The EU starts hassling US tech companies again

Facebook and Qualcomm look set for another round of scrutiny from the European Commission around their business practices.

According to the WSJ, Facebook is being asked to hand over internal documents to EU antitrust investigators so they can have a deeper look into whether or not it used dirty tricks against its competition. The allegation is that Facebook made use of its users’ data to skew the market in its favour by bribing partners to stay loyal.

That’s the sort of thing Qualcomm has got into trouble with the European Commission about in the past and, according to Reuters, lightning may be about to strike twice. Qualcomm revealed in a regulatory filing accompanying its recent quarterlies that the EU is investigating whether it abused its dominant position in radio frequency front-end chips.

It seems the EU is concerned that Qualcomm is using its near monopoly in 5G modems to strongly encourage customers to buy its RF chips too. Apparently sales of RF chips were a factor in issuing a better than expected forecast. As ever this will all drag out as lawyers and antitrust types get bogged down in the minutiae of it all, but it seems clear that the EU’s appetite for hassling US tech companies is undiminished.

UK telcos are potentially helpless in the European roaming debate

Brexit is now a reality for the UK, and despite the telcos asserting their commitments to the roaming status quo, the financial burdens could become too great to swallow.

With the January 31st deadline come and gone, the UK Government has started to warn its citizens of what Brexit actually means. Very little will change over the next 11 months, but come December 31st, the ‘grace period’ will have concluded and change will be a reality.

New passports might have to be ordered, the European Health Insurance Card (EHIC) will no-longer be valid, an international driving permit (IDP) might have to be sought and the Government cannot guarantee you won’t be charged a small fortune for cruising down the digital highways.

While it might seem like another era, EU roaming regulations were only introduced in 2017. Some telcos had built ‘roam like at home’ features into tariffs already, but this was a market reaction to impending regulation. Until the EU started making a fuss, the telcos and the GSMA were more than happy to charge ludicrous amounts and attempt to justify them in a truly laughable manner.

Using data when travelling to Europe has become almost second nature to UK consumers nowadays and few would want to return to the days of huddling around the wifi hotspots. The UK telcos have been keen to point out there are no intentions to return to the dark days of ‘bill shock’, but soon it might be out of their control.

“At O2, we are committed to providing our customers with great connectivity and value when they travel outside the UK,” an O2 spokesperson said. “We currently have no plans to change our roaming services across Europe. We will be working closely with the UK government to try to maintain the current EU ‘Roam like at home’ arrangements once the UK leaves the EU.”

Vodafone and Three have also confirmed Brexit will not have an impact on EU roaming for their customers, while BT/EE are yet to provide comment.

The issue which is at the heart of this debate is how much control the UK telcos actually have.

As it stands, termination fees on international networks are strictly managed and limited by the European Commission. This will no-longer be the case for UK telcos come January 1st, 2021; European telcos will be free to charge whatever termination fees they see fit for their network.

In the years passed since the introduction of EU roaming rules, telcos have effectively seen reciprocal revenues for roaming, as it was simply a case of any individual is equal to any other on a different network, irrelevant of destination or origin. However, should some nations decide to raise the termination fees, the telcos will have to decide whether to absorb these costs or raise prices for consumers to compensate and maintain profitability. This is a ‘doomsday’ scenario, though we suspect it wouldn’t take long for telcos to realise absorbing the cost in some areas is not feasible.

As you can see from the table below, the numbers do not add up.

Country Visitors from UK Visitors to UK
Spain 15.6 million 2.53 million
Germany 2.8 million 3.26 million
France 8.6 million 3.69 million
Netherlands 2.7 million 1.95 million

The question which remains is how much European telcos will decide on charging for termination fees for UK customers and how the UK telcos will react. For any telco, simply watching costs go up and doing nothing is not an option. If there are more visitors from the UK than going the other direction, termination fees will start to add up.

What is worth noting is that some telcos in the UK are more at risk than others. As part of the Telefonica Group, O2 could be protected in some European nations, as would Vodafone, but the risk cannot be completely mitigated. There is no-such thing as a genuine pan-European network, and partnerships might well be tested.

Some might suggest there is an opportunity for the UK and Europe to strike a deal, and while this might be the case, there is one significant argument against it; why would Europe want to help a post-Brexit Britain?

Brexit has looked like a painful procedure to anyone watching. What the material impact will be is anyone’s best guess for the moment, but there are some aspects we already know. The legislative agenda has slowed due to a disproportionate amount of time being spend debating Europe. Relationships have been damaged. Corporations face a restructure of some degree. Travel to Europe will be different for consumers.

We do not know how this will impact our day-to-day lives exactly, but Europe will only help to a degree. If they help too much or it looks attractive, leaving the European Union might become an option for some nations. This is a very cynical view to take, but it is probably also true.

The other factor you have to consider is the work some countries will put in to protect valuable tourism industries. The Spanish, Greeks and Portuguese will not want to lose the money which flows from the UK into their own economies and might be in a position to negotiate their own localised deals.

This is very much crystal ball gazing at the moment. There might be a deal to protect the UK consumer, but it is just as likely that there will not. The European powers control the roaming fate of the UK consumer, not the UK telcos.

Europe follows UK’s lead on Huawei

The EU is recommending risk mitigation rather than outright banning in its latest 5G security advice to members.

For some reason the army of eurocrats that will have been involved in the drafting of these guidelines decided they need to be referred to as a toolbox. The purpose of this seems to be to emphasise the flexible nature of the new 5G security rules and to try to exaggerate the amount of autonomy member states have from their Brussels masters.

Absent from this toolbox, however, are a pair of scissors that could be used to cut ties with all ‘high risk’ (i.e. Chinese) telecoms vendors entirely. Nowhere that we can see do the words ‘Huawei’ or ‘China’ appear in this otherwise well-stocked toolbox, which seems to be a diplomatic concession. The closest we get is vague talk of ‘country-specific’ considerations.

“We can do great things with 5G,” said Margrethe Vestager, EVP for a Europe Fit for the Digital Age. “The technology supports personalised medicines, precision agriculture and energy grids that can integrate all kinds of renewable energy. This will make a positive difference. But only if we can make our networks secure. Only then will the digital changes benefit all citizens.”

“A genuine Security Union is one which protects Europe’s citizens, companies and critical infrastructure,” said Margaritis Schinas, VP for Promoting our European Way of Life. “5G will be a ground-breaking technology but it cannot come at the expense of the security of our internal market. The toolbox is an important step in what must be a continuous effort in the EU’s collective work to better protect our critical infrastructures.”

“Europe has everything it takes to lead the technology race,” said Thierry Breton, Commissioner for the Internal Market. “Be it developing or deploying 5G technology – our industry is already well off the starting blocks. Today we are equipping EU Member States, telecoms operators and users with the tools to build and protect a European infrastructure with the highest security standards so we all fully benefit from the potential that 5G has to offer.”

Some of those ridiculous job titles are just downright embarrassing and clear evidence of the complacent, navel-gazing leviathan the EU has become. Nonetheless they’re not too proud to wait for their most loathed soon-to-be ex-member to make its move before they do. There seems to be little in this toolbox that doesn’t echo the recently announced UK approach, including keeping high risk vendors out of the core.

So once more the US has failed to get its own way on Huawei. It’s starting to look like Trump has seriously overplayed his hand by insisting on an outright ban and, unless he wants to cease meaningful cooperation with the whole of Europe, will need to find some kind of face-saving climb down. Having said that, who is going to notice if the US fails to deliver on its threats?

Could Iliad Italia be a victim of Corporate Darwinism?

Iliad’s Italian business unit has lodged complaints with Italian and European regulators regarding network sharing deals, but could these objections be effectively ignored?

While network sharing is a proposition which offers great benefits to cash-strapped telcos in pursuit of the eye-wateringly expensive 5G connectivity dream, it is not without its opponents and critics. Some regulators have become very defensive about the progressive idea, while there are telcos being left out of discussions who are objecting also.

In Belgium, Telenet has raised concerns over a tie-up between Orange and Proximus, while the European Commission prevented O2 and T-Mobile from expanding an existing agreement to include 5G in the Czech Republic. Both of these network sharing partnerships have been halted in the pursuit of maintaining attractive levels of competition, but Iliad’s objections might fall on deaf ears.

Iliad is objecting to network sharing agreements between Wind Tre and Fastweb, as well as another between Telecom Italia and Vodafone Italia. Iliad is the only major telco in Italy not to be in a network sharing discussion. If these partnerships bear fruit, efficiencies will be realised, meaning competitor funds can be redirected elsewhere.

If this is a prediction of the future, Iliad will be in a weakened position to compete in the Italian market, and financial pressures could become too much to justify the venture. Iliad could become a victim of Corporate Darwinism.

The competition versus consolidation conundrum

Competition has been somewhat of a difficult topic of conversation between the regulators and telcos in recent years, primarily because of the polar-opposite opinions on market consolidation. The telcos would like to consolidate to achieve scaled economics, while the regulators want to preserve the number of telcos in each of the markets to maintain competition and encourage investment.

There are pros and cons on either side of the fence, though the regulators do not seem to be shifting. This argument has knock-on effects for network sharing agreements.

Ovum’s Dario Talmesio points out, network sharing could be viewed as consolidation through the backdoor. Combined assets reduces the number of independent networks in the market, and potentially reduces investments and competition.

In the Czech O2 and T-Mobile case, the European Commission suggested as there were only three major players in the market, further combination of assets between two of the parties would present too much of a risk of the third being squeezed out. The same case has been presented by Telenet to the national regulator in Belgium.

Regulators are sensitive to any propositions which would negatively impact competition in a market, but what about markets where the number of telcos could actually be reduced?

How much is too much competition?

While there is no official stance on the number of telcos in a market, the European Commission does not generally approve activities which would reduce the number of telcos below four. Vetoing the O2/Three merger in the UK, or Telia/Telenor in Denmark are two examples, but this might not be the case in Italy.

If regulators were to allow the network sharing agreements to proceed, Iliad would certainly be in a very precarious position, though there would still be four mobile service providers in the country; Telecom Italia, Vodafone Italia, Wind Tre and a Fastweb proposition enabled by its agreement with Wind Tre. This might be deemed enough competition in Italy to maintain a healthy market for the consumer and a financially sustainable one for the telcos.

The four telcos named above are venturing into untested waters here. This presents a new question for the regulators to answer on competition. Theoretically, suitable levels of competition are being sustained, and this network sharing dynamic has been approved by regulators in the past.

In the UK, Three and EE have formed MBNL, while Vodafone and O2 have CTIL. These are passive infrastructure sharing joint ventures, focusing on the rural environments. It is a similar situation which would be created in Italy, and the UK does have a sustainable telco industry. It is evidence that the dynamic could work, with or without Iliad in the mix.

Could this be a case of Corporate Darwinism?

Corporate Darwinism occurs when a market evolves to such a degree that players are either irrelevant or uncompetitive, and therefore go out of business.

The best example of this is Blockbusters. Once a dominant player in the movie rental business, as the distribution of content moved online the proposition of Blockbusters was no-longer relevant, therefore the company did not survive. This is an example of a market evolving to such a degree that the business was no-longer relevant.

The Iliad example is perhaps one where the market evolves to such a degree that the business is no-longer competitive.

If the four remaining mobile service providers have network sharing initiatives driving network deployment, investments can be more intelligently spend (a) on the network, or (b) in other areas of the business.

The shared networks might have a greater geographical footprint, have future-proofed technology and higher performance specs. Theoretically, Iliad would churn subscribers to higher quality rivals. Also, as less money is being spent on network deployment, tariffs could be lower, but profitability could be maintained. Or, more cash could be invested in value-add propositions for products. Rival offerings could look more attractive than Iliad products.

If regulators approve the network sharing agreements between Telecom Italia and Vodafone Italia, alongside Wind Tre and Fastweb, Iliad would find itself in a very difficult position. It become difficult to see the telco surviving in the long-term.

Unfortunately for Iliad, there is a coherent argument to approve the partnerships to drive towards a more sustainable telecoms industry, allowing the telcos to realise efficiencies ahead of the vast expenditure of 5G. The consumer would benefit, as would enterprise customers and the Italian economy on the whole. It might be a case of letting Iliad die out for the greater good of the Italian telecoms sector.

25% of Europeans hold back personal information due to security concerns

For years, the tech industry has under-invested in security and now it might be about to hit executives in the place it hurts; the wallet.

Interestingly enough, those who are at greatest risk here are the creative thinkers who have figured out how to make money from the free-flowing data-sharing economy. It is the 21st century’s version of turning water into wine, making money off users without charging them anything, but it appears there are issues.

According to Eurostat, the office for statistics in the European Commission, 25% of Europeans have avoided handing over personal information because of security concerns, while 44% have limited their private internet activities in the last 12 months.

The investments behind security present an interesting conundrum for businesses. Firstly, security investment have to be made, but as this has been deemed a ‘cost centre’ as opposed to directly driving revenues towards the profit columns, they have been limited. This is a cynical viewpoint to hold, but we wouldn’t be talking about underinvestment in security if investment wasn’t being directed elsewhere.

The most interesting talking point to take away from these statistics is that there now is a business case. Users won’t use your services unless security can be demonstrated. It is a direct tie to the bottom line, which should theoretically increase the flow of investment towards security products and initiatives. We might get to that wonderful environment were security is not considered an afterthought.

One question which remains is whether this is too little too late.

Some companies have been investing in security for years. Some have been able to steer clear of the privacy scandals and data breaches. Some can prove their security credentials to customers today. These look like very attractive businesses to the growing number of security conscious customers.

Perhaps one of the reasons people are becoming more security conscious is the element of danger. In bygone years, it was difficult to communicate the dangers of the internet to users because there weren’t enough examples of real-world consequence. A company lost X amount of personal information, but what is the direct impact on my life? Because it is not as apparent, people generally undervalue the danger. This might be changing.

According to the Eurostat figures, 1% of the European Union population experienced financial loss resulting from identity theft, fraudulent messages or redirection to fake websites. That is just over 5 million people who were financial impacted by the dangers of the interest inside 2019 alone.

When customers start to see the digital economy as a threat to their bank account, which is becoming more common today, they will start paying more attention to security credentials.

What services were avoided due to security concerns
Service Percentage
Social or professional networking 25%
Public wifi 19%
Downloading content 17%
eCommerce 16%
Internet banking 13%

Europe wants to force all mobile phones to use the same charger port

Six years ago the European Union started ‘encouraging’ mobile phone makers to unite around a common charger format, but they didn’t take the hint.

The encouragement was introduced as part of an update to the Radio Equipment Directive, through which the European Commission tries to control that market. In the name of reducing waste (without detailing how) and simplifying their use, MEPs voted to mandate the move towards a universal charger port for mobile phones. At the time the EC decided nudge theory was the best place to start.

“The modernised Radio Equipment Directive is an efficient tool to prevent interference between different radio equipment devices,” said EU spokesperson Barbara Weiler at the time. “I am especially pleased that we agreed on the introduction of a common charger. This serves the interests both of consumers and the environment. It will put an end to charger clutter and 51,000 tonnes of electronic waste annually.”

How many consumers were consulted for them to come to that conclusion is unclear, but who can honestly say they bear no emotional scars from having to switch between two or three port formats every now and then? Similarly it’s not immediately obvious what ecological benefit of a unified charger will be, since devices always come with one anyway, but what do we know?

Anyway, for all the EC’s efforts we’re still faced with the bleak situation of having to contend with up to three charger formats and, quite frankly, it won’t do. If mobile phone makers won’t respond to encouragement, it seems, then more assertive techniques are required to ensure compliance with the grand plan.

So recently there was a call to introduce common charger for all mobile phones, which noted ‘The Commission’s approach of “encouraging” industry to develop common chargers fell short of the co-legislators’ objectives. The voluntary agreements between different industry players have not yielded the desired results. A common charger should fit all mobile phones, tablets, e-book readers and other portable devices, MEPs will insist.”

Now, by happy coincidence, or perhaps not, the industry is gravitating towards the USB-C format anyway, especially at the top end, so it’s presumably just a matter of time before it becomes ubiquitous. When that does happen the EU bureaucracy will be able to pat itself on the back for chalking up another win for consumers and the environment.

Europe says no to stablecoins until grey areas are gone

The European Commission and European Parliament have dealt a blow to the likes of Facebook’s Libra initiative until they can write the appropriate rules.

In a joint statement, the duo has championed the potential benefits of cryptocurrencies, but also warned of the dangers. Under current European regulations, it is not entirely clear how the emerging segment will be governed, therefore the bureaucrats are taking a firm stance before irreversible steps forward have been taken.

“As underlined by the recent report of the G7 working group dedicated to these issues, global ‘stablecoin’ projects and arrangements should not come into operation until all of these risks and concerns are properly addressed,” the statement reads.

“We re-affirm our willingness to appropriately tackle the challenges raised by these initiatives on the basis of an EU common understanding and coordinated approach.

“In view of the above, the Council and the Commission state that no global ‘stablecoin’ arrangement should begin operation in the European Union until the legal, regulatory and oversight challenges and risks have been adequately identified and addressed.”

A stablecoin is a digital current which is pegged against the price of physical assets, such as a commodity. Cryptocurrencies can then be linked to the stablecoin, in an effort to reduce price volatility. With a lack of understanding in the cryptocurrency market today, losses can be extraordinary, evident by the dramatic crash of Bitcoin in early 2018.

In theory, the stablecoin concept is logical. It provides stability to the market as it is pegged against less-volatile assets, thus creating more confidence and safety in digital currencies. But as with everything new, the list of unknowns is far greater than the list of knowns. When dealing with people’s money, bureaucrats tend to side with caution.

Although this will certainly slow the development of cryptocurrency almost to standstill, it is perhaps necessary. The technology industry has demonstrated time and time again it is not responsible enough to manage innovation or self-regulate. The last decade has seen numerous examples of what happens when a technology drives forward too quickly without paying consideration to the ‘law of unintended consequences’; just look at the Cambridge Analytica scandal for evidence.

The European Union and European Parliament are calling for a pause for thought, to create a globalised, evidence-based approach for a regulatory and oversight mechanism. The duo wants to ensure appropriate standards of consumer protection and orderly monetary and financial conditions are in place before the industry is allowed to run free.

The idea of stablecoins are of course a good thing. The potential for convenient, fast, efficient and inexpensive payments, especially cross-border, is evident, though such a sensitive segment as digital finance needs to be managed appropriately.

Europe decides to punish Broadcom before its investigation is complete

The European Commission is in the process of investigating Broadcom for anticompetitive behaviour, but has imposed sanctions in advance of any conclusion.

Broadcom is considered to be dominant in the market for set-top box chips and some fixed line modems. The EC reckons it’s abusing that dominant position by persuading customers to go all-in on its products, thus unfairly restricting competition. The investigation was opened last June but the EC is so concerned about the effects of these practices that it has ordered Broadcom to stop them immediately.

“We have strong indications that Broadcom, the world’s leading supplier of chipsets used for TV set-top boxes and modems, is engaging in anticompetitive practices,” said EU Competition Commissioner Margrethe Vestager. “Broadcom’s behaviour is likely, in the absence of intervention, to create serious and irreversible harm to competition. We cannot let this happen, or else European customers and consumers would face higher prices and less choice and innovation. We therefore ordered Broadcom to immediately stop its conduct.”

The key word in that quote is ‘likely’. Vestager seems to be saying that mere suspicion is now reason enough for the EC to act against companies pre-emptively, in anticipation of the outcome of its investigation. What if the investigation concludes in favour of Broadcom? This seems to be a dangerous erosion of due process and an ominous precedent for any company that does business in Europe.

Broadcom now has 30 days to do the following or else:

  • Unilaterally cease to apply the anticompetitive provisions identified by the Commission and to inform its customers that it will no longer apply such provisions; and
  • Refrain from agreeing the same provisions or provisions having an equivalent object or effect in other agreements with these customers, and refrain from implementing punishing or retaliatory practices having an equivalent object or effect.

Those restrictions apply until the EC get around to concluding its investigation or three years, whichever is sooner. It’s common practice for big companies to chuck lawyers at these kinds of investigations in order to drag them out, so you can see where the EC is coming from with this kind of pre-emptive action. But due process exists for a reason and the EC seems to be saying it’s better that a few innocent companies may be hurt than any guilty ones go unpunished.

Europe’s security vision undermined by lack of compulsory requirements

For the most part, companies have to be forced to take security seriously, but perhaps these changes are on the horizon in Europe at least.

Cybersecurity is always a topic of conversation which is never too far away, though you have to question the substance behind the statements. Security and privacy are always top priorities for a company if you listen to the CEO, though the fact that security breaches still persist undermines these bold claims.

To be fair to the companies involved, this is a fast-paced and ever evolving aspect of the technology landscape. Is there such thing as 100% secure? No. Can the companies do more to protect their customers? Yes.

This is where the European Commission plays a critical role in developments. Speaking at Broadband World Forum in Amsterdam, Julie Ruff. Directorate for Digital Society, Trust & Cybersecurity, outlined the challenges, as well as the ways and means to combat these threats, and the telcos will be central to these efforts.

“First of all, they are obvious targets for cyber-attacks [the networks], very attractive targets,” said Ruff.

“The networks can be used as vectors for attack.”

The network is the lynchpin for tomorrow’s economy, the backbone of the virtual world. It’s the digital superhighway which connects anything, everything and everyone. The networks owners need to lead from the front, but they are not the only character in this nefarious saga.

As part of the latest iteration of the Cyber Act, the European Commission has introduced a certification framework for ICT digital products, services and processes. This framework will provide a comprehensive set of rules, technical requirements, standards and procedures to ensure consumers and businesses are protected from the dangers lurking in the dark corners of the world wide web.

This is all well and good, but here is the major problem; the certification process is currently voluntary.

At the largest companies, resources can be redirected towards such initiatives to ensure the demands and nuances of the framework are being adequately met. However, this is not going to be the biggest problem the digital economy will face. The start-ups and SMEs, those who can easily find other means to spend valuable and limited funds, will not voluntarily direct investment towards cost-centres and away from profit-builders.

However, with more risks being realised further afield in the ecosystem, a comprehensive approach to security is needed everywhere and anywhere. As Ruff pointed out during her presentation, the interconnected nature of the digital economy means that cybercriminals can infiltrate networks through weak points in the chain.

This is where the European Commission needs to move forward to ensure the certification framework is compulsory not voluntary. It might come as a financial burden to the start-ups, but it is the only way to most effectively mitigate risk. The investments being made by multi-nationals and telcos could be completely undermined by a rogue device connected to the network.

For the digital economy to be anywhere near ‘safe’, connected devices, whatever they may be, need to be secure out of the box and providers need to ensure timely and regular security updates. Unfortunately, this perfect scenario can only be achieved through effective regulation and a compulsory certification framework.

A good vision has been outlined by the European Commission, but this needs to be backed-up by effective and compulsory regulation.

Europe publishes 5G security report to state the obvious

After months of deliberation and consideration, the European Commission has published a report which comes to some fairly obvious conclusions on 5G security.

Although few would have expected something substantial from the bureaucrats, the published report seems to offer little to no insight or additional information. Once again, the Brussels brigade is showing how painfully slow progress can actually be.

“Today, Member States, with the support of the Commission and the European Agency for Cybersecurity published a report on the EU coordinated risk assessment on cybersecurity in Fifth Generation (5G) networks,” a statement reads.

“This major step is part of the implementation of the European Commission Recommendation adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU.”

In short, the report comes to a few conclusions:

  • Poor software development process could be a danger
  • Certain pieces of network equipment or functions are becoming more sensitive, base stations for example
  • State-backed threats are the highest concern
  • Telcos are too dependent on a small number of suppliers, some of whom could be considered a security right
  • Threats to communications infrastructure should be considered a security risk

Amazingly, the European Commission has managed to create a 33-page report, which says nothing significant or particularly useful. Everything which has been stated is already known by those paying attention, though we suspect there would be a few politicians who would benefit from reading the report.

So, what does the report actually mean? Nothing for the moment. If anyone was expecting any action will be wildly disappointed, though the European Commission is suggesting member states create action plans to compensate for the increased risk. As you can imagine, there is little rush to complete these action plans, as the European Commission has given a deadline of October 1, 2020.

Every now and then the European Commission reminds us how painful bloc-wide bureaucracy can be, and this report has proven to be an excellent example. At some point in the future, the bureaucrats might create official security guidelines and regulation for member states to follow, though this is unlikely to be done in a timely manner.