Nick Clegg defends Facebook’s business model from EU’s privacy regulation

Facebook’s head of PR reportedly had a series of meetings with EU and UK officials aiming to safeguard the social network’s business model heavily relying on targeted advertising.

Sir Nick Clegg, the former UK Deputy Prime Minister, now Facebook’s VP for Global Affairs and Communications, met three EU commissioners during the World Economic Forum in Davos and shortly after the event in Brussels, according to a report by the Telegraph. These commissioners’ portfolios include Digital Single Market (Andrus Ansip), Justice, Consumers and Gender Equality (Věra Jourová), and Research, Science and Innovation (Carlos Moedas). Clegg’s mission, according to the Telegraph report, was to present Facebook’s case to defend its ads-based business model in the face of new EU legislation related to consumer privacy.

According to a meeting minutes from the Ansip meeting, seen by the Telegraph, “Nick Clegg stated as main Facebook’s concern the fact that the said rules are considered to call into question the Facebook business model, which should not be ‘outlawed’ (e.g. Facebook would like to measure the effectiveness of its ads, which requires data processing). He stated that the General Data Protection Regulation is more flexible (by providing more grounds for processing).”

In response, Ansip defended the proposed ePrivacy Regulation as a complement to GDPR and it is primarily about protecting the confidentiality of consumers’ communications. In addition, the ePrivacy Regulation will be more up to date and will provide more clarity and certainty, compared with the current ePrivacy Directive, which originated in 2002 and last updated in 2009. Member states could interprete and implement the current Directive more restrictively, Ansip warned.

Facebook’s current security setup makes it possible to access users’ communication and able to target them with advertisements based on the communications. Under the proposed Regulation, platforms like Facebook need to get explicit consent from account holders to access the content of their communications, for either advertisement serving, or effectiveness measuring.

There are two issues with Facebook’s case. The first one is, as Ansip put it, companies like Facebook would still be able to monetise data after obtaining the consent of users. They just need to do it in a way more respectful of users’ privacy, which 92% of EU consumers think important, according to the findings of Eurobarometer, a bi-annual EU wide survey.

Another is Facebook’s own strategy announced by Zuckerberg recently. The new plan will make it impossible for Facebook to read users’ private communications with its end-to-end WhatsApp-like encryption. This means, even if consumers are asked and do grant consent, Facebook in the future will not be able to access the content for targeted advertising. Zuckerberg repeatedly talked about trade-offs in his message. This would be one of them.

On the other hand, last November the EU member states’ telecom ministers agreed to delay the vote on ePrivacy Regulations, which means it will be highly unlikely that the bill will be passed and come into effect before the next European Parliament election in May.

The office of Jeremy Wright, the UK’s Secretary of State for Digital, Culture, Media and Sport, did not release much detail related to the meeting with Clegg, other than claiming “We are at a crucial stage in the formulation of our internet safety strategy and as a result we are engaging with many stakeholders to discuss issues pertinent to the policy. This includes discussions with social media companies such as Facebook. It is in these crucial times that ministers, officials and external parties need space in which to develop their thinking and explore different options in a free and frank manner.”

The Telegraph believed Clegg’s objective was to minimise Facebook’s exposure to risks from the impending government proposals that could “place social media firms under a statutory duty of care, which could see them fined or prosecuted” if they fail to protect users, especially children, from online harms.

It is also highly conceivable that the meeting with the UK officials was related to influence post-Brexit regulatory setup in the country, when it will not longer be governed by EU laws. Facebook may want to have its voice heard before the UK starts to make its own privacy and online regulations.

Zuckerberg’s vision for Facebook: as privacy-focused as WhatsApp

The Facebook founder laid out his plan for the next steps how Facebook will evolve with a focus on privacy and data security, and promised more open and transparency in the transition.

In a long post published on Facebook, Mark Zuckerberg first recognised that going forward, users may prefer more private communication than socialising publicly. He used the analogy of town squares vs. living rooms. To facilitate this, he aims to use the technologies of WhatsApp as the foundation to build the Facebook ecosystem.

Zuckerberg laid out principles for the next steps, including:

  • Private interactions: this is largely related to users’ control over who they communicate with, safeguarded by measures like group size control and limiting public stories being share;
  • End-to-end encryption: this is about encrypting messages going through Facebook’s platforms. An interesting point here is that Zuckerberg admitted that Facebook’s security systems can read the content of users messages sent over Messenger. WhatsApp is already implementing end-to-end encryption and is not storing encryption keys, which makes it literally impossible for it share content of communication between individuals with any other third parties including the authorities. Zuckerberg recalled the case of the Facebook’s VP for Latin America being jailed in Brazil to illustrate his point.
  • Reducing Permanence: this is mainly about giving users the choice to decide how long they like their content (messages, photos, videos, etc.) to be stored, to ensures what they said many years ago would not come back to haunt them.
  • Safety: Facebook will guard the data safe against malignant attacks
  • Interoperability: Facebook aims to make its platforms interoperable and may extend to be interoperable with SMS too.
  • Secure data storage: one of the most important point here is Zuckerberg vowed not to save user data in countries which “have a track record of violating human rights like privacy or freedom of expression”.

To do all these right, Zuckerberg promised, Facebook is committed to “consulting with experts, advocates, industry partners, and governments — including law enforcement and regulators”.

None of these principles are new or surprising, and are an understandable reaction to recent history when Facebook has been battered by scandals of both data leaking and misuse of private data for monetisation purpose. However there are a couple of questions that are not answered:

  1. What changes Facebook needs to make to its business model: in other words, when Facebook limits its own ability to penetrate user data it weakens its value for targeted advertisers. How will it convince the investors this is the right step to take, and how will it to compensate the loss?
  2. Is Facebook finally giving up its plan to re-enter markets like China? Zuckerberg has huffed and puffed over the recent years without bringing down the Great Wall. While his peers in Apple have happily handed over the keys to iCloud and Google has working hard, secretly or not so secretly to re-enter China, how will the capital market react to Facebook’s public statement that “there’s an important difference between providing a service in a country and storing people’s data there”?

Cisco calls for US GDPR rollout

In a move which might make the networking giant quite unpopular on the US side of the pond, Cisco’s Chief Legal and Compliance Officer Mark Chandler has called for a US version of GDPR.

Having been implemented during May 2018, Europe’s General Data Protection Regulation (GDPR) is starting to make waves in the technology world. The first complaints were filed as the ink was drying on May 25, though with the first rulings started to be announced eight months later, the implications and dangers are starting to become clear. Unless Silicon Valley wins the opening legal skirmishes, precedent will be set and disruption to the data sharing economy will be very apparent.

Considering the massive potential for disruption in the digital ecosystem, Chandler will not be making any friends in Silicon Valley by pushing the case for more focused protections on data protection and privacy. Commenting to the Financial Times, Chandler stated he believes the new regulations have worked out well and after some tweaking, the same rules should be applied in the US as well.

Of course, a legal executive from a networking company stirring the pot is unlikely to turn heads right now, the rules would not necessarily have any monumental impact on the networking infrastructure giant, but there might be a few upset individuals in Silicon Valley. For years, the internet players have effectively been able to do what they want, but GDPR sought to end this reign of freedom.

Although GDPR is an incredibly complex set of rules with more nuances than a teenage philosophers diary, the overall aim is pretty simple. Firstly, the user has more control over his/her personal data, and secondly, internet companies have to demonstrate a need to collect and process data, while also improving securities around these processes. And of course, there are the fines as well.

This is perhaps one of the biggest concerns of the internet giants as they can now be held accountable. Prior to GDPR, fines were feeble. For any normal company, they would be horrid, but considering the size and profitability of the likes of Facebook, Google, Amazon and Apple, any punishments dished out would take a matter of minutes or hours to pay off. GDPR allows regulators to assign fines which are relative to the size of the organization, therefore companies can now be held accountable.

While GDPR does seem to be forcing many companies to act more responsibly, the saving grace for Silicon Valley is that it is limited to Europe. The lobbyists will be fighting hard to make sure such rules do not find sympathetic ears in Washington DC, though governments do seem to be welcoming.

In India, the government is considering new rules which would tighten up protections around personal information, while the Japanese government has signed a new treaty with the European Union which extends GDPR protections of European citizens to Japan. These are two examples, though as more complaints are filed and more Judge’s opinions released to the public, interest in these rules will almost certainly increase.

What you always have to consider when you read such comments is that Cisco is a B2B firm. The privacy rules are geared towards empowering the consumer and therefore would have minimal impact here. In public, many of the internet giants are calling for a revamp of privacy rules, its just good PR form, but they will be privately terrified of a GDPR replicant.

What is also worth bearing in mind is that the US is not as sensitive to privacy issues as Europeans are. Of course, legislators will have an eye on privacy and it will be a worry, but Europe is much more aware and condemning of the slippery practises of Silicon Valley. For years, the Californian lawyers have revelled in technology outpacing regulation, identifying grey areas and loop holes galore. However, the European regulators are attempting to make life difficult.

Apple slaps Google and Facebook on the wrist

One day after Facebook had its enterprise developer certificates revoked by Apple, Google ran into similar troubles with the iOS and App Store owner.

It turned out that Facebook was not the only naughty player attempting to circumvent Apple’s rules to forbid apps developed under enterprise certificates to be distributed outside of the company. Google was found to have distributed a data monitoring and survey app called Screenwise Meter. The app comes with Apple’s enterprise developer certificate granted to Google and has been distributed to a “panel” selected and maintained in partnership with the research firm GfK. The panel may include users as young as 13, or with the parents’ consent, those under 13 though the data monitoring method will be modified.

It is not clear if it was a reaction to the revocation of Facebook’s certificates, but Google stopped the distribution of Screenwise Meter before Apple acted. “The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize,” Google said in a statement on Wednesday. “We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in the app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time.”

However, Google’s developer certificates were still made invalid by Apple on Thursday, reported first by The Verge. This resulted in Google’s pre-release beta apps as well as employee-only apps, for example those for using Google’s shuttle bus or coffee shops, stopping working. (One cannot help but wondering how many employees in Google, which controls Android and releases its own Pixel smartphones, are using iPhone as their primary devices.) The tone from Apple, however, was much reconciliatory. “We are working together with Google to help them reinstate their enterprise certificates very quickly,” said the statement from Apple to BuzzFeed.

In comparison, Apple was much sterner when pulling the plug on Facebook. “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.”

To look at the two cases together, there are two types of issues Apple needs to deal with. To borrow the economics jargons, one is normative, i.e. based on principles, another is positive, i.e. based on facts. On the normative side, Apple should clarify whether Facebook and Google were punished for launching apps gathering users’ private data or for distributing the apps under the wrong type of certificates and through unofficial channels, i.e. not using the App Store.

Although most media coverage was focused on the Facebook app gathering user data, it looks that Apple was more annoyed by the fact that Facebook (and Google) has abused its enterprise developer certificates. It said in the statement related to Facebook: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case (of Facebook) to protect our users and their data.”

However, what drove Facebook to distribute “Facebook Research”, the app in question through unorthodox channels, looks to be that Apple has banned apps to gather user data as detailed as app history, private messages, and location, from being listed in the App Store. In its “App Store Review Guidelines”, Apple stated “5.1.1 Data Collection and Storage: (iii) Data Minimization: Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.”

The rule above would be caught in a paradox in cases where the “core functionality” of an app is to gather detailed user data and is explicit with it. That was the case with “Facebook Research”. Facebook said in its statement: “Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

As an aside, despite the repeated furore towards Facebook recently, neither users nor advertisers seem to be deterred. The Q4 results recently published showed that in Europe, where GDPR went into effect mid-2018, Facebook’s monthly active users went up from 375 million in Q3 to 381 million, and the average revenue per user in Europe jumped from $8.82 in Q3 up to $10.98.

If Apple was unhappy with companies distributing apps developed under enterprise certificates to users outside of the enterprises, there would come the positive side of the issues, i.e. related how Apple implements the rule. Whether Apple was punishing Facebook and Google as a deterrent to other companies that have or might have distributed apps externally using enterprise certificates, or it will go after all offenders, remains to be seen.

If it was the former tactic, an old Chinese saying that goes “Kill the chicken to scare the monkey” would summarise it well, though the two chickens Apple has put the knife in are much fatter than most monkeys. On the other hand, if Apple were true to its word that it would act on “any developer using their enterprise certificates to distribute apps to consumers”, it may find a long line of chickens (or monkeys) standing in the line. Alex Fajkowski, a Twitter user and iOS app developer, suggested that both Amazon and DoorDash were distributing apps to recruit temporary deliverers. Then a longer list of companies suspected of doing the same thing was drawn up, including companies like Square and Sonos (though Sonos looks to have removed the page recently).

Looking at it either way, it is clear that Apple is tightening the control over its already tightly controlled ecosystem. With Services becoming increasingly important, Apple would not want to see any loss of revenues from iOS apps distributed outside of App Store, nor would it want to be seen complacent or even complicit in any comprise of users’ privacy. Or, standing up to the internet giants which have been on the receiving end of much anger, could score a PR victory for Apple.

Both Facebook and Google had their enterprise certificates restored by Thursday evening.

Facebook can’t seem to keep itself out of trouble

Facebook has apparently been paying customers $20 each to trade away their privacy to install a VPN which analyses usage, sidestepping Apple’s App Store policies.

The research initiative is similar to Onavo Protect, which was effectively banned by Apple last year, rewarding teenagers and adults to download the app to give the social media giant root access to network traffic which most likely would have been decrypted otherwise. According to TechCrunch, this is a violation of the App Store policies.

While $20 per user might seem like a huge amount, the data which is collected is incredibly valuable. Not only will it be able to identify usage habits, it will also contribute to competitor research. In theory, Facebook would be able to build a much more detailed competitor landscape, identifying potential threats to its business. The UK government has already unveiled documents which confirm Facebook uses the platform to inhibit competitive threats, so this type of data collection simply adds another nefarious cog to the devious machine.

According to the TechCrunch investigation, if Facebook makes full use of the freedoms granted through this app it would be able to access private messages from social media and other messaging apps, photos and videos, emails, web browsing activity and location information. What is worth noting is that is has not been confirmed whether this is the case, though Facebook could be heading for another privacy debacle.

This is of course not the first time Facebook has ventured into the murky world of surveillance. Back in 2014, the increasingly suspect social media giant acquired Onavo for $120 million. This VPN allowed users to minimize data leakage and improve the effectiveness of tariffs, but it also allowed Facebook to access deep analytics about what other apps they were using. This insight reportedly gave Facebook the confidence to make such a significant bet on WhatsApp.

The app came under pressure when it was revealed Facebook was stepping across the line, collecting information when the screen was off for example. Apple changed the App Store policies to ensure apps could only collect information which was critical to functionality, though by this point Facebook had a huge amount of competitive intelligence, and seemingly lit the fires of ambition.

One question which you really have to ask is how many lives Facebook has left. The last 12 months have been a carousel of scandal, saga and suspicion. Whether it is Cambridge Analytica, Friendly Fraud, fake news, influencing elections, violating privacy or snooping on customers, Facebook has poked and prodded the confidence and trust of the digital society. How much longer can this go on for?

Every time a new headline emerges about some nefarious or suspect activity from Facebook, the world much be getting closer to taking disruptive action. More and more people distrust the brand, but due to its influence in and penetration through digital society, usage of its applications have not been damaged much. You have to wonder how many more of these headlines the business can take; maybe it won’t be long before the Facebook empire is broken up.

Half of British millennials are getting sick of the internet – report

A new EY report shows 50% of 25-34-year olds are looking to ‘digital detox’, the highest proportion of all age groups.

The “Decoding the digital home 2019” report, published by EY, the professional service firm, was done based an online survey of 2,500 British households in late 2018. In addition to the high proportion of youth wishing to increase their time away from smartphones and other internet connected devices, more people are spending less time online. The percentage of households spending more than 30 hours online per week has gone down from 34% a year ago to 28%, while those spending less than 10 hours online has slightly increased from 18% to 21%.

There are also other surprises. For example, more consumers are happy with their fibre connections (59%, up from 54% a year ago) but also higher number of young people are ready to ditch the fixed broadband (43%). 42% of 18-24-year olds are happy to pay a premium to get the latest gadgets, but only 18% of the 25-year olds and above, who would have more disposable income, are prepared to do so.

The key message that the telecoms and internet industries should take away from the survey, however, is that consumers want simplicity, proof of trust, and assurance of security.

Both service and content providers are confusing consumers with over-complex packages, causing anxiety among users, including the youth. 46% of households think there are too many different broadband, mobile, and content bundles, so most of them will not add anything new to the packages they already subscribe to. Content providers are trying to maximise the distribution channels they can use, therefore making their content available across different packages, platforms, and apps. However, nearly a quarter of all surveyed households found it hard to track their favourite content. This number rose to close to 40% among the 18-24-year olds, the so-called “digital natives”.

The high-profile cases of comprised private data have instilled more caution to consumers. 72% of respondents said that even when dealing with brands they trust they would be very cautious about disclosing their personal financial information online.

On the other hand, the heated debates over “fake news” have driven more consumers less confident in the “new media”. 44% of households responded that they now only trust the traditional news sources. In a teaser to an upcoming report, EY disclosed that over half of all households only watch the five traditional channels on TV.

But it is not all bad news especially for the mobile industry. In 15% of the households surveyed, smartphones are now the main devices to go online with (up from 11% in 2017), at the expense of laptops (down from 44% to 39%). When it comes to consumer spending, slightly more are willing to pay for ad-free streaming (up from 16% to 18%) and slightly fewer are holding their purse strings as tightly as possible when it comes to spending on communication services (down from 55% to 53%)

“Our latest survey highlights both opportunities and challenges for TMT providers. They will be pleased to see that consumers are willing to pay for premium services, but they will also be concerned that customers are overwhelmed and confused by the variety of bundles available,” said Praveen Shankar, EY’s Head of Technology, Media and Telecommunications for the UK & Ireland. “Looking ahead, it is essential for providers to simplify their propositions and offer easier to understand and clearly communicated product and services.”

ey-decoding-the-digital-home-2019

 

Google challenges France’s first swing of the GDPR stick

Google has stated it will appeal the French regulator’s decision to dish out a €50 million fine for not being forthright enough with how it collects, stores and processes user’s personal data.

For Google, this is not about the money. €50 million for Google is nothing. This is a company which generated $33.7 billion over the final quarter of 2018. It would take a matter of minutes for the team to pay off this fine. However, should this ruling be allowed to stand Google would have to alter its business model, as would the rest of the data-sharing economy, causing a very unwelcomed, and potentially costly, disruption.

“The 50 million euro fine issued by the CNIL on 21 January 2019 significantly impacts Google as it directly challenges its business model based on the processing of personal data,” said Sonia Cissé, Head of TMT Practice of law firm Linklaters in Paris.

“Considering the seriousness of the CNIL’s findings and the broad publicity of this case, a potential appeal by Google is no surprise and makes perfect sense from a legal-strategy perspective.”

On Monday, France’s National Data Protection Commission (CNIL) dished out the fine for two violations of Europe’s General Data Protection Regulation (GDPR). Firstly, the search giant was not specific enough when requesting consent from users. Secondly, for users who wanted to dig deeper into the Google data practices, the company made it unnecessarily difficult to see the entire picture. Google was being too vague and not accessible enough.

“Users are not able to fully understand the extent of the processing operations carried out by Google,” the CNIL said in a statement.

This is the first time a regulator has used GDPR to hold one of the internet giants accountable, but there are plenty of other cases in the pipeline. Google is of course not the only target, as various different privacy advocates across the bloc lodge their complaints against the likes of Spotify, Amazon and Apple, just to name a few others.

In appealing this case, Google is making itself the tip of the spear for the entire internet ecosystem. There will be multiple appeals against the various rulings over the coming months because of how important precedent in this saga. If Google was to just let this ruling stand, it is effectively validating its opinion potentially undermining its own business model. If similar ruling start to appear across the continent the disruption to the data-sharing economy would be massive.

“In all likelihood, Google will challenge the CNIL’s decision on two main grounds: (i) procedural aspects (i.e., the competence of the CNIL); and (ii) the content of the case (i.e., challenging the facts),” said Cissé.

“Should Google be able to demonstrate that Google Ireland Limited was its main establishment in the European Union (EU) at the time of the CNIL’s investigations, then the competence of the CNIL could be validly challenged.

“Second, the content of the decision is another ground for action, and it will be up to the French administrative judges to determine, in light of the circumstances at stake, whether the transparency requirements under GDPR were met or not.”

GDPR is an incredibly complicated set of rules mainly because there are so many different definitions and clauses, but also certain exemptions. In most cases, companies would have to obtain consent from users to use data for explicit purposes, retaining the data only until these purposes have been satisfied. However, companies do not have to obtain consent when it is necessary to comply with another law, or there are ‘legitimate interests’. It paints a complicated picture.

Of course, for those who are more privacy sensitive, such rules and grey areas are a bounty of riches. The rules have created amble opportunity to challenge the internet giants’ business models, as well as the influence they have over the world. One of those is privacy campaigner Max Schrems.

“We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law,” Schrems said following the CNIL ruling.

“Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products. It is important that the authorities make it clear that simply claiming to be compliant is not enough.”

Schrems’ firm, None of Your Business (NYOB), has filed several complaints against other internet businesses on the grounds of accessibility. Those who will come under the scrutiny of Austrian courts include Apple, DAZN, Filmmit, Netflix and Amazon. More specifically, these complaints suggest the companies violated GDPR’s ‘right to access’, enshrined in Article 15 GDPR and Article 8(2) of the Chart of Fundamental Rights.

All of these cases will dictate how the internet economy will function over the coming years, but this battle between the CNIL and Google could prove to be a critical one, such is the power of precedent in the legal world.

“In a nutshell, it is highly difficult to identify certainties regarding the outcome of Google’s appeal,” said Cissé.

“Since data protection is a field of law particularly subject to interpretation and grey areas, one cannot exclude the possibility that Google could be successful in appealing the CNIL’s decision before the French Administrative Supreme Court. In any event, the ruling of the French administrative judges will be closely monitored by all the tech companies.”

US operators belatedly act to protect user location data

AT&T and Verizon announced that they will terminate all remaining commercial agreements that involve sharing customer location data, following a report exposing the country’s mobile carriers’ failure to control data sharing flow.

Jim Greer, a spokesman for AT&T, said in a standard email to media: “Last year, we stopped most location aggregation services while maintaining some that protect our customers, such as roadside assistance and fraud prevention.” Referring to the Motherboard exposé, Greer continued, “In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services — even those with clear consumer benefits.”

This is similar to the position T-Mobile’s CEO John Legere adopted when responding to the criticism from the US Senator Ron Wyden (D-Ore.). Verizon also announced that the company will sever four remaining contracts to share location data with roadside assistance services. After this Version will need to get customers’ explicit agreement to share their data with these third-party assistance companies. Sprint, which was also caught out by the Motherboard report, is the only remaining nation-wide carrier that has not announced its plan on the issue.

This is all good news for the American consumers who are concerned with the safety of their private data. On the other hand, mobile operators have hardly been the worst offenders when it comes to compromising the privacy and security of customer data. Earlier, Google was exposed to have continued tracking users’ location even after the feature had been switched off, while Facebook has been mired in endless privacy controversies.

Monetising user data is only a side and most likely insignificant “value-add” business for the mobile operators, because they live on the service fees subscrbers pay. But it is the internet heavyweights’ lifeline. This may sound fatalistic but it should not surprise anyone if the Facebooks and the Googles of the world come up with more innovative measures to finance the “free” services we have benn used to.

The biggest stories of 2018 all in one place

2018 has been an incredibly business year for all of us, and it might be easy to forget a couple of the shifts, curves, U-turns and dead-ends.

From crossing the 5G finish line, finger pointing from the intelligence community, the biggest data privacy scandal to date and a former giant finally turning its business around, we’ve summarised some of the biggest stories of 2018.

If you feel we’ve missed anything out, let us know in the comments section below.

Sanction, condemnation and extinction (almost)

ZTE. Three letters which rocked the world. A government-owned Chinese telecommunications vendor which can’t help but antagonise the US government.

It might seem like decades ago now but cast your mind back to April. A single signature from the US Department of Commerce’s Bureau of Industry and Security (BIS) almost sent ZTE, a company of 75,000 employees and revenues of $17 billion, to keep the dodo company.

This might have been another move in the prolonged technology trade war between the US and China, but ZTE was not innocent. The firm was caught red-handed trading with Iran, a country which sits very prominently on the US trade sanction list. Trading with Iran is not necessarily the issue, it’s the incorporation of US components and IP in the goods which were sent to the country. ZTE’s business essentially meant the US was indirectly helping a country which was attempting to punish.

The result was a ban, no US components or IP to feature in any ZTE products. A couple of weeks later manufacturing facilities lay motionless and the company faced the prospect of permanent closure, such was its reliance on the US. With a single move, the US brought one of China’s most prominent businesses to its knees.

Although this episode has been smoothed over, and ZTE is of course back in action, the US demonstrated what its economic dirty bombs were capable of. This was just a single chapter in the wider story; the US/China trade war is in full flow.

Tinker, tailor, Dim-sum, Spy

This conflict has been bubbling away for years, but the last few months is where the argument erupted.

Back in 2012, a report was tabled by Congressman Mike Rogers which initially investigated the threat posed by Chinese technology firms in general, and Huawei specifically. The report did not produce any concrete evidence, though it suggested what many people were thinking; China is a threat to Western governments and its government is using internationally successful companies to extend the eyes of its intelligence community.

This report has been used several times over the last 12 months to justify increasingly aggressive moves against China and its technology vendors. During the same period, President Trump also blocked Broadcom’s attempts to acquire Qualcomm on the grounds of national security, tariffs were imposed, ZTE was banned from using US technologies in its supply chain and Huawei’s CFO was arrested in Canada on the grounds of fraud. With each passing month of 2018, the trade war was being cranked up to a new level.

Part of the strategy now seems to be undermining China’s credibility around the world, promoting a campaign of suggestion. There is yet to be any evidence produced confirming the Chinese espionage accusations but that hasn’t stopped several nations snubbing Chinese vendors. The US was of course the first to block Huawei and ZTE from the 5G bonanza, but Australia and Japan followed. New Zealand seems to be heading the same way, while South Korean telcos decided against including the Chinese vendors on preferred supplier lists.

The bigger picture is the US’ efforts to hold onto its dominance in the technology arena. This has proved to be incredibly fruitful for the US economy, though China is threatening the vice-like grip Silicon Valley has on the world. The US has been trying to convince the world not to use Chinese vendors on the grounds of national security, but don’t be fooled by this rhetoric; this is just one component of a greater battle against China.

Breakaway pack cross the 5G finish line

We made it!

Aside from 5G, we’ve been talking about very little over the last few years. There might have been a few side conversations which dominate the headlines for a couple of weeks, but we’ve never been far away from another 5G ‘breakthrough’ or ‘first’. And the last few weeks of 2018 saw a few of the leading telcos cross the 5G finish line.

Verizon was first with a fixed wireless access proposition, AT&T soon followed in the US with a portable 5G hotspot. Telia has been making some promising moves in both Sweden and Estonia, with limited launches aiming to create innovation and research labs, while San Marino was the first state to have complete coverage, albeit San Marino is a very small nation.

These are of course very minor launches, with geographical coverage incredibly limited, but that should not take the shine off the achievement. This is a moment the telco and technology industry has been building towards for years, and it has now been achieved.

Now we can move onto the why. Everyone knows 5G will be incredibly important for relieving the pressure on the telco pipes and the creation of new services, but no-one knows what these new services will be. We can all make educated guesses, but the innovators and blue-sky thinkers will come up with some new ideas which will revolutionise society and the economy.

Only a few people could have conceived Uber as an idea before the 4G economy was in full flow, and we can’t wait to see what smarter-than-us people come up with once they have the right tools and environment.

Zuckerberg proves he’s not a good friend after all

This is the news story which rocked the world. Data privacy violations, international actors influencing US elections, cover ups, fines, special committees, empty chairs, silly questions, knowledge of wrong-doing and this is only what we know so far… the scandal probably goes deeper.

It all started with the Cambridge Analytica scandal, and a Russian American researcher called Aleksandr Kogan from the University of Cambridge. Kogan created a quiz on the Facebook platform which exposed a loop-hole in the platform’s policies allowing Kogan to scrape data not only from those who took the quiz, but also connections of that user. The result was a database containing information on 87 million people. This data was used by political consulting firm Cambridge Analytica during elections around the world, creating hyper-targeted adverts.

What followed was a circus. Facebook executives were hauled in-front of political special committees to answer questions. As weeks turned into months, more suspect practices emerged as politicians, journalists and busy-bodies probed deeper into the Facebook business model. Memos and internal emails have emerged suggesting executives knew they were potentially acting irresponsibly and unethically, but it didn’t seem to matter.

As it stands, Facebook is looking like a company which violated the trust of the consumer, has a much wider reaching influence than it would like to admit, and this is only the beginning. The only people who genuinely understand the expanding reach of Facebook are those who work for the company, but the curtain is slowly being pulled back on the data machine. And it is scaring people.

Big Blue back in the black

This might not have been a massive story for everyone in the industry, but with the severe fall from grace and rise back into the realms of relevance, we feel IBM deserves a mention.

Those who feature in the older generations will remember the dominance of IBM. It might seem unusual to say nowadays, but Big Blue was as dominant in the 70s as Microsoft was in the 90s and Google is today. This was a company which led the technology revolution and defined innovation. But it was not to be forever.

IBM missed a trick; personal computing. The idea that every home would have a PC was inconceivable to IBM, who had carved its dominant position through enterprise IT, but it made a bad choice. This tidal wave of cash which democratised computing for the masses went elsewhere, and IBM was left with its legacy business unit.

This was not a bad thing for years, as the cash cow continued to grow, but a lack of ambition in seeking new revenues soon took its toll. Eight years ago, IBM posted a decline in quarterly revenues and the trend continued for 23 consecutive periods. During this period cash was directed into a new division, the ‘strategic imperatives’ unit, which was intended to capitalise on a newly founded segment; intelligent computing.

In January this year, IBM proudly posted its first quarterly growth figures for seven years. Big Blue might not be the towering force it was decades ago, but it is heading in the right direction, with cloud computing and artificial intelligence as the key cogs.

Convergence, convergence, convergence

Convergence is one of those buzzwords which has been on the lips of every telco for a long time, but few have been able to realise the benefits.

There are a few glimmers of promise, Vodafone seem to be making promising moves in the UK broadband market, while Now TV offers an excellent converged proposition. On the other side of the Atlantic, AT&T efforts to move into the content world with the Time Warner acquisition is a puzzling one, while Verizon’s purchase of Yahoo’s content assets have proved to be nothing but a disaster.

Orange is a company which is taking convergence to the next level. We’re not just talking about connectivity either, how about IOT, cyber-security, banking or energy services. This is a company which is living the convergence dream. Tie as many services into the same organisation, making the bill payer so dependent on one company it becomes a nightmare to leave.

It’s the convergence dream as a reality.

Europe’s Great Tax Raid

This is one of the more recent events on the list, and while it might not be massive news now, we feel it justifies inclusion. This developing conversation could prove to be one of the biggest stories of 2019 not only because governments are tackling the nefarious accounting activities of Silicon Valley, but there could also be political consequences if the White House feels it is being victimised.

Tax havens are nothing new, but the extent which Silicon Valley is making use of them is unprecedented. Europe has had enough of the internet giants making a mockery of the bloc, not paying its fair share back to the state, and moves are being made by the individual states to make sure these monstrously profitable companies are held accountable.

The initial idea was a European-wide tax agenda which would be led by the European Commission. It would impose a sales tax on all revenues realised in the individual states. As ideas go, this is a good one. The internet giants will find it much more difficult to hide user’s IP addresses than shifting profits around. Unfortunately, the power of the European Union is also its downfall; for any meaningful changes to be implemented all 28 (soon to be 27) states would have to agree. And they don’t.

Certain states, Ireland, Sweden and Luxembourg, have a lot more to lose than other nations have to gain. These are economies which are built on the idea of buddying up to the internet economy. They might not pay much tax in these countries, but the presence of massive offices ensure society benefits through other means. Taxing Silicon Valley puts these beneficial relationships with the internet players in jeopardy.

But that isn’t good enough for the likes of the UK and France. In the absence of any pan-European regulations, these states are planning to move ahead with their own national tax regimes; France’s 3% sales tax on any revenues achieved in the country will kick into action on January 1, with the UK not far behind.

What makes this story much more interesting will be the influence of the White House. The US government might feel this is an attack on the prosperous US economy. There might be counter measures taken against the European Union. And when we say might, we suspect this is almost a certainty, such is the ego of President Donald Trump.

This is a story which will only grow over the next couple of months, and it could certainly cause friction on both sides of the Atlantic.

Que the moans… GDPR

GDPR. The General Data Protection Regulation. It was a pain for almost everyone involved and simply has to be discussed because of this distress.

Introduced in May, it seemingly came as a surprise. This is of course after companies were given 18 months to prepare for its implementation, but few seemed to appreciate the complexity of becoming, and remaining compliant. As a piece of regulation, it was much needed for the digital era. It heightened protections for the consumer and ensured companies operating in the digital economy acted more responsibly.

Perhaps one of the most important components of the regulation was the stick handed to regulators. With technology companies growing so rapidly over the last couple of years, the fines being handed out by watchdogs were no longer suitable. Instead of defining specific amounts, the new rules allow punishments to be dished out as a percentage of revenues. This allows regulators to hold the internet giants accountable, hitting them with a suitably large stick.

Change is always difficult, but it is necessary to ensure regulations are built for the era. Evolving the current rulebook simply wouldn’t work, such is the staggering advancement of technology in recent years. Despite the headaches which were experienced throughout the process, it was necessary, and we’ll be better off in the long-run.

Next on the regulatory agenda, the ePrivacy Regulation.

Jio piles the misery on competitors

Jio is not a new business anymore, neither did it really come to being in 2018, but this was the period where the telco really justified the hype and competitors felt the pinch.

After hitting the market properly in early 2016, the firm made an impression. But like every challenger brand, the wins were small in context. Collecting 100,000s of customers every month is very impressive, but don’t forget India has a population of 1.3 billion and some very firmly position incumbents.

2017 was another year where the firm rose to prominence, forcing several other telcos out of the market and two of the largest players into a merger to combat the threat. Jio changed the market in 2017; it democratised connectivity in a country which had promised a lot but delivered little.

This year was the sweeping dominance however. It might not be the number one telco in the market share rankings, but it will be before too long. Looking at the most recent subscription figures released by the Telecom Regulatory Authority of India (TRAI), Jio grew its subscription base by 13.02 million, but more importantly, it was the only telco which was in the positive. This has started to make an impact on the financial reports across the industry, Bharti Airtel is particularly under threat, and there might be worse to come.

For a long-time Jio has been hinting it wants to tackle the under-performing fixed broadband market. There have been a couple of acquisitions in recent months, Den Networks and Hathway Cable, which give it an entry point, and numerous other digital services initiatives to diversify the revenue streams.

The new business units are not making much money at the moment, though Jio is in the strongest position to test out the convergence waters in India. Offering a single revenue stream will ensure the financials hit a glass ceiling in the near future, but new products and aggressive infrastructure investment plans promise much more here.

We’re not too sure whether the Indian market is ready for mass market fixed broadband penetration, there are numerous other market factors involved, but many said the initial Jio battle plan would fail as well.

Convergent business models are certainly an interesting trend in the industry, and Jio is looking like it could force the Indian market into line.

Redundancies, redundancies, redundancies

Redundancy is a difficult topic to address, but it is one we cannot ignore. Despite what everyone promises, there will be more redundancies.

Looking at the typical telco business model, this is the were the majority have been seen and will continue to be seen. To survive in the digitally orientated world, telcos need to adapt. Sometimes this means re-training staff to capitalise on the new bounties, but unfortunately this doesn’t always work. Some can’t be retrained, some won’t want to; the only result here will be redundancies.

BT has been cutting jobs, including a 13,000-strong cull announced earlier this year, Deutsche Telekom is trimming its IT services business by 25%, the merger between T-Mobile and Sprint will certainly create overlaps and resulting redundancies, while Optus has been blaming automation for its own cuts.

Alongside the evolving landscape, automation is another area which will result in a headcount reduction. The telcos will tell you AI is only there to supplement human capabilities and allow staff to focus on higher value tasks, but don’t be fooled. There will be value-add gains, but there will also be accountants looking to save money on the spreadsheets. If you can buy software to do a simple job, why would you hire a couple of people to do it? We are the most expensive output for any business.

Unfortunately, we have to be honest with ourselves. For the telco to compete in the digital era, new skills and new business models are needed. This means new people, new approaches to software and new internal processes. Adaptation and evolution is never easy and often cruel to those who are not qualified. This trend has been witnessed in previous industrial revolutions, but the pace of change today means it will be felt more acutely.

Redundancy is not a nice topic, but it is not always avoidable.

Google has apparently pulled the plug on its censored search engine for China

Google bowed to pressure by terminating its data analysis system that is vital to its planned re-entry into China with a censored search engine.

Dragonfly, the Google project to develop a search engine that would satisfy China’s censorship requirements relies on pre-empting the appearance of search results that the Chinese authorities may find offensive. To do so, Google has used 265.com, a Chinese internet portal based in Beijing it purchased in 2008, two years before it pulled out of China, to gather user behaviour data, mainly search habits. The Google team then compare what the users would see if the same search terms were used on the uncensored Google and eliminate those sites that are blocked by China’s Great Firewall. The data is then fed into the prototype Dragonfly search engine to produce results that would be acceptable to the Chinese censorship system.

According to a new report from the website The Intercept, Google has decided to shut down this data analysis system it has established with Baidu, which the search on 265.com is directed to, to harvest data. Instead the engineering team is using search queries by Chinese speaking users in other markets like the US or south-eastern Asian countries, which would be very different from what the users behind the Great Firewall would be generating and therefore defeating the very purpose of a censored search engine. Though this decision may not have explicitly spelt the death penalty for Dragonfly, it is a very close one.

A couple of factors must have played important parts in the decision-making process. Employee revolt is the first one. When Dragonfly was first exposed, an increasing number of employees have signed an internal petition to stop the project, reminiscing the company’s “Don’t Be Evil” manifesto. The very idea that Google would ponder creating a censored version for China may be a shock to most employees, but not unimaginable considering the different leaderships. Sergey Brin, who was at the helm of Google when the company shut down its China operation in 2010 as a protest, spent his childhood in the former Soviet Union, therefore had first-hand understanding of what censorship is about. Sundar Pichai, on the other hand, lacks similar sense and sensibility, having grown up in India, the largest democracy in the world.

Another source of internal pressure has come from the Privacy and Security teams. It has been reported by different media outlets that Scott Beaumont, Google’s head of China operation and the main architect behind Dragonfly, has deliberately kept the privacy and security teams in the dark as long as possible. For a company of Google’s nature, which lives on users’ trust in its willingness and capabilities to guard the security of their data, protests from these internal teams must have had the management ears. On the other hand, the fact that executives like Beaumont could carry on his secret project as long as it has must be a surprise to outside observers.

The strongest external pressure has come from the Congress. Pichai was grilled by the American law-makers last week when he was challenged by the Congressman David Cicilline (D-R.I). “It’s hard to imagine you could operate in the Chinese market under the current government framework and maintain a commitment to universal values, such as freedom of expression and personal privacy.” Pichai conceded that there was “no plans to launch a search service in China,” though he had declined to provide a positive confirmation to the Congress’ demand that Google should not launch “a tool for surveillance and censorship in China”.

With the latest decision to terminate data harvesting from 265.com, it seems Dragonfly or similar projects are put into a long hibernation.