Archives

Richard blumenthal

Apple and Google pressed in antitrust hearing on whether app stores share data with product development teams

In today’s antitrust hearing in the U.S. Senate, Apple and Google representatives were questioned on whether they have a “strict firewall” or other internal policies in place that prevent them from leveraging the data from third-party businesses operating on their app stores to inform the development of their own competitive products. Apple, in particular, was called out for the practice of copying other apps by Senator Richard Blumenthal (D-CT), who said the practice had become so common that it earned a nickname with Apple’s developer community: “sherlocking.”

Sherlock, which has its own Wikipedia entry under software, comes from Apple’s search tool in the early 2000’s called Sherlock. A third-party developer, Karelia Software, created an alternative tool called Watson. Following the success of Karelia’s product, Apple added Watson’s same functionality into its own search tool, and Watson was effectively put out of business. The nickname “Sherlock” later became shorthand for any time Apple copies an idea from a third-party developer that threatens to or even destroys their business.

Over the years, developers claimed Apple has “sherlocked” a number of apps including Konfabulator (desktop widgets), iPodderX (podcast manager), Sandvox (app for building websites), Growl (a notification system for Mac OS X), and in more recent years, F.lux (blue light reduction tool for screens) Duet and Luna (apps that makes iPad a secondary display), as well as various screen time management tools. Now Tile claims Apple has also unfairly entered its market with AirTag.

During his questioning, Blumenthal asked Apple and Google’s representatives at the hearing — Mr. Kyle Andeer, Apple’s
Chief Compliance Officer and Mr. Wilson White, Google’s Senior Director Public Policy & Government Relations, respectively — if they employed any sort of “firewall” in between their app stores and their business strategy.

Andeer somewhat dodged the question, saying, “Senator, if I understand the question correctly, we have separate teams that manage the App Store and that are engaged in product development strategy here at Apple.”

Blumenthal then clarified what he meant by “firewall.” He explained that it doesn’t mean whether or not there are separate teams in place, but whether there’s an internal prohibition on sharing data between the App Store and the people who run Apple’s other businesses.

Andeer then answered, “Senator, we have controls in place.”

He went on to note that over the past twelve years, Apple has only introduced “a handful of applications and services,” and in every instance, there are “dozens of alternatives” on the App Store. And, sometimes, the alternatives are more popular than Apple’s own product, he noted.

“We don’t copy. We don’t kill. What we do is offer up a new choice and a new innovation,” Andeer stated.

His argument may hold true when there are strong rivalries, like Spotify versus Apple Music, or Netflix versus Apple TV+, or Kindle versus Apple Books. But it’s harder to stretch it to areas where Apple makes smaller enhancements — like when Apple introduced Sidecar, a feature that allowed users to make their iPad a secondary display. Sidecar ended the need for a third-party app, after apps like Duet and Luna first proved the market.

Another example was when Apple built screen time controls into its iOS software, but didn’t provide the makers of third-party screen time apps with an API so consumers could use their preferred apps to configure Apple’s Screen Time settings via the third-party’s specialized interface or take advantage of other unique features.

Blumenthal said he interpreted Andeer’s response as to whether Apple has a “data firewall” as a “no.”

Posed the same question, Google’s representative, Mr. White said his understanding was that Google had “data access controls in place that govern how data from our third-party services are used.”

Blumenthal pressed him to clarify if this was a “firewall,” meaning, he clarified again, “do you have a prohibition against access?”

“We have a prohibition against using our third-party services to compete directly with our first-party services,” Mr. White said, adding that Google has “internal policies that govern that.”

The Senator said he would follow up on this matter with written questions, as his time expired.

Senator: ‘More transparency is needed’ by exam proctoring tech firms

Three of the leading exam proctoring companies are facing calls to be more transparent, amid continued claims of bias by students forced to take remote exams because of the ongoing pandemic.

Exam proctoring tech lets students take remotely invigilated tests from home. Students are told to install their university’s choice of proctoring software, which allows the exam monitor deep access to the student’s computer, including their webcams and microphones, to monitor their activity to spot potential cheating.

But companies like Proctorio, ExamSoft, and ProctorU have faced a barrage of criticism from students who say that their proctoring technology is fraught with problems, including issues of bias — all of which could impact their test results.

Chief among the complaints are that their proctoring software cannot recognize faces with darker skin tones or religious headgear, and discriminates against students with disabilities and those in lower-income areas who may not have the internet speeds to meet the standards of the test-taking tech.

Several U.S. Democratic senators sent Proctorio, ExamSoft, and ProctorU letters in December calling on the companies to explain their technology and policies better. In their responses seen by TechCrunch, the companies rejected claims of discrimination and all said that it’s up to the teachers to decide whether a student has cheated, not the companies themselves.

But lawmakers say that the companies are not transparent enough, and worry teachers could be making decisions about a student’s conduct based on little more than what the technology tells them.

“Proctorio, ExamSoft, and ProctorU claim they don’t have problems with bias, yet alarming reports from students tell a different story,” Sen. Richard Blumenthal (D-CT) told TechCrunch. “These responses from the companies are only the first step in learning more about how they operate, but much more transparency is needed into the systems that have the power to accuse students of cheating. I will work on every fix necessary to ensure students are protected.”

Students across the U.S. have already called on their schools to stop using proctoring software citing privacy and security risks.

We sent the companies several questions. ProctorU’s chief executive Scott McFarland declined to comment citing the holiday weekend. Proctorio and ExamSoft did not respond.

Facebook trails expanding portability tools ahead of FTC hearing

Facebook is considering expanding the types of data its users are able to port directly to alternative platforms.

In comments on portability sent to US regulators ahead of an FTC hearing on the topic next month, Facebook says it intends to expand the scope of its data portability offerings “in the coming months”.

It also offers some “possible examples” of how it could build on the photo portability tool it began rolling out last year — suggesting it could in future allow users to transfer media they’ve produced or shared on Facebook to a rival platform or take a copy of their “most meaningful posts” elsewhere.

Allowing Facebook-based events to be shared to third party cloud-based calendar services is another example cited in Facebook’s paper.

It suggests expanding portability in such ways could help content creators build their brands on other platforms or help event organizers by enabling them to track Facebook events using calendar based tools.

However there are no firm commitments from Facebook to any specific portability product launches or expansions of what it offers currently.

For now the tech giant only lets Facebook users directly send copies of their photos to Google’s eponymous photo storage service — a transfer tool it switched on for all users this June.

“We remain committed to ensuring the current product remains stable and performant for people and we are also exploring how we might extend this tool, mindful of the need to preserve the privacy of our users and the integrity of our services,” Facebook writes of its photo transfer tool.

On whether it will expand support for porting photos to other rival services (i.e. not just Google Photos) Facebook has this non-committal line to offer regulators: “Supporting these additional use cases will mean finding more destinations to which people can transfer their data. In the short term, we’ll pursue these destination partnerships through bilateral agreements informed by user interest and expressions of interest from potential partners.”

Beyond allowing photo porting to Google Photos, Facebook users have long been able to download a copy of some of the information it holds on them.

But the kind of portability regulators are increasingly interested in is about going much further than that — meaning offering mechanisms that enable easy and secure data transfers to other services in a way that could encourage and support fast-moving competition to attention-monopolizing tech giants.

The Federal Trade Commission is due to host a public workshop on September 22, 2020, which it says will  “examine the potential benefits and challenges to consumers and competition raised by data portability”.

The regulator notes that the topic has gained interest following the implementation of major privacy laws that include data portability requirements — such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

It asked for comment submissions by August 21, which is what Facebook’s paper is responding to.

In comments to the Reuters news agency, Facebook’s privacy and public policy manager, Bijan Madhani, said the company wants to see “dedicated portability legislation” coming out of any post-workshop recommendations.

It reports that Facebook supports a portability bill that’s doing the rounds in Congress — called the Access Act, which is sponsored by Democratic Senators Richard Blumenthal and Mark Warner, and Republican senator Josh Hawley — which would require large tech platforms to let their users easily move their data to other services.

Albeit Madhani dubs it a good first step, adding that the company will continue to engage with the lawmakers on shaping its contents.

“Although some laws already guarantee the right to portability, our experience suggests that companies and people would benefit from additional guidance about what it means to put those rules into practice,” Facebook also writes in its comments to the FTC .

Ahead of dipping its toe into portability via the photo transfer tool, Facebook released a white paper on portability last year, seeking to shape the debate and influence regulatory thinking around any tighter or more narrowly defined portability requirements.

In recent months Mark Zuckerberg has also put in facetime to lobby EU lawmakers on the topic, as they work on updating regulations around digital services.

The Facebook founder pushed the European Commission to narrow the types of data that should fall under portability rules. In the public discussion with commissioner Thierry Breton, in May, he raised the example of the Cambridge Analytica Facebook data misuse scandal, claiming the episode illustrated the risks of too much platform “openness” — and arguing that there are “direct trade-offs about openness and privacy”.

Zuckerberg went on to press for regulation that helps industry “balance these two important values around openness and privacy”. So it’s clear the company is hoping to shape the conversation about what portability should mean in practice.

Or, to put it another way, Facebook wants to be able to define which data can flow to rivals and which can’t.

“Our position is that portability obligations should not mandate the inclusion of observed and inferred data types,” Facebook writes in further comments to the FTC — lobbying to put broad limits on how much insight rivals would be able to gain into Facebook users who wish to take their data elsewhere.

Both its white paper and comments to the FTC plough this preferred furrow of making portability into a ‘hard problem’ for regulators, by digging up downsides and fleshing out conundrums — such as how to tackle social graph data.

On portability requests that wrap up data on what Facebook refers to as “non-requesting users”, its comments to the FTC work to sew doubt about the use of consent mechanisms to allow people to grant each other permission to have their data exported from a particular service — with the company questioning whether services “could offer meaningful choice and control to non-requesting users”.

“Would requiring consent inappropriately restrict portability? If not, how could consent be obtained? Should, for example, non-requesting users have the ability to choose whether their data is exported each time one of their friends wants to share it with an app? Could an approach offering this level of granularity or frequency of notice could lead to notice fatigue?” Facebook writes, skipping lightly over the irony given the levels of fatigue its own apps’ default notifications can generate for users.

Facebook also appears to be advocating for an independent body or regulator to focus on policy questions and liability issues tied to portability, writing in a blog post announcing its FTC submission: “In our comments, we encourage the FTC to examine portability in practice. We also ask it to recommend dedicated federal portability legislation and provide advice to industry on the policy and regulatory tensions we highlight, so that companies implementing data portability have the clear rules and certainty necessary to build privacy-protective products that enhance people’s choice and control online.”

In its FTC submission the company goes on to suggest that “an independent mechanism or body” could “collaboratively set privacy and security standards to ensure data portability partnerships or participation in a portability ecosystem that are transparent and consistent with the broader goals of data portability”.

Facebook then further floats the idea of an accreditation model under which recipients of user data “could demonstrate, through certification to an independent body, that they meet the data protection and processing standards found in a particular regulation, such as the [EU’s] GDPR or associated code of conduct”.

“Accredited entities could then be identified with a seal and would be eligible to receive data from transferring service providers. The independent body (potentially in consultation with relevant regulators) could work to assess compliance of certifying entities, revoking accreditation where appropriate,” it further suggests.

However its paper also notes the risk that requiring accreditation might present a barrier to entry for the small businesses and startups that might otherwise be best positioned to benefit from portability.