Tag Archives: Privacy Issues/Information Security

Technology

Apple Plans New Encryption System to Ward Off Hackers and Protect iCloud Data

Leave a comment

Apple Inc.

AAPL -1.38%

is planning to significantly expand its data-encryption practices, a step that is likely to create tensions with law enforcement and governments around the world as the company continues to build new privacy protections for millions of iPhone users.

The expanded end-to-end encryption system, an optional feature called Advanced Data Protection, would keep most data secure that is stored in iCloud, an Apple service used by many of its users to store photos, back up their iPhones or save specific device data such as Notes and Messages. The data would be protected in the event that Apple is hacked, and it also wouldn’t be accessible to law enforcement, even with a warrant.

While Apple has drawn attention in the past for being unable to help agencies such as the Federal Bureau of Investigation access data on its encrypted iPhones, it has been able to provide much of the data stored in iCloud backups upon a valid legal request. Last year, it responded to thousands of such requests in the U.S., according to the company. 

With these new security enhancements, Apple would no longer have the technical ability to comply with certain law-enforcement requests such as for iCloud backups—which could include iMessage chat logs and attachments and have been used in many investigations.

Apple has added additional methods to help users recover their end-to-end encrypted data.



Photo:

Apple

The company said the security enhancements, which were announced Wednesday, are designed to protect Apple customers from the most sophisticated attackers.

“As customers have put more and more of their personal information of their lives into their devices, these have become more and more the subject of attacks by advanced actors,” said

Craig Federighi,

Apple’s senior vice president of software engineering, in an interview. Some of these actors are going to great lengths to get their hands on the private information of people they have targeted, he said.

The FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose,” according to a statement provided by an agency spokeswoman. “This hinders our ability to protect the American people from criminal acts ranging from cyberattacks and violence against children to drug trafficking, organized crime and terrorism,” the statement said. The FBI and law enforcement agencies need “lawful access by design,” it said.

A spokesman for the Justice Department declined to comment.

Former Western law-enforcement and intelligence officials said they were surprised by Apple’s decision in part because the company had refrained in the past from rolling out such encryption settings for iCloud. The officials said Apple would sometimes point authorities to the iCloud as a possible means of collecting information that could be useful for criminal investigations.

Ciaran Martin,

former chief of the U.K.’s National Cyber Security Centre, said the announcement by Apple could pose legal complications for the company in multiple democracies that in recent years have adopted or weighed restrictions on technology that can’t be responsive to law-enforcement demands.

“Things will only be clearer when further technical details are given,” Mr. Martin said. “But on the face of it, existing legislation in Australia and looming legislation in the U.K. would seem to give those governments the power to tell Apple in those countries effectively not to do this.”

Last year, Apple proposed software for the iPhone that would identify child sexual-abuse material on the iPhone. Apple now says it has stopped development of the system, following criticism from privacy and security researchers who worried that the software could be misused by governments or hackers to gain access to sensitive information on the phone.

SHARE YOUR THOUGHTS

What do you think about Apple’s new security feature? Join the conversation below.

Mr. Federighi said Apple’s focus related to protecting children has been on areas such as communication and giving parents tools to protect children in iMessage. “Child sexual abuse can be headed off before it occurs,” he said. “That’s where we’re putting our energy going forward.”

Apple released a feature in December 2021 called “Communication Safety” in Messages, which offers tools for parents that warn their children when they have received or attempt to send photos that contain nudity. The option is part of Apple’s “Screen Time” parental-controls software.

The new encryption system, to be tested by early users starting Wednesday, will roll out as an option in the U.S. by year’s end, and then worldwide including China in 2023, Mr. Federighi said.

“This development will prompt questions at home and abroad, including whether the government of China will really accept a loss of data access,” said Sumon Dantiki, a former senior FBI and Justice Department official who worked on cyber investigations and is now a partner at the King & Spalding law firm. U.S. officials have long pointed to China’s increasingly strict demands for access to data on companies that operate within its borders as a national-security concern.

In addition to Advanced Data Protection, Apple is also modifying its Messages app to make it harder for messages to be snooped on, and it will now allow users to log in to their Apple accounts with hardware-based security keys made by other companies such as Yubico.

Privacy groups have long called on Apple to strengthen encryption on its cloud servers. But because the Advanced Protection encryption keys will be controlled by users, the system will restrict Apple’s ability to restore lost data. 

Apple has added additional methods to help users recover their end-to-end encrypted data.



Photo:

Uncredited

To set up Advanced Data Protection, users will have to enable at least one data-recovery method. This could be a recovery key—a long list of numbers and characters that users could print out and store in a secure location—or the user could assign a friend or family member as a recovery contact.  

Over the past two decades, businesses and consumers have moved much of their data off computer systems that they control and onto the cloud—data centers filled with servers that are operated by large technology companies. That trend has made these cloud systems an attractive target for cyber intruders. 

Mr. Federighi said that Apple isn’t aware of any customer data being taken from iCloud by hackers but that the Advanced Protection system will make things harder for them. “All of us in the industry who manage customer data are under constant attack by entities that are attempting to breach our systems,” he said. “We have to stay ahead of future attacks with new protections.”

As Apple has locked down its systems, governments worldwide have become increasingly interested in the data stored on phones and cloud computers. That interest has led to friction between Apple and law-enforcement agencies, along with a growing market for iPhone hacking tools. In 2020, Attorney General

William Barr

pressured Apple for a way to crack the iPhone’s encryption to help with a terror investigation into a shooting that killed three people at a Florida Navy base.  

Advanced Protection will reduce the amount of iCloud information that Apple can provide to law-enforcement agencies, who frequently request iPhone data from Apple as part of their investigations. Apple received requests for information on 7,122 Apple accounts from U.S. authorities in the first six months of 2021, the last period for which the company has provided information.

Apple had already offered end-to-end encryption for some of its services, but the protection will now extend to 23 services, including iPhone backups and Photos. However, three services—Mail, Contacts and Calendar—won’t qualify for Advanced Protection because they use older technology protocols, Mr. Federighi said.

Mr. Federighi said Apple believes it shares the same mission as law enforcement and governments: keeping people safe. If sensitive information were to get in the hands of an attacker, a foreign adversary or some other bad actor, it could be disastrous, he said. 

“We’re giving users the option to keep that key only on their devices, which means that even if an attacker were to successfully breach the cloud and access all that data, it would be nonsense to them,” Mr. Federighi said. “They’d lack the key to decrypt it.”

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Read original article here

Business

Twitter Exodus Hits Teams Tasked With Regulatory, Content Issues Globally

Leave a comment

Elon Musk’s

move to purge Twitter Inc. employees who don’t embrace his vision has led to a wave of departures among policy and safety-issue staffers around the globe, sparking questions from regulators in key jurisdictions about the site’s continued compliance efforts.

Scrutiny has been particularly close in Europe, where officials have in recent years assumed a greater role in regulating big tech companies.

Staff departures in recent days include dozens of people spread across units such as government policy, legal affairs and Twitter’s “trust and safety” division, which is responsible for functions like drafting content-moderation rules, according to current and former employees, postings on social media and emails sent to work addresses of people who had worked at Twitter that recently bounced back. They have left from hubs including Dublin, Singapore and San Francisco.

Many of the departures follow Mr. Musk’s ultimatum late last week that staffers pledge to work long hours and be “extremely hardcore” or take a buyout. Hundreds or more employees declined to commit to what Mr. Musk has called Twitter 2.0 and were locked out of company systems. That comes after layoffs in early November that cut roughly half of the company’s staff.

Twitter conducted another round of job cuts affecting engineers late Wednesday, before the Thanksgiving holiday in the U.S., people familiar with the matter said. The exact scope couldn’t be immediately learned, though some of the people estimated dozens of employees were let go.

Twitter sent fired engineers an email saying their code wasn’t satisfactory and offering four weeks of severance, some of the people said. Some other engineers received an email warning them to improve their performance to keep their jobs, the people said.

Ireland’s Data Protection Commission said this week it was asking Twitter whether it still had sufficient staff to assure compliance with the European Union’s privacy law, the General Data Protection Regulation, or GDPR. The company last week told the Irish data regulator that it did, but is still reviewing the impact of the staff departures, a spokesman for the Irish regulator said.

He said Twitter has appointed an interim chief data protection officer, an obligation under the GDPR, after the departure of Damien Kieran, who had served in the role but left shortly after the first round of layoffs.

In France, meanwhile, the country’s communications regulator said it sent a letter last Friday asking that Twitter explain by this week whether it has sufficient personnel on staff to moderate hate speech deemed illegal under French law—under which Twitter could face legal orders and fines.

SHARE YOUR THOUGHTS

What will be the impact on Twitter of having a reduced staff to oversee regulatory and content issues? Join the conversation below.

The staff departures come as Twitter holds talks with the EU about the bloc’s new social-media law, dubbed the Digital Services Act, which will apply tougher rules on bigger platforms like Twitter by the middle of next year.

Didier Reynders,

the EU’s justice commissioner, is slated to attend a previously scheduled meeting with Twitter executives in Ireland on Thursday. He plans to ask about the company’s ability to comply with the law and to meet its commitments on data protection and tackling online hate speech, according to an EU official familiar with the trip.

Věra Jourová, a vice president of the EU’s executive arm, said she was concerned about reports of the firing of vast amounts of Twitter staff in Europe. “European laws continue to apply to Twitter, regardless of who is the owner,” she said.

Mr. Musk has said that he would follow the laws of the countries where Twitter operates and that it “cannot become a free-for-all hellscape.”

Twitter didn’t respond to a request for comment.

Late Wednesday, Mr. Musk tweeted that the number of views of tweets he described as “hate speech” had fallen below levels seen before a spike in such views in late October.
“Congrats to the Twitter team!” Mr. Musk wrote. 

Some of the people who either departed or declined to sign on to Twitter 2.0 appear to include Sinead McSweeney, the company’s Ireland-based vice president of global policy and philanthropy, who led government relations and compliance initiatives with regulations worldwide, as well as the two remaining staffers in Twitter’s Brussels office.

Ms. McSweeney and the two Brussels employees declined to comment, but emails to their work addresses started bouncing back undeliverable in recent days according to checks by The Wall Street Journal. Four other Brussels-based employees were earlier this month told they were being laid off, according to social-media posts and people familiar with the matter.

Twenty Air Street, London, the home of Twitter’s U.K. office.



Photo:

Dan Kitwood/Getty Images

Damien Viel, Twitter’s country manager for France, was also among a wave of staffers who posted publicly this week that they had left the company. He declined to comment when reached by the Journal.

At least some of the departures occurred in teams that reported to

Yoel Roth,

Twitter’s former head of trust and safety, who resigned earlier this month. In an op-ed for the New York Times, Mr. Roth said he resigned because Mr. Musk made it clear that he alone would make decisions on policy and the platform’s rules and that he had little use for those at the company who were advising him on those issues.

The team included Ilana Rosenzweig, who worked as Twitter’s senior director and head of international trust and safety. She has left the company, according to her LinkedIn profile. Based in Singapore, Ms. Rosenzweig led Twitter’s trust and safety teams across Europe, the Middle East and Africa, along with Japan and other Asia-Pacific countries, according to her profile.

“I decided not to agree to Twitter 2.0,” Keith Yet, a Twitter trust and safety worker based in Singapore, wrote on LinkedIn on Monday. Mr. Yet worked on child sexual exploitation issues and handling legal escalations from Japan and other countries, according to his LinkedIn profile. Attempts to reach Ms. Rosenzweig and Mr. Yet were unsuccessful.

The departures come amid a wave of new tech regulation, particularly in Europe. The Digital Services Act, which will by the middle of next year require tech companies like Twitter with more than 45 million users in the EU to maintain robust systems for removing content that European national governments deem to be illegal. 

The layoff announcements just keep coming. As interest rates continue to climb and earnings slump, WSJ’s Dion Rabouin explains why we can expect to see a bigger wave of layoffs in the near future. Illustration: Elizabeth Smelov

The act also requires these companies to reduce risks associated with content that regulators consider harmful or hateful. It mandates regular outside audits of the companies’ processes and threatens noncompliance fines of up to 6% of a company’s annual revenue.

Political leaders had warned that Mr. Musk’s Twitter would have to comply with EU rules. “In Europe, the bird will fly by our rules,” tweeted the EU’s commissioner for the internal market,

Thierry Breton,

hours after Mr. Musk completed his Twitter deal in late October tweeting, “the bird is free.”

A spokesman for the European Commission, the EU’s executive arm, said this week that it had active contacts with the company regarding the regulation and tackling disinformation and illegal hate speech, but declined to comment on the substance of Twitter’s compliance plans.

Activists and researchers are also concerned that the departures could undermine Twitter’s ability to block state-backed information operations aimed at spreading propaganda and harassing adversaries. The wave of departures “raises questions about how Twitter will moderate tweets and comments in a professional and neutral manner,” said Patrick Poon, an activist turned scholar at Japan’s Meiji University, who analyzes free speech.

—Liza Lin, Alexa Corse and Sarah E. Needleman contributed to this article.

Write to Sam Schechner at Sam.Schechner@wsj.com, Kim Mackrael at kim.mackrael@wsj.com and Newley Purnell at newley.purnell@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Read original article here

Business

Twitter’s Ex-Security Head Files Whistleblower Complaint on Spam, Privacy Issues

Leave a comment

Twitter Inc.’s

TWTR -7.32%

former head of security filed a whistleblower complaint against the company, accusing it of failing to protect sensitive user data and lying about its security problems, just weeks ahead of the social-networking platform’s courtroom battle with

Elon Musk.

Peiter Zatko, who was fired as Twitter’s head of security earlier this year, submitted the complaint last month to the Securities and Exchange Commission, according to a representative of Whistleblower Aid, an organization that helped file the claims. His submission says that he “uncovered extreme, egregious deficiencies by Twitter in every area of his mandate,” including privacy, digital and physical security, platform integrity and content moderation.

Among Mr. Zatko’s claims are that Twitter executives, including Chief Executive

Parag Agrawal,

deliberately undercounted the prevalence of spam on the platform. Those claims could further complicate Twitter’s battle with Mr. Musk, whom the company sued in July to enforce a $44 billion takeover deal. Mr. Musk has alleged Twitter misrepresented its business, particularly as it relates to the level of spam or bot accounts—claims Twitter denies.

A five-day nonjury trial is slated to begin in October.

The existence of the whistleblower complaint was earlier reported by the Washington Post and CNN.

A Twitter spokeswoman said Mr. Zatko was fired “for ineffective leadership and poor performance” and that the complaint “is riddled with inconsistencies and inaccuracies and lacks important context.”

A lawyer for Mr. Musk said: “We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.”

Twitter shares were down roughly 5% in Tuesday intraday trading.

Mr. Zatko, a former hacker who is known as “Mudge,” has been a noted computer-security researcher for decades. He was a member of a Boston cybersecurity collective that came to prominence in 1998 when it offered warnings about the state of national cybersecurity in testimony to the U.S. Senate. During one Senate hearing, the group told lawmakers they could take down the internet in 30 minutes.

He was hired by Twitter in late 2020 after a career that included other corporate roles.

Whistleblower Aid’s founder John Tye said Mr. Zatko first approached the nonprofit in early March through the encrypted messaging app Signal. Mr. Tye said Mr. Zatko has never met or spoken with Mr. Musk and that Mr. Musk’s team hasn’t been in contact with the nonprofit about Mr. Zatko’s complaint.

“He sees this whistleblowing as sort of the last resort,” Mr. Tye said of Mr. Zatko. “He obviously worked hard inside the company, used the internal channels and ultimately has ended up as a whistleblower.”

Mr. Zatko was brought into Twitter by co-founder

Jack Dorsey

after a high-profile hack by a teenager who bypassed the company’s securities systems. Mr. Dorsey “specifically recruited Mudge for his reputation of speaking truth to power,” according to the complaint.

Mr. Dorsey, however, was only a sporadic presence at the company, and the new hire—who had hundreds of staff reporting to him—was quickly overwhelmed by the task at hand, according to the complaint. At one point, Mr. Agrawal told his team, “Twitter has 10 years of unpaid security bills,” per the complaint.

The relationship between Mr. Zatko and Twitter’s leadership deteriorated over the subsequent months, according to both parties. Mr. Zatko helped oversee a critical report on Twitter’s ability to fight misinformation and spam, which other executives watered down, according to the complaint, which said Mr. Zatko was told by a Twitter lawyer that the changes were intended to hide the findings and prevent them from leaking internally or externally.

The complaint also expresses concerns about Twitter’s ties to foreign governments and says the company may have foreign spies on its payroll. It states that Mr. Zatko believed that the Indian government had forced the company to knowingly hire at least one employee who had access to “vast amounts of Twitter sensitive data.” India’s Washington embassy didn’t immediately respond to a request for comment.

Earlier this month, a former Twitter employee was found guilty by a U.S. jury of spying for Saudi Arabia by passing on private user information associated with critics of the kingdom in exchange for hundreds of thousands of dollars while he worked at the company from 2013 to 2015.

Much of the complaint, though, deals with fake or spam accounts, a topic that Mr. Musk drew attention to in his takeover bid for Twitter.

Like the

Tesla Inc.

CEO, Mr. Zatko alleges that Twitter miscounts such users by focusing only on what are known as monetizable daily users, or MDAU, rather than all total daily users. The former category counts only those accounts that are thought to view advertising.

“There are many millions of active accounts that are not considered ‘mDAU,’ either because they are spam bots, or because Twitter does not believe it can monetize them,” Mr. Zatko’s complaint says. “These millions of non-mDAU accounts are part of the median user’s experience on the platform.”

Twitter has said it has a system for measuring users and spam that entails multiple human reviews of thousands of accounts sampled at random over time.

Mr. Zatko’s complaint said he attempted to formally notify Twitter’s board of his concerns but was steered off by Mr. Agrawal.

In a memo to employees Tuesday about the whistleblower complaint, Mr. Agrawal said: “I know this is frustrating and confusing to read, given Mudge was accountable for many aspects of this work that he is now inaccurately portraying more than six months after his termination.” Mr. Agrawal defended Twitter’s work on privacy and security, while adding that the attention the complaint has brought to the company will make its work harder. “We will pursue all paths to defend our integrity as a company and set the record straight,” he said.

Twitter in 2011 reached an agreement with the Federal Trade Commission to maintain rigorous security, including limiting the number of employees with access to its key security and privacy controls. Mr. Zatko alleges that the company is in violation of that accord. The FTC didn’t respond to a request for comment.

Copies of the complaint were sent to the Senate Judiciary and Intelligence committees, aides of each panel said.

Democrats and Republicans have raised concerns about Twitter and other social-media companies in recent years over how they use and protect customer data, and have considered legislation that could require firms to adhere to certain data transparency or security standards. “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” Sen.

Dick Durbin

(D., Ill.), chairman of the Judiciary Committee, said in a statement.

—Dave Michaels, Erin Mulvaney and Dustin Volz contributed to this article.

Corrections & Amplifications
Parag Agrawal is the CEO of Twitter. An earlier version of this article incorrectly spelled his last name as Agarwal. (Corrected on Aug. 23)

Write to Sarah E. Needleman at sarah.needleman@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Read original article here

Business

Biden Administration Orders Federal Agencies to Fix Hundreds of Cyber Flaws

Leave a comment

WASHINGTON—The Biden administration on Wednesday issued a sweeping new order mandating that nearly all federal agencies patch hundreds of cybersecurity vulnerabilities that are considered major risks for damaging intrusions into government computer systems.

The new requirement is one of the most wide-reaching cybersecurity mandates ever imposed on the federal government. It covers about 200 known security flaws identified by cybersecurity professionals between 2017 and 2020 and an additional 90 discovered in 2021 alone that have generally been observed being used by malicious hackers. Those flaws were listed in a new federal catalog as carrying “significant risk to the federal enterprise.”

Read original article here

Technology

Twitch Data Leak Shows Some Streamers Make Hundreds of Thousands Per Month

Leave a comment

Leaked data this week from the streaming platform Twitch Interactive revealed that some people can make six-figure monthly incomes from playing videogames in front of a live online audience.

A user of the online chat forum 4chan claimed to have access to the payout information, and several people who called themselves Twitch streamers said many of the figures were consistent with what they had earned. Others said the figures didn’t paint a full picture of their earnings, in part because they didn’t appear to take into account what they make when streaming as part of a group or from third parties.

Twitch broadcasters’ earnings and other company information that was claimed to have been accessed were made public Wednesday. The 4chan user posted the information there to hurt the Amazon.com Inc. unit’s business, the user wrote.

Twitch confirmed a data leak but declined to comment on what information was accessed.

Such data hasn’t been disclosed by Twitch, which was founded in 2011 and acquired by Amazon in 2014 for $970 million in cash. Though the platform is best known for its videogame streamers, many others broadcast themselves playing tabletop games and music, making crafts, exercising and more. One of its most popular categories is called Just Chatting, where streamers discuss all sorts of topics.

Last month, people spent 1.7 billion hours watching Twitch, which is up more than 20% from a year earlier, according to StreamElements, a provider of tools and services for content creators.

The leak announced on 4chan identifies streamers’ monthly revenue-sharing payments from Twitch since August 2019. Last month alone, a videogame streamer in Canada earned approximately $705,000 from the platform, while a group of Dungeons & Dragons players brought in roughly $311,000.

Twitch streamers typically generate revenue from paid subscriptions to their channels and through the platform’s ad-sharing program, which requires certain viewer metrics. For the most popular streamers, Twitch may cut special deals to prevent them from streaming on competing services.

Separately, some Twitch streamers earn income from viewer tips through third-party services as well as sponsorship agreements with brands such as State Farm Insurance. And large videogame publishers, including Electronic Arts Inc. and Activision Blizzard Inc., pay popular Twitch streamers tens of thousands of dollars apiece to play their latest releases on launch day.

Tanya DePass, a 48-year-old Twitch streamer in Chicago who is sponsored by videogame-accessories maker Logitech G, said the data leak is “wildly inaccurate” for those reasons. Further, she said her Twitch earnings vary greatly from month to month. In June 2020, her channel blew up in popularity, which resulted in her receiving her biggest paycheck ever from Twitch a month later.

Ms. DePass, who is Black, attributed the jump to a sudden interest among viewers in Black streamers in response to the murder of George Floyd, a Black man whose 2020 death in police custody was captured on video that went viral. “Anger over George Floyd’s murder mobilized folks to realize we exist,” she said.

Ms. DePass streams herself playing videogames and tabletop games for 10 to 25 hours a week under the name Cypheroftyr. She said she was frustrated by the leak because she thinks it gives people the false impression that streaming is an easy way to make lots of money. In reality, she said it takes a lot of work to promote her channel, keep viewers constantly engaged and handle administrative tasks. Ms. DePass also has had to grapple with racist and sexist taunts. “It’s just exhausting,” she said.

The 4chan user who allegedly posted the Twitch data labeled it “part one,” suggesting there might be more to come.

—Kevin Poulsen contributed to this article.

Write to Sarah E. Needleman at sarah.needleman@wsj.com

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Read original article here

Business

T-Mobile Data Hack: What We Know and What You Need to Do

Leave a comment

The breach of T-Mobile US Inc. allowed hackers to steal information about more than 54 million people and potentially sell the data to digital fraudsters and identity thieves.

Here is what we know about the hack, which data was stolen and what customers should do to protect themselves.

What was the T-Mobile data breach?

T-Mobile said it learned late last week that an individual in an online forum claimed to have breached its systems and was attempting to sell stolen customer data. The company confirmed on Aug. 16 that it was hacked, later adding that attackers made off with personal data from 54 million people. Those victims include 7.8 million current postpaid customers, T-Mobile said, and about 46 million former and prospective customers who applied for plans.

While U.S. officials have warned of an uptick in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point, stole data and have since tried to sell different sets of the information online for between $80,000 and $270,000 worth of bitcoin.

The attack is the latest and most severe in a string of cybersecurity incidents at the company, said Allie Mellen, a cybersecurity analyst at research firm Forrester Inc.

Read original article here

Business

Didi and Other U.S.-Listed Chinese Tech Companies Tumble Amid Beijing Crackdown

Leave a comment

Text size

A Didi Chuxing autonomous taxi during a pilot test drive on the streets in Shanghai.


Hector Retamal/AFP/Getty Images

U.S.-listed shares in

Didi Global

and other Chinese app makers tumbled on Tuesday after regulators intensified a crackdown on the country’s New York-listed technology companies.

Didi Global (ticker: DIDI) stock fell more than 25% on Tuesday after Beijing’s Cyberspace Administration ordered app stores to remove the Chinese ride-hailing giant’s services from its platforms on Sunday. 

The cybersecurity regulator widened its attack on Monday, launching a review of two U.S.-listed Chinese app makers:

Full Truck Alliance

(YMM), which operates truck-hailing apps; and online recruiting app

Kanzhun

(BZ).

The regulator ordered the companies to stop adding users while the investigations were conducted, The Wall Street Journal reported. Full Truck Alliance stock was 20% lower in New York premarket trading on Tuesday, while Kanzhun was down 9%.

And on Tuesday, China released guidelines through state-run Xinhua News Agency that would revise rules and strengthen supervision for companies listed in overseas markets, according to the Journal. The additional scrutiny could make it harder for Chinese companies to raise money in the U.S.,

A spokesperson for Full Truck Alliance told Barron’s the company would fully cooperate with the regulator during the cybersecurity process, saying, “FTA is conducting a comprehensive self-examination of any potential cybersecurity risks and will continue to improve its cybersecurity systems and technology capabilities.”

The spokesperson added: “Apart from the suspension of new user registration in China, FTA and its mobile applications maintain normal operation.”

The trio of Chinese app makers went public in the U.S. last month.

Ahead of Didi’s initial public offering, which raised $4.4 billion, reports emerged the company was facing an antitrust probe by China’s State Administration for Market Regulation (SAMR) over whether its pricing mechanism is transparent enough and whether it has been unfairly squeezing out smaller rivals.

Didi made its U.S. debut on Wednesday before attracting the attention of another regulator on Sunday. The cyberspace regulator removed Didi’s Chinese services from their platforms, citing illegal collection of personal data, the Journal reported.

“China is cracking down on big tech, but the decision to remove the app from domestic platforms appears to be timed for maximum impact and embarrassment,” said Markets.com analyst Neil Wilson. “China’s Communist Party is bristling at the number of Chinese companies listing in the U.S. this year, but there is genuine concern at the heart of this—regulators are not impressed with the way Didi and other Chinese tech companies handle data,” he added.

Wedbush analyst Brad Gastwirth struck a similar note, writing that “while Chinese regulators are pointing to Didi’s collection of user data as the impetus for their actions, with the move coming right after its US IPO, there is speculation that China targeting Didi because of its decision to list outside of China.”

In a statement, Didi said that users who had already downloaded and installed the app could continue using it, though it would no longer be available in China.

“The Company will strive to rectify any problems, improve its risk prevention awareness and technological capabilities, protect users’ privacy and data security, and continue to provide secure and convenient services to its users,” Didi said on Sunday. “The Company expects that the app takedown may have an adverse impact on its revenue in China.”

Kanzhun said on Monday it would fully cooperate during the review process. “The Company plans to conduct a comprehensive examination of cybersecurity risks and continue to enhance its cybersecurity awareness and technology capabilities.”

Perhaps not unrelated, Chinese social-media company

Weibo

(WB) on Tuesday jumped 15% on reports it’s planning to go private.

Write to Callum Keown at callum.keown@dowjones.com

Read original article here

Business

Why the Next Big-Tech Fights Are in State Capitals

Leave a comment

Tech companies are turning their attention to statehouses across the country as a wave of local bills opens a new frontier in the push to limit Silicon Valley’s power.

Arizona, Maryland and Virginia are among states where lawmakers are seeking to limit the power of tech companies like

Alphabet Inc.’s

GOOG -2.50%

Google and

Apple Inc.

AAPL -0.76%

on a range of issues, from online privacy and digital advertisements to app-store fees. State policy proposals have bipartisan support from lawmakers who want to temper companies’ influence and financial clout, which have grown during the pandemic.

Google, Apple and others are hiring local lobbyists and immersing themselves in the minutiae of proposed legislation, according to state representatives. Tech companies face potential rules that would curb the reach of their platforms, crimp revenues with taxes or force them to facilitate additional privacy disclosures.

Prominent tech companies are embracing remote work amid an exodus of skilled labor from Silicon Valley. WSJ looks at what that could mean for innovation and productivity and what companies are doing to manage the impact.

While federal lawmakers have held hearings and are in discussions about policies to regulate tech companies, debates and votes could occur in states first. If passed, state laws matter because they can become de facto national standards in the absence of federal action, as with California’s 2018 privacy law, which gave consumers both the right to access personal information that businesses collect from them and the right to request that data be deleted and not sold.

Facebook Inc.

FB -2.00%

initially opposed the California measures, but supported them after they took effect. Companies such as

Microsoft Corp.

have opted to honor the new rules across the country.

“So much has happened since California passed the original [data] privacy act” in 2018, said

Sam McGowan,

a senior analyst at policy research firm Beacon Policy Advisors LLC. Lawmakers’ concerns now stretch well beyond privacy to such topics as anticompetitive behavior and how social-media companies police content, he said.

In Arizona, a closely watched bill regarding app-store payments has cleared the state House and is expected to be debated in the Senate in the next several weeks. The legislation would free some software developers from fees that Apple and Google place on apps, which can run up to 30% of sales from paid apps and in-app purchases. App developers would be able to charge people directly through the payment system of their choice. The bill would apply to Arizona-based app developers and consumers yet could set a wider precedent.

Republican state

Rep. Regina Cobb,

the legislation’s chief sponsor, said the bill is about “consumer protection and transparency,” and said a final vote could take place within the next month. Ms. Cobb said she believes there are sufficient votes to pass the bill in the narrowly divided Senate. Apple and Google have lobbied heavily against the bill, Ms. Cobb said.

Apple declined to comment on lobbying in Arizona. A company spokeswoman said Apple “created the App Store to be a safe and trusted place for users to download the apps they love and a great business opportunity for developers. This legislation threatens to break that very successful model and undermine the strong protections we’ve put in place for customers.”

Google declined to comment on the legislation or any lobbying efforts in the state.

In February, Maryland lawmakers passed legislation that would tax the revenue of companies such as Google, Facebook and

Amazon.com Inc.

from digital ads. This month

Virginia Gov. Ralph Northam

signed into law new privacy rules similar to those in California, with added limits on the consumer data that companies can collect online.

Washington state has introduced privacy legislation. Some states have targeted online content moderation, with Texas proposing a measure that would prohibit social-media companies from banning users based on their viewpoints. New York state recently looked into changing its antitrust laws to make it easier for it to sue tech companies.

SHARE YOUR THOUGHTS

What steps, if any, should lawmakers take to rein in the power of tech companies? Join the conversation below.

States may have an easier path to pass laws than Congress does, Mr. McGowan said, because many state governments have fairly short legislative sessions lasting a few weeks or months, meaning bills can swiftly make their way through committees and to votes.

Tech companies’ soaring growth and influence during the pandemic has raised urgency at the state level, according to

Robert Siegel,

a lecturer in management and a business-strategy researcher at Stanford University.

The biggest five companies—Amazon, Google, Facebook, Apple and Microsoft—all saw staggering growth in 2020, as stuck-at-home Americans and businesses turned to online shopping, software and cloud-computing services, smart devices and video streaming. Those companies’ combined revenue grew by a fifth, to $1.1 trillion, and their collective market capitalization soared to $8 trillion during the pandemic.

Given the stakes and what some view as the inevitability of more regulation, tech companies must play a more active role in influencing legislation, Mr. Siegel said. Facebook and Google are among tech companies now calling for federal rules on issues such as data privacy and artificial intelligence.

“Large technology companies have no choice but to engage,” Mr. Siegel said. “So much money has been made by these companies, and that has everyone gunning for them. They have a size and scale and reach that nobody has.”

Facebook Vice President of State and Local Policy

Will Castleberry

said the company “will continue to support bills that are good for consumers, but a patchwork approach to privacy doesn’t give the consistency or clarity that consumers or businesses need. That’s why we hope Congress will pass a national privacy law.”

Technology companies have stepped up legislative spending at different levels of government recently. Facebook and Amazon outspent all other U.S. companies in federal lobbying last year, The Wall Street Journal reported in January.

Facebook spent nearly $20 million, up about 18% from the previous year, while Amazon spent about $18 million last year, up about 11%. Apple disclosed $6.7 million in lobbying spending, down from a record $7.4 million in 2019, and Google also reported a drop, spending $7.5 million. Google and Facebook are facing multiple antitrust lawsuits, and Amazon and Apple have been the subject of preliminary inquiries that could advance further under the Biden administration.

States are also using courts to seek change. A Colorado-led coalition of attorneys general filed an antitrust suit against Google in December over its dominance in online search. Meanwhile, California is looking into how Amazon treats sellers in its online marketplace, and authorities in Connecticut are investigating how Amazon sells and distributes digital books.

Amazon declined to comment.

Write to Sebastian Herrera at Sebastian.Herrera@wsj.com and Dan Frosch at dan.frosch@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Read original article here

Business

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day

Leave a comment

A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web.

Jones Day has many prominent clients, including former President Donald Trump and major corporations.

Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.

The posting by a person who self-identified as the hacker, which goes by the name Clop, includes a few individual documents that are easily reviewed by the public, including by The Wall Street Journal. One memo is to a judge and is marked “confidential mediation brief,” another is a cover letter for enclosed “confidential documents.” The Journal couldn’t immediately confirm their authenticity.

The Journal was able to see the existence of many more files—mammoth in size—also purported to belong to Jones Day, posted by the hacker on the so-called dark web. Hackers typically post such stolen information after the hacked entity fails to pay a ransom. The Journal was able to contact the hacker using an email on its blog.

Read original article here