlessly pursued by the penny-pinching Europeans.

Ireland also has a lot to lose. After proving it was incapable of managing its finances in a responsible way, the technology giants could be seen as somewhat of a saviour to the economy. Apple, Facebook and Google are just a few names who house a considerable base in the country. Ireland certainly has its own interests to protect.

It’s disappointing to see such weak behaviour in the face of an orange-hued, bullying politician, but at least there are some nations who are prepared to go it alone and hold the internet giants accountable to fair taxation.

How will Xiaomi’s launch into Europe impact the smartphone market?

Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Steve Pappas, VP, Asset Value Recovery Services at HYLA Mobile, examines the likely effect of Xiaomi entering the European smartphone market.

The European smartphone ecosystem has welcomed a new player, Xiaomi, who has made an aggressive play for the market. The Chinese smartphone manufacturer has already gained a good portion of market share too thanks to its portfolio of cheaper devices, which seem to be appealing to price-conscious European consumers. The company’s Senior Vice President, Wang Xiang, has even stated that the operator’s differentiator is its “premium product” without the “premium price”.

Traditionally, consumers have invested in the latest and greatest smartphones as soon as they hit the market. Large players such as Apple and Samsung have brought new models and technologies to the industry each year, and we have seen national newspapers cover the queue of fans waiting outside brick and mortar stores to get their hands on these latest devices.

But today, consumers are holding onto their devices for longer, and in fact, are waiting 2.8 years before considering an upgrade. This trend can be attributed to the rise in device prices over recent years, along with a perceived lack of innovation from consumers.

So, with this in mind, and with Xiaomi now entering the European smartphone market with a more affordable alternative, what will this mean for the industry, its players, and their customers?

A new era for the mobile device market  

Mobile analysts have described Xiaomi’s devices as “looking like an iPhone, performing like an iPhone, but half the price of an iPhone”. In fact, its flagship Mi 8 model released in May has been described as brazenly copying the iPhone X, with similar features such as facial unlock and iOS-like Animojis. And at a much lower price point of £350, Xiaomi will be hoping to draw favourable attention from Apple fans unwilling to pay the £999 price tag of the iPhone X.

According to CCS, more consumers are searching for alternative means to secure a smartphone. More than half are on SIM-only contracts, which have been found to be better value, compared to purchasing a device and SIM separately. CCS’s research also revealed a growing interest from consumers in second-hand and refurbished devices.

For the cost-conscious consumer, it can be difficult to turn a blind eye to a device that can offer close to everything Apple can, without the hefty price tag. It’s entirely possible that we could see some Europeans seduced by the cheaper alternatives offered by Xiaomi, and move themselves away from their decade-long relationship with the likes of Apple.

But is Xiaomi ready to take on the likes of Apple?

Xiaomi appears to be a strong contender, having a 10.57% market share in Asia— not far behind Apple, who has a 13.14% market share. Now with its eyes set on the West, Xiaomi’s market share has grown by over 999% in the first quarter of 2018, as recorded by analyst firm, Canalys.

While Xiaomi is still in the early days of its European expansion, having only recently announced its expansion into Britain in May, is now the time for Apple and other manufacturers to reconsider their current marketing plans? We have recently seen Apple announce a “less-expensive” iPhone in September, the iPhone XR, as well as an even more expensive device the XS MAX. The lower cost device has been priced at £700—but this is still a considerable amount more than a Xiaomi device, which is priced anywhere between £300-£500, depending on the storage size.

But there is method behind Apple’s madness. With the launch of Apple’s latest devices, the manufacturer is able to target a slightly broader audience. First and foremost, with a more affordable device, Apple could tempt the cost-conscious consumer to upgrade to a newer device at a more reasonable cost, that could be made even less-expensive by trading-in an older device.

Secondly, consumers know that Apple is a premium brand; no matter the price, some customers will always be willing to pay the cost for the latest device. And that’s what it comes down to. People are invested in the Apple brand, and there will be some that always will be. What it boils down to is whether consumers are ready to try an unfamiliar brand, even if they know its capabilities and price?

There’s no doubt that consumers are searching for lower cost alternatives to secure the latest mobile device, whether that be through purchasing the device and SIM separately, purchasing a pre-owned device, or using their old device to offset the cost of a new one. The cost-conscious consumer is happy to hold onto their device for longer, and shop around for the best deal on the market in order to make the rising cost of owning a smartphone more affordable. And while Xiaomi’s entry into Europe has the potential to disrupt the status quo of the market, we won’t see dominant players, such as Apple, be overtaken just yet.

For 5G to succeed European operators need a new deal on regulation and consolidation

Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Bengt Nordstrom of Northsteam explains how regulation, M&A and consolidation in the European telecoms market have divided opinion over the industry’s future direction.

Europe’s large operators have long argued that anti-M&A measures by regulators undermine their future investments by preventing market consolidation. They contend that fewer national operators can devote more resources to better networks and services for their customers, including 5G.

But regulators disagree. They maintain that four-player national markets promote competition and therefore guarantee low prices and high service quality for consumers.

Can new players survive?

Regulators also encourage new players to enter and disrupt the market. That’s why regulators in Germany and Belgium over the summer opened the door for new players to enter their respective mobile markets. Both markets have already consolidated to three operators, but regulators are still prepared to offer spectrum to new players.

However, the overwhelming cost of building an entire nationwide network from scratch along with gaining access to suitable mast sites is the reason why we shouldn’t expect new players to enter the fray in Germany and Belgium.

No new customers in Europe

The reality in Europe is that there are no new customers to win. Operators currently engage in tit-for-tat price wars to steal subscribers from each other, either by lowering prices or through exclusive deals on new devices.

Questions remain over how profitable any new entrant can be in Europe’s largely saturated markets. Any new entrant that attempts to enter a mature European market is likely to be sold – probably at a loss – to a bigger incumbent operator a few years down the road.

Iliad launches in Italy

A case in point is Iliad in Italy. In May, the French operator group launched in Italy to compete against incumbents Telecom Italia, Vodafone and Wind Tre (who itself merged with Three Italia in July 2016). With its aggressively priced service plans, Iliad added one million users in its first 50 days in Italy: in the same quarter that Iliad launched, Vodafone recorded a 6.7 per cent drop in its Italian revenues.

It was Iliad who kicked off the current spate of operator price wars in Europe when, in 2012, it took the French retail market by storm with its cut-price voice and data services. However, since 2017, its share price on the Paris Exchange has dropped by fifty percent.

Analysts and investors are concerned by Iliad’s missed forecasts, plus its gamble on expanding into the Italian market. They’re also wary of the impact on Iliad’s subscriber numbers of France’s other operators investing in and upgrading their own networks for better service performance.

Iliad’s early success in Italy sounds impressive. But attracting one million customers from its competitors is not as much of an achievement when we consider that those customers are probably low ARPU subscribers who typically spend the least amount of money with their operator. These subscribers aren’t likely to be missed by their previous operator.

Iliad’s long-term prospects

The key question that Iliad – and any new entrant into a mature, saturated European market – must answer is whether its business is viable in the medium and long term. Does Iliad have deep enough pockets to keep fighting the price war it’s started in Italy?

Iliad depends on its Italian rivals for their networks and their coverage. None of them will offer it wholesale conditions that jeopardize their own businesses. And building an entire network of its own from scratch would be prohibitively expensive for Iliad.

What’s most likely is that Iliad – rather than become a long-term fourth operator in Italy – will instead sell its assets as part of some future consolidation of the Italian market.

Europe must catch up in 5G

Rock-bottom consumer prices versus continually rising data usage define how much capital operators can invest in upgrading and improving their networks – including 5G.

Europe currently trails both the Far East and North America in the move to 5G. Incumbent operators and investors alike have long demanded a more stable regulatory environment to deliver the sorts of returns needed to support future network rollouts, whether full-fibre or 5G.

If the current regulatory policy doesn’t change, the most likely outcome for Europe is continuing low prices for customers – but also very few 5G services by 2021.

Can France provide the answer?

Perhaps it’s appropriate that the next twist in this story might well come from France, where the current round of operator price wars began with Iliad in 2012. In May, Sebastien Soriano, Chairman of French regulator ARCEP, indicated in an interview that he would be open to allowing consolidation among the mobile players.

The reason? France’s operators have addressed the country’s coverage problems and infrastructure needs with two years of investment, including €9.6 billion in 2017.

Other national regulators, along with the EU, should be watching intently to see if policy changes by France that reduce the number of nationwide players to three will have a positive effect and trigger a fresh round of investment in 5G and fibre.

A new regulatory approach for 5G

In these changing circumstances, regulators should reevaluate their relationship with operators plus their own regulatory position. They can continue to protect consumers by closely monitoring both prices and service quality. At the same time, regulators must also remove their opposition to consolidation.

Instead, they should work more directly and closely with operators, to guarantee service quality targets for network performance issues like coverage, latency and speed. In this way, regulators can ensure fairness for customers, create new growth opportunities for operators, and help Europe catch up and compete in the race to 5G.

 

Bengt Nordstrom CEO NorthstreamBengt Nordstrom is CEO of strategic mobile telecoms consultancy Northstream, which he co-founded in 1998. A former CTO and Executive Director of Hong Kong mobile operator SmarTone, Bengt has also held senior management positions at Ericsson, Comviq and consultants Netcom. In addition, Bengt was a member of the Executive Committee of the GSM Association and chaired the GSMA’s Asia Pacific Interest Group.

What defines the European MVNO market?

Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece the MVNOs Series team investigates the latest trends and challenges facing the virtual network operator market in Europe. What are the lessons to be learnt from them?

The European MVNO market is the world’s oldest, largest and most mature. Boasting more virtual network operators and more user subscriptions than any other region, MVNOs in some European countries command as much as 15 to 20% of the total mobile market.

By 2020, some estimates put the total number of MVNO subscribers on the continent at upwards of 110 million – not far off four times the total number in the USA.

With market liberalisation occuring in some European countries as early as 1995, and the world’s first recognisable MVNO – Virgin Mobile – launched in the UK in 1999, the region’s virtual networks have had close to two decades to emerge, grow and evolve. Operating in a market where 84% of the population owns a mobile phone and the mobile industry contributes nearly €600 billion to GDP, the incentives for European MVNOs have arguably been greater than anywhere else on the planet.

And in the EU, representing a significant proportion of the continent’s domestic markets, including some of the biggest in the likes of Germany, UK, France and Spain, MVNOs have also found a highly supportive regulatory framework.

Yet success brings its own pressures, the European MVNO sector, and the mobile market in general, is intensely competitive. With mobile ownership having sat close to saturation point for a decade or more, vertical growth has become harder and harder, sparking fierce price wars and waves of consolidation. ARPUs first from voice and then from data have tumbled, the product of regulatory intervention and much as competition.

As the market stands on the brink of its 20th anniversary, forces such as Roam-Like-At-Home take part in shaping the European MVNO industry heading into a third decade. The EU’s decision to ban roaming charges within its borders is a question yet to be answered. As we shall find out in the upcoming months, RLAH could deal a significant blow to the industry or, alternatively, present a much-needed opportunity.

Snapshot: The European MVNO Market 2018

Comprising around two thirds of the continent’s nation states and population, it is no surprise that much of  Europe’s MVNO activity is concentrated within The European Union (EU). Around two thirds of all the continent’s MVNOs are found in just five EU member states – Germany, the UK, France, Netherlands and Spain.

Germany boasts one of the world’s largest domestic MVNO markets, with around 48 million subscribers and revenues of US $11 billion. This huge sector enjoyed rapid growth following a wave of operator consolidation in 2014, when the regulators sought to mitigate against price inflation by handing 30% of network capabilities to MVNOs.

The UK, meanwhile, has been described as one of the world’s most crowded MVNO markets, with 13.5 million customers shared out between upwards of 100 virtual operators. However, 86% of these customers are shared out between a dominant ‘Big 6’ group of large MVNOs – Tesco Mobile, Virgin Mobile, GiffGaff, Lycamobile, Lebara and TalkMobile.

With Sky another sizeable player in the UK market, it is noticeable how big name brands from outside the traditional mobile sphere have used the MVNO model as a way into the UK market. Overall, one in seven UK mobiles are connected via a virtual operator and the sector is worth more than £2 billion.

As in most areas of industry and commerce, no one is quite sure how the UK’s looming departure from the EU will impact on the MVNO sector, both domestically and on the continent. Outstanding issues to be resolved include whether the EU’s Roam Like At Home (RLAH) rules will still relate to UK subscribers travelling in the EU, and how carriers which operate networks both on the continent and in the UK (including Vodafone, Orange, Deutsche Telekom and Telefonica) will handle wholesale arrangements in the newly separated markets.

Outside the EU, the biggest single domestic MVNO market in Europe is Russia. Although conditions for virtual operators in Russia have long been viewed as challenging due to the dominance of the country’s big 3 carriers and little sign of regulatory intervention to liberalise the market, MVNOs are now estimated to control 2.6% of the country’s mobile subscribers. Some analysts confidently predict that this will grow to 14 to 15% by 2022.

Carrier Tele2 Russia certainly appears to be taking active steps to increase its MVNO footprint, reporting 831,000 virtual subscribers on its network at the end of 2017. Its model seems to be using MVNO agreements to attract large non-telco players into the mobile space – Tinkoff Bank has this year announced a 1 billion rubles investment into its MVNO spin-off, Tinkoff Mobile, while Moscow-based ISP AKADO Telecom has also announced signing an agreement with Tele2.

Across Europe’s most developed MVNO markets, there are mixed views on the potential for growth. In KNect365’s global MVNO market survey carried out earlier in 2018, some respondents described growth prospects as ranging from slow to stagnant. A common theme was that traditional MVNO models are increasingly being squeezed through a combination of price competition and over-saturation in the market, although there were varied opinions on whether this made it difficult for new players to enter the market or else created new opportunities for innovative entrants with disruptive approaches.

Despite the tough trading environment, more than a quarter of respondents (28.5%) still cited Europe as the region offering the best growth opportunities for MVNOs. Some analysts argue that European consumers, already at an advanced stage of engagement with mobile services, will soon start to look beyond price for increasing levels of specialisation and personalised service. This plays into the hands of agile MVNOs which have the experience serving niche markets while network operators, already faced with dwindling retail margins, are more and more likely to turn to wholesale business models instead.

On the other hand, there is a school of thought that suggests it is becoming harder and harder for MVNOs in Europe to operate out of the shadow of their network operators with any degree of independence. Some insiders told us they see MNOs aggressively targeting traditional MVNO territory in a bid to bolster their own dwindling margins.

As Henrik Liungman, Vice President of Services at ACN Europe, commented: “The trend is clearly towards larger data plans. The MVNO’s are struggling to compete with the MNO’s unlimited data offers on the retail side. 100G plans or unlimited data with caveats are not something MVNO’s can offer with the current cost structures.”

Europe’s MVNOs are looking to brand new markets and brand-new business models away from the consumer sector in business services. In the UK, for example, more than 20% for the MVNO market is now focused on business. In Germany, the connected car market is the most advanced in the world, creating brand new opportunities for agile, specialist operators at the intersection of IoT and eSIM technologies. Yet another significant trend is digitalisation, with the adoption of cloud-based ‘as-a-service’ business models by virtual operators positioning them ideally to make the transition into B2B, and to take a step up the value chain to offer mobile enabling services to emerging IoT markets.

The research-based report Shaping the European MVNO Market looks closely at the impact of consolidation on the market and ask whether carriers and virtual operators alike might not benefit from more collaborative rather than competitive relationships.

With pricing on voice and data having practically become a zero-sum game, it looks at ways MVNOs are diversifying services to seek new value streams and assess the impact of OTT entrants.

The report also explores the impact of new technology, specifically how digitalisation is changing business models and the size of the IoT opportunity, and ask whether over the next decade Europe’s MVNO sector might see a significant shift away from consumer to B2B markets. Download the report!

What is it with telcos and the ‘creative’ approach to advertising honesty?

The Advertising Standards Authority (ASA) has once again had to step in to put a stop to telco advertising, this time Three’s efforts, posing a pretty simple question; why do the telcos find it so easy to put misleading adverts into the world?

The latest ruling was surrounding Three’s ‘Go Roam’ claim, which states users are able to ‘Feel at Home’ by using their full data allowance without any extra costs in 71 countries. An investigation from the ASA found postpaid users were limited to 13GB and postpaid to 12GB, before costs were applied. There is text hidden away somewhere on the Three website pointing towards a fair use clause, though the ASA does not believe this is sufficient and Three has been misleading customers.

Three’s response to the claims was relatively simple. Firstly, most of it customers only use 0.75GB per month in a ‘Go Roam’ destination, therefore 12GB was excessive. Secondly, that the claim had been used since 2014 and was strongly associated with their brand, which supposedly makes it alright. It does appear some customers were using it for business purposes, making several trips abroad per month, while the offer had originally been intended for holidays.

This is a perfectly respectable defence from Three, but without informing the customer of these conditions, it doesn’t have a leg to stand on. Unfortunately this is becoming a common trend. Service providers seem to think they can do what they like before pointing to some obscure reference on websites, incredibly small print or a statement made to an irrelevant number of people at a niche event. While Three might have been caught out in this instance, it is not alone.

BT had a complaint upheld regarding its claims on wifi speeds in April. Sky was caught misleading customers in March regarding a price promotion. Vodafone was caught out earlier this month and in September for misleading claims in adverts featuring Martin Freeman. There are other examples, plus the pending investigations with the ASA and also dozens of examples over the last few months of ‘informally resolved’ incidents. Vodafone has ‘informally resolved’ 12 of these complaints so far in 2018, TalkTalk seven and O2 five. Some of these will be down to honest mistakes, but the complaints seem to becoming more common.

Of course the other factor which needs to be taken into account is the ‘up to’ metric which plagued telcos advertisements for years, misleading customers over speeds which can be achieved. Any normal person would have told any of the telco’s marketing team this is not a fair or honest way to communicate with the consumer, but it become commonplace. It seems the telcos are harbouring different standards when it comes to honesty than the rest of us.

50 million accounts breached at Facebook, but Europe needs to find the bad guy

Details of 50 million accounts have been lost to unknown nefarious individuals, but Facebook might get away with just a heavy hand-slapping from European watchdogs until the full consequences have been identified.

Last week, data from 50 million Facebook accounts was lost due to a vulnerability in the ‘View As’ feature, though as the incident was reported in the 72-hour window set forward by the European Commission, the social media giant might avoid serious penalties under GDPR. The maximum fine would be $1.63 billion.

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” said Guy Rosen, VP of Product Management. “We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”

Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature which allows users to view their profile from the perspective of another. This vulnerability allowed the attacker/s to steal ‘Access Tokens’, allowing them to hijack user accounts. Access tokens are the equivalent of digital keys keeping people logged in to Facebook so they don’t need to re-enter their password each time they use the platform.

While this might seem like a significant oversight from the Facebook security, it might just avoid a significant fine. The incident was reported to the relevant authorities after two-days, well within the required window, while the consequence of this incident is also unknown for the moment. As part of GDPR, those companies who report an incident within the required window and who are deemed to be compliant with investigators, will not receive the heaviest fines. The objective here is to remove the stigma of self-reporting, essentially rewarded those who come clean and do not try to hide the incident.

The consequence of the breach is also an important factor. Until misuse of the data can be identified, political persuasion for example, watchdogs are unlikely to be heavy handed. Using both the consequence and compliance with investigators as reasons to reduce the fine are important factors in ensuring the industry works with regulators. The less time these watchdogs spend policing the industry and searching for potential incidents means more time can be spent proactively making security features and processes more resilient. If watchdogs appear rational in their approach to punishments, industry will be much more of an ally.

“The time between detection and public notification on this one may be one for the record books, likely driven as much by risk to reputation and a wary eye on some of the large fines levied lately, as much as by GDPR and other compliance requirements,” said Dan Pitman, Principal Security Architect at Alert Logic. “New features increase the risk that vulnerabilities like this can become part of the live application, and Facebook is known to implement new features at a high rate, having been acknowledged as the leader in agile web development practices in the past.

“This ‘continuous delivery’ of new features, combined with the modular nature of that delivery, increases risk that vulnerabilities like this can become part of the live application. Testing all of the myriad combinations of the sometimes hundreds of components, or modules, that can interact is the challenge.”

The very path to ensuring a more engaging platform might well be what is causing Facebook problems, but in the pursuit of relevance, the Facebook business model might be undermined. Just as with the Cambridge Analytica scandal, users might be discouraged from putting additional information onto the platform, or even encouraged to remove some. At first, this will not have a significant impact on Facebook, but straws piling up on the camel’s back will eventually cause some damage.

While exiting users might be incrementally impacting the Facebook business, the advertisers might start looking at the platform as well. This is not to say people will stop advertising on Facebook, but the more incidents impacting the brand and the more stories of people becoming disengaged might have an influence. Facebook might have led the way when it comes to hyper-targeted advertising but others are catching up. Google is arguably the only platform which can compete toe-to-toe with Facebook, but it doesn’t have the suspect clouds lurking overhead. Twitter has upped its game, Microsoft’s Xbox platform is one worth keeping an eye on, as is AT&T’s advertising business Xandr. Even when you look at companies like Sky, the AdSmart platform offers an incredibly targeted offering. These security breaches might start to weigh heavy considering there are other options out there.

Another very important factor to consider with this incident is GDPR. Since being passed in May, this is the first major incident to test the resiliency and credibility of the rules. How European investigators, currently being led by the Irish data protection watchdog, react will set precedent and also impact the way which other companies view the rules. The next few weeks are very important for Europe in terms of validation.

The issues which the regulators are facing at the moment are consequence and bad guys. To make an appropriate ruling, demonstrate the importance of security and dish out the appropriate fine, there needs to be someone or something to point the naughty finger at.

“Based on information available, a video uploading feature implemented in July of last year exposed this feature to a flaw that allowed attackers to impersonate other user accounts and effectively obtain full access to their Facebook profiles,” said Greg Foss, Senior Manager of Threat Research at LogRhythm. “It appears that attackers are able to access the accounts of ‘friends’ or those already connected to the compromised account.

“If that’s true, it may be possible to trace the attacks back to a single point of origin, given the nature of how the attack spreads to other accounts. That said, the origin account will most likely not be that of a real Facebook user, so determining an individual or group behind this will take some digging.”

When a bad guy has been found, the threat becomes real and there are tangible consequences. This is when the appropriate punishment can be justifiably dished out, while also maintaining a positive relationship with industry, and the dangers of the digital economy can be effectively communicated to the general public. This will scare Facebook more than anything else.

Fines are okay, they are a one off hit, but negative PR and public outcry will mean less people engage with the Facebook community. This will have an impact on the bottom line. Managing this negative impact will be significantly more important than any fine dished out by the European Commission.

And the winner is… Comcast!!!!

Comcast has emerged as the winner of the drawn-out Sky acquisition battle with 21st Century Fox, offering shareholders £17.28 per share.

After 21 months, much bickering and passive aggressive commentary, the auction was completed on Saturday 22 September, with Comcast valuing the business at £30 billion. The unusual auction process was overseen by The Takeover Panel, an independent body established in 1968, whose main function is to issue and administer the City Code on M&A.

“We consider the Comcast Offer to be an excellent outcome for Sky shareholders, and we are recommending it as it represents materially superior value,” said Martin Gilbert, Chairman of the Independent Committee of Sky. “We are focused on drawing this process to a successful and swift close and therefore urge shareholders to accept the recommended Comcast Offer.”

“Sky is a wonderful company with a great platform, tremendous brand, and accomplished management team,” said Comcast CEO Brian Roberts. “This acquisition will allow us to quickly, efficiently and meaningfully increase our customer base and expand internationally.”

In securing Sky, Comcast not only adds an additional 23 million customer relationships to its current subscriber base of 29 million, it also increases its footprint in international markets. Prior to swallowing the Sky business, Comcast attributed 9% of its revenues to the international markets, though this now increases to 25%. It’s a more diversified business, offering comfort for Comcast shareholders, while also creating a broad and varied content portfolio. Alongside partnerships with HBO and Showtime, Sky also brings with it a heavyweight position in sport content, a presence which has underpinned its success.

Looking more specifically at the auction process, it was a slightly unusual one. Starting on Friday night, both companies made a starting bid, with the lowest offeror at the commencement being afforded the opportunity to make an increased bid in the first round. In the second round, only the offeror that was not eligible to make a bid in the first round could make an increased bid. If there was not an increased bid in the second round, the auction would have been concluded, though it did run to the third (and final) round, where both companies were offered a final opportunity to increase bids.

As a result of this process, Comcast tabled a bid of £17.28 compared to £15.67 per share from 21st Century Fox. The winning bid represents a premium of 125% to the closing price of £7.69 on 6 December 2016, the last business day before 21st Century Fox’s initial approach. Sky has proven to be a very successful bet for investors representing a ten-year total shareholder return (since 1 July 2008) of +402%, compared to +97% as an average of the FTSE 100.

While this might seem to be the end of a prolonged saga, there are a couple of twists yet to be turned. Firstly, Comcast still has to convince shareholders to part with their assets, and secondly, what will the future hold for the Sky telco business?

In terms of the shareholders, for Comcast to officially secure Sky it will have to gain approval of 50% of shareholders. Fox/Disney currently owns 39% of the business and is yet to disclose what its own position will be, meaning Comcast will have to convince 82% of the remaining shareholders to be safe. Due to the Fox/Disney 39% stake, de-listing Sky will be an unlikely outcome (75% threshold is needed), as will squeezing out remaining shareholders (90% ownership is required). 21st Century Fox could remain a thorn in Comcast’s side for some time.

Another question worth considering is what to do with the Sky telco business. Comcast’s intentions in acquiring Sky have been clear; it is Europe’s most powerful content business; though the telco business comes with this prize. Sky certainly has a notable broadband business in the UK (roughly 6 million subscriptions) and has successfully launched its own MVNO, though it is currently unclear whether this is an area Comcast would like to develop or whether it will look for a sale.

According to RBC Capital Markets, an acquirer would have to shell out in the region of £4.5 billion to purchase the Sky telco business, though there do not seem to be many suitors. BT, Virgin Media and TalkTalk are too large for antitrust approval, leaving only O2 and Three in the telco space. Considering the precarious financial position of O2’s parent company Telefonica, and recent comments from CEO Mark Evans dismissing the convergence craze, O2 seems unlikely.

Like O2, Three has a large mobile business but no presence in the broadband space; a converged offer would be of interest to cash-conscious consumers. It is unknown whether Three parent company Hutchison would want to pursue this avenue, though considering it has begrudgingly spent and cash in the past, instead trying to use political influence to better Three’s prospects (it has a reputation as a moany, spoilt child for a reason), we can’t see this as realistic.

The only other option which would be on the table would be a player from the financial market, though RBC Capital Markets feels Comcast will retain the telco business without expanding it to the continent. Sky is demonstrating the convergence business model can work, and it is an important aspect of the offering in customer eyes; why would it want to undermine a healthy position. As the old Bert Lance motto goes, ‘if it ain’t broke, don’t fix it’.

The auctions bring to close a long-running chapter in the European content game, but this is by no means the end of the story. With its 39% stake in the business, 21st Century Fox can still be a prominent character.

Europe approves tough new digital copyright position

The European Parliament has voted to adopt a position on copyright rules that opponents inevitably fear will break the internet.

This is an incremental, but significant step towards Europe implementing laws that will impose new conditions on internet companies to compensate rights holders when they share their copyrighted material. The position was initially rejected back in July but in true EU style they decided to keep voting on it again until it went the right way.

“I am very glad that despite the very strong lobbying campaign by the internet giants, there is now a majority in the full house backing the need to protect the principle of fair pay for European creatives,” said Eurocrat Axel Voss.

“There has been much heated debate around this directive and I believe that Parliament has listened carefully to the concerns raised. Thus, we have addressed concerns raised about innovation by excluding small and micro platforms or aggregators from the scope.

“I am convinced that once the dust has settled, the internet will be as free as it is today, creators and journalists will be earning a fairer share of the revenues generated by their works, and we will be wondering what all the fuss was about.”

“Discussions between the co-legislators can now start on a legislative proposal which is a key element of the Digital Single Market strategy and one of the priorities for the European Commission,” said Eurocrats Andrus Ansip and Mariya Gabriel in a joint statement.

“Our aim for this reform is to bring tangible benefits for EU citizens, researchers, educators, writers, artists, press and cultural heritage institutions and to open up the potential for more creativity and content by clarifying the rules and making them fit for the digital world. At the same time, we aim to safeguard free speech and ensure that online platforms – including 7,000 European online platforms – can develop new and innovative offers and business models.

“The Commission stands ready to start working with the European Parliament and the Council of the EU, so that the directive can be approved as soon as possible, ideally by the end of 2018. We are fully committed to working with the co-legislators in order to achieve a balanced and positive outcome enabling a true modernisation of the copyright legislation that Europe needs.”

The usual suspects are appalled at this development with the saveyourinternet.eu site featuring the following statement: “The European Parliament blatantly disregarded your thousands of emails, calls and messages and adopted a horrible version of Article 13 on 12 September. But the battle against Article 13 isn’t over: we must now ask the EU governments to stand up for our rights!”

At its core this seems to be about sharing stuff on the internet and to what extent the owner of the stuff being shared should get some kind of royalty payment every time it’s done. On one hand the internet has wrecked industries like music and journalism by making it so difficult for them to charge people for consuming their products, but on the other the genie is out of the bottle and such sharing is endemic. Either way this debate seems likely to rage for some time yet.