Year: 2018

It may be old-fashioned, but I find dedicated MP3 players wonderful little devices. I’ve used tons over the years (the Zune HD is still the best) and I’m glad to see they live on in some fashion, even if it’s as an objet d’art jammed with audiophile knick-knacks and a $700 price tag: Astell&Kern’s A&norma SR15.

Look at that thing! The ground of the tech world is littered with anonymous-looking lozenges made to appeal to as many people as possible. Then you have this thing.

What a design choice, to tilt the screen like that and form the rest of the device from prism-like complementary rectangles! The site even has a “design concept” page, on which it points out that this isn’t a purely aesthetic choice:

The slight angle and precise, mindful alignment show the empty space and tones that fills the space.
From any angle, or either hand you hold your device, it does not hinder the display screen and offers the best grip.

Isn’t that wonderful? And it’s even kind of true! Those areas we so carefully avoid with our fingers or thumbs are now grippable.

Meanwhile, the tilted screen also makes room for the knurled volume knob, while simultaneously protecting it from unwanted touches. And the angle of the screen makes for a visual hint for the power button.

I just love how risky this design is, how eye-catching, how simultaneously practical and impractical. We need much more of that in tech. This device has more personality than every iPhone since the 6 — combined.

Inside is the usual blast of audio jargon: Cirrus Logic Dual DAC, native direct stream digital, 24-bit 192KHz playback, balanced 2.5mm headphone out and a quad-core CPU to support it all. Do you need any of that? Probably not, but a few people might, and at least you’ll be sure this thing will play pretty much anything you throw at it and sound great doing so.

I’ve used a few of A&K’s previous products, and can testify that they’re extremely well-built and feel great to use, though the screens are a bit low-resolution and the UI can be lacking. The 3.3-inch screen isn’t going to blow anyone away with its 800×480 resolution, but it should be sharp enough, and the UI got a redo between the devices I’ve used and the SR15. I’m eager to see if it’s more fun to use now.

The A&norma SR15 is available now for anyone with a pocket full of money to burn.

Next 10 Ventures is a new firm that’s raised $50 million to invest in new digital content, and also in new tools and services for the creators of that content.

The firm was founded by Benjamin Grubbs, previously global director of top creator partnerships at YouTube, who also serves as Next 10’s CEO. He’s joined by COO Paul Condolora, who was formerly co-head of the Harry Potter franchise at Warner Bros., and who was also in charge of digital and consumer products at Cartoon Network and Adult Swim.

Grubbs told me the firm’s name refers to supporting the next 10 years of a creator’s career, and that it emerges from conversations he’d been having with successful online creators.

“They ask, ‘How do I take this to the next level?'” Grubbs said. “‘I really enjoy what I’m doing, how do I build a career out of this?'”

He added that he’s looking to work with a “diversified mix of creators” — they don’t necessarily need to have a huge following already, but they should have demonstrated that they can produce compelling videos and they should be “really trying to make a long-term career in this space.”

It sounds like Next 10’s investments will be structured in a number of different ways. In some cases they’ll look like a traditional seed-stage startup investment. In others, the firm will fund its own products and services. And in still others, it will be funding content and partnering with creators.

The firm says it’s focused on three broad areas: video content and IP creation, ecommerce and community-based products and services. And there will be a fund focused specifically on creators of educational content.

In fact, Grubbs said one of the big opportunities is bringing more educational content to Asia. He said that as the young people in countries like Indonesia and the Philippines move online, “education content is lacking on the supply side.”

“What we want to do is not just wait for this market to grow up and graduate, but actually … be an active participant,” he said. “The mission of the company is really to enrich and inspire and entertain — and kind of in that order.”

Google is pushing hard on its efforts to build out a deeper enterprise business around Google Cloud, which continues to trail behind Amazon’s AWS and Microsoft’s Azure when it comes to revenues and usage among organizations. In the latest development, Google has picked up Cask Data, a Palo Alto startup that specializes in building solutions to run big data analytics services based on Hadoop.

The news comes less than a week after Google announced the acquisition of Velostrata, a startup from Israel that helps businesses migrate and run data, apps and other IT functions in the cloud and across hybrid environments.

The Cask Data news was quietly made public by the co-founders of the startup, Jonathan Gray and Nitin Motgi, in a blog post on May 14, which also confirmed that the company would continue supporting existing customers and products.

“We will continue to develop and release open source Cask Data Application Platform (CDAP) that makes building and running big data solutions easy for enterprise customers,” the pair write.

CDAP was Cask’s key product, and Google will continue to keep it open source, according to a statement from the company confirming the deal with Cask’s own blog post.

“We’re thrilled to welcome the talented Cask team to Google Cloud, and are excited to work together to help make developers more productive with our data processing services both in the cloud and on-premise,” said William Vambenepe, group product manager for Google Cloud in the statement. “We are committed to open source, and look forward to driving the CDAP project’s growth within the broader developer community.”

We have also followed up with Google directly, and a company spokesperson echoed the same. “We can confirm that Cask Data has joined Google Cloud,” she said.

Notably, neither Cask nor Google described the deal as an “acquisition,” and Google didn’t respond to our question asking about this directly. But from Cask’s FAQ, it sounds like at least a portion of its 55 staff, and Cask’s products and customers, are part of the deal.

Financial terms are not being disclosed. Cask Data had raised around $40 million in funding to date, according to PitchBook, with a long list of big-name investors, including Andreessen Horowitz, AME Cloud Ventures, Battery Ventures, Cloudera, Data Collective, Ericsson and Ignition Venture Partners. PitchBook’s records indicate that Ignition sold its stake on April 25, which might have been when the deal closed. The most recent valuation noted in PitchBook was for $57 million, back in 2015.

Cask doesn’t provide an extensive list of customers — the only two mentioned on its site are Thomson Reuters and data management platform provider Lotame — but it outlines several ways in which it’s working with companies today, which provides a rough idea of what it might be continuing to develop at Google.

Hadoop is a key framework used to build big data analytics services and for helping manage large troves of data across multiple locations. Cask had developed its own layer on top of that to run Hadoop-based deployments more efficiently. Using the CDAP framework, various companies cut down the time to build and process big data analytics jobs covering areas like social media monitoring, streaming, security reporting, migrating and reading large data sets, and more.

Google Cloud is estimated to be a $4 billion business, putting it far behind Amazon and Microsoft’s cloud services, which respectively are heading to annual revenues of $20 billion and $21 billion. Similarly, it appears to also be trailing behind the two when it comes to enterprise adoption.

In other words, adding more tools such as the ones offered by Cask, as well as picking up more customers, are two routes to giving Google Cloud the touchpoints it needs to expand its business further. And with many enterprises still using on-premise and hybrid architectures, and ever-present opportunities to nab business from rivals with competitive offerings, there is still a lot to play for.

 

Cornell researchers have made a little robot that can express its emotions through touch, sending out little spikes when it’s scared or even getting goosebumps to express delight or excitement. The prototype, a cute smiling creature with rubber skin, is designed to test touch as an I/O system for robotic projects.

The robot mimics the skin of octopi which can turn spiky when threatened.

The researchers, Yuhan Hu, Zhengnan Zhao, Abheek Vimal and Guy Hoffman, created the robot to experiment with new methods for robot interaction. They compare the skin to “human goosebumps, cats’ neck fur raising, dogs’ back hair, the needles of a porcupine, spiking of a blowfish, or a bird’s ruffled feathers.”

“Research in human-robot interaction shows that a robot’s ability to use nonverbal behavior to communicate affects their potential to be useful to people, and can also have psychological effects. Other reasons include that having a robot use nonverbal behaviors can help make it be perceived as more familiar and less machine-like,” the researchers told IEEE Spectrum.

The skin has multiple configurations and is powered by a computer-controlled elastomer that can inflate and deflate on demand. The goosebumps pop up to match the expression on the robot’s face, allowing humans to better understand what the robot “means” when it raises its little hackles or gets bumpy. I, for one, welcome our bumpy robotic overlords.

Appearing before the Senate Judiciary committee today as part of the ongoing investigation of Cambridge Analytica and various forms of meddling in the 2016 elections, former employee and whistleblower Christopher Wylie said that the company and its then-VP Steve Bannon were pursuing voter suppression tactics aimed at black Americans.

Although Wylie insisted that he himself did not take part in these programs, he testified to their existence.

“One of the things that provoked me to leave was discussions about ‘voter disengagement’ and the idea of targeting African Americans,” he said. “I didn’t participate on any voter suppression programs, so I can’t comment on the specifics of those programs.”

“I can comment on their existence, and I can comment more generally on my understanding of what they were doing,” he explained under questioning from Sen. Kamala Harris (D-CA).

“If it suited the client’s objective, the firm [SCL, Cambridge Analytica’s parent company] was eager to capitalize on discontent and to stoke ethnic tensions,” read Wylie’s written testimony.

“Steve Bannon believes that politics is downstream from culture. They were seeking out companies to build an arsenal of weapons to fight a culture war,” he explained at another point in the session. He suggested questions on the nature of those weapons, and the specifics of any potential race-based voter suppression tactics, to be directed to Bannon.

That such a system might work, however, he did address.

“How specifically, then, did they target African American voters,” Sen. Harris had asked, “understanding as you do that the African American population is not a monolith? How did they then decipher and determine who was African American so they would target them in their intent to suppress the vote?”

“Racial characteristics can be modeled and I’m not sure about the studies that my colleague here was referencing but we were able to get an AUC score, which is a way of measuring accuracy for race that was .89 I believe,” Wylie answered.

AUC, he then explained, stands for “Area under the receiving operations characteristic. It’s a way of measuring precision, which [the .89 figure] means it’s very high.”

In other words, black voters could be identified based on their social media presence and other factors, despite the fact that the black community is, obviously, far from homogeneous.

It’s not particularly surprising that Bannon, who has aligned himself repeatedly with alt-right and white nationalist figures and movements, would be contemplating ways to decrease the number of people of color voting. But it is new that it was being pursued relatively openly under the Cambridge Analytica banner.

Sen. Harris and others requested any “evidence of the conduct you’ve described” Wylie may have.

Wylie also testified that Facebook, when it asked Cambridge Analytica to certify that it had deleted the data it was using in violation of the company’s rules, “did not require a notary or any sort of legal procedure. So I signed the certification and sent it back and they accepted it.”

Here in the States, ZTE has been content with a kind of quiet success. The Chinese smartphone maker has landed in the top five quarter after quarter (sometimes breaking the top three, according to some analysts), behind household names like Apple, Samsung and LG. Suddenly, however, the company is on everyone’s lips, from cable news to the president’s Twitter account.

It’s the kind of publicity money can’t buy — but it’s happening for one of the worst reasons imaginable. ZTE suddenly finds itself in the eye of a looming trade war between superpowers. Iranian sanctions were violated, fines levied and seven-year international bans were instated.

It’s like a story ripped from the pages of some Cold War thriller, though instead of Jason Bourne, it’s that one budget smartphone company that you’ve maybe heard of, who maybe makes that weird Android phone with two screens.

So, how did we get here?

ZTE began U.S. operations in 1998, a little over a decade after forming in Shenzhen (and a year after going public in China) as Zhongxing Semiconductor Co., Ltd. The change of name to Zhongxing Telecommunications Equipment reflects the newfound focus for the company, which employees around 75,000 and operates in 160 countries.

While ZTE has flirted with premium and sometimes bizarre devices, in the smartphone world, the company is primarily known for its budget hardware. It’s no coincidence that the company was tapped by google to be the first to run Android Oreo Go Edition (nee Android Go). The manufacturer has found particular success in the developing world, while making significant gains in the U.S. by releasing dozens of low-cost devices targeted at prepaid users.

In recent years, however, the company has come under increased scrutiny on two fronts. First, there’s the issue of the company’s perceived ties to the Chinese government. It’s the same thing that’s tripped up fellow Chinese handset manufacturer Huawei in its pursuit of the U.S. market.

In Huawei’s case, multiple warnings from top U.S. security agencies has severely hobbled any chance of making significant headway in this country. The company kicked off the year with the one-two punch of having AT&T pull out of a deal last minute, only to have Best Buy stop restocking its product on store shelves. ZTE, on the other hand, has run into less headwind there.

In February, top officials at the FBI, CIA and NSA all warned against buying product from both companies over remote surveillance concerns and later ending their sale at military bases. But after making significant inroads through non-contract carriers like Boost, Cricket and Metro PCS, the warnings appear to have had little impact on the company.

The same, however, can’t be said of a seven-year ban.

In 2016, the U.S. Commerce Department found the company guilty of violating U.S. sanctions. The department disclosed internal documents from the company naming “ongoing projects in all five major embargoed countries — Iran, Sudan, North Korea, Syria and Cuba.” That’s a big issue when selling a product that contains, by some estimates, a quarter of components created by U.S. companies — not to mention all of the Google software.

The following year, the company pleaded guilt and agreed to a $1.19 billion fine, along with the stipulation that it would punish senior management for the transgression. Last month, however, the DOC said ZTE failed to live up to the latter part of the deal, issuing an even steeper fine as a result.

“ZTE misled the Department of Commerce,” the department said in a statement to TechCrunch at the time. “Instead of reprimanding ZTE staff and senior management, ZTE rewarded them. This egregious behavior cannot be ignored.”

The new punishment bans U.S. component manufacturers from selling to ZTE for seven years. A few days later, the company told TechCrunch that the export ban would “severely impact” its chances of survival. And then, last week, the company ceased major operating activities.

“As a result of the Denial Order, the major operating activities of the company have ceased,” it wrote in an exchange filing. “As of now, the company maintains sufficient cash and strictly adheres to its commercial obligations subject in compliance with laws and regulations.”

In the meantime, the company was reportedly meeting with companies like Google in hopes of figuring out a workaround, while China was said to be meeting with U.S. officials to discuss the steep ban. For some, the ZTE ban was seen as a political move amidst a potential trade war, and a major roadblock toward negotiations.

That leads us to Sunday, when Trump tweeted, “President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!”

Job loss in China seems like an odd motivator for any U.S. president, let along Trump, but things make significantly more sense when you consider the sheer size of a company like ZTE. If a U.S. trade ban caused the company to fold, it’s easy to see how that could severely impact already tenuous relations between the two countries.

“The Chinese have suggested that ZTE was a show-stopper,” international studies expert Scott Kennedy succinctly told NPR, “if you kill this company, we’re not going to be able to cooperate with you on anything.”

And that brings us to this morning — and other Trump tweet. “The Washington Post and CNN have typically written false stories about our trade negotiations with China,” Trump writes. “Nothing has happened with ZTE except as it pertains to the larger trade deal. Our country has been losing hundreds of billions of dollars a year with China[…]…haven’t even started yet! The U.S. has very little to give, because it has given so much over the years. China has much to give!”

Those tweets, it should be noted, were most likely posted in reaction to bipartisan concern about Trump’s focus. “#China intends to dominate the key industries of the 21st Century not through out innovating us, but by stealing our intellectual property & exploiting our open economy while keeping their own closed,” Marco Rubio tweeted earlier this week. “Why are we helping them achieve this by making a terrible deal on ZTE?”

So things are weird. And it’s 2018, so expect that it will only get weirder from here.

Hot on the heels of a surprising 52-47 Senate disapproval of the FCC’s new, weaker net neutrality rules, the House of Representatives will soon attempt to force a similar vote under the Congressional Review Act. Representative Mike Doyle (D-PA) announced in a statement and at a press conference following the Senate vote that he will begin the process first thing tomorrow morning.

“I have introduced a companion CRA in the house,” Rep. Doyle said, “but I’m also going to begin a discharge petition which we will have open for signature tomorrow morning. And I urge every member who’s uproots a free and open internet to join me and sign this petition so we can bring this legislation to the floor.”

The CRA requires Senate and House to submit the resolution itself, in the former’s case Joint Resolution 52, after which a certain number of people to sign off on what’s called a discharge petition, actually forces a vote.

In the Senate this number is only 30, which makes it a useful tool for the minority party, which can easily gather that many votes if it’s an important issue (a full majority is still required to pass the resolution).

But in the House a majority is required, 218 at present. That’s a more difficult ask, since Democrats only hold 193 seats there. They’d need two dozen Republicans to switch sides, and while it’s clear from the defection of three Senators from the party line that such bipartisan support is possible, it’s far from a done deal. Today’s success may help move the needle, though.

Should the required votes be gathered, which could happen tomorrow, or take much longer, the vote will then be scheduled, though a congressional aide I talked to was unsure how quickly it would follow. It only took a week in the Senate to go from petition to floor vote, but that period could be longer in the House depending on how the schedule works out.

Is Facebook trampling over laws that regulate the processing of sensitive categories of personal data by failing to ask people for their explicit consent before it makes sensitive inferences about their sex life, religion or political beliefs? Or is the company merely treading uncomfortably and unethically close to the line of the law?

An investigation by the Guardian and the Danish Broadcasting Corporation has found that Facebook’s platform allows advertisers to target users based on interests related to political beliefs, sexuality and religion — all categories that are marked out as sensitive information under current European data protection law.

And indeed under the incoming GDPR, which will apply across the bloc from May 25.

The joint investigation found Facebook’s platform had made sensitive inferences about users — allowing advertisers to target people based on inferred interests including communism, social democrats, Hinduism and Christianity. All of which would be classed as sensitive personal data under EU rules.

And while the platform offers some constraints on how advertisers can target people against sensitive interests — not allowing advertisers to exclude users based on a specific sensitive interest, for example (Facebook having previously run into trouble in the US for enabling discrimination via ethnic affinity-based targeting) — such controls are beside the point if you take the view that Facebook is legally required to ask for a user’s explicit consent to processing this kind of sensitive data up front, before making any inferences about a person.

Indeed, it’s very unlikely that any ad platform can put people into buckets with sensitive labels like ‘interested in social democrat issues’ or ‘likes communist pages’ or ‘attends gay events’ without asking them to let it do so first.

And Facebook is not asking first.

Facebook argues otherwise, of course — claiming that the information it gathers about people’s affinities/interests, even when they entail sensitive categories of information such as sexuality and religion, is not personal data.

In a response statement to the media investigation, a Facebook spokesperson told us:

Like other Internet companies, Facebook shows ads based on topics we think people might be interested in, but without using sensitive personal data. This means that someone could have an ad interest listed as ‘Gay Pride’ because they have liked a Pride associated Page or clicked a Pride ad, but it does not reflect any personal characteristics such as gender or sexuality. People are able to manage their Ad Preferences tool, which clearly explains how advertising works on Facebook and provides a way to tell us if you want to see ads based on specific interests or not. When interests are removed, we show people the list of removed interests so that they have a record they can access, but these interests are no longer used for ads. Our advertising complies with relevant EU law and, like other companies, we are preparing for the GDPR to ensure we are compliant when it comes into force.

Expect Facebook’s argument to be tested in the courts — likely in the very near future.

As we’ve said before, the GDPR lawsuits are coming for the company, thanks to beefed up enforcement of EU privacy rules, with the regulation providing for fines as large as 4% of a company’s global turnover.

Facebook is not the only online people profiler, of course, but it’s a prime target for strategic litigation both because of its massive size and reach (and the resulting power over web users flowing from a dominant position in an attention-dominating category), but also on account of its nose-thumbing attitude to compliance with EU regulations thus far.

The company has faced a number of challenges and sanctions under existing EU privacy law — though for its operations outside the US it typically refuses to recognize any legal jurisdiction except corporate-friendly Ireland, where its international HQ is based.

And, from what we’ve seen so far, Facebook’s response to GDPR ‘compliance’ is no new leaf. Rather it looks like privacy-hostile business as usual; a continued attempt to leverage its size and power to force a self-serving interpretation of the law — bending rules to fit its existing business processes, rather than reconfiguring those processes to comply with the law.

The GDPR is one of the reasons why Facebook’s ad microtargeting empire is facing greater scrutiny now, with just weeks to go before civil society organizations are able to take advantage of fresh opportunities for strategic litigation allowed by the regulation.

“I’m a big fan of the GDPR. I really believe that it gives us — as the court in Strasbourg would say — effective and practical remedies,” law professor Mireille Hildebrandt tells us. “If we go and do it, of course. So we need a lot of public litigation, a lot of court cases to make the GDPR work but… I think there are more people moving into this.

“The GDPR created a market for these sort of law firms — and I think that’s excellent.”

But it’s not the only reason. Another reason why Facebook’s handling of personal data is attracting attention is the result of tenacious press investigations into how one controversial political consultancy, Cambridge Analytica, was able to gain such freewheeling access to Facebook users’ data — as a result of Facebook’s lax platform policies around data access — for, in that instance, political ad targeting purposes.

All of which eventually blew up into a major global privacy storm, this March, though criticism of Facebook’s privacy-hostile platform policies dates back more than a decade at this stage.

The Cambridge Analytica scandal at least brought Facebook CEO and founder Mark Zuckerberg in front of US lawmakers, facing questions about the extent of the personal information it gathers; what controls it offers users over their data; and how he thinks Internet companies should be regulated, to name a few. (Pro tip for politicians: You don’t need to ask companies how they’d like to be regulated.)

The Facebook founder has also finally agreed to meet EU lawmakers — though UK lawmakers’ calls have been ignored.

Zuckerberg should expect to be questioned very closely in Brussels about how his platform is impacting European’s fundamental rights.

Sensitive personal data needs explicit consent

Facebook infers affinities linked to individual users by collecting and processing interest signals their web activity generates, such as likes on Facebook Pages or what people look at when they’re browsing outside Facebook — off-site intel it gathers via an extensive network of social plug-ins and tracking pixels embedded on third party websites. (According to information released by Facebook to the UK parliament this week, during just one week of April this year its Like button appeared on 8.4M websites; the Share button appeared on 931,000 websites; and its tracking Pixels were running on 2.2M websites.)

But here’s the thing: Both the current and the incoming EU legal framework for data protection sets the bar for consent to processing so-called special category data equally high — at “explicit” consent.

What that means in practice is Facebook needs to seek and secure separate consents from users (such as via a dedicated pop-up) for collecting and processing this type of sensitive data.

The alternative is for it to rely on another special condition for processing this type of sensitive data. However the other conditions are pretty tightly drawn — relating to things like the public interest; or the vital interests of a data subject; or for purposes of “preventive or occupational medicine”.

None of which would appear to apply if, as Facebook is, you’re processing people’s sensitive personal information just to target them with ads.

Ahead of GDPR, Facebook has started asking users who have chosen to display political opinions and/or sexuality information on their profiles to explicitly consent to that data being public.

Though even there its actions are problematic, as it offers users a take it or leave it style ‘choice’ — saying they either remove the info entirely or leave it and therefore agree that Facebook can use it to target them with ads.

Yet EU law also requires that consent be freely given. It cannot be conditional on the provision of a service.

So Facebook’s bundling of service provisions and consent will also likely face legal challenges, as we’ve written before.

“They’ve tangled the use of their network for socialising with the profiling of users for advertising. Those are separate purposes. You can’t tangle them like they are doing in the GDPR,” says Michael Veale, a technology policy researcher at University College London, emphasizing that GDPR allows for a third option that Facebook isn’t offering users: Allowing them to keep sensitive data on their profile but that data not be used for targeted advertising.

“Facebook, I believe, is quite afraid of this third option,” he continues. “It goes back to the Congressional hearing: Zuckerberg said a lot that you can choose which of your friends every post can be shared with, through a little in-line button. But there’s no option there that says ‘do not share this with Facebook for the purposes of analysis’.”

Returning to how the company synthesizes sensitive personal affinities from Facebook users’ Likes and wider web browsing activity, Veale argues that EU law also does not recognize the kind of distinction Facebook is seeking to draw — i.e. between inferred affinities and personal data — and thus to try to redraw the law in its favor.

“Facebook say that the data is not correct, or self-declared, and therefore these provisions do not apply. Data does not have to be correct or accurate to be personal data under European law, and trigger the protections. Indeed, that’s why there is a ‘right to rectification’ — because incorrect data is not the exception but the norm,” he tells us.

“At the crux of Facebook’s challenge is that they are inferring what is arguably “special category” data (Article 9, GDPR) from non-special category data. In European law, this data includes race, sexuality, data about health, biometric data for the purposes of identification, and political opinions. One of the first things to note is that European law does not govern collection and use as distinct activities: Both are considered processing.

“The pan-European group of data protection regulators have recently confirmed in guidance that when you infer special category data, it is as if you collected it. For this to be lawful, you need a special reason, which for most companies is restricted to separate, explicit consent. This will be often different than the lawful basis for processing the personal data you used for inference, which might well be ‘legitimate interests’, which didn’t require consent. That’s ruled out if you’re processing one of these special categories.”

“The regulators even specifically give Facebook like inference as an example of inferring special category data, so there is little wiggle room here,” he adds, pointing to an example used by regulators of a study that combined Facebook Like data with “limited survey information” — and from which it was found that researchers could accurately predict a male user’s sexual orientation 88% of the time; a user’s ethnic origin 95% of the time; and whether a user was Christian or Muslim 82% of the time.

Which underlines why these rules exist — given the clear risk of breaches to human rights if big data platforms can just suck up sensitive personal data automatically, as a background process.

The overarching aim of GDPR is to give consumers greater control over their personal data not just to help people defend their rights but to foster greater trust in online services — and for that trust to be a mechanism for greasing the wheels of digital business. Which is pretty much the opposite approach to sucking up everything in the background and hoping your users don’t realize what you’re doing.

Veale also points out that under current EU law even an opinion on someone is their personal data… (per this Article 29 Working Party guidance, emphasis ours):

From the point of view of the nature of the information, the concept of personal data includes any sort of statements about a person. It covers “objective” information, such as the presence of a certain substance in one’s blood. It also includes “subjective” information, opinions or assessments. This latter sort of statements make up a considerable share of personal data processing in sectors such as banking, for the assessment of the reliability of borrowers (“Titius is a reliable borrower”), in insurance (“Titius is not expected to die soon”) or in employment (“Titius is a good worker and merits promotion”).

We put that specific point to Facebook — but at the time of writing we’re still waiting for a response. (Nor would Facebook provide a public response to several other questions we asked around what it’s doing here, preferring to limit its comment to the statement at the top of this post.)

Veale adds that the WP29 guidance has been upheld in recent CJEU cases such as Nowak — which he says emphasized that, for example, annotations on the side of an exam script are personal data.

He’s clear about what Facebook should be doing to comply with the law: “They should be asking for individuals’ explicit, separate consent for them to infer data including race, sexuality, health or political opinions. If people say no, they should be able to continue using Facebook as normal without these inferences being made on the back-end.”

“They need to tell individuals about what they are doing clearly and in plain language,” he adds. “Political opinions are just as protected here, and this is perhaps more interesting than race or sexuality.”

“They certainly should face legal challenges under the GDPR,” agrees Paul Bernal, senior lecturer in law at the University of East Anglia, who is also critical of how Facebook is processing sensitive personal information. “The affinity concept seems to be a pretty transparent attempt to avoid legal challenges, and one that ought to fail. The question is whether the regulators have the guts to make the point: It undermines a quite significant part of Facebook’s approach.”

“I think the reason they’re pushing this is that they think they’ll get away with it, partly because they think they’ve persuaded people that the problem is Cambridge Analytica, as rogues, rather than Facebook, as enablers and supporters. We need to be very clear about this: Cambridge Analytica are the symptom, Facebook is the disease,” he adds.

“I should also say, I think the distinction between ‘targeting’ being OK and ‘excluding’ not being OK is also mostly Facebook playing games, and trying to have their cake and eat it. It just invites gaming of the systems really.”

Facebook claims its core product is social media, rather than data-mining people to run a highly lucrative microtargeted advertising platform.

But if that’s true why then is it tangling its core social functions with its ad-targeting apparatus — and telling people they can’t have a social service unless they agree to interest-based advertising?

It could support a service with other types of advertising, which don’t depend on background surveillance that erodes users’ fundamental rights.  But it’s choosing not to offer that. All you can ‘choose’ is all or nothing. Not much of a choice.

Facebook telling people that if they want to opt out of its ad targeting they must delete their account is neither a route to obtain meaningful (and therefore lawful) consent — nor a very compelling approach to counter criticism that its real business is farming people.

The issues at stake here for Facebook, and for the shadowy background data-mining and brokering of the online ad targeting industry as a whole, are clearly far greater than any one data misuse scandal or any one category of sensitive data. But Facebook’s decision to retain people’s sensitive personal data for ad targeting without asking for consent up-front is a telling sign of something gone very wrong indeed.

If Facebook doesn’t feel confident asking its users whether what it’s doing with their personal data is okay or not, maybe it shouldn’t be doing it in the first place.

At very least it’s a failure of ethics. Even if the final judgement on Facebook’s self-serving interpretation of EU privacy rules will have to wait for the courts to decide.

“Travel is expensive, but we are at the cusp of a revolution that will democratize travel and leisure for everyone,” reads the breathless white paper for HoweyCoins. “The Internet was the first part of the revolution. The other part is blockchain technology and cryptocurrencies.”

“I’m all about HoweyCoins – this thing is going to pop at the top!” writes @boxingchamp1934, an official celebrity backer of the token. The website is full of beautiful beaches features a handsome team of international men and women and the technology is nowhere to be seen, buried under a sea of excitement. The white paper is complete and well-written, focusing on the upside that is to come. Riches await if you invest in HoweyCoin, the latest ICO opportunity from trusted folks.

Or do they?

They don’t. All that breathless optimism is a site created by US Securities Exchange Commission to warn investors of scams and issues associated with token sales. The site features all the trademarks of a scammy security token including tiered pre-sale pricing and an urgent countdown clock.

The site features a number of red flags that the SEC encourages users to watch out for including, most importantly, claims that tokens can only go up in value. They write:

Every investment carries some degree of risk, which is reflected in the rate of return you can expect to receive. High returns entail high risks, possibly including a total loss on the investments. Most fraudsters spend a lot of time trying to convince investors that extremely high returns are “guaranteed” or “can’t miss.”

The SEC also notes that “it is never a good idea to make an investment decision just because someone famous says a product or service is a good investment” and that it is never a good idea to invest with a credit card.

They also warn against pump and dump language found on many ICO pages. “Our past two pumps have doubled value for the period immediately after the pump for returns of over 225%,” wrote the HoweyCoin “creators,” a giant no-no in the world of investing.

You can read the rest of the red flags here.

While the site is fairly comical, it is sufficiently complete and would fool the casual observer. The SEC also posted a real-looking white paper which makes it clear that anyone can string together a few buzzwords can write a passable investment prospectus. That this is now a service available to anyone – for a price – makes things even scarier.

The site is part of the SEC’s outreach efforts to help investors understand ICOs.

“Strong investor protection is part of what makes American markets so strong…and striking the balance, [between innovation and investor protection] is very important,” said Chief of the SEC Cyber Unit Robert Cohen at Consensus this week. During the same panel the SEC claimed its doors were always open for questions.

Ultimately there is little separating the scams from the real token sales. This is a problem. The SEC is framing this problem in their own way based on decades of dealing with pink sheet pump and dumps and bogus get rich quick schemes. While HoweyCoins may not be real there are plenty of scammers out there and at least something like this bogus website makes it easier to spot the warning signs.

The Senate today voted 52-47 to disapprove the FCC’s recent order replacing 2015’s net neutrality rules, a pleasant surprise for internet advocates and consumers throughout the country. Although the disapproval will almost certainly not lead to the new rules being undone, it is a powerful statement of solidarity with a constituency activated against this deeply unpopular order.

To be clear, the FCC’s “Restoring Internet Freedom” is still set to take effect in June, but

Senate Joint Resolution 52 officially disapproves the rule under the Congressional Review Act, which allows Congress to undo recently created rules by federal agencies. It will have to pass in the House as well and then be signed by the President for the old rules to be restored (that or a 2/3rds majority, which is equally unlikely).

On the other hand, forcing everyone in Congress to officially weigh in will potentially make this an issue in the upcoming midterms.

“‘Do you support net neutrality?’ Every candidate in America is going to be asked that question,” said Senator Ed Markey (D-MA) at a press conference after the vote.

Senator Schatz (D-HI) related that a Republican colleague of his told him that their office had received over 6,000 calls from people expressing support for net neutrality and the FCC’s original rules, and 10 opposed.

“People who use the internet all the time realize what this is about. Millions of calls, we don’t get that on every issue. People intuitively get this,” said Senator Chuck Schumer (D-NY) at the press conference.

Until yesterday Senate Democrats, who brought the resolution, had 50 supporters including one Republican, more than enough to force the issue to be voted on, but not enough to actually pass.

Two more Republicans, Alaska’s Lisa Murowski and Louisiana’s John Kennedy joined Maine’s Susan Collins to vote aye on the measure, making the final tally 52-47.

“We salute them for their courage,” said Senate minority leader Diane Feinstein at the press conference.

FCC Commissioner Jessica Rosenworcel commended the Senate’s action.

“Today the United States Senate took a big step to fix the serious mess the FCC made
when it rolled back net neutrality late last year,” she said in a statement. “Today’s vote is a sign that the fight for internet freedom is far from over. I’ll keep raising a ruckus to support net neutrality and I hope others will too.”

Chairman Ajit Pai, however, was less congratulatory in his own statement.

“It’s disappointing that Senate Democrats forced this resolution through by a narrow margin,” he said, “But ultimately, I’m confident that their effort to reinstate heavy-handed government regulation of the Internet will fail.”

Representative Mike Doyle, who has been working on the corresponding effort in the House, said he is taking the next step tomorrow morning.

With the Majority Leadership in the House opposed to this bill, the only way to bring it before the full House for a vote is through a discharge petition. Under the rules of the House, a bill must be brought to the House Floor for a vote if a majority of Representatives sign a discharge petition demanding it. I’m filing a discharge petition to force a vote on the legislation to save Net Neutrality, and we just need to get a majority of Representatives to sign it. I’m sure that every Member of the House will want to know where their constituents stand on this issue.

As everyone notes above, the fight continues. Be sure to contact your Member of Congress