Huawei founder opened up to the press, or did he?

Ren Zhengfei, the founder of Huawei, once again dismissed the allegations that Huawei has been spying for the Chinese government in a rare meeting with the media.

Huawei’s normally reclusive founder told the Financial Times on Tuesday that he missed his daughter, who was arrested in Canada and faces extradition to the US. Ren also reiterated that Huawei has not spied for the Chinese government and has not been asked to do so. “No law in China requires any company to install mandatory backdoors,” Ren was quoted by the FT.

Ren also handed out an olive branch to President Trump, calling the latter “great” and recognising the positive results the American administration’ tax cuts had delivered to the American economy. But he also warned the isolationist route the current American government is pursuing. “The message to the US I want to communicate is: collaboration and shared success. In our world of high tech, it’s increasingly impossible for any single company or country to sustain or to support the world’s needs,” Ren said. Earlier President Trump said he ‘would intervene on Huawei CFO’s case to help China trade deal’.

When it comes to Huawei’s tactics to navigate the difficulties it faces in the western markets, Ren conceded “it’s always been the case, you can’t work with everyone . . . we’ll shift our focus to better serve countries that welcome Huawei,” he told the reporter.

By the founder’s own standard, this interview was a rare opportunity for the outside world to get more transparency of the company he set up 32 years ago. But we were not made much wiser on a few key questions.

Huawei’s CFO, and Ren’s daughter, was charged with misleading the American banks with false information on Huawei’s relationship with its subsidiary related to the company’s business in Iran, which resulted in the banks being handed multi-billion dollar fines. Ren’s interview did not shed new light on the case, despite expressing his parental feeling.

In the spirit of “presumed innocent until proved guilty”, we should believe that the Huawei founder was telling the truth when he claimed Huawei has not spied on behalf of the Chinese government. His words were also carefully chosen when he claimed, “no law in China requires any company to install mandatory backdoors”, which is true. Law enforcement agencies may require companies or private persons to assist their work. In some jurisdictions the companies or individuals have the legal right to refuse, as Apple did in 2015 when being asked by the FBI to unlock an iPhone used by the San Bernardino attackers.

In other jurisdictions companies and individuals are obliged to comply with such demands.

China’s Intelligence Law was passed by the National People’s Congress, China’s legislature, in June 2017 and entered into force the following day. Two articles of the law are of interest here:

Article 7: An organization or citizen shall support, assist in and cooperate in national intelligence work in accordance with the law and keep confidential the national intelligence work that it or he knows. (Translation by the Law School, Peking University)

Article 14: National intelligence work institutions, when carrying out intelligence work according to laws, may ask relevant institutions, organizations and citizens to provide necessary support, assistance and cooperation. (Translation by QUARTZ)

In plain language this means the intelligence agencies have the mandate to require any institutions or individuals to cooperate (Article 14) and the institutions or individuals must comply (Article 7).

Therefore Ren, who declared “I still love my country, I support the Communist party” to the FT journalist, is law-bound to say Huawei has “never received any request from any government to provide improper information”, no matter whether it has received requests of this kind or not. Hypothetically, if Huawei had received requests from the Chinese intelligence agencies to assist their tasks, it could not refuse, otherwise it would be violating the first half of Article 7. On the other hand, if Huawei, hypothetically, had carried out intelligence tasks as required, it could not tell anyone, otherwise it would be violating the second half of Article 7.

But, seriously, no one would have expected an alternative answer.

Huawei employee arrested in Poland on spying allegations

Huawei’s sales director in Poland, who previously served in the Chinese diplomatic corps, has been arrested by the Polish authorities on spying allegations. Huawei immediately terminated his employment.

More details have been disclosed related to the arrest of Wang Weijing, who also goes by the name Stanislaw Wang. After serving as attaché at the Chinese general consulate in Gdansk, Wang joined Huawei’s Poland office in 2011, first as its PR director then as its sales director responsible for selling to the Polish public sector. Wang was detained on 8 January, on allegations of spying, as was first reported by the Polish public broadcaster TVP.

According to TVP, an Orange employee arrested on the same allegations, identified as Piotr D, had worked at the country’s Internal Security Agency (ISA, or “Agencja Bezpieczeństwa Wewnętrznego (ABW)” in Polish), which carried out the arrests. While at ISA one of his responsibilities was issuing security certificates for equipment used by Poland’s public-sector offices. He left the agency earlier after being accused of corruption but was not formally charged.

The offices of Huawei and Orange were searched respectively following the arrests, though a spokesperson for ISA told Reuters that the allegations against Wang were related to individual actions, not directly linked to Huawei. This is also the line Huawei adopted when it promptly severed the employment relationship with Wang, citing that “in accordance with the terms and conditions of Huawei’s labour contract, we have made this decision because the incident has brought Huawei into disrepute.”

Orange said it did not know if the investigation in Piotr D. was linked to his professional work but would continue to cooperate with the authorities.

Despite the troubles it has run into in markets like the US, New Zealand, Japan, and the UK, Huawei’s business in Eastern Europe has been largely unperturbed. However the latest twist in Poland and the earlier arrest of Meng Wanzhou, Huawei’s CFO, in Canada might put this position under pressure. On Saturday 12 January, Joachim Brudzinski, Poland’s interior minister, called for a EU-NATO joint position with regard to banning Huawei from these markets when speaking on a Polish commercial radio station. “There are concerns about Huawei within NATO as well. It would make most sense to have a joint stance, among EU member states and NATO members,” said Brudzinski.

Then on Sunday 13 January, Karol Okonski, a government official responsible for cyber security, told Reuters that Poland could consider forbidding the public sector from using Huawei products while probing the legal measures to limit Huawei’s access to the private sector. “We do not have the legal means to force private companies or citizens to stop using any IT company’s products. It cannot be ruled out that we will consider legislative changes that would allow such a move,” Okonski said.

Huawei has always denied that it poses security threats, or it spies on behalf of the Chinese government. In a statement it sent out to media after its CFO’s arrest and it sent again after the arrests in Poland, Huawei stressed that it “complies with all applicable laws and regulations in the countries where it operates, and we require every employee to abide by the laws and regulations in the countries where they are based.”

Incidentally, the South China Morning Post reported earlier that, shortly before her arrest in Canada, Meng Wanzhou and Ren Zhengfei, the founder of Huawei and Meng’s father, hosted a town hall meeting for Huawei employees. According to a transcript distributed to Huawei staff and seen by SCMP, both executives discussed extensively on compliance. Cases were divided into “red” and “yellow” lines. By red line, Meng meant the rules where there is “no bargaining and must be strictly complied with”, while by yellow line she referred to cases where strict compliance is not operationally feasible, and the company can build in the costs of flouting the rules as “sunk costs.” She cited labour risks as an example.

“Of course, beyond the yellow and red lines, there may still be another scenario, and that is where the external rules are clear-cut and there’s no contention, but the company is totally unable to comply with in actual operations. In such cases, after a reasonable decision-making process, one may accept the risk of temporary non-compliance,” quoted by SCMP.

Ren also urged his staff to consider both cost and benefit in compliance cases, especially related to laws of the US and EU. SCMP quoted him challenging those present when answering a question: “We must not bind ourselves up just because the US is attacking us. If our hands and feet are bound, then we will not be able to continue producing, then what’s the point of compliance?”

US operators belatedly act to protect user location data

AT&T and Verizon announced that they will terminate all remaining commercial agreements that involve sharing customer location data, following a report exposing the country’s mobile carriers’ failure to control data sharing flow.

Jim Greer, a spokesman for AT&T, said in a standard email to media: “Last year, we stopped most location aggregation services while maintaining some that protect our customers, such as roadside assistance and fraud prevention.” Referring to the Motherboard exposé, Greer continued, “In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services — even those with clear consumer benefits.”

This is similar to the position T-Mobile’s CEO John Legere adopted when responding to the criticism from the US Senator Ron Wyden (D-Ore.). Verizon also announced that the company will sever four remaining contracts to share location data with roadside assistance services. After this Version will need to get customers’ explicit agreement to share their data with these third-party assistance companies. Sprint, which was also caught out by the Motherboard report, is the only remaining nation-wide carrier that has not announced its plan on the issue.

This is all good news for the American consumers who are concerned with the safety of their private data. On the other hand, mobile operators have hardly been the worst offenders when it comes to compromising the privacy and security of customer data. Earlier, Google was exposed to have continued tracking users’ location even after the feature had been switched off, while Facebook has been mired in endless privacy controversies.

Monetising user data is only a side and most likely insignificant “value-add” business for the mobile operators, because they live on the service fees subscrbers pay. But it is the internet heavyweights’ lifeline. This may sound fatalistic but it should not surprise anyone if the Facebooks and the Googles of the world come up with more innovative measures to finance the “free” services we have benn used to.

InterDigital says Huawei is setting a dangerous precedent with patent lawsuit

Huawei has filed a lawsuit challenging the royalties it’s charged, but InterDigital CEO thinks the saga could have a much more damaging and wide-ranging impact on the industry.

Lawsuits in the telco industry are not uncommon, while they are pretty much part of the daily routine for anyone who deals with patents. According to InterDigital CEO Bill Merritt, the dispute is not the problem, it’s the way that Huawei is hoping to get a resolution, heading towards localised judicial systems as opposed to international, and standardised, arbitration.

“Standards have done a great job at breaking down national walls, creating a single playing field, and we think pricing should be the same,” said Merritt.

As it stands, Huawei has filed a lawsuit with the Shenzhen Intermediate People’s Court (January 2) accusing InterDigital of not licensing patents on fair and non-discriminatory terms. The lawsuit follows the expiration of a prior licensing agreement (December 31) with the pair not able to come to an agreement on future terms.

Long story short, Merritt pointed out Huawei wants to pay less for the patents. It’s a simple dispute, based on the success of Huawei smartphones and devices over the last year or so. As Huawei is shipping more units, it feels it should be offered a more competitive rate due to economies of scale. InterDigital however, feels it is offering a fair and reasonable price. The court case will decide royalty payments for the next four years (2019-23).

From Merritt’s perspective, the issue is not the dispute but the lawsuit itself. In the past, with Huawei and other customers, InterDigital has chosen to go down the route of arbitration, an option which Merritt feels is best in this situation as well. In most arbitration cases, each party selects a professional arbitrator, before the pair jointly select a third independent one. The idea is that the trio would assess all the information in the contract, look at market precedent as well as future developments, to decide a competitive and reasonable price for the transaction. It’s (in theory) an independent and neutral way to resolve conflict.

In this case, arbitration was offered as a possible resolution, but Huawei declined, instead electing to head to the regional court. This is where the danger lies; the Shenzhen Intermediate People’s Court is a localised institution which has influence in China. The risk is regionalised rate setting which would cause chaos considering how many jurisdictions there are around the world.

To compound the issue of regionalised rate setting, not only are you likely to have varied approaches and opinions, an international supply chain does not lend itself well to this scenario. The majority of devices and products which are sold today are manufactured in a variety of different countries and regions; the economy has been globalised. Merritt said if you are having to factor in several different regionalised rates for production of devices, the whole supply chain could turn into a disaster.

“The number of disputes could easily be reduced if parties committed to arbitration,” said Merritt.

Unfortunately for Merritt and InterDigital, the two technology powerhouses of the world are increasingly promoting more nationalised agendas and policies which encourage isolationist thinking. It seems we can’t go a day without referring to the trade conflict between the US and China, but the idea of regionalised rate setting, which this lawsuit encourages, is another step away from the international ecosystem, the healthiest option for a profitable and sustainable telecommunications industry.

This is a case which might be worth keeping an eye on over the coming months, it might just lead the patent segment down a worrying and complicated red-tape maze of regionalised price setting.

Huawei CFO charged with hiding connection to Skycom, which worked with Iran

The bail hearing for Huawei CFO Meng Wanzhou has revealed she is charged with concealing ties between her company and another that violated US trade sanctions.

Meng was arrested last week in Canada and had her bail hearing at the end of the week. In it, according to multiple reports, she committed fraud when she told US banks in 2013 that Huawei had no connection to Hong Kong firm Skycom, which was apparently doing business with Iranian telecoms companies. The suggestion is that Skycom was used to disguise Huawei’s own violations of US trade sanctions, which is what caused ZTE so much grief earlier this year.

“Ms. Meng personally represented to those banks that Skycom and Huawei were separate when in fact they were not separate,” said Crown Counsel John Gibb-Carsley. “Skycom was Huawei.” Evidence for this is reportedly contained in a PowerPoint presentation from that time and it looks like this manoeuvre may be what was referred to in ZTE’s F7 memo.

In a bid to get bail Meng’s lawyers that she’s not a flight risk because she wouldn’t want to embarrass her father, the founder of Huawei, as well as the company itself and the whole country. She also apparently has a couple of houses in Vancouver, which she could stay in. Counter-arguments have focused on how much cash she has, meaning she could afford to leg it.

The original scoop on Skycom seems to have come from Reuters, which reported back in January 2013: ‘Huawei CFO linked to firm that offered HP gear to Iran’. The reason this case has escalated to an arrest isn’t the business Huawei may or may not have done with Iranian companies, but the allegations of deliberately misleading US banks – hence committing fraud.

Apple reportedly plans to use Intel 5G modem in 2020, but will it be any good?

Apple has boxed itself into a corner by going to war with Qualcomm, so a lot rides on the competitiveness of Intel’s 5G modem.

Fast Company has reported that Apple intends to use the Intel 8161 5G modem in its 2020 iPhones as part of its already-known strategy of switching to Intel as its sole provider of modems. This move seems to be largely driven by Apple’s dispute with Qualcomm over how much it charges for its chips.

When large companies declare legal war on each other the dispute usually metastasises as their respective legal teams search for further dirt they can use as leverage in the ongoing negotiations. These things usually conclude in an out-of-court settlement, the terms of which are largely determined by the relative legal strength of the respective positions.

The more likely one party is to win a court case, the stronger its position in the pre-case negotiation, which is why Qualcomm has been so keen to prove that Apple committed industrial espionage in sharing Qualcomm trade secrets with Intel in order to help it produce better modems.

While Qualcomm’s most recent court filing broadly outlines fresh allegations resulting from the discovery process, conversations we had at its recent event in Hong Kong suggested Qualcomm has got hold of emails that prove the alleged passing on of protected intellectual property took place.

If Apple did indeed offer Intel a helping hand, something that Intel denies, then the clear inference is that Intel’s modems were of insufficient quality without cheating. A worst case scenario might be that the 5G modems Apple apparently intends to use would be declared illegal, but even if that doesn’t happen there will be questions over the 5G performance of those iPhones versus phones running Qualcomm modems.

So, assuming this rumour is accurate, a hell of a lot is riding on those first Intel 5G modems. If they’re rubbish then not only will that be a direct competitive win for Qualcomm, but the sales and reputation of the iPhone are likely to suffer too. In its desire to dominate its suppliers Apple is forcing itself to make some technology choices that may be far more costly than any money saved on components.

Intel triggered into joining Qualcomm Apple spat

Qualcomm has accused Intel of cheating at modems with Apple’s help, but Intel’s weak public riposte is unlikely to sway much opinion in its favour.

Judging by the general quality of their press releases all three of the companies involved in this spat refuse to issue a single public utterance until every syllable has been pored over by battalions of lawyers. As a consequence, when they decide to slag each other off via the media the result falls pretty far short of Wildean in its wit.

To be fair to Qualcomm, its latest allegations weren’t strictly public, although you have to wonder what the source of the court filing leak that resulted in the rest of the world knowing about it was. Essentially Qualcomm is questioning how Apple was able to replace its modems with Intel ones in the latest iPhones and figured it must have given Intel trade secrets to ensure its modems were up to the job.

Intel’s General Counsel Steven Rodgers posted a riposte entitled ‘Qualcomm’s Rhetoric Pierced’, which promised all kinds of rebuttals, refutations and rebukes but instead delivered a disappointingly generic whinge that amounted to ‘how dare you?’ It started fairly promisingly with a round up of all the fines Qualcomm has been hit with over the past couple of years for violating competition laws.

But then it degenerated into a general purpose moan about how unfair the allegations are when everyone at Intel works really hard, actually. “We are proud of our engineers and employees who bring the world’s best technology solutions to market through hard work, sweat, risk-taking and great ideas,” pouted Rodgers. “Every day, we push the boundaries of computing and communication technologies. And, the proof is in the pudding: Last year, the U.S. Patent Office awarded more patents to Intel than to Qualcomm.”

The correct form of the proverb is ‘the proof of the pudding is in the eating’, but if Intel chooses to keep its patents inside some form of dessert, who are we to judge? “For the most part, we have chosen, and will continue to choose, to respond to Qualcomm’s statements in court, not in public,” said Rogers, showing the acute judgment that you would expect of a senior Lawyer. Qualcomm has yet to publicly respond.

US contemplates its own version of GDPR

The U.S. National Telecommunications and Information Administration has started a 30-day public hearing process to gather comments on its policy options towards consumer privacy protection.

Shortly after Europe’s General Data Protection Regulation (GDPR) came into force in late May, “a global tidal wave of new and updated privacy regulations” have followed hot on the heels of GDPR as it was called at the recent Digital Futures conference (see the picture). Regulations and laws passed in jurisdictions from India to California with other markets in between have largely modelled after the European legislation.

In the latest move, on Tuesday September 25, the US federal government, through the National Telecommunications and Information Administration (NTIA), kick-started a month-long process to hear from the public on the approach towards privacy protection.

“The United States has a long history of protecting individual privacy, but our challenges are growing as technology becomes more complex, interconnected, and integrated into our daily lives,” said David Redl, NTIA Administrator and Assistant Secretary of Commerce for Communications and Information. “The Trump Administration is beginning this conversation to solicit ideas on a path for adapting privacy to today’s data-driven world.”

The feedback requested is two-fold. The first part is on the outcome of any future privacy legislation. This includes:

  • Organizations should be transparent about how they collect, use, share, and store users’ personal information.
  • Users should be able to exercise control over the personal information they provide to organizations.
  • The collection, use, storage and sharing of personal data should be reasonably minimized in a manner proportional to the scope of privacy risks.
  • Organizations should employ security safeguards to protect the data that they collect, store, use, or share.
  • Users should be able to reasonably access and correct personal data they have provided.
  • Organizations should take steps to manage the risk of disclosure or harmful uses of personal data.
  • Organizations should be accountable for the use of personal data that has been collected, maintained or used by its systems.

All these are rather similar to what GDPR and the up-coming e-Privacy regulation are designed to achieve.

Meanwhile the NTIA is also requesting comments on the overall “High-Level Goals for Federal Action”, the key points including:

  • “Harmonize the regulatory landscape” between existing and future legislations;
  • “Legal clarity while maintaining the flexibility to innovate” to enable new business models and technologies while privacy is protected;
  • “Comprehensive application” to “all private sector organizations that collect, store, use, or share personal data in activities that are not covered by sectoral laws”;
  • “Incentivize privacy research” in technologies and services that improve privacy protections.
  • FTC should be the enforcement agency

However a few other points stand out that deserve a closer look. One probably deserves a full quote:

Employ a risk and outcome-based approach.  Instead of creating a compliance model that creates cumbersome red tape—without necessarily achieving measurable privacy protections—the approach to privacy regulations should be based on risk modeling and focused on creating user-centric outcomes.  Risk-based approaches allow organizations the flexibility to balance business needs, consumer expectations, legal obligations, and potential privacy harms, among other inputs, when making decisions about how to adopt various privacy practices.  Outcome-based approaches also enable innovation in the methods used to achieve privacy goals.  Risk and outcome-based approaches have been successfully used in cybersecurity, and can be enforced in a way that balances the needs of organizations to be agile in developing new products, services, and business models with the need to provide privacy protections to their customers, while also ensuring clarity in legal compliance.

NTIA’s focus is clearly to avoid heavy-handed measures to regulate what can be done, but rather giving flexibility to businesses to make their own judgement what measures to take. This is also in the same spirit as the first part of the consultation which is “focuses on the desired outcomes of organizational practices, rather than dictating what those practices should be.”

Another point that draws our attention is related to “Scalability”, which stresses that small companies operating in good faith, and 3rd party processing data on behalf of other organisations should be treated differently from big companies that own and control personal data.

The two points above combined make a balanced message for the internet giants, which are not necessarily the biggest fans of privacy regulations. While they are afforded more flexibility, they are also going to be treated more strictly if they contravene. However as we wrote earlier, because of their size, the Googles and Facebooks of the world are much quicker in ticking the compliance boxes.

One more point that worth highlighting, probably for entertainment purposes than anything else, relates to “Interoperability” with other major global legislations. Here, for whatever reason it pointedly does not refer to GDPR but uses the example of “APEC Cross-Border Privacy Rules System.”

In general, the NTIA’s approach is balanced and measured, which is largely in line with our attitude towards privacy protection. On one hand we deplore the blatant abuse of privacy by companies like Facebook and Cambridge Analytics. On the other hand, we also sympathise with the small and medium-sized businesses operating in Europe, most of which had to scramble some policies at the eleventh hour, but may still fall foul of consumers. France’s private data protection agency CNIL (Commission nationale de l’informatique et des libertés) registered a 64% increase in consumer complaints after GDPR came to force over the same four months last year.

As Mary Meeker highlighted, draconian laws could limit the exploratory nature of tech innovators. That many countries model their privacy legislation after GDPR confirmed that Europe’s policymakers are “world-class in setting standards”, as a recent article in The Economist put it. But in the same article the newspaper also highlighted the gap between Europe and the AI leaders, China and US, neither of which is role model in guarding individual privacy, though for entirely different purposes.

In a recent Telecoms.com online poll, a third of the respondents agreed with the statement that there should be “flexible rules to allow users to trade privacy for benefits”. An optimal regulatory environment should give this minority group the freedom to do so while providing the other two third consumers with strict privacy protection.

The Children Act: US lawmakers asking to know how YouTube collects data on children

US Congressmen have demanded Google CEO answers questions on how YouTube tracks the data of minors.

Anyone who has been a parent to toddlers or pre-schoolers in the last dozen years must have felt, like it or not, YouTube has been a wonderful thing. It does not only provide occasional surrogate parenting but also delivers much genuine pleasure to the kids, from entertainment to education, with sheer silly laughter in between.

Meanwhile we have also recognised that YouTube can be a pain as much as a pleasure. The pre-roll and interstitial ads on such content are all clearly pushed at kids, in particular game and toy shopping; recommendations are based on what has been played therefore encouraging binge watching; not to mention the disturbing Peppa Pig or Micky Mouse spoof parodies that keep creeping through, a clear sign that, while you are watching YouTube, “YouTube is watching you”.

But neither the pleasure nor the pain should have been there in the first place, because, though not many of us have paid attention, “YouTube is not for children”, as the video service officially puts it. In its terms of service YouTube does require users to be 13 years and above. But, unlike Facebook, which would lock the user out unless he has an account, anyone can watch YouTube without the need of an account. An account is only needed when someone intends to upload a clip or make a comment. Even in situation like this, children can pretend to be above the age limit by inputting a faked date of birth, or simply by using someone else’s account. And YouTube has known that all along, it even teaches users how to make “family-friend videos”. Admit it or not, YouTube is for children.

Following complaints from 23 child and privacy advocacy groups to the Federal Trade Commission (FTC), two congressmen, David Cicilline (D) of Rhode Island, and Jeff Fortenberry (R) of Nebraska, sent a letter to Google’s CEO Sundar Pichai on September 17, demanding information on YouTube’s practices related to collection and usage of data of underaged users. The lawmakers invoked the Children’s Online Privacy Protection Act 1998 (COPPA), which forbids the collection, use or disclosure of children’s online data without explicit parental consent, and contrasted it with Google’s terms of service which give Google (and its subsidiaries) the permission to collect user data including geolocation, device ID, and phone number. The congressmen asked Google to address by October 17 eight questions, which are essentially related to:

  • What quantity and type of data YouTube has collected on children;
  • How YouTube determines if the user is a child, what safeguard measures are in place to prevent children from using the service;
  • How children’s content is tagged, and how this is used for targeted advertising;
  • How YouTube is positioning YouTube Kids, and why content for children is still retained on the main YouTube site after being ported to the Kids version

Google would not be the first one to fall foul of COPPA. In a recent high-profile case, FTC, which has the mandate to implement the law, fined the mobile advertising network inMobi close to $1 million for tracking users’, including children’s location information without consent.

This certainly is a headache that Google can do without. It has just been humiliated by the revelation that users’ location data was still being tracked after the feature had been turned off, not to mention the never-ending lawsuits in Europe and the US over its alleged anti-trust practices. It also, once again, highlights the privacy minefield the internet giants find themselves in.  Facebook is still being haunted by the Cambridge Analytica scandal, while Amazon’s staff were selling consumer data outright.

Nine years before COPPA came into force, an all-encompassing Children Act was passed in the UK in 1989. In one of its opening lines the Act states “the child’s welfare shall be the court’s paramount consideration.” This line was later quoted by the author Ian McEwan in his novel, titled simply “The Children Act” (which was recently made into a film of the same title). In that spirit we laud the congressmen for taking the action again YouTube’s profiteering behaviours. To borrow from McEwan, sometimes children should be protected from their pleasure and from themselves.

Amazon China staff were reportedly selling-on user data

Amazon is conducting an internal investigation into allegations that its staff in China received bribes from merchants for user data.

According to a report by the Wall Street Journal, staff of the online retailing giant’s China operation received between $80 and more than $2,000 to part internal user and sales data to brokers, who would then re-sell them to merchants who do business on Amazon platform. According to the WSJ report, it was not only Amazon’s internal sales metrics and users’ email addresses that were sold, also on offer was additional services. The staff would help the buyers to delete negative reviews and to re-open banned Amazon accounts.

It is said the malpractice was particularly rampant in Amazon’s office in Shenzhen, the city bordering Hong Kong. It is not the first time China’s online retailers suffered from data security comprise. Back in 2016 over 20 million of Alibaba’s users had their data hacked. Nor is this the first time that Amazon has found itself in the centre of data leaking controversies, but earlier cases were related to its cloud service AWS. So it is astonishing that in the present case, data was not breached by hacking but through blatant criminal transactions. It is not clear how many users have had their data sold.

Amazon released a statement saying “We have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behaviour, we will take swift action against them, including terminating their selling accounts, deleting reviews, withholding funds, and taking legal action.”

Amazon set up its business in China in 2004 after acquiring a competing online bookshop Joyo with $75 million. It was rebranded Amazon China in 2011.